After setting up a general sales team and general sales role with limited assignment, scope and field level permissions, on several occasions the access/permissions for one or more users assigned to this team and role have changed to having full assignment and scope-level permissions. The change in user access occurs without any purposeful change to the user's team or role assignment. This glitch or bug seems to occur randomly when mass updates are made to Accounts, Opportunities and/or Leads, but I'm not sure exactly what is causing this to happen. The attached screen shots show the general sale team and role user settings, the general sales team settings, the general sales role scope and field level settings, and the user's access settings after this glitch occurs.
Inadvertent change to user access and permissions
Collapse
X
-
Unfortunately I could not reproduce but I will try more. Could try to do small change, maybe it will solve:
application/Espo/Core/AclManager.php
change $key = spl_object_hash($user);
to
$key = $user->id;
Thanks
If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.Comment
-
I think it has occurred only when a user with administrative status makes the mass updates. Again, I'm not sure the mass updates are causing this problem to occur. I made your suggested modification to application/Espo/Core/AclManager.php in one of my instances and will let you know if this problem recurs.
Thanks.Comment
-
Does it affect on real users permissions so that user can do not permitted actions? Or it just displays wrong permissions? When issue occurs how it gets reset to proper permissions? After clear cache?
ThanksIf you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.Comment
-
It effects real user permissions as well as the display showing the wrong user permissions. For example, after the change occurs, the non-admin user assigned to the General Sales Team and General Sales Role can make team and user assignments and can see Opportunity/Sales Amount. Clearing the cache doesn't correct the problem. I have to edit the settings for that user (while I'm logged in as an administrator), first by deleting the team and role settings and saving and then re-editing the user's settings to add back the team and role settings. Once I've done that, the problem is corrected.Last edited by krisk; 04-26-2016, 11:23 PM.Comment
-
-
The issue has occurred twice since implementing the change. However, I have not been able to replicate it consistently or pinpoint the cause. I'm going to reinstall 4.0.4 and start from scratch, in case I've done something that's causing this problem. Anyway, I don't think the modification you suggested has had any effect, so would not recommend incorporating this change into the next release.Comment
-
Comment
-
Temporary fix, but not final:
application/Espo/Core/Acl/Table.php
Change method getRoleList to
PHP Code:protected function getRoleList() { $roleList = []; $userRoleList = $this->getUser()->get('roles'); if (!(is_array($userRoleList) || $userRoleList instanceof \Traversable)) { throw new Error(); } foreach ($userRoleList as $role) { $roleList[] = $role; } $teamList = $this->getUser()->get('teams'); if (!(is_array($teamList) || $teamList instanceof \Traversable)) { throw new Error(); } foreach ($teamList as $team) { $teamRoleList = $team->get('roles'); foreach ($teamRoleList as $role) { $roleList[] = $role; } } return $roleList; }
Last edited by yuri; 05-04-2016, 12:51 PM.If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.Comment
Comment