Unauthorized Record Visibility in PDF Reports + Details

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • alohatech
    Junior Member
    • May 2024
    • 17

    Unauthorized Record Visibility in PDF Reports + Details


    In our system, we have two separate companies, each with access limited to their assigned records. While this restriction works correctly when viewing individual records, a problem arises when generating PDF reports. When generating a PDF report that includes a table of multiple records, both companies can see records that belong to the other company. This violates the intended access control rules, as each company should only be able to see its own records, even in generated reports.

    Entity A is linked to Entity B in a one-to-many relationship. All companies can access Entity A, but they should only see the B records that are specifically assigned to them. When displaying the B records, I use an iterative process (each). However, there is an issue where the companies can see B records that are not assigned to them.

  • yuri
    Member
    • Mar 2014
    • 8453

    #2
    Moved out of bug reports (bug report rules not followed).
    If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

    Comment


    • alohatech
      alohatech commented
      Editing a comment
      it is ok , i will wait for help here

    • yuri
      yuri commented
      Editing a comment
      Steps to reproduce are needed. What is PDF reports. Advanced Pack has PDF reports. Or do you mean Print to PDF functionality.

    • alohatech
      alohatech commented
      Editing a comment
      Print to PDF
  • alohatech
    Junior Member
    • May 2024
    • 17

    #3


    <table>
    <thead>
    <tr>
    <th>Project Identifier</th>
    <th>Task Code</th>
    <th>Region</th>
    <th>Area Designation</th>
    <th>Geographic Points</th>
    <th>Total Land Size (Ha)</th>
    <th>Reforestation Target (Ha)</th>
    <th>Land Ownership Type</th>
    <th>Soil Treatment Method</th>
    <th>Plant Varieties</th>
    <th>Growth Density</th>
    <th>Fence Length (m)</th>
    <th>Budget Estimate (DH)</th>
    <th>Current Status</th>
    </tr>
    </thead>
    <tbody>
    <!-- {{#each records}} -->
    <!-- {{#ifNotEqual status 'Canceled'}} -->


    <tr>
    <td>{{this.projectIdentifier}}</td>
    <td>{{this.taskCode}}</td>
    <td>{{this.region}}</td>
    <td>{{this.areaDesignation}}</td>
    <td>{{this.geographicPoints}}</td>
    <td>{{this.totalLandSize}}</td>
    <td>{{this.reforestationTarget}}</td>
    <td>{{this.landOwnershipType}}</td>
    <td>{{this.soilTreatmentMethod}}</td>
    <td class="plant-varieties-info">
    {{#if varietyForGovernment}}
    <i>Government:</i> {{varietyForGovernment}}<br>
    {{/if}}
    {{#if varietyForContractor}}
    <i>Contractor:</i> {{varietyForContractor}}<br>
    {{/if}}
    </td>
    <td>{{this.growthDensity}}</td>
    <td>{{this.fenceLength}}</td>
    <td>{{this.budgetEstimate}}</td>
    <td>{{this.currentStatus}}</td>
    </tr>


    <!-- {{/ifNotEqual}} -->
    <!-- {{/each}} -->
    </tbody>
    </table>​​

    Comment

    • alohatech
      Junior Member
      • May 2024
      • 17

      #4
      PHP Code:
      <table>
        <thead>
          <tr>
            <th>Project Identifier</th>
            <th>Task Code</th>
            <th>Region</th>
            <th>Area Designation</th>
            <th>Geographic Points</th>
            <th>Total Land Size (Ha)</th>
            <th>Reforestation Target (Ha)</th>
            <th>Land Ownership Type</th>
            <th>Soil Treatment Method</th>
            <th>Plant Varieties</th>
            <th>Growth Density</th>
            <th>Fence Length (m)</th>
            <th>Budget Estimate (DH)</th>
            <th>Current Status</th>
          </tr>
        </thead>
        <tbody>
          <!-- {{#each records}} -->
          <!-- {{#ifNotEqual status 'Canceled'}} -->
          <tr>
            <td>{{this.projectIdentifier}}</td>
            <td>{{this.taskCode}}</td>
            <td>{{this.region}}</td>
            <td>{{this.areaDesignation}}</td>
            <td>{{this.geographicPoints}}</td>
            <td>{{this.totalLandSize}}</td>
            <td>{{this.reforestationTarget}}</td>
            <td>{{this.landOwnershipType}}</td>
            <td>{{this.soilTreatmentMethod}}</td>
            <td class="plant-varieties-info">
              {{#if varietyForGovernment}}
                <i>Government:</i> {{varietyForGovernment}}
                <br>
              {{/if}}
              {{#if varietyForContractor}}
                <i>Contractor:</i> {{varietyForContractor}}
                <br>
              {{/if}}
            </td>
            <td>{{this.growthDensity}}</td>
            <td>{{this.fenceLength}}</td>
            <td>{{this.budgetEstimate}}</td>
            <td>{{this.currentStatus}}</td>
          </tr>
          <!-- {{/ifNotEqual}} -->
          <!-- {{/each}} -->
        </tbody>
      </table>​​​ 
      

      Comment

      • yuri
        Member
        • Mar 2014
        • 8453

        #5
        This fix might solve the problem you have: https://github.com/espocrm/espocrm/c...4a47d3822c0918
        If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

        Comment


        • alohatech
          alohatech commented
          Editing a comment
          you are a hero the fix solved the problem, thank you so much
      Working...