Announcement

Collapse
No announcement yet.

Unauthorized Record Visibility in PDF Reports + Details

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unauthorized Record Visibility in PDF Reports + Details


    In our system, we have two separate companies, each with access limited to their assigned records. While this restriction works correctly when viewing individual records, a problem arises when generating PDF reports. When generating a PDF report that includes a table of multiple records, both companies can see records that belong to the other company. This violates the intended access control rules, as each company should only be able to see its own records, even in generated reports.

    Entity A is linked to Entity B in a one-to-many relationship. All companies can access Entity A, but they should only see the B records that are specifically assigned to them. When displaying the B records, I use an iterative process (each). However, there is an issue where the companies can see B records that are not assigned to them.


  • #2
    Moved out of bug reports (bug report rules not followed).

    Comment


    • alohatech
      alohatech commented
      Editing a comment
      it is ok , i will wait for help here

    • yuri
      yuri commented
      Editing a comment
      Steps to reproduce are needed. What is PDF reports. Advanced Pack has PDF reports. Or do you mean Print to PDF functionality.

    • alohatech
      alohatech commented
      Editing a comment
      Print to PDF

  • #3


    <table>
    <thead>
    <tr>
    <th>Project Identifier</th>
    <th>Task Code</th>
    <th>Region</th>
    <th>Area Designation</th>
    <th>Geographic Points</th>
    <th>Total Land Size (Ha)</th>
    <th>Reforestation Target (Ha)</th>
    <th>Land Ownership Type</th>
    <th>Soil Treatment Method</th>
    <th>Plant Varieties</th>
    <th>Growth Density</th>
    <th>Fence Length (m)</th>
    <th>Budget Estimate (DH)</th>
    <th>Current Status</th>
    </tr>
    </thead>
    <tbody>
    <!-- {{#each records}} -->
    <!-- {{#ifNotEqual status 'Canceled'}} -->


    <tr>
    <td>{{this.projectIdentifier}}</td>
    <td>{{this.taskCode}}</td>
    <td>{{this.region}}</td>
    <td>{{this.areaDesignation}}</td>
    <td>{{this.geographicPoints}}</td>
    <td>{{this.totalLandSize}}</td>
    <td>{{this.reforestationTarget}}</td>
    <td>{{this.landOwnershipType}}</td>
    <td>{{this.soilTreatmentMethod}}</td>
    <td class="plant-varieties-info">
    {{#if varietyForGovernment}}
    <i>Government:</i> {{varietyForGovernment}}<br>
    {{/if}}
    {{#if varietyForContractor}}
    <i>Contractor:</i> {{varietyForContractor}}<br>
    {{/if}}
    </td>
    <td>{{this.growthDensity}}</td>
    <td>{{this.fenceLength}}</td>
    <td>{{this.budgetEstimate}}</td>
    <td>{{this.currentStatus}}</td>
    </tr>


    <!-- {{/ifNotEqual}} -->
    <!-- {{/each}} -->
    </tbody>
    </table>​​

    Comment


    • #4
      PHP Code:
      <table>
        <
      thead>
          <
      tr>
            <
      th>Project Identifier</th>
            <
      th>Task Code</th>
            <
      th>Region</th>
            <
      th>Area Designation</th>
            <
      th>Geographic Points</th>
            <
      th>Total Land Size (Ha)</th>
            <
      th>Reforestation Target (Ha)</th>
            <
      th>Land Ownership Type</th>
            <
      th>Soil Treatment Method</th>
            <
      th>Plant Varieties</th>
            <
      th>Growth Density</th>
            <
      th>Fence Length (m)</th>
            <
      th>Budget Estimate (DH)</th>
            <
      th>Current Status</th>
          </
      tr>
        </
      thead>
        <
      tbody>
          <!-- {{
      #each records}} -->
          
      <!-- {{#ifNotEqual status 'Canceled'}} -->
          
      <tr>
            <
      td>{{this.projectIdentifier}}</td>
            <
      td>{{this.taskCode}}</td>
            <
      td>{{this.region}}</td>
            <
      td>{{this.areaDesignation}}</td>
            <
      td>{{this.geographicPoints}}</td>
            <
      td>{{this.totalLandSize}}</td>
            <
      td>{{this.reforestationTarget}}</td>
            <
      td>{{this.landOwnershipType}}</td>
            <
      td>{{this.soilTreatmentMethod}}</td>
            <
      td class="plant-varieties-info">
              {{
      #if varietyForGovernment}}
                
      <i>Government:</i> {{varietyForGovernment}}
                <
      br>
              {{/if}}
              {{
      #if varietyForContractor}}
                
      <i>Contractor:</i> {{varietyForContractor}}
                <
      br>
              {{/if}}
            </
      td>
            <
      td>{{this.growthDensity}}</td>
            <
      td>{{this.fenceLength}}</td>
            <
      td>{{this.budgetEstimate}}</td>
            <
      td>{{this.currentStatus}}</td>
          </
      tr>
          <!-- {{/
      ifNotEqual}} -->
          <!-- {{/
      each}} -->
        </
      tbody>
      </
      table>​​​ 

      Comment


      • #5
        This fix might solve the problem you have: https://github.com/espocrm/espocrm/c...4a47d3822c0918

        Comment


        • alohatech
          alohatech commented
          Editing a comment
          you are a hero the fix solved the problem, thank you so much
      Working...
      X