Announcement

Collapse
No announcement yet.

Unauthorized Record Visibility in PDF Reports + Details

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Unauthorized Record Visibility in PDF Reports + Details


    In our system, we have two separate companies, each with access limited to their assigned records. While this restriction works correctly when viewing individual records, a problem arises when generating PDF reports. When generating a PDF report that includes a table of multiple records, both companies can see records that belong to the other company. This violates the intended access control rules, as each company should only be able to see its own records, even in generated reports.

    Entity A is linked to Entity B in a one-to-many relationship. All companies can access Entity A, but they should only see the B records that are specifically assigned to them. When displaying the B records, I use an iterative process (each). However, there is an issue where the companies can see B records that are not assigned to them.

    Tags: None
  • #2
    Moved out of bug reports (bug report rules not followed).

    Comment

    • espotech
      #2.1
      espotech commented
      08-16-2024, 03:49 PM
      Editing a comment
      it is ok , i will wait for help here
    • yuri
      #2.2
      yuri commented
      08-16-2024, 03:54 PM
      Editing a comment
      Steps to reproduce are needed. What is PDF reports. Advanced Pack has PDF reports. Or do you mean Print to PDF functionality.
    • espotech
      #2.3
      espotech commented
      08-16-2024, 03:57 PM
      Editing a comment
      Print to PDF
  • #3


    <table>
    <thead>
    <tr>
    <th>Project Identifier</th>
    <th>Task Code</th>
    <th>Region</th>
    <th>Area Designation</th>
    <th>Geographic Points</th>
    <th>Total Land Size (Ha)</th>
    <th>Reforestation Target (Ha)</th>
    <th>Land Ownership Type</th>
    <th>Soil Treatment Method</th>
    <th>Plant Varieties</th>
    <th>Growth Density</th>
    <th>Fence Length (m)</th>
    <th>Budget Estimate (DH)</th>
    <th>Current Status</th>
    </tr>
    </thead>
    <tbody>
    <!-- {{#each records}} -->
    <!-- {{#ifNotEqual status 'Canceled'}} -->


    <tr>
    <td>{{this.projectIdentifier}}</td>
    <td>{{this.taskCode}}</td>
    <td>{{this.region}}</td>
    <td>{{this.areaDesignation}}</td>
    <td>{{this.geographicPoints}}</td>
    <td>{{this.totalLandSize}}</td>
    <td>{{this.reforestationTarget}}</td>
    <td>{{this.landOwnershipType}}</td>
    <td>{{this.soilTreatmentMethod}}</td>
    <td class="plant-varieties-info">
    {{#if varietyForGovernment}}
    <i>Government:</i> {{varietyForGovernment}}<br>
    {{/if}}
    {{#if varietyForContractor}}
    <i>Contractor:</i> {{varietyForContractor}}<br>
    {{/if}}
    </td>
    <td>{{this.growthDensity}}</td>
    <td>{{this.fenceLength}}</td>
    <td>{{this.budgetEstimate}}</td>
    <td>{{this.currentStatus}}</td>
    </tr>


    <!-- {{/ifNotEqual}} -->
    <!-- {{/each}} -->
    </tbody>
    </table>​​

    Comment

    • #4
      PHP Code:
      <table>
        <      thead>
          <      tr>
            <      th>Project Identifier</th>
            <      th>Task Code</th>
            <      th>Region</th>
            <      th>Area Designation</th>
            <      th>Geographic Points</th>
            <      th>Total Land Size (Ha)</th>
            <      th>Reforestation Target (Ha)</th>
            <      th>Land Ownership Type</th>
            <      th>Soil Treatment Method</th>
            <      th>Plant Varieties</th>
            <      th>Growth Density</th>
            <      th>Fence Length (m)</th>
            <      th>Budget Estimate (DH)</th>
            <      th>Current Status</th>
          </      tr>
        </      thead>
        <      tbody>
          <!-- {{      #each records}} -->
                <!-- {{#ifNotEqual status 'Canceled'}} -->
                <tr>
            <      td>{{this.projectIdentifier}}</td>
            <      td>{{this.taskCode}}</td>
            <      td>{{this.region}}</td>
            <      td>{{this.areaDesignation}}</td>
            <      td>{{this.geographicPoints}}</td>
            <      td>{{this.totalLandSize}}</td>
            <      td>{{this.reforestationTarget}}</td>
            <      td>{{this.landOwnershipType}}</td>
            <      td>{{this.soilTreatmentMethod}}</td>
            <      td class="plant-varieties-info">
              {{      #if varietyForGovernment}}
                      <i>Government:</i> {{varietyForGovernment}}
                <      br>
              {{/if}}
              {{      #if varietyForContractor}}
                      <i>Contractor:</i> {{varietyForContractor}}
                <      br>
              {{/if}}
            </      td>
            <      td>{{this.growthDensity}}</td>
            <      td>{{this.fenceLength}}</td>
            <      td>{{this.budgetEstimate}}</td>
            <      td>{{this.currentStatus}}</td>
          </      tr>
          <!-- {{/      ifNotEqual}} -->
          <!-- {{/      each}} -->
        </      tbody>
      </      table>​​​ 

      Comment

      • #5
        This fix might solve the problem you have: https://github.com/espocrm/espocrm/c...4a47d3822c0918
        • Likes 2

        Comment

        • espotech
          #5.1
          espotech commented
          08-16-2024, 05:05 PM
          Editing a comment
          you are a hero the fix solved the problem, thank you so much
      Previous template Next
      Working...
      X