Announcement

Collapse
No announcement yet.

Portal users are no longer able to create cases

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Portal users are no longer able to create cases

    Hi there,
    I just realized that after upgrading to version 7 of EspoCRM, my portal users don't seem to able to create cases anymore. I always get the error message:

    Code:
    Error 403: Access denied 
    Assignment failure: assigned user or team not allowed.​
    when I am trying to save a new case. I exactly followed the instructions found on https://docs.espocrm.com/administration/portal/ but this doesn't seem to work. My cases are configured to set a standard user and standard team on creation. Creating cases works just fine for CRM users, it's just running into an error for the Portal users.

    PS: This worked flawlessly back in version 6.

  • #2
    Hi Hendrik Belitz,

    Can you send the full error log of your instanse? The required log is located in /var/www/html/your_instanse_name/data/logs (screen 1)
    Attached Files

    Comment


    • #3
      Maybe you have some customization that sets an assigned user or team on case creation. It could be that they are set before validation is processed causing the error. As portal users are not allowed to set assigner users nor teams.

      Comment


      • #4
        I have no customization in place besides the default values in the "case" entity itself. I also tried to remove those, but that did not change anything.

        I already checked the logs, but they don't contain any additional information besides the error message:
        [2022-08-28 11:51:47] ERROR: (403) Assignment failure: assigned user or team not allowed.; POST /5f212aca8e835241e/Case; line: 417, file: /var/www/html/espo/application/Espo/Core/Record/Service.php [] []
        Last edited by Hendrik Belitz; 08-30-2022, 06:58 AM.

        Comment


        • #5
          I was able to work around this on a test instance by changing some lines in DefaultAssignmentChecker.isPermittedAssignedUser() from

          Code:
          if ($user->isPortal()) {
          if (!$entity->isAttributeChanged(self::ATTR_ASSIGNED_USER_ID) ) {
          return true;
          }
          
          return false;
          }​
          to

          Code:
          if ($user->isPortal()) {
          if (!$entity->isAttributeChanged(self::ATTR_ASSIGNED_USER_ID) ) {
          return true;
          }
          
          if ($entity->isNew()) {
          return true;
          }
          return false;
          }​
          But I am not sure whether this breaks something else or introduces a security problem.

          Comment

          Working...
          X