Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.
#3902 - Bug in your code is causing Database Failure when trying to create a meeting
It really surprised me to find this bug.... Typically SecuritySuite is on point...
Looking in the latest SuiteCRM_7.10.9_SecuritySuite_v3.1.12a zip file. Turn your attention to the file install_dir/notupgradesafe/include/utils/activity_utils.php specifically starting at line 56 which is the beginning of the comment block
$auto_where = ' WHERE ';
if (!empty($where)) {
$auto_where .= $where . ' AND ';
}
/* BEGIN - SECURITY GROUPS */
/**
$auto_where .= " {$bean->rel_users_table}.{$bean_id_name}={$bean->table_name}.id AND {$bean->rel_users_table}.user_id='{$user_id}' AND {$bean->table_name}.deleted=0 AND {$bean->rel_users_table}.deleted=0";
$cal_view = $_REQUEST['view'];
global $current_user, $sugar_config;
// If they shouldn't see non-group records for another user...even if displayed as busy
if(
!empty($cal_view) && ($cal_view == 'shared' || $cal_view == 'sharedWeek' || $cal_view == 'sharedMonth')
&& !empty($sugar_config['securitysuite_shared_calendar_hide_restricted']) && $sugar_config['securitysuite_shared_calendar_hide_restricted'] == true
&& $bean->bean_implements('ACL') && ACLController::requireSecurityGroup($bean->module_dir, 'list')
)
{
require_once('modules/SecurityGroups/SecurityGroup.php');
$group_where = SecurityGroup::getGroupWhere($bean->table_name,$bean->module_dir,$current_user->id);
$auto_where .= " AND ({$bean->rel_users_table}.user_id='{$user_id}' and ".$group_where.") ";
}
else if(
!empty($sugar_config['securitysuite_show_group_events']) && $sugar_config['securitysuite_show_group_events'] == true
&& $bean->bean_implements('ACL') && ACLController::requireSecurityGroup($bean->module_dir, 'list')
)
{
require_once('modules/SecurityGroups/SecurityGroup.php');
$group_where = SecurityGroup::getGroupWhere($bean->table_name,$bean->module_dir,$current_user->id);
$auto_where .= " AND ({$bean->rel_users_table}.user_id='{$user_id}' OR ".$group_where.") ";
}
else
{
$auto_where .= " AND {$bean->rel_users_table}.user_id='{$user_id}' ";
}
/* END - SECURITY GROUPS */
$query = $select . $auto_where;
The problem is that if $where is NOT empty, then $auto_where gets an 'AND' appended to the string. But..... since your comment starts were it does, the $autowhere string is never finished. Moving your comment block below the $auto_where .= " {$bean->rel_users_table}.... line solves the problem. At least it stops causing the database failure errors and my users can get back to work.
~ Brian
-
"Very responsive development team, both in their communication and in having improvements incorporated and issues resolved." - kevin
Read More Reviews
- Most Recent Love from Users
kacsoristvan- damien8105
- anri
- Administrador
- Stefano1
- einkauf2
5 years ago
Thanks Brian,
Looks like a possible merge issue with the last release. I'll look into it today and correct.
5 years ago
Thanks again for letting me know about this issue. It did end up being a bad merge. It should have been a closed comment followed by a different auto_where append. A new SuiteCRM_7.10.9_SecuritySuite_v3.1.12b.zip has been uploaded.