by eggsurplus

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Cancel at any time!
Free Trial

#3902 - Bug in your code is causing Database Failure when trying to create a meeting

In Progress Bug? created by rhsfit Verified Purchase a year ago

It really surprised me to find this bug.... Typically SecuritySuite is on point...

Looking in the latest SuiteCRM_7.10.9_SecuritySuite_v3.1.12a zip file. Turn your attention to the file
install_dir/notupgradesafe/include/utils/activity_utils.php
specifically starting at line 56 which is the beginning of the comment block

        $auto_where = ' WHERE ';
        if (!empty($where)) {
            $auto_where .= $where . ' AND ';
        }
        /* BEGIN - SECURITY GROUPS */
        /**
        $auto_where .= " {$bean->rel_users_table}.{$bean_id_name}={$bean->table_name}.id AND {$bean->rel_users_table}.user_id='{$user_id}' AND {$bean->table_name}.deleted=0 AND {$bean->rel_users_table}.deleted=0";

        $cal_view = $_REQUEST['view'];
        global $current_user, $sugar_config;
        // If they shouldn't see non-group records for another user...even if displayed as busy
        if(
            !empty($cal_view) && ($cal_view == 'shared' || $cal_view == 'sharedWeek' || $cal_view == 'sharedMonth')
            && !empty($sugar_config['securitysuite_shared_calendar_hide_restricted']) && $sugar_config['securitysuite_shared_calendar_hide_restricted'] == true
            && $bean->bean_implements('ACL') && ACLController::requireSecurityGroup($bean->module_dir, 'list')
        )
        {
            require_once('modules/SecurityGroups/SecurityGroup.php');
            $group_where = SecurityGroup::getGroupWhere($bean->table_name,$bean->module_dir,$current_user->id);
            $auto_where .= " AND ({$bean->rel_users_table}.user_id='{$user_id}' and ".$group_where.") ";
        } 
        else if(
            !empty($sugar_config['securitysuite_show_group_events']) && $sugar_config['securitysuite_show_group_events'] == true
            && $bean->bean_implements('ACL') && ACLController::requireSecurityGroup($bean->module_dir, 'list')
        )
        {
            require_once('modules/SecurityGroups/SecurityGroup.php');
            $group_where = SecurityGroup::getGroupWhere($bean->table_name,$bean->module_dir,$current_user->id);
            $auto_where .= " AND ({$bean->rel_users_table}.user_id='{$user_id}' OR ".$group_where.") ";
        }
        else
        {
            $auto_where .= " AND {$bean->rel_users_table}.user_id='{$user_id}' ";
        }
        /* END - SECURITY GROUPS */

        $query = $select . $auto_where;

The problem is that if $where is NOT empty, then $auto_where gets an 'AND' appended to the string. But..... since your comment starts were it does, the $autowhere string is never finished. Moving your comment block below the $auto_where .= " {$bean->rel_users_table}.... line solves the problem.    At least it stops causing the database failure errors and my users can get back to work.

~ Brian

  1. eggsurplus member avatar

    eggsurplus Provider Affiliate

    a year ago

    Thanks Brian,

    Looks like a possible merge issue with the last release. I'll look into it today and correct.

  2. eggsurplus member avatar

    eggsurplus Provider Affiliate

    a year ago

    Thanks again for letting me know about this issue. It did end up being a bad merge. It should have been a closed comment followed by a different auto_where append. A new SuiteCRM_7.10.9_SecuritySuite_v3.1.12b.zip has been uploaded.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
Rating
  • "I can say that it has been one of the best modules within our SugarCRM CE instance!"

    Read More Reviews

Keep up to date on the latest additions

We'll send you an email every month with handpicked add-ons, reviews, tricks and tips. Don't worry, we hate spam as much as you do.