by eggsurplus

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Free 30 day trial
Try it Now

#3961 - Problem with list view

In Progress Bug? created by dsanchezcrm5 10 months ago

Hi.
I selected the Strict Right option and additional Rights

I have two security Groups A and B.
Group A can list and edit records. Only group.
Group B can neither list nor edit. Not allowed

A user with Groups A and B should neither list nor edit a record with Group B. Beacuse only the B group rights should be applied.

However, the record is listed but cannot be edited.
Seems that as Group A has the "group" option in the "list" action. the module test if the user and the record share any Group.

In the example. As user and record share the Group B. the module "thinks" that group right of Group A should be apllied.

I need list only record with Group A.

Any help would be very thankfully.

Thank you in advance

  1. eggsurplus member avatar

    eggsurplus Provider Affiliate

    10 months ago

    Hello,

    Unfortunately, you found an edge case limitation here of the CRM framework. There isn't a way to apply Strict Rights on the list view. This setting can only be applied on the detail/edit actions.

    Usually this isn't an issue because if you want a user to have Detail rights to a Group B record then there usually isn't a reason to not see it in ready only fashion on the list view. Requiring it not to show on the list view is where it gets tricky internally.

    A work around is to filter the list view by Group A only. I imagine adding the Security Group filter to the list view and letting the user pick whether to filter by Group A or Group B is out of the question. Because of that, this will need to be done in the code and it gets technical fast. There isn't a way to avoid that given what you are trying to do. I can help guide at a high level, but can't do the work itself. If this is wanted let me know and I'll lay out the general idea.

    Sorry!
    Jason

  2. dsanchezcrm5 member avatar

    dsanchezcrm5

    10 months ago

    Hi thank you for your fast answer.

    I dont want to list a record that cannot be edited.
    I want that the view list only list records which can be edited.
    In the Example , record with Group A should be listed . the record with the group B must be ignored..

    Anyway, add a custom filter could be fine.
    Could you guide me with the idea and what file mus be edited?

    Thank you very much

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      10 months ago

      Happy to help.

      Usually companies still want those to show on list views so that users can click through to the detail view.

      For filtering Group B automatically you will need to go to each module in the /modules directory. In each module is a /views/view.list.php file. Edit that view.list.php file. There should be a processSearchForm() function. If not, that will need to be copied over from the parent file (include/MVC/View/views/view.list.php).

      Before the display() call at the bottom you will want to add a condition to the where_clauses array. It will look something like this:

      psuedo code

      global $current_user;
      $where_clauses[] = "not exists exists (select g.id from securitygroups g inner join securitygroups_records r on g.id = r.securitygroup_id and r.deleted = 0 where r.record_id = YOURCURRENTMODULETABLE.id and g.deleted = 0 and g.name = 'Group B'";
      

      Wrap with additional logic as needed. Be sure to edit that query is needed.

      You may want to do a simpler where_clause query just to prove that you have that part right. Such as:

      $where_clauses[] = "and YOURCURRENTMODULETABLE.status = 'Active'";
      

      Edit for some field/value combo that your list view has.

      Hope this helps!

    • dsanchezcrm5 member avatar

      dsanchezcrm5

      10 months ago

      Thank you very much.

      A last question.
      To be update safe the function must be overwriten in custom folder, Isn't it?
      The file has to be placed in custom/modules/MODULENAME/views/view.list.
      I am right?

      Thank you

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      10 months ago

      Great point. Yes, that is the suggested place to copy the view.list.php file over to.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
Rating
  • "The perfect solution for managing security. Very stable and easy to implement. Must-have add-on for every CE implementation!"

    Read More Reviews

Keep up to date on the latest additions

We'll send you an email every month with handpicked add-ons, reviews, tricks and tips. Don't worry, we hate spam as much as you do.