by eggsurplus

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Free 30 day trial
Try it Now

#4118 - Apply security groups rules in custom php script called by ajax working with beans

Closed General Question created by adesimone1 Verified Purchase 5 months ago

Hi, I have de following code

<?php
define('sugarEntry', TRUE);
chdir('../../../../');
require_once('include/entryPoint.php');

global $current_user;
$current_user->retrieve($_REQUEST['current_user_id']);

$socios = BeanFactory::getBean('Contacts');

How to apply user security group rules to this bean?

Regards
Adolfo

  1. eggsurplus member avatar

    eggsurplus Provider Affiliate

    5 months ago

    Hi Adolfo,

    I'm not quite understanding what you are asking here. The rules are applied automatically through that contact bean based on the current user.

    Are you wanting to add or remove a group to that contact?

  2. adesimone1 member avatar

    adesimone1 Verified Purchase

    5 months ago

    I'm calling a custom php script with ajax to populate data in edit view, the php script receive logued in user id however the script can access all beans data regardless the sceurity group the user belongs to.

    Hope you can understand the question

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      5 months ago

      Were you able to confirm that current_user loaded correct after doing the retrieve?

      Can you also post the logic for accessing the beans? I'm only seeing the getBean for an empty Contact bean (socios). For those that are returning, is the securitygroup assigned to those records in the CRM and does the securitygroup or user have a role assigned to them that limits the contacts module list rights to Group? You should be able to go to the user's record and click on the Access tab to see if Contacts->List is set to Group, Owner, or None. If it is All then permission configuration needs to be addressed.

  3. adesimone1 member avatar

    adesimone1 Verified Purchase

    5 months ago

    There is no logic hook, is a standalone php script called from javascript,

    js code:

    $.getJSON('custom/modules/CLUB_Tarjetas/php/obtener_socio.php?nro_socio=' + $('#nro_socio').val() + '&current_user_id=' + current_user_id
            , function(data){

       SOME ADITIONAL CODE
    

    });

    php code:

    <?php
    define('sugarEntry', TRUE);
    chdir('../../../../');
    require_once('include/entryPoint.php');

    global $current_user;
    $current_user->retrieve($_REQUEST['current_user_id']);

    $socios = BeanFactory::getBean('Contacts');

    if(!empty($_REQUEST['nro_socio'])){

    $socio = $socios->retrieve_by_string_fields(
            array(
                'nro_socio_c' => $_REQUEST['nro_socio'],
            )
        );
    }

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      5 months ago

      Can you confirm if current_user actually has the current user?

      If so, I've seen a weird case where you need to use $GLOBALS['current_user'] instead. Might be worth using that.

  4. adesimone1 member avatar

    adesimone1 Verified Purchase

    5 months ago

    $GLOBALS['current_user'] makes no difference

    $GLOBALS['current_user']->retrieve($_REQUEST['current_user_id']); retreive de user bean but it can access all contacts records, security group wokr well in list view

    shouldn't I require some security groups scripts?
    is enough require_once('include/entryPoint.php');?

    • eggsurplus member avatar

      eggsurplus Provider Affiliate

      5 months ago

      Can you check the permissions question I asked as well? Check the Access tab for the user you are testing. Make sure Contacts->List is set to anything other than All. If it is set to Group then check the contact records you do not expect to return to see if that group is associated to the record or if the current user is the assigned to user or the created by user.

      No security groups scripts need to be included. The bean takes care of all security as long as the current_user is set and the session is caching the roles correctly.

  5. eggsurplus member avatar

    eggsurplus Provider Affiliate

    4 months ago

    Were you able to figure something out for this? Closing for now, but feel free to follow up if needed.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
Rating
  • "I can say that it has been one of the best modules within our SugarCRM CE instance!"

    Read More Reviews

Keep up to date on the latest additions

We'll send you an email every month with handpicked add-ons, reviews, tricks and tips. Don't worry, we hate spam as much as you do.