[Vtigercrm-developers] Sharing Lists

Sukhdev Mohan s.mohan at myti.it
Tue Apr 14 21:14:52 GMT 2020 

 Hello all,

I’m having some trouble with sharing lists. The workflow the client is following:
Admin creates lista -> shares it with users

The User can’t access this list and is redirected to the general list all.

User with whom the list is shared have role CEO (we had to make all CEO in order for them to assign tasks to any user of any role - very particular use case, I’d argue they should review their process), using Vtiger 7.1

Debugging I found this code in modules/CutomView/CustomView.php line 2007 and following in function isPermittedCustomView(), (any one can tell me why so much code is commented out?)

elseif ($status == CV_STATUS_PRIVATE || $status == CV_STATUS_PENDING) {
   $log->debug("Entering when status=1 or 2");
   if ($userid == $current_user->id)
      $permission = "yes";
   else {
      /* if($action == 'ListView' || $action == $module."Ajax" || $action == 'index')
        { */
      $log->debug("Entering when status=1 or status=2 & action = ListView or $module.Ajax or index");
      $sql = "select vtiger_users.id from vtiger_customview inner join vtiger_users where vtiger_customview.cvid = ? and vtiger_customview.userid in (select vtiger_user2role.userid from vtiger_user2role inner join vtiger_users on vtiger_users.id=vtiger_user2role.userid inner join vtiger_role on vtiger_role.roleid=vtiger_user2role.roleid where vtiger_role.parentrole like '%" . $current_user_parent_role_seq . "::%')";
      $result = $adb->pquery($sql, array($record_id));
      while ($row = $adb->fetchByAssoc($result)) {
         $temp_result[] = $row['id'];
      }
      $user_array = $temp_result;
      if (sizeof($user_array) > 0) {
         if (!in_array($current_user->id, $user_array))
            $permission = "no";
         else
            $permission = "yes";
      }
      else
         $permission = "no";

The problem seems the query in this part:
where vtiger_role.parentrole like '%" . $current_user_parent_role_seq . "::%')
So when it compiles for my user it becomes this:


SELECT
    vtiger_users.id
FROM
    vtiger_customview
INNER JOIN vtiger_users WHERE vtiger_customview.cvid = '207' AND vtiger_customview.userid IN(
    SELECT
        vtiger_user2role.userid
    FROM
        vtiger_user2role
    INNER JOIN vtiger_users ON vtiger_users.id = vtiger_user2role.userid
    INNER JOIN vtiger_role ON vtiger_role.roleid = vtiger_user2role.roleid
    WHERE
        vtiger_role.parentrole LIKE '%H1::H2::%'
)


The last ::% makes the query return empty set. I think before appending “::%”  you should consider if it’s a specific role or a set of roles and sub. I’ve tried sharing with just role CEO still nothing changes… Also in past I’ve had problem updating list which used custom fields in column list or condition, error was just a json with generic error message.

Any ideas how I can solve without disabling the whole check?

P.S. 
Wouldn’t be more efficient doing check in query directly $current_user->id and $current_user->role instead of doing on PHP side? 

Best Regards,
Sukhdev Mohan
———————————
Cel. (+39) 320 7020345
Email s.mohan at myti.it




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20200414/1b5e9bf2/attachment.html>

More information about the vtigercrm-developers mailing list