<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""> Hello all,<div class=""><br class=""></div><div class="">I’m having some trouble with sharing lists. The workflow the client is following:</div><div class="">Admin creates lista -> shares it with users</div><div class=""><br class=""></div><div class="">The User can’t access this list and is redirected to the general list all.</div><div class=""><br class=""></div><div class="">User with whom the list is shared have role CEO (we had to make all CEO in order for them to assign tasks to any user of any role - very particular use case, I’d argue they should review their process), using Vtiger 7.1</div><div class=""><br class=""></div><div class="">Debugging I found this code in modules/CutomView/CustomView.php line 2007 and following in function isPermittedCustomView(), (any one can tell me why so much code is commented out?)</div><div class=""><br class=""></div><div class=""><pre style="background-color: rgb(255, 255, 255); color: rgb(74, 92, 110); font-family: Menlo;" class=""><span style="color: rgb(242, 137, 49);" class="">elseif </span>(<span style="color: rgb(155, 112, 177);" class="">$status </span>== <span style="color: rgb(155, 112, 177); font-style: italic;" class="">CV_STATUS_PRIVATE </span>|| <span style="color: rgb(155, 112, 177);" class="">$status </span>== <span style="color: rgb(155, 112, 177); font-style: italic;" class="">CV_STATUS_PENDING</span>) {<br class=""> <span style="color: rgb(155, 112, 177);" class="">$log</span>-><span style="color: rgb(167, 95, 0);" class="">debug</span>(<span style="color: rgb(166, 202, 145);" class="">"Entering when status=1 or 2"</span>)<span style="color: rgb(242, 137, 49);" class="">;<br class=""></span><span style="color: rgb(242, 137, 49);" class=""> if </span>(<span style="color: rgb(155, 112, 177);" class="">$userid </span>== <span style="color: rgb(155, 112, 177);" class="">$current_user</span>-><span style="color: rgb(155, 112, 177);" class="">id</span>)<br class=""> <span style="color: rgb(155, 112, 177);" class="">$permission </span>= <span style="color: rgb(166, 202, 145);" class="">"yes"</span><span style="color: rgb(242, 137, 49);" class="">;<br class=""></span><span style="color: rgb(242, 137, 49);" class=""> else </span>{<br class=""> <span style="color: rgb(159, 159, 159);" class="">/* if($action == 'ListView' || $action == $module."Ajax" || $action == 'index')<br class=""></span><span style="color: rgb(159, 159, 159);" class=""> { */<br class=""></span><span style="color: rgb(159, 159, 159);" class=""> </span><span style="color: rgb(155, 112, 177);" class="">$log</span>-><span style="color: rgb(167, 95, 0);" class="">debug</span>(<span style="color: rgb(166, 202, 145);" class="">"Entering when status=1 or status=2 & action = ListView or </span><span style="color: rgb(155, 112, 177);" class="">$module</span><span style="color: rgb(166, 202, 145);" class="">.Ajax or index"</span>)<span style="color: rgb(242, 137, 49);" class="">;<br class=""></span><span style="color: rgb(242, 137, 49);" class=""> </span><span style="color: rgb(155, 112, 177);" class="">$sql </span>= <span style="color: rgb(166, 202, 145);" class="">"select <a href="http://vtiger_users.id" class="">vtiger_users.id</a> from vtiger_customview inner join vtiger_users where vtiger_customview.cvid = ? and vtiger_customview.userid in (select vtiger_user2role.userid from vtiger_user2role inner join vtiger_users on <a href="http://vtiger_users.id" class="">vtiger_users.id</a>=vtiger_user2role.userid inner join vtiger_role on vtiger_role.roleid=vtiger_user2role.roleid where vtiger_role.parentrole like '%" </span>. <span style="color: rgb(155, 112, 177);" class="">$current_user_parent_role_seq </span>. <span style="color: rgb(166, 202, 145);" class="">"::%')"</span><span style="color: rgb(242, 137, 49);" class="">;<br class=""></span><span style="color: rgb(242, 137, 49);" class=""> </span><span style="color: rgb(155, 112, 177);" class="">$result </span>= <span style="color: rgb(155, 112, 177);" class="">$adb</span>-><span style="color: rgb(167, 95, 0);" class="">pquery</span>(<span style="color: rgb(155, 112, 177);" class="">$sql</span><span style="color: rgb(242, 137, 49);" class="">, array</span>(<span style="color: rgb(155, 112, 177);" class="">$record_id</span>))<span style="color: rgb(242, 137, 49);" class="">;<br class=""></span><span style="color: rgb(242, 137, 49);" class=""> while </span>(<span style="color: rgb(155, 112, 177);" class="">$row </span>= <span style="color: rgb(155, 112, 177);" class="">$adb</span>-><span style="color: rgb(167, 95, 0);" class="">fetchByAssoc</span>(<span style="color: rgb(155, 112, 177);" class="">$result</span>)) {<br class=""> <span style="color: rgb(155, 112, 177);" class="">$temp_result</span>[] = <span style="color: rgb(155, 112, 177);" class="">$row</span>[<span style="color: rgb(166, 202, 145);" class="">'id'</span>]<span style="color: rgb(242, 137, 49);" class="">;<br class=""></span><span style="color: rgb(242, 137, 49);" class=""> </span>}<br class=""> <span style="color: rgb(155, 112, 177);" class="">$user_array </span>= <span style="color: rgb(155, 112, 177);" class="">$temp_result</span><span style="color: rgb(242, 137, 49);" class="">;<br class=""></span><span style="color: rgb(242, 137, 49);" class=""> if </span>(sizeof(<span style="color: rgb(155, 112, 177);" class="">$user_array</span>) > <span style="color: rgb(93, 151, 196);" class="">0</span>) {<br class=""> <span style="color: rgb(242, 137, 49);" class="">if </span>(!in_array(<span style="color: rgb(155, 112, 177);" class="">$current_user</span>-><span style="color: rgb(155, 112, 177);" class="">id</span><span style="color: rgb(242, 137, 49);" class="">, </span><span style="color: rgb(155, 112, 177);" class="">$user_array</span>))<br class=""> <span style="color: rgb(155, 112, 177);" class="">$permission </span>= <span style="color: rgb(166, 202, 145);" class="">"no"</span><span style="color: rgb(242, 137, 49);" class="">;<br class=""></span><span style="color: rgb(242, 137, 49);" class=""> else<br class=""></span><span style="color: rgb(242, 137, 49);" class=""> </span><span style="color: rgb(155, 112, 177);" class="">$permission </span>= <span style="color: rgb(166, 202, 145);" class="">"yes"</span><span style="color: rgb(242, 137, 49);" class="">;<br class=""></span><span style="color: rgb(242, 137, 49);" class=""> </span>}<br class=""> <span style="color: rgb(242, 137, 49);" class="">else<br class=""></span><span style="color: rgb(242, 137, 49);" class=""> </span><span style="color: rgb(155, 112, 177);" class="">$permission </span>= <span style="color: rgb(166, 202, 145);" class="">"no"</span><span style="color: rgb(242, 137, 49);" class="">;</span></pre><div class=""><br class=""></div></div><div class="">The problem seems the query in this part:</div><div class=""><pre style="background-color: rgb(255, 255, 255); color: rgb(74, 92, 110); font-family: Menlo;" class=""><span style="color: rgb(166, 202, 145);" class="">where vtiger_role.parentrole like '%" </span>. <span style="color: rgb(155, 112, 177);" class="">$current_user_parent_role_seq </span>. <span style="color: rgb(166, 202, 145);" class="">"::%')</span></pre><div class="">So when it compiles for my user it becomes this:</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><div class="">SELECT</div><div class=""> <a href="http://vtiger_users.id" class="">vtiger_users.id</a></div><div class="">FROM</div><div class=""> vtiger_customview</div><div class="">INNER JOIN vtiger_users WHERE vtiger_customview.cvid = '207' AND vtiger_customview.userid IN(</div><div class=""> SELECT</div><div class=""> vtiger_user2role.userid</div><div class=""> FROM</div><div class=""> vtiger_user2role</div><div class=""> INNER JOIN vtiger_users ON <a href="http://vtiger_users.id" class="">vtiger_users.id</a> = vtiger_user2role.userid</div><div class=""> INNER JOIN vtiger_role ON vtiger_role.roleid = vtiger_user2role.roleid</div><div class=""> WHERE</div><div class=""> vtiger_role.parentrole LIKE '%H1::H2::%'</div><div class="">)</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">The last ::% makes the query return empty set. I think before appending “::%” you should consider if it’s a specific role or a set of roles and sub. I’ve tried sharing with just role CEO still nothing changes… Also in past I’ve had problem updating list which used custom fields in column list or condition, error was just a json with generic error message.</div><div class=""><br class=""></div><div class="">Any ideas how I can solve without disabling the whole check?</div><div class=""><br class=""></div><div class="">P.S. </div><div class=""><div class=""><div class="">Wouldn’t be more efficient doing check in query directly $current_user->id and $current_user->role instead of doing on PHP side? </div><div class=""><br class="webkit-block-placeholder"></div><div class="">
<div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div>Best Regards,<br class="">Sukhdev Mohan<br class="">———————————</div><div>Cel. (+39) 320 7020345<br class=""><a href="mailto:s.mohan@myti.it" class="">Email s.mohan@myti.it</a></div><div class=""><br class=""></div></div><br class="Apple-interchange-newline"><br class="Apple-interchange-newline">
</div>
<br class=""></div></div></body></html>