starred/SuiteCRM-SuiteCRM
1
0
Fork 0
mirror of https://github.com/SuiteCRM/SuiteCRM.git synced 2026-03-02 19:16:58 -05:00
Code Issues 1.2k Projects Packages Wiki Activity

Reports not editable by regular users based on "Line Items" Report Module #2453

New issue
Closed
opened 2026-02-20 15:24:07 -05:00 by deekerman · 2 comments
deekerman commented 2026-02-20 15:24:07 -05:00
Owner
Copy link

Originally created by @artjomsmorscakovs on GitHub (Nov 6, 2017).

Issue

Two users: Admin, Regular User
No Roles or Security Groups created
Case #1 Admin creates Report with Report Module equal to "Line Items"
Case #2 Regular User created Report with Report Module equal to "Line Items"

Expected Behavior

Both cases can create and view and edit

Actual Behavior

Case #1 Report created and viewable by Admin, Regular User not able to view it (It sees the record but link doesn`t show, If you try to go to a detailed view using url and Id, then you get error:
"You do not have access to this area. Contact your site administrator to obtain access.

Redirect to Home in 3 seconds

Case #2 After pushing save button you get message "You do not have access to this area. Contact your site administrator to obtain access.

Redirect to Home in 3 seconds

Possible Fix

I was able to fix this by creating records for "Line Items" module in acl_actions table

INSERT INTO acl_actions (id, date_entered, date_modified, modified_user_id, created_by, name, category, acltype, aclaccess, deleted) VALUES ('3b51b254-5b6c-b2db-abc2-582e8ac2f265', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'access', 'AOS_Products_Quotes', 'module', '89', '0'), ('3d6a812a-41b2-c9a5-abc7-582e8a5c8f34', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'delete', 'AOS_Products_Quotes', 'module', '90', '0'), ('3ce4825f-da3e-d3d7-abcf-582e8a4057a6', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'edit', 'AOS_Products_Quotes', 'module', '90', '0'), ('3e76e190-8ca9-f4fe-abc6-582e8ac8c2ec', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'export', 'AOS_Products_Quotes', 'module', '90', '0'), ('3dedb06c-23f1-a963-abc3-582e8a48db52', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'import', 'AOS_Products_Quotes', 'module', '90', '0'), ('3c648899-74c9-673a-abc3-582e8af5b317', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'list', 'AOS_Products_Quotes', 'module', '90', '0'), ('3f002d14-060b-28f0-6bd5-abce8ab1ec1f', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'massupdate', 'AOS_Products_Quotes', 'module', '90', '0'), ('3be1b70f-2f88-a396-030d-abce8a2de8b7', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'view', 'AOS_Products_Quotes', 'module', '90', '0');

Steps to Reproduce

  1. Go To Reports module
  2. Create Report
  3. set Report Module = "Line Items"
  4. Save
  5. Get Access Error

Context

Reports not visible for Reqular Users

Your Environment

  • SuiteCRM Version used: Version 7.9.7
  • Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Version 62.0.3202.75 (Official Build) (64-bit)
  • Environment name and version (e.g. MySQL, PHP 7): MySQL: 5.5.56-2.el7, php: 5.4.16-42.el7
  • Operating System and version (e.g Ubuntu 16.04): ‪CentOS Linux 7.4.1708 (Core)‬
  • Reproducable on https://demo.suiteondemand.com
Originally created by @artjomsmorscakovs on GitHub (Nov 6, 2017). #### Issue Two users: Admin, Regular User No Roles or Security Groups created Case #1 Admin creates Report with Report Module equal to "Line Items" Case #2 Regular User created Report with Report Module equal to "Line Items" #### Expected Behavior Both cases can create and view and edit #### Actual Behavior Case #1 Report created and viewable by Admin, Regular User not able to view it (It sees the record but link doesn`t show, If you try to go to a detailed view using url and Id, then you get error: "You do not have access to this area. Contact your site administrator to obtain access. Redirect to Home in 3 seconds Case #2 After pushing save button you get message "You do not have access to this area. Contact your site administrator to obtain access. Redirect to Home in 3 seconds #### Possible Fix I was able to fix this by creating records for "Line Items" module in acl_actions table INSERT INTO `acl_actions` (`id`, `date_entered`, `date_modified`, `modified_user_id`, `created_by`, `name`, `category`, `acltype`, `aclaccess`, `deleted`) VALUES ('3b51b254-5b6c-b2db-abc2-582e8ac2f265', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'access', 'AOS_Products_Quotes', 'module', '89', '0'), ('3d6a812a-41b2-c9a5-abc7-582e8a5c8f34', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'delete', 'AOS_Products_Quotes', 'module', '90', '0'), ('3ce4825f-da3e-d3d7-abcf-582e8a4057a6', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'edit', 'AOS_Products_Quotes', 'module', '90', '0'), ('3e76e190-8ca9-f4fe-abc6-582e8ac8c2ec', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'export', 'AOS_Products_Quotes', 'module', '90', '0'), ('3dedb06c-23f1-a963-abc3-582e8a48db52', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'import', 'AOS_Products_Quotes', 'module', '90', '0'), ('3c648899-74c9-673a-abc3-582e8af5b317', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'list', 'AOS_Products_Quotes', 'module', '90', '0'), ('3f002d14-060b-28f0-6bd5-abce8ab1ec1f', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'massupdate', 'AOS_Products_Quotes', 'module', '90', '0'), ('3be1b70f-2f88-a396-030d-abce8a2de8b7', '2016-11-18 05:00:25', '2016-11-18 05:00:25', '1', '', 'view', 'AOS_Products_Quotes', 'module', '90', '0'); #### Steps to Reproduce 1. Go To Reports module 2. Create Report 3. set Report Module = "Line Items" 4. Save 5. Get Access Error #### Context Reports not visible for Reqular Users #### Your Environment <!--- Include as many relevant details about the environment you experienced the bug in --> * SuiteCRM Version used: Version 7.9.7 * Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Version 62.0.3202.75 (Official Build) (64-bit) * Environment name and version (e.g. MySQL, PHP 7): MySQL: 5.5.56-2.el7, php: 5.4.16-42.el7 * Operating System and version (e.g Ubuntu 16.04): ‪CentOS Linux 7.4.1708 (Core)‬ * Reproducable on https://demo.suiteondemand.com
deekerman commented 2026-02-20 15:24:09 -05:00
Author
Owner
Copy link

@iteschke commented on GitHub (Dec 29, 2017):

I have a problem in reporting module which is very similar:

Issue

Regular user cannot create a report with a condition which bases on a line item which is linked from another module. Corresponding reports which were created by an admin cannot be executed by a regular user.

Expected Behavior

Regular user can select fields from line items as a condition.

Actual Behavior

The field of line items will not appear for selection when defining a condition.

Steps to Reproduce

  1. Logon as a regular user
  2. Create Report
  3. set Report Module = "Quotes"
  4. Define Conditions
  5. Selection line_items (LBL_AOS_PRODUCT_QUOTES)
  6. Selection line items
  7. No fields of line items are offered for selection.

Environment

  • SuiteCRM Version used: Version 7.8.8
  • Browser Name and Version: Firefox ESR 52.5.3
  • Language package: German

Thanks,
Ingo

@iteschke commented on GitHub (Dec 29, 2017): I have a problem in reporting module which is very similar: **Issue** Regular user cannot create a report with a condition which bases on a line item which is linked from another module. Corresponding reports which were created by an admin cannot be executed by a regular user. **Expected Behavior** Regular user can select fields from line items as a condition. **Actual Behavior** The field of line items will not appear for selection when defining a condition. **Steps to Reproduce** 1. Logon as a regular user 2. Create Report 3. set Report Module = "Quotes" 4. Define Conditions 5. Selection line_items (LBL_AOS_PRODUCT_QUOTES) 6. Selection line items 7. No fields of line items are offered for selection. **Environment** - SuiteCRM Version used: Version 7.8.8 - Browser Name and Version: Firefox ESR 52.5.3 - Language package: German Thanks, Ingo
deekerman commented 2026-02-20 15:24:09 -05:00
Author
Owner
Copy link

@PedroErnst commented on GitHub (Feb 7, 2018):

Thanks @artjomsmorscakovs and @iteschke

I've been looking into this and I think the underlying problem is that there is no permissions for line items per se, in this case the system should look at the permission for Quotes for the user, and if the user has access to Quotes he should be able to see Line Items Reports.

@PedroErnst commented on GitHub (Feb 7, 2018): Thanks @artjomsmorscakovs and @iteschke I've been looking into this and I think the underlying problem is that there is no permissions for line items per se, in this case the system should look at the permission for Quotes for the user, and if the user has access to Quotes he should be able to see Line Items Reports.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
hotfix
develop
master
feature/php-8.4-compatibility
hotfix-7.14.x
next
feature/campaigns_revert
v7.15.0
v7.14.8
v7.14.7
v7.14.6
v7.14.5
v7.14.4
v7.14.3
v7.12.14
v7.14.2
v7.14.1
v7.12.13
v7.14.0
v7.14.0-beta
v7.13.4
v7.12.12
v7.12.11
v7.13.3
v7.12.10
v7.13.2
v7.12.9
v7.13.1
v7.13.0
v7.13.0-beta
v7.12.8
v7.12.7
v7.12.6
v7.12.5
v7.12.4
v7.12.3
v7.10.36
v7.12.2
v7.10.35
v7.12.1
v7.10.34
v7.11.23
v7.12.0
v7.12-rc
v7.11.22
v7.10.33
v7.11.21
v7.10.32
v7.11.20
v7.10.31
v7.11.19
v7.10.30
v8.0.0-beta.1
v7.10.29
v7.11.18
v7.11.17
v7.11.16
v7.10.28
v7.11.15
v7.10.27
v7.11.14
v7.10.26
v7.11.13
v7.10.25
v7.11.12
v7.10.24
v7.10.23
v7.11.11
v7.10.22
v7.11.10
v7.10.21
v7.11.9
v7.11.8
v7.10.20
v7.11.7
v7.10.19
v7.8.31
v7.10.18
v7.11.6
v7.11.5
v7.10.17
v7.8.30
v7.11.4
v7.10.16
v7.8.29
v7.11.3
v7.10.15
v7.8.28
v7.11.2
v7.10.14
v7.8.27
v7.11.1
v7.8.26
v7.10.13
v7.11.0
v7.10.12
v7.8.25
v7.11-rc-2
v7.11-rc
v7.10.11
v7.8.24
v7.11-beta
v7.10.10
v7.8.23
v7.10.9
v7.8.22
v7.10.8
v7.8.21
v7.10.7
v7.10.6
v7.8.20
v7.10.5
v7.8.19
v7.10.4
v7.10.3
v7.9.17
v7.8.18
v7.8.17
v7.10.2
v7.9.16
v7.8.16
7.9.15
v7.10.1
v7.10.0
v7.9.14
v7.8.15
v7.8.14
v7.9.13
v7.10-RC-2
v7.8.13
v7.9.12
v.7.9.11
v7.9.11
v7.8.12
v7.9.10
v7.8.11
v7.10-RC
v7.9.9
v7.8.10
v7.10-beta-3
v7.9.8
v7.8.9
v7.10-beta-2
v7.10-beta
v7.9.7
v7.8.8
v7.8.7
7.9.6
v7.9.5
v7.8.6
v7.9.4
v7.9.3
v7.9.2
v7.9.1
v7.8.5
v7.9.0
v7.8.4
v7.9.0-rc
v7.9.0-beta
v7.8.3
v7.8.2
v7.8.1
v7.8.0
v7.8.0-rc
v7.8.0-beta.2
v7.7.9
v7.8.0-beta
v7.7.8
v7.6.10
v7.7.7
v7.6.9
v7.7.6
v7.6.8
v7.7.5
v7.6.7
v7.7.4
v7.7.3
v7.7.2
v7.7.1
v7.7
v7.7-rc2
v7.7-rc
v7.6.6
v7.5.5
v7.6.5
v7.5.4
v7.7-beta2
v7.7-beta1
v7.6.4
v7.6.3
v7.6.2
v7.6.1
v7.6
v7.6-rc
v7.6-beta.2
v7.6-beta-1
v7.5.3
v7.5.2
v7.5.1
v7.5
v7.5-rc
v7.5-beta.2
v7.5-beta
v7.4.3
v7.4.2
v7.4.1
v7.4
v7.3.2
v7.4-rc
v7.4-beta.2
v7.4-beta
v7.3.1
v7.2.4
v7.3
v7.1.8
v7.3beta3
v7.2.3
v7.3-beta
v7.2.2
7.2.2
v7.1.7
7.1.7
v7.1.6
v7.2.1
v7.2
v7.2beta3
v7.1.5
v7.2beta2
v7.2beta
v7.1.4
v7.1.3
v7.1.2
v7.1.1
v7.1
v7.1RC2
v7.1RC
v7.1beta2
v7.1beta
v7.0.2
v7.0.1
Labels
Clear labels   
Area: API

   
Area: Campaigns

   
Area: Cases

   
Area: Clean Up

   
Area: Clean Up: Performance

   
Area: Dashlets

   
Area: Databases

   
Area: Developer Tools

   
Area: Elasticsearch

   
Area: Elasticsearch

   
Area: Emails

   
Area: Emails:Campaigns

   
Area: Emails:Cases

   
Area: Emails:Compose

   
Area: Emails:Config

   
Area: Emails:Templates

   
Area: Environment

   
Area: Installation

   
Area: Language

   
Area: Mobile

   
Area: Module

   
Area: PDFs

   
Area: PHP8

   
Area: Reports

   
Area: Studio

   
Area: Styling

   
Area: Upgrading

   
Area: Workflow

   
Area:Activity Stream

   
Area:Calls

   
Area:Import

   
Area:Projects

   
Area:Search

   
Area:Surveys

   
Area:Themes

   
Area:Users

   
Branch:Hotfix

   
Good First Issue

   
Hacktoberfest

   
Help Wanted

   
PR:Community Contribution

   
PR:Type:Enhancement

   
Priority:Critical

   
Priority:Important

   
Priority:Moderate

   
Severity: Major

   
Severity: Minor

   
Severity: Moderate

   
Status: Requires Code Review

   
Status: Requires Updates

   
Status: Stale

   
Status: Team Investigating

   
Status:Assessed

   
Status:Fix Proposed

   
Status:Needs Assessed

   
Status:Requires Automated Tests

   
Type: Bug

   
Type:Deprecated

   
Type:Discussion

   
Type:Duplicate

   
Type:Invalid

   
Type:Question

   
Type:Suggestion

   
Type:Suggestion
No labels
Area: API
Area: Campaigns
Area: Cases
Area: Clean Up
Area: Clean Up: Performance
Area: Dashlets
Area: Databases
Area: Developer Tools
Area: Elasticsearch
Area: Elasticsearch
Area: Emails
Area: Emails:Campaigns
Area: Emails:Cases
Area: Emails:Compose
Area: Emails:Config
Area: Emails:Templates
Area: Environment
Area: Installation
Area: Language
Area: Mobile
Area: Module
Area: PDFs
Area: PHP8
Area: Reports
Area: Studio
Area: Styling
Area: Upgrading
Area: Workflow
Area:Activity Stream
Area:Calls
Area:Import
Area:Projects
Area:Search
Area:Surveys
Area:Themes
Area:Users
Branch:Hotfix
Good First Issue
Hacktoberfest
Help Wanted
PR:Community Contribution
PR:Type:Enhancement
Priority:Critical
Priority:Important
Priority:Moderate
Severity: Major
Severity: Minor
Severity: Moderate
Status: Requires Code Review
Status: Requires Updates
Status: Stale
Status: Team Investigating
Status:Assessed
Status:Fix Proposed
Status:Needs Assessed
Status:Requires Automated Tests
Type: Bug
Type:Deprecated
Type:Discussion
Type:Duplicate
Type:Invalid
Type:Question
Type:Suggestion
Type:Suggestion
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/SuiteCRM-SuiteCRM#2453
No description provided.