starred/SuiteCRM-SuiteCRM
1
0
Fork 0
mirror of https://github.com/SuiteCRM/SuiteCRM.git synced 2026-03-02 19:16:58 -05:00
Code Issues 1.2k Projects Packages Wiki Activity

Reports causing fatal sql error under certain conditions #4949

New issue
Open
opened 2026-02-20 16:26:47 -05:00 by deekerman · 0 comments
deekerman commented 2026-02-20 16:26:47 -05:00
Owner
Copy link

Originally created by @ojs87 on GitHub (Feb 8, 2023).

Issue

When the Filter User List security groups setting is checked, Reports containing User related fields such as "Cases: Assigned To User - First Name" are returning no results due to an sql error. This only happens for non-admin users.

Query Failed: SELECT `cases`.assigned_user_id AS 'Assigned_to0', `cases`.case_number AS 'Number1', `cases:assigned_user_link`.last_name AS 'Last_Name2' FROM `cases` LEFT JOIN users `cases:assigned_user_link` ON `cases`.assigned_user_id=`cases:assigned_user_link`.id AND `cases:assigned_user_link`.deleted=0

 AND  users.id in (
            select sec.user_id from securitygroups_users sec
            inner join securitygroups_users secu on sec.securitygroup_id = secu.securitygroup_id and secu.deleted = 0
                and secu.user_id = 'dbbc549a-4s88-37e7-cdde-627928601837'
            where sec.deleted = 0
        ) WHERE ( `cases`.type = 'Project' AND (`cases`.status = 'Open_Assigned') ) AND  cases.deleted = 0  AND  ( cases.assigned_user_id ='dbbc549a-4s88-37e7-cdde-627928601837'  or  cases.id in (
                    select secr.record_id from securitygroups secg
                    inner join securitygroups_users secu on secg.id = secu.securitygroup_id and secu.deleted = 0
                        and secu.user_id = 'dbbc549a-4s88-37e7-cdde-627928601837'
                    inner join securitygroups_records secr on secg.id = secr.securitygroup_id and secr.deleted = 0
                        and secr.module = 'Cases'
                    where secg.deleted = 0
                ))  GROUP BY `cases`.assigned_user_id, `cases`.case_number, `cases:assigned_user_link`.last_name LIMIT 0,20: MySQL error 1054: Unknown column 'users.id' in 'IN/ALL/ANY subquery'

Expected Behavior

The report previously returned results without the User related fields due to ACL permissions, but the rest of the report was intact.

Actual Behavior

No results are returned.

Possible Fix

A few possible fixes:

The new function in 7.13, buildAccessWhere(), should contain an exception for when it is called by Reports to prevent the sql error.

build_report_access_query() should revert to the previous iteration without calling buildAccessWhere()

Steps to Reproduce

  1. Check Filter User List in Admin->Security Group Settings
  2. Create a Report for Cases and add a field from Cases:Assigned To User
  3. Login as a non-admin User
  4. Attempt to run the report

Context

Some reports that previously worked(at least partially for non-admin users) no longer work.

Your Environment

  • SuiteCRM Version used: SuiteCRM 7.13.1
  • Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Firefox 109
  • Environment name and version (e.g. MySQL, PHP 7): PHP 7.4
  • Operating System and version (e.g Ubuntu 16.04): Ubuntu 20.04
Originally created by @ojs87 on GitHub (Feb 8, 2023). <!--- Provide a general summary of the issue in the **Title** above --> <!--- Before you open an issue, please check if a similar issue already exists or has been closed before. ---> <!--- If you have discovered a security risk please report it by emailing security@suitecrm.com. This will be delivered to the product team who handle security issues. Please don't disclose security bugs publicly until they have been handled by the security team. ---> <!--- Please be aware that as of the 31st January 2022 we no longer support 7.10.x. New issues referring to 7.10.x will only be valid if applicable to 7.12.x and above. If your issue is still applicable in 7.12.x, please create the issue following the template below --> #### Issue When the Filter User List security groups setting is checked, Reports containing User related fields such as "Cases: Assigned To User - First Name" are returning no results due to an sql error. This only happens for non-admin users. ```` Query Failed: SELECT `cases`.assigned_user_id AS 'Assigned_to0', `cases`.case_number AS 'Number1', `cases:assigned_user_link`.last_name AS 'Last_Name2' FROM `cases` LEFT JOIN users `cases:assigned_user_link` ON `cases`.assigned_user_id=`cases:assigned_user_link`.id AND `cases:assigned_user_link`.deleted=0 AND users.id in ( select sec.user_id from securitygroups_users sec inner join securitygroups_users secu on sec.securitygroup_id = secu.securitygroup_id and secu.deleted = 0 and secu.user_id = 'dbbc549a-4s88-37e7-cdde-627928601837' where sec.deleted = 0 ) WHERE ( `cases`.type = 'Project' AND (`cases`.status = 'Open_Assigned') ) AND cases.deleted = 0 AND ( cases.assigned_user_id ='dbbc549a-4s88-37e7-cdde-627928601837' or cases.id in ( select secr.record_id from securitygroups secg inner join securitygroups_users secu on secg.id = secu.securitygroup_id and secu.deleted = 0 and secu.user_id = 'dbbc549a-4s88-37e7-cdde-627928601837' inner join securitygroups_records secr on secg.id = secr.securitygroup_id and secr.deleted = 0 and secr.module = 'Cases' where secg.deleted = 0 )) GROUP BY `cases`.assigned_user_id, `cases`.case_number, `cases:assigned_user_link`.last_name LIMIT 0,20: MySQL error 1054: Unknown column 'users.id' in 'IN/ALL/ANY subquery' ```` #### Expected Behavior The report previously returned results without the User related fields due to ACL permissions, but the rest of the report was intact. #### Actual Behavior No results are returned. #### Possible Fix A few possible fixes: The new function in 7.13, buildAccessWhere(), should contain an exception for when it is called by Reports to prevent the sql error. build_report_access_query() should revert to the previous iteration without calling buildAccessWhere() #### Steps to Reproduce 1. Check Filter User List in Admin->Security Group Settings 2. Create a Report for Cases and add a field from Cases:Assigned To User 3. Login as a non-admin User 4. Attempt to run the report #### Context Some reports that previously worked(at least partially for non-admin users) no longer work. #### Your Environment <!--- Include as many relevant details about the environment you experienced the bug in --> * SuiteCRM Version used: SuiteCRM 7.13.1 * Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Firefox 109 * Environment name and version (e.g. MySQL, PHP 7): PHP 7.4 * Operating System and version (e.g Ubuntu 16.04): Ubuntu 20.04
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
hotfix
develop
master
feature/php-8.4-compatibility
hotfix-7.14.x
next
feature/campaigns_revert
v7.15.0
v7.14.8
v7.14.7
v7.14.6
v7.14.5
v7.14.4
v7.14.3
v7.12.14
v7.14.2
v7.14.1
v7.12.13
v7.14.0
v7.14.0-beta
v7.13.4
v7.12.12
v7.12.11
v7.13.3
v7.12.10
v7.13.2
v7.12.9
v7.13.1
v7.13.0
v7.13.0-beta
v7.12.8
v7.12.7
v7.12.6
v7.12.5
v7.12.4
v7.12.3
v7.10.36
v7.12.2
v7.10.35
v7.12.1
v7.10.34
v7.11.23
v7.12.0
v7.12-rc
v7.11.22
v7.10.33
v7.11.21
v7.10.32
v7.11.20
v7.10.31
v7.11.19
v7.10.30
v8.0.0-beta.1
v7.10.29
v7.11.18
v7.11.17
v7.11.16
v7.10.28
v7.11.15
v7.10.27
v7.11.14
v7.10.26
v7.11.13
v7.10.25
v7.11.12
v7.10.24
v7.10.23
v7.11.11
v7.10.22
v7.11.10
v7.10.21
v7.11.9
v7.11.8
v7.10.20
v7.11.7
v7.10.19
v7.8.31
v7.10.18
v7.11.6
v7.11.5
v7.10.17
v7.8.30
v7.11.4
v7.10.16
v7.8.29
v7.11.3
v7.10.15
v7.8.28
v7.11.2
v7.10.14
v7.8.27
v7.11.1
v7.8.26
v7.10.13
v7.11.0
v7.10.12
v7.8.25
v7.11-rc-2
v7.11-rc
v7.10.11
v7.8.24
v7.11-beta
v7.10.10
v7.8.23
v7.10.9
v7.8.22
v7.10.8
v7.8.21
v7.10.7
v7.10.6
v7.8.20
v7.10.5
v7.8.19
v7.10.4
v7.10.3
v7.9.17
v7.8.18
v7.8.17
v7.10.2
v7.9.16
v7.8.16
7.9.15
v7.10.1
v7.10.0
v7.9.14
v7.8.15
v7.8.14
v7.9.13
v7.10-RC-2
v7.8.13
v7.9.12
v.7.9.11
v7.9.11
v7.8.12
v7.9.10
v7.8.11
v7.10-RC
v7.9.9
v7.8.10
v7.10-beta-3
v7.9.8
v7.8.9
v7.10-beta-2
v7.10-beta
v7.9.7
v7.8.8
v7.8.7
7.9.6
v7.9.5
v7.8.6
v7.9.4
v7.9.3
v7.9.2
v7.9.1
v7.8.5
v7.9.0
v7.8.4
v7.9.0-rc
v7.9.0-beta
v7.8.3
v7.8.2
v7.8.1
v7.8.0
v7.8.0-rc
v7.8.0-beta.2
v7.7.9
v7.8.0-beta
v7.7.8
v7.6.10
v7.7.7
v7.6.9
v7.7.6
v7.6.8
v7.7.5
v7.6.7
v7.7.4
v7.7.3
v7.7.2
v7.7.1
v7.7
v7.7-rc2
v7.7-rc
v7.6.6
v7.5.5
v7.6.5
v7.5.4
v7.7-beta2
v7.7-beta1
v7.6.4
v7.6.3
v7.6.2
v7.6.1
v7.6
v7.6-rc
v7.6-beta.2
v7.6-beta-1
v7.5.3
v7.5.2
v7.5.1
v7.5
v7.5-rc
v7.5-beta.2
v7.5-beta
v7.4.3
v7.4.2
v7.4.1
v7.4
v7.3.2
v7.4-rc
v7.4-beta.2
v7.4-beta
v7.3.1
v7.2.4
v7.3
v7.1.8
v7.3beta3
v7.2.3
v7.3-beta
v7.2.2
7.2.2
v7.1.7
7.1.7
v7.1.6
v7.2.1
v7.2
v7.2beta3
v7.1.5
v7.2beta2
v7.2beta
v7.1.4
v7.1.3
v7.1.2
v7.1.1
v7.1
v7.1RC2
v7.1RC
v7.1beta2
v7.1beta
v7.0.2
v7.0.1
Labels
Clear labels   
Area: API

   
Area: Campaigns

   
Area: Cases

   
Area: Clean Up

   
Area: Clean Up: Performance

   
Area: Dashlets

   
Area: Databases

   
Area: Developer Tools

   
Area: Elasticsearch

   
Area: Elasticsearch

   
Area: Emails

   
Area: Emails:Campaigns

   
Area: Emails:Cases

   
Area: Emails:Compose

   
Area: Emails:Config

   
Area: Emails:Templates

   
Area: Environment

   
Area: Installation

   
Area: Language

   
Area: Mobile

   
Area: Module

   
Area: PDFs

   
Area: PHP8

   
Area: Reports

   
Area: Studio

   
Area: Styling

   
Area: Upgrading

   
Area: Workflow

   
Area:Activity Stream

   
Area:Calls

   
Area:Import

   
Area:Projects

   
Area:Search

   
Area:Surveys

   
Area:Themes

   
Area:Users

   
Branch:Hotfix

   
Good First Issue

   
Hacktoberfest

   
Help Wanted

   
PR:Community Contribution

   
PR:Type:Enhancement

   
Priority:Critical

   
Priority:Important

   
Priority:Moderate

   
Severity: Major

   
Severity: Minor

   
Severity: Moderate

   
Status: Requires Code Review

   
Status: Requires Updates

   
Status: Stale

   
Status: Team Investigating

   
Status:Assessed

   
Status:Fix Proposed

   
Status:Needs Assessed

   
Status:Requires Automated Tests

   
Type: Bug

   
Type:Deprecated

   
Type:Discussion

   
Type:Duplicate

   
Type:Invalid

   
Type:Question

   
Type:Suggestion

   
Type:Suggestion
No labels
Area: API
Area: Campaigns
Area: Cases
Area: Clean Up
Area: Clean Up: Performance
Area: Dashlets
Area: Databases
Area: Developer Tools
Area: Elasticsearch
Area: Elasticsearch
Area: Emails
Area: Emails:Campaigns
Area: Emails:Cases
Area: Emails:Compose
Area: Emails:Config
Area: Emails:Templates
Area: Environment
Area: Installation
Area: Language
Area: Mobile
Area: Module
Area: PDFs
Area: PHP8
Area: Reports
Area: Studio
Area: Styling
Area: Upgrading
Area: Workflow
Area:Activity Stream
Area:Calls
Area:Import
Area:Projects
Area:Search
Area:Surveys
Area:Themes
Area:Users
Branch:Hotfix
Good First Issue
Hacktoberfest
Help Wanted
PR:Community Contribution
PR:Type:Enhancement
Priority:Critical
Priority:Important
Priority:Moderate
Severity: Major
Severity: Minor
Severity: Moderate
Status: Requires Code Review
Status: Requires Updates
Status: Stale
Status: Team Investigating
Status:Assessed
Status:Fix Proposed
Status:Needs Assessed
Status:Requires Automated Tests
Type: Bug
Type:Deprecated
Type:Discussion
Type:Duplicate
Type:Invalid
Type:Question
Type:Suggestion
Type:Suggestion
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/SuiteCRM-SuiteCRM#4949
No description provided.