Calendar does not respect security roles in regard to Meetings (SuiteCRM 7 Only) #5240

New issue

Open

opened 2026-02-20 16:31:50 -05:00 by deekerman · 2 comments

deekerman commented 2026-02-20 16:31:50 -05:00

Owner

Copy link

Originally created by @pstevens71 on GitHub (Aug 9, 2024).

Issue

Calendar does not respect security roles in regard to Meetings (SuiteCRM 7 Only). I've tested both SutieCRM 7 and SuiteCRM 8 and 8 works as expected. If the user does not have access to the meeting record it does not show. However, in SuiteCRM 7 the meeting record shows regardless of the security role.

Possible Fix

??? not sure yet, going to compare the files in 8 vs 7.

Steps to Reproduce the Issue

1.Add a user to a security role (user A)
2.Limit the user role to see meetings "Owner" listview, and records.
3.Get another user to add a meeting (user B)
4. The first user A can see user B's meetings in the calendar, but if you try to open the meeting, you get the popup, but the meeting info fails 500.
...

Context

Obviously, security roles should be respected in the shared calender view. If the installation decision is to have meetings private, and only accessible by the user, then this should be respected in the calendar view.

Version

7.14.3

What browser are you currently using?

Chrome

Browser Version

No response

Environment Information

PHP 8.1

Operating System and Version

Centos 7 WHM/Cpanel

Originally created by @pstevens71 on GitHub (Aug 9, 2024). ### Issue Calendar does not respect security roles in regard to Meetings (SuiteCRM 7 Only). I've tested both SutieCRM 7 and SuiteCRM 8 and 8 works as expected. If the user does not have access to the meeting record it does not show. However, in SuiteCRM 7 the meeting record shows regardless of the security role. ### Possible Fix ??? not sure yet, going to compare the files in 8 vs 7. ### Steps to Reproduce the Issue ```bash 1.Add a user to a security role (user A) 2.Limit the user role to see meetings "Owner" listview, and records. 3.Get another user to add a meeting (user B) 4. The first user A can see user B's meetings in the calendar, but if you try to open the meeting, you get the popup, but the meeting info fails 500. ... ``` ### Context Obviously, security roles should be respected in the shared calender view. If the installation decision is to have meetings private, and only accessible by the user, then this should be respected in the calendar view. ### Version 7.14.3 ### What browser are you currently using? Chrome ### Browser Version _No response_ ### Environment Information PHP 8.1 ### Operating System and Version Centos 7 WHM/Cpanel

deekerman added the

Type: Bug

Priority:Important

Status: Team Investigating

Severity: Moderate

labels 2026-02-20 16:31:50 -05:00

deekerman commented 2026-02-20 16:31:51 -05:00

Author

Owner

Copy link

@SuiteBot commented on GitHub (Aug 9, 2024):

This issue has been mentioned on SuiteCRM. There might be relevant details there:

https://community.suitecrm.com/t/calendar-not-subject-to-security-roles-suitecrm-7/93655/4

@SuiteBot commented on GitHub (Aug 9, 2024): This issue has been mentioned on **SuiteCRM**. There might be relevant details there: https://community.suitecrm.com/t/calendar-not-subject-to-security-roles-suitecrm-7/93655/4

deekerman commented 2026-02-20 16:31:52 -05:00

Author

Owner

Copy link

@SinergiaCRM commented on GitHub (Jan 8, 2026):

Hi @gemartin21, @johnM2401, any news on this?

It seems there was some unfinished patch github.com/SuiteCRM/SuiteCRM@b2f9811e22/modules/Calendar/CalendarActivity.php (L276-L285) but reverted as expensive.

It might run faster if the Security groups conditions are applied directly in the queries of this function github.com/SuiteCRM/SuiteCRM@b2f9811e22/include/utils/activity_utils.php (L45) . But we haven't tested it yet.

@SinergiaCRM commented on GitHub (Jan 8, 2026): Hi @gemartin21, @johnM2401, any news on this? It seems there was some unfinished patch https://github.com/SuiteCRM/SuiteCRM/blob/b2f9811e22027c05a95dc5709f0eb9db94abdbfc/modules/Calendar/CalendarActivity.php#L276-L285 but reverted as expensive. It might run faster if the Security groups conditions are applied directly in the queries of this function https://github.com/SuiteCRM/SuiteCRM/blob/b2f9811e22027c05a95dc5709f0eb9db94abdbfc/include/utils/activity_utils.php#L45 . But we haven't tested it yet.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

hotfix

develop

master

feature/php-8.4-compatibility

hotfix-7.14.x

next

feature/campaigns_revert

v7.15.0

v7.14.8

v7.14.7

v7.14.6

v7.14.5

v7.14.4

v7.14.3

v7.12.14

v7.14.2

v7.14.1

v7.12.13

v7.14.0

v7.14.0-beta

v7.13.4

v7.12.12

v7.12.11

v7.13.3

v7.12.10

v7.13.2

v7.12.9

v7.13.1

v7.13.0

v7.13.0-beta

v7.12.8

v7.12.7

v7.12.6

v7.12.5

v7.12.4

v7.12.3

v7.10.36

v7.12.2

v7.10.35

v7.12.1

v7.10.34

v7.11.23

v7.12.0

v7.12-rc

v7.11.22

v7.10.33

v7.11.21

v7.10.32

v7.11.20

v7.10.31

v7.11.19

v7.10.30

v8.0.0-beta.1

v7.10.29

v7.11.18

v7.11.17

v7.11.16

v7.10.28

v7.11.15

v7.10.27

v7.11.14

v7.10.26

v7.11.13

v7.10.25

v7.11.12

v7.10.24

v7.10.23

v7.11.11

v7.10.22

v7.11.10

v7.10.21

v7.11.9

v7.11.8

v7.10.20

v7.11.7

v7.10.19

v7.8.31

v7.10.18

v7.11.6

v7.11.5

v7.10.17

v7.8.30

v7.11.4

v7.10.16

v7.8.29

v7.11.3

v7.10.15

v7.8.28

v7.11.2

v7.10.14

v7.8.27

v7.11.1

v7.8.26

v7.10.13

v7.11.0

v7.10.12

v7.8.25

v7.11-rc-2

v7.11-rc

v7.10.11

v7.8.24

v7.11-beta

v7.10.10

v7.8.23

v7.10.9

v7.8.22

v7.10.8

v7.8.21

v7.10.7

v7.10.6

v7.8.20

v7.10.5

v7.8.19

v7.10.4

v7.10.3

v7.9.17

v7.8.18

v7.8.17

v7.10.2

v7.9.16

v7.8.16

7.9.15

v7.10.1

v7.10.0

v7.9.14

v7.8.15

v7.8.14

v7.9.13

v7.10-RC-2

v7.8.13

v7.9.12

v.7.9.11

v7.9.11

v7.8.12

v7.9.10

v7.8.11

v7.10-RC

v7.9.9

v7.8.10

v7.10-beta-3

v7.9.8

v7.8.9

v7.10-beta-2

v7.10-beta

v7.9.7

v7.8.8

v7.8.7

7.9.6

v7.9.5

v7.8.6

v7.9.4

v7.9.3

v7.9.2

v7.9.1

v7.8.5

v7.9.0

v7.8.4

v7.9.0-rc

v7.9.0-beta

v7.8.3

v7.8.2

v7.8.1

v7.8.0

v7.8.0-rc

v7.8.0-beta.2

v7.7.9

v7.8.0-beta

v7.7.8

v7.6.10

v7.7.7

v7.6.9

v7.7.6

v7.6.8

v7.7.5

v7.6.7

v7.7.4

v7.7.3

v7.7.2

v7.7.1

v7.7

v7.7-rc2

v7.7-rc

v7.6.6

v7.5.5

v7.6.5

v7.5.4

v7.7-beta2

v7.7-beta1

v7.6.4

v7.6.3

v7.6.2

v7.6.1

v7.6

v7.6-rc

v7.6-beta.2

v7.6-beta-1

v7.5.3

v7.5.2

v7.5.1

v7.5

v7.5-rc

v7.5-beta.2

v7.5-beta

v7.4.3

v7.4.2

v7.4.1

v7.4

v7.3.2

v7.4-rc

v7.4-beta.2

v7.4-beta

v7.3.1

v7.2.4

v7.3

v7.1.8

v7.3beta3

v7.2.3

v7.3-beta

v7.2.2

7.2.2

v7.1.7

7.1.7

v7.1.6

v7.2.1

v7.2

v7.2beta3

v7.1.5

v7.2beta2

v7.2beta

v7.1.4

v7.1.3

v7.1.2

v7.1.1

v7.1

v7.1RC2

v7.1RC

v7.1beta2

v7.1beta

v7.0.2

v7.0.1

Labels

Clear labels   

Area: API

  

Area: Campaigns

  

Area: Cases

  

Area: Clean Up

  

Area: Clean Up: Performance

  

Area: Dashlets

  

Area: Databases

  

Area: Developer Tools

  

Area: Elasticsearch

  

Area: Elasticsearch

  

Area: Emails

  

Area: Emails:Campaigns

  

Area: Emails:Cases

  

Area: Emails:Compose

  

Area: Emails:Config

  

Area: Emails:Templates

  

Area: Environment

  

Area: Installation

  

Area: Language

  

Area: Mobile

  

Area: Module

  

Area: PDFs

  

Area: PHP8

  

Area: Reports

  

Area: Studio

  

Area: Styling

  

Area: Upgrading

  

Area: Workflow

  

Area:Activity Stream

  

Area:Calls

  

Area:Import

  

Area:Projects

  

Area:Search

  

Area:Surveys

  

Area:Themes

  

Area:Users

  

Branch:Hotfix

  

Good First Issue

  

Hacktoberfest

  

Help Wanted

  

PR:Community Contribution

  

PR:Type:Enhancement

  

Priority:Critical

  

Priority:Important

  

Priority:Moderate

  

Severity: Major

  

Severity: Minor

  

Severity: Moderate

  

Status: Requires Code Review

  

Status: Requires Updates

  

Status: Stale

  

Status: Team Investigating

  

Status:Assessed

  

Status:Fix Proposed

  

Status:Needs Assessed

  

Status:Requires Automated Tests

  

Type: Bug

  

Type:Deprecated

  

Type:Discussion

  

Type:Duplicate

  

Type:Invalid

  

Type:Question

  

Type:Suggestion

  

Type:Suggestion

No labels

Area: API

Area: Campaigns

Area: Cases

Area: Clean Up

Area: Clean Up: Performance

Area: Dashlets

Area: Databases

Area: Developer Tools

Area: Elasticsearch

Area: Elasticsearch

Area: Emails

Area: Emails:Campaigns

Area: Emails:Cases

Area: Emails:Compose

Area: Emails:Config

Area: Emails:Templates

Area: Environment

Area: Installation

Area: Language

Area: Mobile

Area: Module

Area: PDFs

Area: PHP8

Area: Reports

Area: Studio

Area: Styling

Area: Upgrading

Area: Workflow

Area:Activity Stream

Area:Calls

Area:Import

Area:Projects

Area:Search

Area:Surveys

Area:Themes

Area:Users

Branch:Hotfix

Good First Issue

Hacktoberfest

Help Wanted

PR:Community Contribution

PR:Type:Enhancement

Priority:Critical

Priority:Important

Priority:Moderate

Severity: Major

Severity: Minor

Severity: Moderate

Status: Requires Code Review

Status: Requires Updates

Status: Stale

Status: Team Investigating

Status:Assessed

Status:Fix Proposed

Status:Needs Assessed

Status:Requires Automated Tests

Type: Bug

Type:Deprecated

Type:Discussion

Type:Duplicate

Type:Invalid

Type:Question

Type:Suggestion

Type:Suggestion

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/SuiteCRM-SuiteCRM#5240

No description provided.