Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible error: Quicksearch do not filter by Security Groups on new Opportunities on field "Assigned to" #10589

Open
cautbur opened this issue Nov 26, 2024 · 0 comments
Labels
Area: Module Issues & PRs related to modules that do not have specific label Priority:Moderate Issues & PRs that are minor; broken styling, cosmetic, warnings - there are practical workarounds Type:Suggestion Issue containing a suggestion of functionality, process or UI. Associated PRs are called enhancement

Comments

@cautbur
Copy link

cautbur commented Nov 26, 2024

Issue

When we create a new Opportunity. When we want to change the field "assigned to", quick search will provide us the complete list of users without filtering by Security Groups.

After deep inside the code, I can see that, this is beacuse javascript will launch a request in wich some parameters will not change. You can see it on file: jssource/src_files/include/javascript/quicksearch.js on lines 162-168.

              ...
              var out = SUGAR.util.paramsToUrl({
                to_pdf: 'true',
                module: 'Home',
                action: 'quicksearchQuery',
                data: YAHOO.lang.JSON.stringify(this.sqs),
                query: decodeURIComponent(sQuery)
              });
              ...

This request will be proccesed by the file: modules/Home/quicksearchQuery.php, wich will load the file: modules/Home/QuickSearch.php and instantiate the class quicksearchQuery (I am speaking on a fresh install, if you have customized this file and class this may or not may ouccur ...). Finally in the code the method "get_user_array" will be called, this one will call to method getUserResults and this one will call to method getUserArray and this one depending on your configuration will call to getUserArrayFromFullName wich is ok or get_user_array wich will be no ok, this two function are in include/utils.php and are global.

Why get_user_list fails, if yo check the code of these two funcions ther are an if condition wich will check if the query have to be filtered by Security Groups, but in get_user_list, there are a more conditions, one is that the ajax parameter module have to be not equal to 'Home' and this is the reason because this check will fail everytime and will get us the complete list of users.

Sin I cannot understand how the javascript variable sqs_objects is defined, and there are indexes used by the data wich will fill the call of the code showed above, I cannot asevere that this will occurs everytime but I suspect that it will occurs in other places.

Also I don't know if this beahviour is the desired one or is really an error.

PS: I'm not an English native speaker, please take in account if text is not well expressed.

Possible Fix

Since I don't consider me an expert on SuiteCRM, I will list possible solutions to open a discussion that could be answered by an expert.

  1. Change the module on javascript file mentioned above.
  2. Comment the condition that check the module parameter is equal to 'Home', you can view that in the other funcion, getUserArrayFromFullName, is not used.
  3. In my case, meanwhile, since quicksearchQuery can be extended as is shown in file modules/Home/quicksearchQuery.php I wiill extend it emporally, is a matter to add a new method called getUserArray to handle this. If yuo want the source I can give you, but this is something temporal while this is resolved.

Steps to Reproduce the Issue

1. Go to Opportunities.
2. Create a new one.
3. Change the "Assigned to" field by typing, the autocompletion/quicksearch will give you user that are not in your security group.

Context

I was triing to add a new Opportunity but assigning it to other user of the same security group.

Version

Tested on 7.11.18, 7.14.13 and 8.x of demo https://suite8demo.suiteondemand.com/

What browser are you currently using?

Chrome

Browser Version

No response

Environment Information

As far as I know, as I exposed, the problem is not conditioned by the system PHP version or mysql.

Operating System and Version

Ubuntu 22.04

@cautbur cautbur added the Type: Bug Bugs within the core SuiteCRM codebase label Nov 26, 2024
@johnM2401 johnM2401 added Type:Suggestion Issue containing a suggestion of functionality, process or UI. Associated PRs are called enhancement Priority:Moderate Issues & PRs that are minor; broken styling, cosmetic, warnings - there are practical workarounds Area: Module Issues & PRs related to modules that do not have specific label and removed Type: Bug Bugs within the core SuiteCRM codebase labels Dec 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Area: Module Issues & PRs related to modules that do not have specific label Priority:Moderate Issues & PRs that are minor; broken styling, cosmetic, warnings - there are practical workarounds Type:Suggestion Issue containing a suggestion of functionality, process or UI. Associated PRs are called enhancement
Projects
None yet
Development

No branches or pull requests

2 participants