#3503 - Rights issue on Documents module plus!
Dear Sirs,
I have some strange issue with Documents module. I have created 2 separate users that should be able only to see their group documents. They have group rights assigned on Documents view, edit, list,export. Both of these users are part of individual groups and are sharing docs that they have created with their members.
The problem is that some documents for no reason are visible to other users from different group even thought they do not have rights to see them as they do not belong to that group. They cannot see the username on who created the doc in such case but they can access the document. There is also issue that I cannot delete older document revisions even with admin account.
The other stuff I noticed is that I cannot list Roles per user, they are empty, as per SuiteCRM they do not exist.
SuiteCRM is version 7.8.8 LTS, Security Suite is 3.1.3
https://imgur.com/Um2sMgw https://imgur.com/bw2kmtW https://imgur.com/VOeA6pv
Best Regards,
Slaven.
6 years ago
Hi Slaven,
So when you go to a user record and click on the Access tab, that is blank? I'm sure you have tried this already, but please do the following in order:
Does the Access tab still not show? Do you see any errors in suitecrm.log or in your Apache/PHP logs at that time?
Are there any other groups or roles assigned to the user having issues? When a user can see a document in a different group was that document created by or assigned to that user? Perhaps the document revision record has an errant group assigned to it or a user assigned/created by associated to the revision and not to the parent document record.
6 years ago
Hi Jason,
It only happens to some documents (like 30 or so), and I think that I know why, the user who created document was a member of that other group as well as his own primary. The problem is when I removed the user from that group and assigned documents to a different user, documents are still visible even after Repair actions, but it should not be, right?. Do I have to update database manually and change who initially created documents or assigned to should do the trick?
As for the access rights, I only have Layout options where I can see the actual access rights under user view, but Roles are still empty beneath that list. In edit mode there are no access rights shown. Unfortunately it did not helped out with that list of repair actions you've sent.
About Document revisions, regardless of who creates and how many revisions for template documents are there you just cannot delete it. I know that old SugarCRM 5.20 could.
Best Regards,
Slaven.
6 years ago
I think you are on the right track. If there is an assigned user on the document or revision then that would come into play. If not, it then checks to see if the user was the created by user. If so, the user would get owner access to the doc. If either of those cases are true OR if the user's group is still assigned to the doc then the user would have access to it. Cleaning that data up should solve the issue.
How are you going to the Access tab? I'm not seeing Layout options. This is what I see on a 7.8.8 install:
For Document Revisions, it looks like the ability to delete was removed. I wonder if you could add the delete option back into the subpanel or even if you click through and go to the detail view of it.
6 years ago
Hi Jason,
I will see what I can do, the only thing that is left for me to do is to change who created document initially ( I will try to update it in database), because docs are already assigned to new user who is not a member of old group, but they are still visible to the member of old group.
As for Access and Advanced tabs, I cannot see any records, I cannot even edit user when I use new SuiteP theme, this is one of the reasons why I'm using old SuiteR theme. There you can see Layout options and Roles beneath those options when you click on user username from the search list. BTW, User profile tab is missing from my SuiteP theme.
Txs, for the update about document revisions, so the only code-less way is to delete complete doc and revisions and to create new one with SuiteCRM?
Best Regards,
Slaven.
6 years ago
What a blast.
From what I'm seeing that appears to be the only way to handle it without adding the delete option back in to the subpanel layout.
6 years ago
Hi Jason,
I wasn't able to sort out the problem. I have changed created by and modified by fields in database tables document_revisions and document respectively. Still can't see Roles per user in SuiteCRM theme R and SuiteCRM theme P is not working, none of the tabs we talked about are giving any information. So, I have to use SuiteCRM R theme instead.
Additionally, there is a video that I have created about the problem, I have send the video link to the email address that I have with subject "#3503 - Rights issue on Documents module plus!" without quotes of course.
Looking forward to your reply.
Best Regards,
Slaven.
6 years ago
Is "Documents module plus!" an installed module? Or is that the default Documents?
Can you email solutions@eggsurplus.com, please? I'm not seeing it in my inbox. Thanks!
6 years ago
Disregard the email request. I found it.
6 years ago
Hi Jason,
Were you able to find anything, txs?
6 years ago
Hi Slaven,
Yes, I sent a reply a few days ago to your video link. I believe there are groups associated to the doc that need to be removed (the relationship lives in the securitygroups_records table). Here's my reply:
Thanks for the video. The role is set up correctly for the IHS user. Can you enable the Security Groups subpanel so that it shows under the Documents record? Once you do that click on the HN - Letter Info document. In the Security Groups subpanel you should see a group that the IHS user belongs to. Remove this group and then the document should no longer show in the list view for the IHS user. This may also need to be done on the Document Revision record as well.
6 years ago
Thank Jason. That does it. Security groups panel was not set under Admin section to show in Documents module. BTW, you don't have to alter Document Revision records.
Best Regards,
Slaven.
6 years ago
Great! Happy to hear that you were able to figure this one out.
Cheers!