Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.
#3704 - Select button in subpanel allows editing of records regardless of user permissions
CURRENT BEHAVIOUR (SUITECRM V7.11.13 and 7.11.14) The select button is always present on subpanels and it allows the user to select a related record regardless of the user permission (on either the selected record or the associated record).
EXPECTED BEHAVIOUR The button should not be present if the user has no edit permission on the selected record OR if present it should generate the "You don't have permissions for" message when pressed.
STEPS TO REPRODUCE 1. Create a role that removes all permissions. 2. Create a group, assign the role from #1 to it and assign the user you are going to test with (I did it with all users) 3. Verify that the user has no access via the "Access" tab in the user profile screen (and by trying to edit/create records, you shouldn't be able to) 4. Create a role/group that gives the user VIEW permissions on the record(s) you are going to test with (In my case accounts and contracts). Verify that the user cannot edit either of the record types. 5. Login as the user and select the record you are going to edit. The subpanel for the other record type will be visible and the "select" button will be too. 6. Click on Select and select a record in the pop up window. 7. The selected record will now show up in the subpanel, the associated record relate-to field will be updated even though the user has no edit permission for either record.
Other add-ons of interest
Glances - Integrate SuiteCRM with all your apps
The simplest way to work™. Glances integrates SuiteCRM with all your favorite workplace apps, acting as your go-to hub for real-time customer insights and personal tasks.
Secure your SuiteCRM. Protection against brute force attacks. Track users' logins and protect your data.