Users with technician profile on a subentity recursively can't validate Forms of the same subentity
Describe the bug
We have a form that creates ticket in a subentity. These tickets can be managed by users with technician profile on this subentity recursively. But when we activate validation, the approvers with the same profile/entity/recursivity can't validate the form.
Steps to reproduce the behavior:
- switch to technician profile on subentity recursively
- go to https://***************/marketplace/formcreator/front/formanswer.php
- User can't edit form answer for which he received a validation request by mail
Even user with SuperAdmin profile of the same subentity can't. It works from Root entity. It seems that the Form Answers are note stored in the same entity that the tickets, which is inconsistant
Expected behavior Users should be able to validate forms concerning subentity forms without having rights on Root entity
Screenshots
GLPI / Plugins (please complete the following information):
GLPI version : 10
list of all plugins with their version (available in GLPI > Setup > General > tab System > bottom of the page)
Additional fields | 1.17.2 advanceddashboard | 1.4.1 Anonymize | 2.7.0 Approval by mail | 2.1.1 Barcode | 2.7.1 Branding | 1.3.1 Collaborative tools | 1.2.2 Connections | 10.0.0 Data injection | 2.11.2 Form Creator | 2.13.0 GLPI Agent config | 1.2.0 GLPI Inventory | 1.0.3 Holidays | 1.2.0 Inventory number generation | 2.8.1 IP Adressing | 3.0.1
Desktop (please complete the following information):
OS: Windows 11
Browser : Firefox
Version : 104.0.2 (64-bit)
Additional context Add any other context about the problem here.
Hi
The validation you use is the validation in Formcreator, not tickets, am I right ?
Exactly. I would be perfect to ask validation before ticket creation
Try the following patch and tell if tie validator user can see the missing form answers
diff --git a/hook.php b/hook.php
index a12d973f..6af685dd 100644
--- a/hook.php
+++ b/hook.php
@@ -184,7 +184,7 @@ function plugin_formcreator_addDefaultWhere($itemtype) {
return "`$table`.`$formFk` = ".
$_SESSION['formcreator']['form_search_answers'];
}
- if (Session::haveRight('config', UPDATE)) {
+ if (true || Session::haveRight('config', UPDATE)) {
return '';
}
if (!PluginFormcreatorCommon::canValidate()) {
After the test, remove the patch
Unfortunaly, we are on a GLPI cloud implementation without access to the code, in waiting for its re-internalization in few months (We are building an IT ex-nihilo, lot of things to do ..). I created a ticket for this issue yesterday on GLPI cloud support page but they answered me that I should ask for support to one of their partners. May I communicate them your patch proposal ?
Yes, you can.
If you subscribed professional support with a partner then if he categorised your issue as a bug then he will probably open a support ticket on GLPI cloud support on your behalf.
Hi I send your patch to GLPI cloud support last week. But no answer for the moment.