formcreator icon indicating copy to clipboard operation
formcreator copied to clipboard
verified publisher icon pluginsGLPI

Users with technician profile on a subentity recursively can't validate Forms of the same subentity

Open fabriceverkor opened this issue 3 years ago • 6 comments

Describe the bug

We have a form that creates ticket in a subentity. These tickets can be managed by users with technician profile on this subentity recursively. But when we activate validation, the approvers with the same profile/entity/recursivity can't validate the form.

Steps to reproduce the behavior:

  1. switch to technician profile on subentity recursively
  2. go to https://***************/marketplace/formcreator/front/formanswer.php
  3. User can't edit form answer for which he received a validation request by mail

Even user with SuperAdmin profile of the same subentity can't. It works from Root entity. It seems that the Form Answers are note stored in the same entity that the tickets, which is inconsistant

Expected behavior Users should be able to validate forms concerning subentity forms without having rights on Root entity

Screenshots

GLPI / Plugins (please complete the following information):

GLPI version : 10
list of all plugins with their version (available in GLPI > Setup > General > tab System > bottom of the page)

Additional fields | 1.17.2 advanceddashboard | 1.4.1 Anonymize | 2.7.0 Approval by mail | 2.1.1 Barcode | 2.7.1 Branding | 1.3.1 Collaborative tools | 1.2.2 Connections | 10.0.0 Data injection | 2.11.2 Form Creator | 2.13.0 GLPI Agent config | 1.2.0 GLPI Inventory | 1.0.3 Holidays | 1.2.0 Inventory number generation | 2.8.1 IP Adressing | 3.0.1

Desktop (please complete the following information):

OS: Windows 11
Browser : Firefox
Version : 104.0.2 (64-bit)

Additional context Add any other context about the problem here.

fabriceverkor avatar Sep 16 '22 06:09 fabriceverkor

Hi

The validation you use is the validation in Formcreator, not tickets, am I right ?

btry avatar Sep 16 '22 09:09 btry

Exactly. I would be perfect to ask validation before ticket creation

fabriceverkor avatar Sep 16 '22 11:09 fabriceverkor

Try the following patch and tell if tie validator user can see the missing form answers

diff --git a/hook.php b/hook.php
index a12d973f..6af685dd 100644
--- a/hook.php
+++ b/hook.php
@@ -184,7 +184,7 @@ function plugin_formcreator_addDefaultWhere($itemtype) {
             return "`$table`.`$formFk` = ".
                          $_SESSION['formcreator']['form_search_answers'];
          }
-         if (Session::haveRight('config', UPDATE)) {
+         if (true || Session::haveRight('config', UPDATE)) {
             return '';
          }
          if (!PluginFormcreatorCommon::canValidate()) {

After the test, remove the patch

btry avatar Sep 16 '22 11:09 btry

Unfortunaly, we are on a GLPI cloud implementation without access to the code, in waiting for its re-internalization in few months (We are building an IT ex-nihilo, lot of things to do ..). I created a ticket for this issue yesterday on GLPI cloud support page but they answered me that I should ask for support to one of their partners. May I communicate them your patch proposal ?

fabriceverkor avatar Sep 16 '22 12:09 fabriceverkor

Yes, you can.

If you subscribed professional support with a partner then if he categorised your issue as a bug then he will probably open a support ticket on GLPI cloud support on your behalf.

btry avatar Sep 16 '22 12:09 btry

Hi I send your patch to GLPI cloud support last week. But no answer for the moment.

fabriceverkor avatar Sep 20 '22 08:09 fabriceverkor