Timetracking complains that the user must have "View All" rights on Organisation, Project & Task in order to be able to add/edit Timetracking entries.

It is not desirable to let all users see all Organisations and Projects.
It is also desirable to be able to only show Tasks to a user that they are actually assigned to.

Comments

juliangb’s picture

Status: Active » Postponed (maintainer needs more info)

Please could you post some specific instructions for reproducing this issue from a fresh installation? This will help to confirm, debug and fix.

SiteMaster.ServeLime.com’s picture

Issues1: Cannot Add/Edit TimeTrack entries if not have the View All rights.
Issues2: Cannot View OurOrg details if not have the Org View All rights (logged as issue under Org submodule).
Issues3: Cannot View Project details if not have the Project View All rights (logged as issue under Proj submodule).

The user "UserW" is a Person in "OurOrg" organisation
The project "projectX" belongs to "OurOrg" organisation
The task "MyTask" of "projectX" is assigned to "UserW"

The "Worker" role is assigned to "UserW" and has the following STORM rights:
storm module
Storm: access dashboard

stormorganization module
Storm organization: access
Storm organization: view all <= [the issue - needed to be able to add TimeTrack]
Storm organization: view belonged
Storm organization: view own

stormperson module
Storm person: access
Storm person: edit own
Storm person: edit when linked to own user account
Storm person: view all <= [the issue - needed to be able to add TimeTrack]
Storm person: view of user organization
Storm person: view own
Storm person: view when linked to own user account

stormproject module
Storm project: access
Storm project: edit if project manager
Storm project: view all <= [the issue - needed to be able to add TimeTrack]
Storm project: view if assigned to project
Storm project: view if project manager
Storm project: view of user organization
Storm project: view own

stormtask module
Storm task: access
Storm task: add
Storm task: delete own
Storm task: edit own
Storm task: view all <= [the issue - needed to be able to add TimeTrack]
Storm task: view if assigned to task
Storm task: view of user organization
Storm task: view own

stormteam module
Storm team: access
Storm team: view all <= [the issue - needed to be able to add TimeTrack]
Storm team: view belonged
Storm team: view own

stormticket module
Storm ticket: access
Storm ticket: edit if assigned to ticket
Storm ticket: view if assigned to ticket
Storm ticket: view own

stormtimetracking module
Storm timetracking: access
Storm timetracking: add
Storm timetracking: delete own
Storm timetracking: edit own
Storm timetracking: view own

vojvotkinja’s picture

Status: Postponed (maintainer needs more info) » Active

Please can someone update this issue? I have the same problem.
I have a user role "Client" and I need to enable that role to see only projects and tasks from the organization that he belongs in.
But if I check permission:
Storm task: view of user organization
And when the user tries to view that task, he get error Access denied.
When I also add him a permission:
Storm task: view all
Then he can see his tasks, but also tasks and projects from other organizations, which is not acceptable.

Please can someone suggest any solution for this? It's really a big obstacle in using this module.

Thanks!

PepeMty’s picture

+1 subscribing 'cause I have an issue that's quite similar: http://drupal.org/node/1124938

vojvotkinja’s picture

I did some tests, and when I add this line in stormtask.module in function stormtask_access:

watchdog('php', 'ORGID: '.$account->organization_nid.' NORGID: '.$node->organization_nid);

I get:

ORGID: NORGID: 9

So this means $account variable doesn't have organization_nid, and it really doesn't, when I print_r it.
This is the printed $account variable:

stdClass Object
(
    [uid] => 8
    [name] => testuser
    [pass] => c8c66a59e6d4b71f578ff3ea2ef0792d
    [mail] => testuser@test.com
    [mode] => 0
    [sort] => 0
    [threshold] => 0
    [theme] => 
    [signature] => 
    [signature_format] => 0
    [created] => 1300796956
    [access] => 1302771144
    [login] => 1302770897
    [status] => 1
    [timezone] => 7200
    [language] => 
    [picture] => 
    [init] => 
    [data] => a:15:{s:12:"mail_confirm";s:17:"testuser@test.com";s:20:"welcome_message_body";s:0:"";s:2:"op";s:3:"Add";s:6:"submit";s:3:"Add";s:13:"form_build_id";s:37:"form-34ba48822c0c024a9327951e090d184e";s:10:"form_token";s:32:"e8594d988b2d6b2f2a6c114556b70add";s:7:"form_id";s:17:"ucreate_user_form";s:11:"og_register";a:1:{i:30;i:1;}s:23:"ucreate_og_group_titles";a:1:{i:0;s:8:"Firm PM";}s:17:"messaging_default";s:4:"mail";s:27:"notifications_send_interval";s:1:"0";s:14:"picture_delete";s:0:"";s:14:"picture_upload";s:0:"";s:18:"spaces_preset_user";s:21:"atrium_members_simple";s:16:"comment_settings";s:0:"";}
    [timezone_name] => Europe/Belgrade
    [sid] => krlvjpukf70onbienqbe34eib2
    [hostname] => 192.168.0.24
    [timestamp] => 1302771252
    [cache] => 0
    [session] => og_last|s:2:"30";
    [mail_confirm] => testuser@test.com
    [welcome_message_body] => 
    [op] => Add
    [submit] => Add
    [form_build_id] => form-34ba48822c0c024a9327951e090d184e
    [form_token] => e8594d988b2d6b2f2a6c114556b70add
    [form_id] => ucreate_user_form
    [og_register] => Array
        (
            [30] => 1
        )
 
    [ucreate_og_group_titles] => Array
        (
            [0] => Razor PM
        )
 
    [messaging_default] => mail
    [notifications_send_interval] => 0
    [picture_delete] => 
    [picture_upload] => 
    [spaces_preset_user] => atrium_members_simple
    [comment_settings] => 
    [roles] => Array
        (
            [2] => authenticated user
            [6] => client
        )
 
    [og_groups] => Array
        (
            [30] => Array
                (
                    [title] => Firm PM
                    [type] => group
                    [status] => 1
                    [nid] => 30
                    [og_role] => 0
                    [is_active] => 1
                    [is_admin] => 0
                    [uid] => 8
                    [created] => 1300796956
                    [changed] => 1300796956
                )
 
        )
 
)

So if statment

else if (user_access('Storm task: view of user organization') && ($account->stormorganization_nid == $node->organization_nid))

will never be true.
Any ideas why?

vojvotkinja’s picture

I got it! It's a stupid hack but it works for me!
In stormperson.module file replace function

function _stormperson_user_load(&$account){
  $a = db_fetch_object(db_query("SELECT nid, organization_nid FROM {stormperson} WHERE user_uid=%d", $account->uid));
  if ($a) {
    $account->stormperson_nid = $a->nid;
    $account->stormorganization_nid = $a->organization_nid;
  }
}

with this:

function _stormperson_user_load(&$account) {
 global $user;
  $a = db_fetch_object(db_query("SELECT nid, organization_nid FROM {stormperson} WHERE user_uid=%d", $account->uid));
  if ($a) {
    $account->stormperson_nid = $a->nid;
    $account->stormorganization_nid = $a->organization_nid;
	
	if($user->uid==$account->uid)
	{		
		$user->stormorganization_nid = $a->organization_nid;
	}
  }
}

The obvious problem is that $account variable is not saved to global $user variable, and there for when other modules uses $user variable they can't see organization id.

Cheers!

juliangb’s picture

Version: 6.x-1.36 » 6.x-2.x-dev

@vojvotkinja, thanks for your investigations into this.

To push this forward, the change needs to be pushed into a patch.

We also need an automated test that ensures the access works with the change - i.e. test fails before making this change, passes afterwards. This will ensure that no regressions happen.

Also - this will need to go into the 2.x branch before the 1.x branch (even if the patches are development alongside each other) - so changing the status on this issue for now to reflect that.

juliangb’s picture

Status: Active » Postponed (maintainer needs more info)

I've just tested the "view belonged permission", which is what this issue revolves around. I used organizations - to make the setup simple. It was from a clean D6 setup with other modules only for testing this issue.

I could not reproduce the problem.

Could you please post some more information about your environments? Perhaps also you could test this on a clean installation so that we know this issue is purely caused by Storm?

juliangb’s picture

Status: Postponed (maintainer needs more info) » Closed (cannot reproduce)

As #8.

Please reopen with more information if this is a problem.