master/detail insert fails checking key in irrelevant table

sticcino · Post by **sticcino** » Fri Apr 05, 2019 12:28 pm

Ran accross this scenerio which is not correct behavior for inserting a record with a lookup to another table.

Tables:
table1 - table record is being inserted to
accounts1 - used to select a value for a field

there is a field on table1 - accountid that is taken/looked up from accounts1

on insert on table1, an error is thrown that: "The current user (116) is not authorized to insert the record. Master filter: 12345"
its checking if the user is the owner of the record that was selected from accounts1..... which really doesn't matter or have any relevance to being the owner or not.... its just a lookup field.

i've removed the ref inegrity options of both tables but the code is still generated. How do disable/remove this check
you should not be forced to own the record selected of accounts1 in order to insert a record into table1

this check occurs in:
// Add record
protected function addRow($rsold = NULL) {}

mobhar · Post by **mobhar** » Sat Apr 06, 2019 5:01 pm

sticcino wrote:
i've removed the ref inegrity options of both tables but the code is still generated.

Make sure you have already saved the project file first, before regenerating ALL the script files again.

In addition, please try version 2019.0.9, and see whether this would help.

sticcino · Post by **sticcino** » Tue Apr 09, 2019 2:14 am

issue still exists, code being generated to validate against a field that is used only as select lookup value...

$masterFilter = $this->sqlMasterFilter_accounts() ===> this is not the master table.. the form that we are inserting on (assessments) is the "master" table, the accounts table is only used to retrieve an account #, nothing is either added to modified to the accounts table.

NOTE: the accounts table is linked to the assessments (the table in question that we are trying to add the record to -- assessments) and another table -- opportunities... which has the same issue. -- the accounts table IS NOT the master tale/record and is irrelevant to being checked.

the only for the sole purpose is to display affiliated records, the R/I options are not selected for all 3 tables and the master/edit-add options are not selected on the accounts/assessments/opportunities table... only used to "view master/detail records.

removing the code below resolves the issue.

	// Check if valid key values for master user
	if ($Security->currentUserID() <> "" && !$Security->isAdmin()) { // Non system admin
		$masterFilter = $this->sqlMasterFilter_accounts();
		if (strval($this->accounts_id->CurrentValue) <> "") {
			$masterFilter = str_replace("@id@", AdjustSql($this->accounts_id->CurrentValue, "DB"), $masterFilter);
		} else {
			$masterFilter = "";
		}
		if ($masterFilter <> "") {
			$rsmaster = $GLOBALS["accounts"]->loadRs($masterFilter);
			$this->MasterRecordExists = ($rsmaster && !$rsmaster->EOF);
			$validMasterKey = TRUE;
			if ($this->MasterRecordExists) {
				$validMasterKey = $Security->isValidUserID($rsmaster->fields['UserId']);
			} elseif ($this->getCurrentMasterTable() == "accounts") {
				$validMasterKey = FALSE;
			}
			if (!$validMasterKey) {
				$masterUserIdMsg = str_replace("%c", CurrentUserID(), $Language->phrase("UnAuthorizedMasterUserID"));
				$masterUserIdMsg = str_replace("%f", $masterFilter, $masterUserIdMsg);
				$this->setFailureMessage($masterUserIdMsg);
				return FALSE;
			}
			if ($rsmaster)
				$rsmaster->close();
		}
	}