I have a solution with a custom function that logs the data from a record to a separate table using SQL Insert via the BaseElements plugin. The CF returns the number of milliseconds the process took to complete - always a positive number.
In the custom record privileges for one of the privilege sets, I have set the Deletion to be limited, based on a calculation that consists entirely of the call to the custom function. This should mean that as the delete command is triggered, the function will execute and return a positive number as a result, thus giving permission to delete the record. And it does, in the development/test system and for a slightly-customised version that is in place for a customer.
Sadly, there is another customer where the process is not allowing deletion of a record. This customer also has a slightly-customised version of the test system (different from the other customer), and when I take an offline copy of their system and run it locally I can reproduce the issue. When I check the output of the custom function in Data Viewer I get the number of milliseconds, and if I wrap it in an IF statement the result is the "true" variant. When I put the same calculation in the privilege set authentication, I get a warning that the user permissions do not allow deletion.
The custom function _does_ execute (the data shows up in the audit log table) but the return value is being seen as a false result. I have tried wrapping the call to the CF in GetAsNumber(), and then tried comparing the result to being > -1 but everything I have tried gives a false result and the permissions test then fails.
I am _VERY_ tempted to simply add "or true" to the end of the permissions check calculation, but that would mean that even if the audit insertion failed the deletion would go ahead.
Has anybody seen this before?