2 Replies Latest reply on Mar 19, 2015 1:10 PM by danielfarnan

    Calculation on privileges not allowing deletion

    danielfarnan

      Hi, all.

       

      I have a solution with a custom function that logs the data from a record to a separate table using SQL Insert via the BaseElements plugin. The CF returns the number of milliseconds the process took to complete - always a positive number.

       

      In the custom record privileges for one of the privilege sets, I have set the Deletion to be limited, based on a calculation that consists entirely of the call to the custom function. This should mean that as the delete command is triggered, the function will execute and return a positive number as a result, thus giving permission to delete the record. And it does, in the development/test system and for a slightly-customised version that is in place for a customer.

       

      Sadly, there is another customer where the process is not allowing deletion of a record. This customer also has a slightly-customised version of the test system (different from the other customer), and when I take an offline copy of their system and run it locally I can reproduce the issue. When I check the output of the custom function in Data Viewer I get the number of milliseconds, and if I wrap it in an IF statement the result is the "true" variant. When I put the same calculation in the privilege set authentication, I get a warning that the user permissions do not allow deletion.

       

      The custom function _does_ execute (the data shows up in the audit log table) but the return value is being seen as a false result. I have tried wrapping the call to the CF in GetAsNumber(), and then tried comparing the result to being > -1 but everything I have tried gives a false result and the permissions test then fails.

       

      I am _VERY_ tempted to simply add "or true" to the end of the permissions check calculation, but that would mean that even if the audit insertion failed the deletion would go ahead.

       

      Has anybody seen this before?

        • 1. Re: Calculation on privileges not allowing deletion
          siplus

          Not seen before. But my strategy is to completely disable deleting records in the privilege set and have a script (running with full privileges) that handles record deletion, it's something that I can debug and data view easier.

          • 2. Re: Calculation on privileges not allowing deletion
            danielfarnan

            Further testing has revealed that:

             

            Adding "or true" to the end of the function call DOES NOT allow deletion to proceed, but the data gets stored in the log file.

            Prefixing the function call with "true or" allows deletion to proceed, but DOES NOT store the data in the log file.

            Prefixing the function call with "not" DOES NOT allow deletion to proceed, but the data gets stored in the log file.

             

             

            Does this mean that the authentication calc is timing out waiting for the result of the function call? And if so, why for this installation and not for others?