Issues with Planning view/gantt and profile with "special guest profile"

Hello

We discovered several issues with a special guest profile we generated, which shall show planning view with specific activities and milestones only.

First the settings we did (V9.2.2):

Global parameter -> Activity
"allow type restriction on project": Yes
"restriction on types by profile hide items": Yes

Access to forms:
very limitted (see screenshots)

Access to forms

General:

• Today
• Tickets dashboard
• Projects
• Kanban

Work:

• Activities
• Milestones

Follow-up:

• Planning
• Resourceplanning

Parameters:

• User parameters

Access to Project depending data:
Reading access to:
Projects
Activities
Milestones

All others: no access

Access to data (not project dependant)
All as Reader, Except Translation requests management, which the changes to reader are not saved.


Access to reports: all unchecked

Documents rights per directory: no access

Specific access:
See screenshots

Additionally the profile has restricted types to two specific Activity types and Milestone types.


Following issues have been discovered:

1. Translation requests management cannot be changed to "Reader" --> reports always "no change" when saving
2. Activity types are filtered according to the configuration when the activities screen is open, but all activities (also all restricted) are shown in "Planning" view.
   • The workaround for this is to have specific filter which filters according to activity type
3. Projects are shown which have all activities on closed or canceled status
   • The workaround for this is to extend the filter by status not amongst "cancelled" and "closed", then the corresponding projects/sub-projects disapear
4. The activity can be stretched in the gantt view (changing end-dates) even the profile has no rights to change anything. (if the activity is selected and displayed the change is not possible as it should be). Can be made later or earlier, but cannot be put back to the original date...
5. By clicking around and trying to manipulate more things over the gant view, twice try to hacked messages have been triggered
6. Ganttview update of screen not correct when elements using "switch mode" and activating full screen
   • Some times the switch bar arrow is hidden then it also the list of showed items cannot scrolled until to the bottom
   • Some times the switch bar is too high (i think due to missing refresh after fullscreen is selected)
     • If a different view is selected or it is switched and switched back to the gantt view, then it is adjusted correctly

Hack message 12021-10-05 16:49:55.718 ***** ERROR ***** [V9.2.2] HACK ================================================================
2021-10-05 16:49:55.718 ***** ERROR ***** [V9.2.2] Try to hack detected
2021-10-05 16:49:55.718 ***** ERROR ***** [V9.2.2] Source Code = checkValidAccessForUser() Reject for Status - no access to screen 'Status'
2021-10-05 16:49:55.718 ***** ERROR ***** [V9.2.2] QUERY_STRING = objectClass=Status&objectType=&objectClient=&budgetParent=&objectElementable=&comboDetail=true
2021-10-05 16:49:55.718 ***** ERROR ***** [V9.2.2] REMOTE_ADDR = xx.xx.xx.xx
2021-10-05 16:49:55.718 ***** ERROR ***** [V9.2.2] SCRIPT_FILENAME = /var/www/html/projeqtor/tool/jsonQuery.php
2021-10-05 16:49:55.718 ***** ERROR ***** [V9.2.2] CONNECTED USER = #70 - specialuser
2021-10-05 16:49:55.718

---

DEBUG

---

=> /var/www/html/projeqtor/tool/projeqtor.php at line 1642 calling debugPrintTraceStack()
2021-10-05 16:49:55.718

---

DEBUG

---

=> /var/www/html/projeqtor/model/Security.php at line 318 calling traceHack()
2021-10-05 16:49:55.718

---

DEBUG

---

=> /var/www/html/projeqtor/tool/jsonQuery.php at line 42 calling Security:checkValidAccessForUser()
2021-10-05 16:49:55.718 ***** ERROR ***** [V9.2.2] REQUEST_URI = /tool/jsonQuery.php?objectClass=Status&objectType=&objectClient=&budgetParent=&objectElementable=&comboDetail=true

Hack message 22021-10-05 17:21:55.764 ***** ERROR ***** [V9.2.2] HACK ================================================================
2021-10-05 17:21:55.764 ***** ERROR ***** [V9.2.2] Try to hack detected
2021-10-05 17:21:55.764 ***** ERROR ***** [V9.2.2] Source Code = checkValidAccessForUser() Reject for Status - no access to screen 'Status'
2021-10-05 17:21:55.764 ***** ERROR ***** [V9.2.2] QUERY_STRING = objectClass=Status&objectType=&objectClient=&budgetParent=&objectElementable=&comboDetail=true
2021-10-05 17:21:55.764 ***** ERROR ***** [V9.2.2] REMOTE_ADDR = xx.xx.xx.xx
2021-10-05 17:21:55.764 ***** ERROR ***** [V9.2.2] SCRIPT_FILENAME = /var/www/html/projeqtor/tool/jsonQuery.php
2021-10-05 17:21:55.764 ***** ERROR ***** [V9.2.2] CONNECTED USER = #11 - anotheruser
2021-10-05 17:21:55.764

---

DEBUG

---

=> /var/www/html/projeqtor/tool/projeqtor.php at line 1642 calling debugPrintTraceStack()
2021-10-05 17:21:55.764

---

DEBUG

---

=> /var/www/html/projeqtor/model/Security.php at line 318 calling traceHack()
2021-10-05 17:21:55.764

---

DEBUG

---

=> /var/www/html/projeqtor/tool/jsonQuery.php at line 42 calling Security:checkValidAccessForUser()
2021-10-05 17:21:55.764 ***** ERROR ***** [V9.2.2] REQUEST_URI = /tool/jsonQuery.php?objectClass=Status&objectType=&objectClient=&budgetParent=&objectElementable=&comboDetail=true

Other exception triggered by clicking around in planning view2021-10-05 17:31:10.277 ***** ERROR ***** [V9.2.2] Exception-[40001] SQLSTATE[40001]: Serialization failure: 1213 Deadlock found when trying to get lock; try restarting transaction
2021-10-05 17:31:10.277 ***** ERROR ***** [V9.2.2] For query : insert into kpivaluerequest ( refType , refId , requestDate , requestDateTime ) values ('ProjectPlanningElement', '4330', '2021-10-05', '2021-10-05 17:31:10')
2021-10-05 17:31:10.277 ***** ERROR ***** [V9.2.2] Strack trace :
2021-10-05 17:31:10.277 ***** ERROR ***** [V9.2.2] #0 Sql->query called at [/var/www/html/projeqtor/model/persistence/SqlElement.php:1476]
2021-10-05 17:31:10.277 ***** ERROR ***** [V9.2.2] #1 SqlElement->insertSqlElement called at [/var/www/html/projeqtor/model/persistence/SqlElement.php:1241]
2021-10-05 17:31:10.277 ***** ERROR ***** [V9.2.2] #2 SqlElement->saveSqlElement called at [/var/www/html/projeqtor/model/persistence/SqlElement.php:818]
2021-10-05 17:31:10.277 ***** ERROR ***** [V9.2.2] #3 SqlElement->save called at [/var/www/html/projeqtor/model/KpiValueRequest.php:69]
2021-10-05 17:31:10.277 ***** ERROR ***** [V9.2.2] #4 KpiValueRequest->save called at [/var/www/html/projeqtor/model/KpiValue.php:109]
2021-10-05 17:31:10.277 ***** ERROR ***** [V9.2.2] #5 KpiValue->calculateKpi called at [/var/www/html/projeqtor/model/PlanningElement.php:1133]
2021-10-05 17:31:10.277 ***** ERROR ***** [V9.2.2] #6 PlanningElement->simpleSave called at [/var/www/html/projeqtor/model/ProjectMain.php:1454]
2021-10-05 17:31:10.277 ***** ERROR ***** [V9.2.2] #7 ProjectMain->setNeedReplan called at [/var/www/html/projeqtor/model/Dependency.php:231]
2021-10-05 17:31:10.277 ***** ERROR ***** [V9.2.2] #8 Dependency->save called at [/var/www/html/projeqtor/tool/saveDependencyDnd.php:79]
 

And here are the forms acces screenshots

After testing with V9.3.1 I discovered, that the faulty behaviour happens only if the project in which the activity is, is a subproject of another one.
As long the Project is no subproject, the linking (predecessor elemnet to successor element) via gantt chart is not possible

Hello

1. Projects are shown which have all activities on closed or canceled status
   • The workaround for this is to extend the filter by status not amongst "cancelled" and "closed", then the corresponding projects/sub-projects disapear

I cannot reproduce, when project only has closed items, it is not visible.
 

I could simulate it in the demo. The project name is "Test Project show closed" and contains a sub project.
It happens with following configuration in Planning view (selected Project in project selector is "Test Project show closed")

•     "Show closed items" false (unchecked)
•     Sub-project contains an activity of different type (Evolution in this case), which is still open, and an activity of the one which should be filtered (Task in this case)
•     If you filter now for activity type Task (I stored the filter) then the sub-project is still shown even it shall not display closed items.
•     If you select now the filter "Task and not amongst closed" then the sub-project which contains the closed disappears too.

Another reaction which i discovered while simulating this on the Demo is, that if a subproject is closed and I am in the project view and slected that closed porjects shall be shown, it will not show the closed subproject. This i could only choose by selecting the still open project and check the subprojects. there i could  select it and reopen.

1. The activity can be stretched in the gantt view (changing end-dates) even the profile has no rights to change anything. (if the activity is selected and displayed the change is not possible as it should be). Can be made later or earlier, but cannot be put back to the original date...

Ticket #5784 recorded
 

Additionally the user without rights can also set dependency in the gantt view

1. By clicking around and trying to manipulate more things over the gant view, twice try to hacked messages have been triggered

Need more information on use case to produce issue
 

Unfortunately  we have not been able to reproduce this... the only information i can give is that it was with Chrome browser.... Maybe it has something to do with reloading.

1. Ganttview update of screen not correct when elements using "switch mode" and activating full screen
   • Some times the switch bar arrow is hidden then it also the list of showed items cannot scrolled until to the bottom
   • Some times the switch bar is too high (i think due to missing refresh after fullscreen is selected)
     • If a different view is selected or it is switched and switched back to the gantt view, then it is adjusted correctly

We'll have a look, but not sure we can do something about this.
 

I think the best would be to make a full refresh of the screen when switching to full screen view (or going back)