Duplicate Contact Warning for a Contact in another Security Group

Hi all,

I have a strange issue when creating a new contact. I try to explain in general.

Environment : SuiteCRM 7.12.4

Initially I have a security group(SG-COMPANY) for own company employees which they create their own contacts. They did create hundreds of contacts in SuiteCRM.

Company decided to use external people to work for them to reach more people. I have created a new security group SG-EXT and users for them.

Company users need to view/edit the contacts created by external people and external people should only view/edit the records created by them.

As a test, when I create a new contact record with a name/last name/email address which never existed in the system, it is OK, I can create as an external person and view the new contact with the company user. I have also tested that external person user cannot view company records.

In the another test, I have tried to create a new contact, using the external person user, by specifying the name/last name/email address which is already existed in the company contact records.

I get “The contact record you are about to create might be a duplicate of a contact record that already exists. Contacts records containing similar names are listed below. Click Save to continue creating this new contact, or click Cancel to return to the module without creating the contact.” message on my screen and the list of duplicate records with full information.

When I click the contact record which is listed as duplicate, I get “You do not have access to this area. Contact your site administrator to obtain access. Redirect to Home in 2 seconds” in a new tab.

I have confused and tried to search/filter this contact which is mentioned as duplicate in the contacts list and it is not listed.

So, for the user who are authorized on SG-EXT: Contacts List/View/Filter/Search functions do not see the contacts in the SG-COMPANY but when creating a new contact, duplicate check function checks the contact records which the current user not authorized to use.

I do not have any plugin to check duplicates and cannot find how to check/customise(if possible) this duplicate checker.

I expect the contact records which belongs to SG-COMPANY should not included for the duplicate check for the users which only authorized on SG-EXT.

Is this a known bug ? or am I doing something wrong ?

Thanks in advance.

I think you just found a corner case, probably nobody ever thought of this, and even if they had, it’s possible that the duplicate check makes sense across security groups, in some companies.

I think you should probably add some custom code in the duplicate check function to enforce your requirement. But I don’t have any simple advice about how to do this, you (or some developer you hire) would need to dive into the code and see what is going on…

Thanks for your prompt reply.

Yes I think so but could not find a place to start digging. I even cannot find the code which produces that duplicate list screen. Messages probably in db but who made the check for the duplicate and triggers the duplicates list screen to show up when clicked on Save on edit view of Contacts ?

In the past I have written some custom codes to add some functionalities for some screens but this time I have no clue to start on.

On the other hand, showing the name, last name, company and information about that person is in contact with the company to the external people is not acceptable from privacy/confidentiality perspective. I agree it would be OK if it is in the same company but the case is for using external people.

Anyone can help ? has idea ?

image1878×387 18.1 KB

The problem is in modules/Contacts/ShowDuplicates.PHP
This is the query executed to find duplicates.
It doesn’t filter security groups of the user (if necessary depending on user role)

$query = 'select contacts.id, first_name, last_name, title, accounts.name, primary_address_city from contacts LEFT JOIN accounts_contacts ON contacts.id=accounts_contacts.contact_id and accounts_contacts.deleted = 0 LEFT JOIN accounts ON accounts_contacts.account_id=accounts.id AND accounts_contacts.deleted=0 AND accounts.deleted=0 where contacts.deleted=0 ';


vow, many thanks for your reply.

I am going to check and try to add a custom code. to filter via user’s SGs.