OK. So I made the code changes to SecurityGroup.php and unfortunately, it still does not fix the issue. No log errors of any type, so the code is running and working.
It appears that the products problem is with any user connected to a role with the Owner privilege.
So we have several security groups set up as ’ ****** Procurement’ associated with different product categories. Each group has two role types - manager and support. Users in the manager set can see all information in the Group. Support users see Owner data only, ie anything assigned to them only… This is how the roles are set up.
So one of the support users creates some new product records, which it allows them to do and the info is saved correctly. However, when they look at the list view of products, it is a blank list - ie they cannot see the products that they have just created. We tried refreshing the browser, relogin etc… just to be sure.
Their manager can see all of these new products in list and detail with no problem, as well as products from other support users (who all have the same issue in terms of not being able to see their own created products).
The manager can select products for an individual support user and do a Mass Update to assign the products to that user, who can then see all of the products that they have created.
However, as a process, this can’t work effectively as the support users all need to be able to create products as new product lines are taken on. However, as they can’t see them initially, this is simply not practical.
We have tested all other functions and these work. The only ‘clue’ is that the product creation screen is the only one which doesn’t show an ‘Assigned To’ field with the user ID in it. so whilst the code did appear as though it was going to force this through, when checked in the database itself, the assigned_user_id field for those records created by the users in the support role all contain NULL, so are not being set upon record creation.
So it looks like a bug to us. I have run a quick repair and repair roles in admin, to check if anything had gone out of sync but still the same issue.
Now scratching our heads as the security suite is not something we are keen to mess with. Our only way around this at the moment is to give all of the category support staff Group roles, but they then see a lot of other products in which they have no interest or involvement and need to start filtering everything . If the Owner role worked correctly, none of this would be required.
Any further help would be very welcome, even if it is to tell us that we are doing something wrong, which we can’t see…
Many thanks for the help so far.