CRUD operations without user permissions from C# backend

Good day, colleagues.

 

When attempting to create a record in a related object using User-Task, I receive the error "Insufficient permissions to add record in object 'SomeObject'." Current permissions for this user in "SomeObject" are set to Read-only. However, when using the classes new EntitySchemaQuery(), new Entity(), and userConnection.EntitySchemaManager.GetInstanceByName("Entity_Name"), I set the UseAdminRights property to true.

 

I have used three different approaches:

 

1.
new SomeEntity(_userConnection)
{
   UseAdminRights = true
}

 

2.
new EntitySchemaQuery()
{
  UseAdminRights = true
}

 

3.
EntitySchema instanceByName = _uc.EntitySchemaManager.GetInstanceByName(typeof(EntityType).Name);
instanceByName.UseDenyRecordRights = true;

 

None of these have successfully created or retrieved the record. I request assistance in figuring out how to forcibly disable permission checks for any CRUD operations on the backend.

Like 0

Like

5 comments

Hi,

 

Example from the OmnichannelContactIdentifier (OmnichannelMessaging package):

 

var esq = new EntitySchemaQuery(UserConnection.EntitySchemaManager, "ContactIdentity") {
                UseAdminRights = false
            };
            esq.PrimaryQueryColumn.IsAlwaysSelect = true;
            esq.AddColumn("Contact");
            esq.AddColumn("Channel");

...

Please try this approach of specifying the UseAdminRights flag for the server esq.

In addition to Oleg's response, you can also use the Select, Insert, Update, etc classes, they bypass security since they are executing direct in the database. See https://academy.creatio.com/docs/8.x/dev/development-on-creatio-platform/8.1/direct-access-references

Also, you can get the SystemUserConnection to use for the ESQ.

Also worth noting for people who haven't used the Select, Insert, Update etc classes, they bypass all Creatio application logic, so things like Business Process triggers on record creation or update too. They are very useful, but need to be aware of that to avoid issues.

One more detail, if it isn't clear by now: the UseAdminRights flag doesn't mean "use the permissions of the administrator"...actually, the opposite is the case. It means "enable the usage of permissions".
I find the wording pretty misleading, but that's how it is ;)

Yes, naming leads to opposite meaning

Thx a lot for answers

Show all comments