allow unlinking related items if you can edit the parent item fix #210

deleting a relationship should require edit access to the parent object (the one they are related to) not delete access to the target object. (because you are not deleting it, just disassociating it which is an edit to the parent object)

Not all delete from related lists are soft. For example... deleting Invoice from Org is hard delete. We need to streamline this before heading to make the access check change.

OK, so in that instance it should be a trashcan icon, and require delete access for the target object - this is very confusing! I am not entirely clear how to figure out what is going to happen when deleting from a related list, but yes, deleting invoices from an org certainly deletes them.

Good point.

I spent some time tracing through what happens when you call deleteRelation, but I couldn't figure out why invoices get deleted it should call deleteRelation in modules/Vtiger/models/Relation.php which should in turn call DeleteEntity in include/utils/utils.php which should just unlink if there is a return_module, which I think there should be.

My guess...

• Unlink is chosen if target record can exist without reference to its parent (ex. Contact)
• Delete is chosen if target record cannot exist without a parent (ex. Invoice)

OK, found it in a bunch of modules the unlinkRelationship function is overridden, so modules/Invoice/Invoice.php has an unlinkRelationship function that trashes the invoice when deleted from the Accounts or Contacts module. In SalesOrder.php it trashes if deleted from Accounts for example.

so, I think there should probably be a layouts/vlayout/modules/Invoice/AccountsRelatedList.tpl and layouts/vlayout/modules/Invoice/ContactsRelatedList.tpl where it gets the trashcan icon and requires delete access to the target.

Yes, but just for icon change having separate tpl might be overkill?

Well doing it as override templates means that the weirdness is isolated into the module that is being weird. In general there shouldn't be hard coded exceptions for specific modules in the core code. It isn't just the icon change, it is the different permissions required too. I guess module checking is already in there as there is a {if $RELATED_MODULE_NAME eq 'Calendar'} but in general I think if a module overrides unlinkRelationship and thus requires a template difference then the template difference should be in the same module.

Quotes from Accounts is a hard delete

PurchaseOrder from Vendors is a hard delete

Potentials from Accounts is a hard delete

Potentials from Contacts might be a hard delete if the potential is directly linked to the contact and not through the account, or it might just clear the contactid on the Potential

some of the unlinks are going to require edit access to the target, not edit access to the source, where there is a uitype 10 on the far side and the unlink clears that field.

mentioned in issue #210 (closed)

Status changed to merged

mentioned in commit f88cb71d