Localization is causing security issues

tahnalos · 3 weeks ago

We have multiple languages that are in use in our instance. However, we are noticing a very odd error going on.

A user can access any task based ticket that they normally have permissions to in the English Language. But the moment they switch to one of our other permitted languages they get this error on the same ticket the normally have access to while in English:

Does anyone know why this issue occurs only in localized languages and NOT in English?

We are noticing this occurring in Incident, Change, and the HRSD.

lauri457 · 3 weeks ago

Turn on security debugging from the navigator and search the acl logs for the failing acl. Or you can try the access analyzer as well.

I hypothesize that this is caused by a scripted condition in an acl that is reliant on the English display value of a task inherited field or something similar.

Consider for example this scripted acl in english/french:

answer = current.getDisplayValue("priority") === "3 - Moderate";