Why i can remove needed fields of an creation mask via core workflow

Infos:

  • Used Zammad version: 5.01
  • Used Zammad installation type: Package
  • Operating system: Debian 10
  • Browser + version: Chrome 99

Expected behavior:

  • A rule checking, that not lets you delete needed fields

Actual behavior:

  • Within a core workflow i can make a trigger that removes the login field from the user creation mask. Creating new users via API or via creation mask then is not possible.

Steps to reproduce the behavior:

  • In my case: Create a core workflow for the user creation mask depending on the salutation and set “User/Login” to “remove”. Now create a new user with the salutation that triggers the workflow an you will get a “not null violation error” for the login field.
I, [2022-05-12T21:43:30.448479 #16342-23784920]  INFO -- : Processing by UsersController#create as JSON
I, [2022-05-12T21:43:30.448660 #16342-23784920]  INFO -- :   Parameters: {"login"=>"12345test", "hiw_kunr"=>"12345", "anrede"=>"Firma", "lastname"=>"Besondere Firma", "firstname"=>"", "street"=>"Schloßallee 1", "zip"=>"12345", "city"=>"Moritzburg", "country"=>"Deutschland", "phone"=>"", "phone2"=>"", "mobile"=>"", "email"=>"", "role_ids"=>[3]}
E, [2022-05-12T21:43:30.765052 #16342-23784920] ERROR -- : PG::NotNullViolation: FEHLER:  NULL-Wert in Spalte »login« verletzt Not-Null-Constraint
DETAIL:  Fehlgeschlagene Zeile enthält (74081, null, null, null, Firma, , null, null, , null, , , , null, Schloßallee 1, 12345, Moritzburg, Deutschland, f, f, t, , null, null, 0, f, null, null, null, --- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
locale: ..., 8, 8, 2022-05-12 19:43:30.53, 2022-05-12 19:43:30.53, Firma, null, null, , t, 12345, , , ).
 (ActiveRecord::NotNullViolation)
app/controllers/users_controller.rb:911:in `create_internal'
app/controllers/users_controller.rb:96:in `create'
app/controllers/application_controller/has_download.rb:21:in `block (4 levels) in <module:HasDownload>'
app/controllers/application_controller/has_download.rb:20:in `block (3 levels) in <module:HasDownload>'
app/controllers/application_controller/has_download.rb:19:in `block (2 levels) in <module:HasDownload>'
app/controllers/application_controller/handles_transitions.rb:16:in `handle_transaction'
E, [2022-05-12T21:43:30.770716 #16342-23784920] ERROR -- : Error ID Q1Y6jHKD: PG::NotNullViolation: FEHLER:  NULL-Wert in Spalte »login« verletzt Not-Null-Constraint
DETAIL:  Fehlgeschlagene Zeile enthält (74081, null, null, null, Firma, , null, null, , null, , , , null, Schloßallee 1, 12345, Moritzburg, Deutschland, f, f, t, , null, null, 0, f, null, null, null, --- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
locale: ..., 8, 8, 2022-05-12 19:43:30.53, 2022-05-12 19:43:30.53, Firma, null, null, , t, 12345, , , ).

Your clause doesn’t make any sense in the first place as it’s never shown in the UI directly. So you could leave it untouched in the first place.

The documentation also warns about how dangerous your operations are:
https://admin-docs.zammad.org/en/latest/system/core-workflows/how-do-they-work.html#available-operators

I partly do agree that this is unexpected, I however am not sure if this really counts as a bug if administrators can’t understand the scope of their configurations.

It has been a long time, since i have this clause written, so i don’t know anymore, why this was in that workflow. After detecting that “error”, i removed the clause.

For me it seems not right, that i can remove urgently needed fields, anyway if i’m an admin or not. Should i create a bug report or does this make no sense?

You can create one, however, I will discuss this with the product management team before further qualification.