I have created a sentry plugin to prevent users from being able to see projects in SuperOffice unless they are a project member or project manager, and it works exactly as I need it to in SuperOffice. It does however cause a bug in Customer Service, where if there is a project relationship set up against the request table, if the request does not have a project, or the user does not have access to the project because of the rules in the sentry plugin, none of the request details show.
The error only seems to occur, if you add restrictions to the ModifySelect, to prevent the project row being returned if the user should not see the project. If you always allow the row to be returned, and then use the ModifyTableRights function to restrict access to the project, then you do not get this issue. For the query I need to perform I don't believe I can achieve this using the second method.
I basically use the ModifySelect option to to filter out the rows, so that if the project members person id is not equal the SuperOffice.SoContext.CurrentPrincipal.PersonId and the project managers associate id is not equal to SuperOffice.SoContext.CurrentPrincipal.AssociateId no rows are returned. I then do not add any code in the ModifyTableRights procedure, as it is already handled. Looking at the code example here, this looks like a valid way of achieving this. https://community.superoffice.com/en/content/content/netserver-sdk/netserver-3x/sentry-plugin-with-user-defined-tables/
I can even simply change the ModifySelect query to just prevent access to opening any project using this ...
public class SentryPluginQueryTableUpdaterContact : ISentryPluginQueryTableUpdater
public void ModifySelect(Select sql, TableInfo tableInfo)
ProjectTableInfo pti = (ProjectTableInfo)tableInfo;
And the sentry works in SuperOffice, but causes the error in Customer Service. SO I think this is a bug in Sentry. I have tested this on 8.3 R02.