« previous next »
Pages: [1]

Author Topic: CiviEvent Permissions Problem for Edit Events  (Read 1287 times)

Offline Stoob

  • I live on this forum
  • *****
  • Posts: 1025
  • Karma: 100
  • CiviCRM version: 3.4 - 4.2
  • CMS version: Drupal 6, 7, Wordpress
  • MySQL version: 5.1
  • PHP version: 5.2 or 5.3
CiviEvent Permissions Problem for Edit Events
« on: March 12, 2010, 12:38:39 pm »
In Civi 3.1, I have a role created with the following CiviCRM permissions.

1. access CiviCRM
2. access CiviEvent
3. delete in CiviEvent
4. edit all events
5. edit event participants
6. register for events
7. view event info   
8. view event participants

But yet this role cannot edit, create, or delete Events, most importantly edit.  In order to Edit events, this role must be given Administer CiviCRM permission, which is not appropriate for this role.

This issue was visited back in 2.1 here: http://issues.civicrm.org/jira/browse/CRM-2922

However it seems to reverted back and is a bug again.  Can you confirm, can I file an issue?

Cannot replicate on the Demo site because I cannot create Drupal users and roles on the Demo site, but this is a valid bug on my 3.1 installation.  I have check the upcoming patch release and this bug doesn't seem to be on the schedule.

Logged
Was I helpful?  If so, please click the "applaud" link under my name.  Consider donating to CiviCRM if you use it with success.

Offline Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 14701
  • Karma: 440
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: CiviEvent Permissions Problem for Edit Events
« Reply #1 on: March 12, 2010, 04:18:58 pm »
what version of 3.1? i think this resurfaced in earlier versions of 3.1.x or so but i believe it is fixed in 3.1.3 (or 3.1.2?)

lobo
Logged
Found this reply helpful? Contribute NOW and help improve CiviCRM with the Make it Happen! initiative.

Offline Stoob

  • I live on this forum
  • *****
  • Posts: 1025
  • Karma: 100
  • CiviCRM version: 3.4 - 4.2
  • CMS version: Drupal 6, 7, Wordpress
  • MySQL version: 5.1
  • PHP version: 5.2 or 5.3
Re: CiviEvent Permissions Problem for Edit Events
« Reply #2 on: March 12, 2010, 08:23:33 pm »
I'm using the latest, 3.1.3.  I looked to see if a fix was coming in Issue Tracker for 3.1.4, but didn't see one.  Maybe I missed it...is a fix on the way?

PS. If you want a login to the client site to confirm the bug, just send an email and I'll give you the info.

PPS. I've modified the permissions somewhat as an experiment, but "delete in CiviEvent" has no effect.

« Last Edit: March 12, 2010, 08:29:21 pm by Stoob »
Logged
Was I helpful?  If so, please click the "applaud" link under my name.  Consider donating to CiviCRM if you use it with success.

Offline Deepak Srivastava

  • Administrator
  • Ask me questions
  • *****
  • Posts: 657
  • Karma: 63
Re: CiviEvent Permissions Problem for Edit Events
« Reply #3 on: March 15, 2010, 02:11:38 am »
Stoob,

I was able to recreate the problem. Filed and fixed the issue here - http://issues.civicrm.org/jira/browse/CRM-5955.

The patch might look long because i also did other cleanups, but the basic problem was that an old permission check for 'administer CiviCRM' was still present for event dashboard.

As a temporary fix you can apply the below patch -
Code: [Select]
Index: CRM/Event/Page/DashBoard.php
===================================================================
--- CRM/Event/Page/DashBoard.php (revision 26526)
+++ CRM/Event/Page/DashBoard.php (working copy)
@@ -53,8 +53,7 @@
         CRM_Utils_System::setTitle( ts('CiviEvent') );
 
         $admin = false;
-        if ( CRM_Core_Permission::check( 'access CiviEvent' ) &&
-             CRM_Core_Permission::check( 'administer CiviCRM' ) ) {
+        if ( CRM_Core_Permission::check( 'access CiviEvent' ) ) {
             $admin = true;
         }

thanks,
« Last Edit: March 15, 2010, 02:19:12 am by Deepak Srivastava »
Logged
Found this reply helpful? Contribute NOW and help us improve CiviCRM with the Make it Happen! initiative.
Pages: [1]
« previous next »