Support (offered by community volunteers) > Using Drupal Modules

Do Drupal Views not yet inherit ACL restrictions

(1/2) > >>

petednz:
Not sure if this is something I forgot was a limitation - or if it was but is now borked

Set up View showing civi data

Set up ACL to restrict user X to see only people in Group X

Test ACL works by 'search all' in civi and see only 290 of 10000 contacts - good

Go to view - see all 10000 contacts. ouch

Hershel:
AFAIK, Views queries the CiviCRM DB directly and thus of course bypasses CiviCRM's ACL.

Donald Lobo:

But obviously would make a great addition and make the views integration even more powerful.

Seems like would need to be done as an alter query hook or something similar when its a contact view. I think its gets even more complex when its a contribution view

Also not sure if the views integration is aware of either thrashed contacts or dead contacts. Civi handles them with special care :)

lobo

torrance123:
I had gone down the same sort of route outlined by Lobo. This is set to work only for when the view is built off the civicrm_contacts table. I expect extending a similar sort of logic to work with other civi tables as the base table would be possible.

I'd be interested to know if there is a cleaner way to include the necessary civicrm classes.


--- Code: ---function civicrm_views_acl_views_query_alter(&$view, &$query) {
  if ($view->base_table == 'civicrm_contact') {
    // Intialize civicrm and load the required classes to
    // call CRM_Contact_BAO_Contact_Permission::cacheClause().
    civicrm_initialize();
    require_once $GLOBALS['civicrm_root'] . '/CRM/Contact/BAO/Contact/Permission.php';
    require_once $GLOBALS['civicrm_root'] . '/CRM/Core/Permission.php';

    // Construct a subquery that returns a list of contacts that the current
    // user has access.
    list($from_clause, $where_clause) = CRM_Contact_BAO_Contact_Permission::cacheClause('civicrm_contact');
    $subquery = "SELECT civicrm_contact.id FROM {civicrm_contact} as civicrm_contact {$from_clause} WHERE {$where_clause}";

    // Include the subquery as a where clause into the views query.
    $civicrm_contact_alias = $query->ensure_table('civicrm_contact');
    $query->add_where(0, "{$civicrm_contact_alias}.id IN ({$subquery})");
  }
}

--- End code ---

Donald Lobo:

not sure how much u can do with query alter, but within the civi code we use a left join to the acl table of contact ids and add a where clause

older versions of mysql were very inefficient with sub-selects in some cases. not sure if this still true for 5.1/5.5

lobo

Navigation

[0] Message Index

[#] Next page

Go to full version