CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Discussion (deprecated) »
  • Alpha and Beta Release Testing »
  • 2.2 Release Testing »
  • Ajax permissions
Pages: [1]

Author Topic: Ajax permissions  (Read 3050 times)

Eileen

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4195
  • Karma: 218
    • Fuzion
Ajax permissions
March 14, 2009, 12:44:22 am
Hi,

This is hard to test on the demo site due to not having the right users in place. This is on my  2.2b4 install

I have a user on who has been set to only be allowed to view one group of contacts and one group of organisations. When I use the ajax search boxes my user can see many more names (although they can't find them in an actual search). Likewise when they access the employer search box (e.g. edit user) they can see employers that they don't have rights to view.

I note the function in ajax to get the employer list is actually called     

static function getPermissionedEmployer( $contactID, $name = '%' )

which implies it is checking permissions but my experience is that it isn't
Make today the day you step up to support CiviCRM and all the amazing organisations that are using it to improve our world - http://civicrm.org/contribute
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Discussion (deprecated) »
  • Alpha and Beta Release Testing »
  • 2.2 Release Testing »
  • Ajax permissions

This forum was archived on 2017-11-26.