CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion »
  • APIs and Hooks (Moderator: Donald Lobo) »
  • Restricting access to activity records by activity_type_id
Pages: [1]

Author Topic: Restricting access to activity records by activity_type_id  (Read 1178 times)

torenware

  • I post frequently
  • ***
  • Posts: 153
  • Karma: 4
Restricting access to activity records by activity_type_id
October 04, 2009, 04:51:16 pm
I'm looking into extending 3.x's ACL capability to solve two specific classes of problems a client has with contribution data.  Short version:  lots of people need access to viewing Activity records, but who donates to the organization and how much is a very sensitive and touchy issue.  In general, people who have EDIT access to a contact should not be able to see donation related information.

So I need to make sure that contribution information is very closely held.  The number of people who are authorized to see donation related information is very small (probably 3 out of hundreds of people who some degree of administrative access), so identifying who should have access is easy.   I believe it's pretty easy to restrict access to contribution records.  But CiviContribute also creates Activity records (this currently is not an option; it just goes ahead and does this), and Activity records don't currently have any way to directly limit access.

Certain, I can (and likely will) override the class that forces the creation of those activity records.  But it would be good for this and other reasons to be able to control view access for Activities.  The natural hook for this would be the activity_type_id, which points to a customizable option list.

What's the best way to add ACL (and ACL-hooks) for Activity records, so that I could do this kind of selection in a clean way?

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Restricting access to activity records by activity_type_id
October 05, 2009, 07:02:45 am

check: CRM/Activity/BAO/Activity.php, line 574 (v3.0)

Code: [Select]
        // Exclude Contribution-related activity records if user doesn't have 'access CiviContribute' permission                                                                   
        $contributionFilter = 1;
        if ( ! CRM_Core_Permission::check('access CiviContribute') ) {
            $contributionFilter = " civicrm_activity.activity_type_id != 6 ";
        }


Will hacking it there help you with a more restrictive permission?

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

torenware

  • I post frequently
  • ***
  • Posts: 153
  • Karma: 4
Re: Restricting access to activity records by activity_type_id
October 05, 2009, 12:50:07 pm
That looks like it would work.  Thanks.
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion »
  • APIs and Hooks (Moderator: Donald Lobo) »
  • Restricting access to activity records by activity_type_id

This forum was archived on 2017-11-26.