CiviCRM Community Forums (archive)

Hi everyone,

I am trying to set up a membership database for a national organisation with lots of local chapters. Because of the multi-level structure of the organisation, the ACLs requirements for the system are quite complex.

One requirement is that each chapter's membership secretary have read-only access to the records of the chapter's members. I have set up some custom fields, used a few custom hooks, along with hook_civicrm_aclWhereClause to implement some custom ACLs to implement this permission system.

My plan was to then create a profile that just displays the fields that I want the membership secretaries to see, and use the custom ACL code to restrict access to the members of the secretary's chapter.

My ACL code is working for the main search and contact interface, but when searching via a profile, I don't think ACL rules are applied at all. I know that my hook_civicrm_aclWhereClause code is not invoked. And I just tried using some ACL rules set up via the UI, and those don't seem to apply to profile listings either.

Is there any way around this? I am starting to wonder whether my initial plan, which depended heavily on different profiles for listing and viewing contacts, will need to be scrapped because of this issue.

Thanks,
-Ian

profiles do not follow acl rules on contact

not sure of our reasoning behind this, but we wanted to keep the profile module simple (and all encompassing). hence the decision to bypass ACL's.

lobo

i think our initial approach to profiles was to keep it very simple and distinct

in retrospect, yes it is not consistent. we'll consider fixing this in a future release

lobo