CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site

This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Profiles (Moderator: Dave Greenberg) »
  • Profiles and ACLs
Pages: [1]

Author Topic: Profiles and ACLs  (Read 1354 times)

idmacdonald

  • I post occasionally
  • **
  • Posts: 69
  • Karma: 1
Profiles and ACLs
November 12, 2009, 09:54:56 am
Hi everyone,

I am trying to set up a membership database for a national organisation with lots of local chapters. Because of the multi-level structure of the organisation, the ACLs requirements for the system are quite complex.

One requirement is that each chapter's membership secretary have read-only access to the records of the chapter's members. I have set up some custom fields, used a few custom hooks, along with hook_civicrm_aclWhereClause to implement some custom ACLs to implement this permission system.

My plan was to then create a profile that just displays the fields that I want the membership secretaries to see, and use the custom ACL code to restrict access to the members of the secretary's chapter.

My ACL code is working for the main search and contact interface, but when searching via a profile, I don't think ACL rules are applied at all. I know that my hook_civicrm_aclWhereClause code is not invoked. And I just tried using some ACL rules set up via the UI, and those don't seem to apply to profile listings either.

Is there any way around this? I am starting to wonder whether my initial plan, which depended heavily on different profiles for listing and viewing contacts, will need to be scrapped because of this issue.

Thanks,
-Ian

idmacdonald

  • I post occasionally
  • **
  • Posts: 69
  • Karma: 1
Re: Profiles and ACLs
November 12, 2009, 10:00:10 am
Oh, and I forgot to mention, I'm on CiviCRM 3.0.2 on Drupal (will have to update my profile!).

Thanks,
-Ian

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Profiles and ACLs
November 12, 2009, 11:38:46 am

profiles do not follow acl rules on contact

not sure of our reasoning behind this, but we wanted to keep the profile module simple (and all encompassing). hence the decision to bypass ACL's.

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

idmacdonald

  • I post occasionally
  • **
  • Posts: 69
  • Karma: 1
Re: Profiles and ACLs
November 12, 2009, 01:51:31 pm
OK. This seems like a fairly major limitation for the profiles system. Quite confusing in terms of system security, really. I'll have to rethink my approach a bit.

Thanks,
-Ian

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Profiles and ACLs
November 12, 2009, 04:30:51 pm

i think our initial approach to profiles was to keep it very simple and distinct

in retrospect, yes it is not consistent. we'll consider fixing this in a future release

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

petednz

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4899
  • Karma: 193
    • Fuzion
  • CiviCRM version: 3.x - 4.x
  • CMS version: Drupal 6 and 7
Re: Profiles and ACLs
November 12, 2009, 10:10:52 pm
if you have lots of chapters this may not work - but you may have more flexibility in using Roles on the Drupal side and spitting out your Directories via Views - just a thought (but possible too many 'roles' to consider worth doing) - but maybe there is another route via views - can't you limit a view by role or by permission? maybe tieing this in with taxonomy somehow (i should shut up now i think)

but just want to plug Views for directories where Profiles don't quite cut it ;-)
Sign up to StackExchange and get free expert advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

pete davis : www.fuzion.co.nz : connect + campaign + communicate

Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Profiles (Moderator: Dave Greenberg) »
  • Profiles and ACLs

This forum was archived on 2017-11-26.