CiviCRM Community Forums (archive)

With the help of those who responded to my last post at this forum, I've found my way to a strategy to implementing my voter rating process, but I'm running into a security glitch. 

The basic question is: Is it impossible for an authenticated user to update other contacts (custom fields through a profile) without giving them drupal access to update all contacts?

My use case is that I want authenticated users to be able to be able to recruit supporters and report the results of their canvassing.  They need to be able to retrieve a list of voters and enter a rating for each.  Because the system is open -- anyone can get a user ID without approval -- we want to maintain a full audit trail of the ratings (so it if someone doesn't understand the rating scheme or deliberately rates people wrongly, we can easily roll back their rating activity without losing other data).

I'm trying to implement this case staying entirely within the Civicrm extension framework.  So, the elements of what I want to build are basically:

• a single field profile including the new rating field -- this field is a member of traditional single-value custom field group (simple)
• a custom search for voter lists (have been able to follow the instructions on this successfully)
• a custom template for that search that in each row shows a link to the profile to update the rating (also straightforward)
• customization of the profile to add a couple of temporary fields that I will process with postprocess hook (I'm expecting this will be OK)
• an audit trail table that I update in the postprocess hook (just insert a record each time the profile is used showing who did what; also expecting this will work)
• using the custom fields added to the profile edit template in the post process hook, store an activity record queueing any necessary follow up for field staff (again, expecting this will work)

Here's the problem I'm stuck at:  I can't seem to get authenticated users to have update access to the profile and update other contacts. 

This query string works fine if I'm logged in administrator:
http://mydomain.com/civicrm/profile/edit?reset=1&id=NNNNN&gid=9

It updates the appropriate record and sends me to view that record correctly.  But if I am logged in as just an authenticated  user, the same string kicks me back to the drupal root.  If I substitute the label cid for id in the query string, I get to the form, but actually update my own account.

Should I be able to make this work or is it impossible for an authenticated user to update other contacts (even through a profile) without giving them drupal access to update all contacts?  I think I've tried just about all the combinations of roles and ACL's for the field and the profile that I can think of, but it just doesn't seem to allow access.  Drupal access to profiles and custom fields are enabled.  Also access civicrm is authorized in Drupal (needed to do this to allow the search to work, it seemed). 



I

Thanks Lobo,

If you think it is helpful, I will definitely continue to improve the documentation.  I would be delighted to help others use in my role.

The functionality I'm struggling with the is the last major piece to get roughed in and then we can focus on polishing the whole thing and the documentation

I basically went to the profile structure so that I could have a core civicrm screen to hang the new module hooks off of.  I'm understanding from your note that I can't make it work that way given the security architecture.  

I definitely agree that I want to store multiple records (in multiple value custom table) for the rating (date/rater/ratee/rating) -- I had just thought I could do that as a hook from the profile and have the profile update a single value latest rating field.  Cross of that idea.

So, I need to learn how to create the screen that I would link to from the voter list (custom search) and update the voter rating (by storing a new record in the multi-value table).  Another approach I experimented with was as a Drupal page with php code in it, but I paused on that expecting I might be far enough outside the civicrm framework that the api's and security wouldn't work -- decided to try the profile approach first.

So, please do tell what best framework for me to developing the screen would be -- it's very simple code, I'm just not sure where to put it!  I see it just inserting a record for each changed rating.  No update logic will be necessary.  For queries, we'll just take the latest stored rating (and/or show all of the stored ratings).

/w.

Thanks again.

If I develop the rating logic on a Drupal page, am I right in believing that the various functions of civicrm will be available to me (if I add the includes/requires that appear in other civicrm modules)?

Also, I assume that since the global variables of civicrm are visible while I am on a Drupal after starting Civicrm, I will be in the same place vis-a-vis the security logic of civicrm as I would be if I were in Civicrm.

Would I find myself up against the same security limitation I ran into using the profile module or is that something built within the profile module?

/w.