CiviCRM Community Forums (archive)

i'm running into a permissions issue with 3.0.4

 I have a drupal user role that has very limited permissions for civicrm.

• Access to civicrm
• Access to civievent
• access CiviMail subscribe/unsubscribe pages
• edit event participants
• make online contributions
• profile listings and forms
• register for events
• view event info
• view event participants

The only function i want them to be able to perform beyond a basic authenticate user is creating, editing and managing events.

However, users of this role have the full civicrm admin menu, which causes confusion because they get 403 errors on most menu items, or if they search for a contact, it turns up blank rather than telling them they do not have access. 

The Big problem though is "contacts > new email", the user has access to send email to contacts via civicrm, and worse, they can see email addresses of contacts via the auto complete email to field.

"Send Email Via CiviCRM" seems like a no-brainer of a permission.  Does it exist somewhere that I am missing?  Do i need to add some kind of ACL Rule?

this has come up a couple of times in the recent past and would be good to fix this and get a clean solution. the permissioning structure is such that "permission to create" events basically is treated as an administer permission, and hence you see the administer civicrm permission. A clean solution would potentially move that outside of "administer" realm

we also need to think about permissioning for search/contact tasks and group them appropriately. Currently having access to a contact gives you the ability to do a few tasks, there are only 2 permissioning groups of tasks (for edit and view)

lobo

I wrote a couple of quick drupal modules to provide enhanced fidelity to permissions. One of them allows you to set permissions for search results tasks which might help you.

This is probably not brilliantly coded or comprehensive as I just knocked it up quickly, but you might find it useful. Unfortunately, I didn't put in anything to remove the options form the dropdown on the contact summary page, but these could be added in a similar way if you can do a bit of php.

The linked module below provides an extra set of permissions under the drupal permissions screen for each search task and then modifies the civicrm search forms using the searchTasks hook to remove unpermissioned search tasks from the list.

Module download here:
http://dl.dropbox.com/u/1458022/civicrm_searchtask_perms.zip

Thanks for sharing!

Is the code published directly in a public source code repository (github, drupal...) too ? Would make easier to manage the external patches and contributions.

Yeah that would be good but I haven't done that yet mainly because
a) I don't have access to a repository to put it in.
b) I am lazy
I guess I could set up a project on drupal.org, but I don't know how long I could maintain it, and the civicrm stuff on there seems quite outdated.
I guess I could try the free google code repository?