CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviMail (Moderator: Piotr Szotkowski) »
  • Limiting recipients of mailings according to access rights
Pages: [1]

Author Topic: Limiting recipients of mailings according to access rights  (Read 1587 times)

DenisD

  • I’m new here
  • *
  • Posts: 11
  • Karma: 1
Limiting recipients of mailings according to access rights
May 18, 2010, 07:41:01 am
Hi everybody,

I have a simple question that I haven't been able to figure out myself. For our online contact database, we would like to structure access rights as follows:
  • outside users can only sign up and modify their profile (on Drupal) without accessing civicrm
  • inside users can access civicrm to view and add contacts (under "Search", "Contacts" and "Events")
  • team leaders can access civicrm to view and add contacts; they also have administrative rights for "their" contacts and can access "Mailings"
  • site administrators can do everything

We have worked with a combination of Drupal access rights and civicrm ACLs. For the management of contacts, this has worked quite well. However, we would also like to limit user rights of "mailings". Specifically, team leaders should only be able to send messages to "their" contacts; i.e. the people belonging to a specified group (according to the ACL). Currently, however, they can send emails to everybody included in a group of type "mailing list".

Thanks for your ideas on how to approach this problem.

Denis

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Limiting recipients of mailings according to access rights
May 18, 2010, 08:50:00 am

are you using an ACL hook or the CiviCRM built in ACL's (note that the UI driven ACL's will not scale very well for lots of groups, there is a patch that we are evaluating)

Basically if things are working, a user should only see the groups that they have access to (civicrm permissioning on contacts is based on civicrm groups). So not sure why your users are seeing all the groups in a mailing
 
lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

DenisD

  • I’m new here
  • *
  • Posts: 11
  • Karma: 1
Re: Limiting recipients of mailings according to access rights
May 20, 2010, 08:58:27 am
The critical group is "team leaders" who should have some administrative rights in CiviCRM, especially related to "mailings". As mentioned, we used a combination of Drupal user rights and CiviCRM ACL's (all via the user interface; what is the alternative?). Here is what we did (assume that a "team leader" should control the group "subset" of which s/he is a member him/herself):
  • create a group "administrator civicrm" in the Drupal "Permissions"
  • allow users of type "administrator civicrm" to access CiviMail, among others (see attachment)
  • create group "subset" of type "access control"
  • create ACL role "limited"
  • give ACL role "limited" edit rigths on group "subset"
  • assign ACL role "limited" to members of "subset"

This procedure worked well in order to limit editorial rights; e.g. members of group "limited" with "administrator civicrm" access rights cannot delete contacts (as specified in the Drupal access rights) and only modify information of "their" contacts (i.e. members of the group "limited").

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Limiting recipients of mailings according to access rights
May 20, 2010, 10:57:41 am

1. what version are u using

2. you can implement ACLs via hooks (which is recommended if u have a large number of ACLs)

3. so when sending a mailing, the person in a "limited" role sees all groups? not just "subset". does this person have "view all contacts" permission?

4. if not, can u try to follow the trail of code from here:

CRM/Mailing/Form/Group.php, function buildQuickForm

        //get the mailing groups.                                                                                                     
        $groups =& CRM_Core_PseudoConstant::group('Mailing');

that should return only the mailing groups the person has permission on

lobo

A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

DenisD

  • I’m new here
  • *
  • Posts: 11
  • Karma: 1
Re: Limiting recipients of mailings according to access rights
May 24, 2010, 04:30:54 am
Quickly on your questions:

1. Powered by CiviCRM 3.0.1; Drupal: 6.14; Server Apache/2.2.11 (Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i mod_jk/1.2.27 PHP/5.2.8 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0

2. I will look into this; for this problem, it shouldn't make a difference

3. This is correct; I changed Drupal permission to prevent people in limited role to "view all contacts", which indeed takes away those groups from mailings that are not specified in the ACL. However, this is not what I am looking for: people with restricted rights should be able to see all contacts, but their rights to modify or email contacts should be limited to the groups specified in the ACL. This works for "editorial rights" (so people can only edit "their" contacts"), but unfortunately not for the mailings

4. Not sure if my IT skills are good enough to follow your thinking (I'm not a programmer); "group.php" contains the code that you highligthed; should I do something with this? (sorry for my ignorance) The entire trail of code of "buildQuickForm" is below.

Thanks,
Denis



public function buildQuickForm( )
    {
        require_once 'CRM/Mailing/PseudoConstant.php';
       
        //get the context
        $context = $this->get( 'context' );
        $this->assign( 'context', $context );
       
        $this->add( 'text', 'name', ts('Name Your Mailing'),
                    CRM_Core_DAO::getAttribute( 'CRM_Mailing_DAO_Mailing', 'name' ),
                    true );
       
        //get the mailing groups.
        $groups =& CRM_Core_PseudoConstant::group('Mailing');

        $mailings =& CRM_Mailing_PseudoConstant::completed();
        if (! $mailings) {
            $mailings = array();
        }

        // run the groups through a hook so users can trim it if needed
        require_once 'CRM/Utils/Hook.php';
        CRM_Utils_Hook::mailingGroups( $this, $groups, $mailings );
       
        //when the context is search add base group's.
        if ( $context == 'search' ) {
            //get the static groups
            $staticGroups = CRM_Core_PseudoConstant::staticGroup( false, 'Mailing' );
            $this->add( 'select', 'baseGroup',
                        ts( 'Base Group' ),
                        array(''=>ts( '- select -' )) + $staticGroups,
                        true );
        }
       
        $inG =& $this->addElement('advmultiselect', 'includeGroups',
                                  ts('Include Group(s)') . ' ',
                                  $groups,
                                  array('size' => 5,
                                        'style' => 'width:240px',
                                        'class' => 'advmultiselect')
                                  );
       
        //as we are having hidden smart group so no need.
        if ( $context != 'search' ) {
            $this->addRule( 'includeGroups', ts('Please select a group to be mailed.'), 'required' );
        }
       
        $outG =& $this->addElement('advmultiselect', 'excludeGroups',
                                   ts('Exclude Group(s)') . ' ',
                                   $groups,
                                   array('size' => 5,
                                         'style' => 'width:240px',
                                         'class' => 'advmultiselect')
                                   );

        $inG->setButtonAttributes ('add'   , array('value' => ts('Add >>'   )));
        $outG->setButtonAttributes('add'   , array('value' => ts('Add >>'   )));
        $inG->setButtonAttributes ('remove', array('value' => ts('<< Remove')));
        $outG->setButtonAttributes('remove', array('value' => ts('<< Remove')));
       
        $inM =& $this->addElement('advmultiselect', 'includeMailings',
                                  ts('INCLUDE Recipients of These Mailing(s)') . ' ',
                                  $mailings,
                                  array('size' => 5,
                                        'style' => 'width:240px',
                                        'class' => 'advmultiselect')
                                  );
        $outM =& $this->addElement('advmultiselect', 'excludeMailings',
                                   ts('EXCLUDE Recipients of These Mailing(s)') . ' ',
                                   $mailings,
                                   array('size' => 5,
                                         'style' => 'width:240px',
                                         'class' => 'advmultiselect')
                                   );
       
        $inM->setButtonAttributes ('add'   , array('value' => ts('Add >>'   )));
        $outM->setButtonAttributes('add'   , array('value' => ts('Add >>'   )));
        $inM->setButtonAttributes ('remove', array('value' => ts('<< Remove')));
        $outM->setButtonAttributes('remove', array('value' => ts('<< Remove')));

        require_once 'CRM/Contact/Page/CustomSearch.php';
        $urls =
            array( '' => ts('- select -'),
                   -1 => ts( 'CiviCRM Search' ) ) +
            CRM_Contact_Page_CustomSearch::info( );
           
        $this->addFormRule( array( 'CRM_Mailing_Form_Group', 'formRule' ));
       
        //FIXME : currently we are hiding save an continue later when
        //search base mailing, we should handle it when we fix CRM-3876
        $buttons = array( array ( 'type'      => 'next',
                                  'name'      => ts('Next >>'),
                                  'spacing' => '&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;',
                                  'isDefault' => true   ),
                          array ( 'type'      => 'submit',
                                  'name'      => ts('Save & Continue Later') ),
                          array ( 'type'      => 'cancel',
                                  'name'      => ts('Cancel') ),
                          );
       
        if ( $context == 'search' ) {
            $buttons = array( array ( 'type'      => 'next',
                                      'name'      => ts('Next >>'),
                                      'spacing' => '&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;',
                                      'isDefault' => true   ),
                              array ( 'type'      => 'cancel',
                                      'name'      => ts('Cancel') ),
                              );
        }
        $this->addButtons( $buttons );
       
        $this->assign('groupCount', count($groups));
        $this->assign('mailingCount', count($mailings));
    }

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Limiting recipients of mailings according to access rights
May 24, 2010, 06:18:19 am

1. you might want to upgrade to 3.1.5

2. view all contacts gives permission to access all groups (and hence can be sent an email)

3. you will need to hire a developer to modify the system to do what you need


lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

DenisD

  • I’m new here
  • *
  • Posts: 11
  • Karma: 1
Re: Limiting recipients of mailings according to access rights
May 25, 2010, 04:57:46 am
Okay; thanks for all your help. I thought I had overseen something, but I guess my plans require a bit more work than expected. Hasn't this issue been raised before?

Again, thanks for the quick support.

Denis

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Limiting recipients of mailings according to access rights
May 25, 2010, 02:23:45 pm

this has come up before, but so far has not been important enough for someone to contribute a patch. Maybe u will?

the main issue is permission granularity. Splitting into view/edit/neither is basically fairly limiting and we decided that "mailing" was more of a "view" function at some stage

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviMail (Moderator: Piotr Szotkowski) »
  • Limiting recipients of mailings according to access rights

This forum was archived on 2017-11-26.