CiviCRM Community Forums (archive)

Hi,
I am new to Civicrm and Joomla, and have been setting up a system. The basic premise is that there are individuals and organisations, and some organisations are also service providers. Some individuals are the primary contact for their company. I have setup the relations so that those individuals can edit their employers and this all works (they log in using civiuser then can access their dashboard and edit the company details from there).

I have setup custom fields for the service provider information and imported the data for those. I then added these organisations to a service provider group. I then set up a profile so that the users can edit their company's service provider details. The profile only lists organisations in the Service Provider group.

The issue I am having is that users (who can all edit their company details) cant edit the profile with custom fields. I have made all the fields editable (ie not view only), and Public in the Custom Data and Profile.

In order to allow the user to edit the profile I hacked the dashboard to add a link to edit the custom data profile (as described http://forum.civicrm.org/index.php?topic=5699.0 ). Clicking the link redirects me to the root of the website and when I click to go back to the dashboard it says "You do not have permission to edit this contact record. Contact the site administrator if you need assistance."

Like I said, I do have permission (through the relationship) because I can edit the company using the default edit link on the dashboard.

I think the problem is that
       CRM_Contact_BAO_Contact_Utils::validChecksum( $contactID,
                                                              CRM_Utils_Request::retrieve( 'cs', 'String' , $form, false ) )
is returning false in Contact/BAO/Contact/Permission.php:224. I have no idea what this line is doing or why its failing.

Is this a bug, or have I misconfigured something? How can I check?
(I am using 3.1.5 stable release with Joomla)


EDIT:
I changed
Profile/Form/Edit.php:91 to
                //if ( $config->userFrameworkFrontend ) {
                //    CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum( $id, $this );
                //} else {
                    CRM_Contact_BAO_Contact_Permission::validateChecksumContact( $id, $this );
                //}
(ie, commented out all the lines except the validateChecksumContact one)
and it seems to work now. Is this a bad thing security-wise?

The problem about Individuals not being able to edit custom data for an Org they have permissioned relationships have tripped up a few projects -and afaik is still not resolved. Solutions do exist eg search for 'stoobs solution' or else you need to make some more progress with building a hook to do this. Search the forums a bit more and you will probably come across the discussions on this.

I need to allow my users to edit custom org data.   Which approach is easiest to implement? I'm not a coder.

1) Dylan's solution (described above)

2) ToddW's solution described here:
http://forum.civicrm.org/index.php/topic,12839.0.html

3) Stoob's solution

4) another solution

Thanks,
James

I have a client breathing down my neck to implement a custom solution asap, and can afford to pay someone $500 to do the work. Not enough to build a general solution, unfortunately. Is there a way to team up with others and pool our resources?

Thanks,
James