CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion (Moderator: Donald Lobo) »
  • You do not have permission to edit this contact record
Pages: [1]

Author Topic: You do not have permission to edit this contact record  (Read 1092 times)

Micah Lee

  • I post occasionally
  • **
  • Posts: 31
  • Karma: 4
  • CiviCRM version: 4.1.0
  • CMS version: Drupal 7
  • MySQL version: 5.1.49
  • PHP version: 5.3.3
You do not have permission to edit this contact record
September 06, 2011, 06:00:47 pm
Hi, I'm trying to solve a problem involving hashes. I made a form that let's you put in your email address and then it emails you a profile edit link, so our contacts can edit their own information (described in detail here http://forum.civicrm.org/index.php/topic,20222.msg87559.html).

But now when I click on one of these links (that links to something like /civicrm/profile/edit?reset=1&gid=14&id=407354&87609d09f7e216ff206e08ad153b4472_1315342041_24), it redirects me to / and displays the error message "You do not have permission to edit this contact record. Contact the site administrator if you need assistance." When I'm logged in, however, it just works fine.

In Drupal if I edit permissions so that anonymous users have access to "CiviCRM: edit all contacts" then anonymous users can fill out the profile. But this seems like a very dangerous permission to keep set. Is there any way around this? Or is this not actually all that dangerous?

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: You do not have permission to edit this contact record
September 06, 2011, 06:08:42 pm

hey micah:

definitely do NOT give anon user access to view/edit all contacts :)

can you give anon user access to profile create/edit (at a later stage u can actually give this permission to just a couple of profiles).

also seems like u need another parameter in there, that link seems wrong. it typically is:

q=civicrm/profile/edit&reset=1&gid=14&id=CONTACT_ID&cs=BIG_WIERD_HASH

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

Micah Lee

  • I post occasionally
  • **
  • Posts: 31
  • Karma: 4
  • CiviCRM version: 4.1.0
  • CMS version: Drupal 7
  • MySQL version: 5.1.49
  • PHP version: 5.3.3
Re: You do not have permission to edit this contact record
September 06, 2011, 06:23:10 pm
I had already let anonymous users create/edit profiles so I was confused why this wasn't working. But it was totally the URL. When I added cs= before the hash it fixed the problem! Thank you Lobo!

Now I'm curious how come it worked at all without the cs= when you're logged in. Ah well.  :)
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion (Moderator: Donald Lobo) »
  • You do not have permission to edit this contact record

This forum was archived on 2017-11-26.