CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Profiles (Moderator: Dave Greenberg) »
  • Restricted Access to Frontend Profile Listings [SOLVED]
Pages: [1]

Author Topic: Restricted Access to Frontend Profile Listings [SOLVED]  (Read 992 times)

chapmanla

  • I post occasionally
  • **
  • Posts: 43
  • Karma: 1
  • CiviCRM version: 4.3.1
  • CMS version: Joomla 2.5.11
  • MySQL version: 5.0.95
  • PHP version: 5.2.5
Restricted Access to Frontend Profile Listings [SOLVED]
July 13, 2012, 09:59:11 pm
I recently upgraded a site from Joomla 1.5 to 2.5 and the latest version of CiviCRM.  I think I understand the general approach to using the new ACL features to restrict access to data and processes to certain groups with specified roles on the backend.

I dont have a clear understanding how the ACL works on the frontend.  What I would like to do is give all users, including anonymous, access to certain public profile listings (e.g., list of member organizations), but give only special access users the ability to view other restricted listings (e.g., detailed directory of current membership). 

I know that I can restrict the menu links related to the restricting listings to only display to the special access group, but that doesn't prevent someone from typing in the url that exposes the restricted listing (e.g. "index.php?option=com_civicrm&task=civicrm/profile&reset=1&gid=7&force=1&search=0").  It seems that if I allow "public" to see any listings, they have the ability to expose all listings.

Am I missing something?  Is my only option (for a Joomla site) to restrict certain profile listings is to use the backend?

Thanks for any insights.
« Last Edit: July 15, 2012, 03:23:08 pm by chapmanla »

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Restricted Access to Frontend Profile Listings
July 14, 2012, 07:21:53 am

in joomla, the same acl rules apply to both the frontend and the backend.

Civi ACL's follow the "allow model"

Thus in your scenario, you'll give anon users access to profiles: A, B and C

you'll give members access to profiles D, E, F

you'll give admin access to all profiles

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

chapmanla

  • I post occasionally
  • **
  • Posts: 43
  • Karma: 1
  • CiviCRM version: 4.3.1
  • CMS version: Joomla 2.5.11
  • MySQL version: 5.0.95
  • PHP version: 5.2.5
Re: Restricted Access to Frontend Profile Listings [SOLVED]
July 15, 2012, 03:22:39 pm
Thanks, Lobo.  It is now clear to me.

For those Joomla users who, like me, didn't read the ACL documentation carefully enough or missed some of the nuances, I disabled all access to Profiles and Listings for Public users via the Joomla ACL, and then allowed the Public access to selected Profiles via the CiviCRM ACL process.  You do the same for any Joomla access level that you do not intend to have access to all public profiles/listings.
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Profiles (Moderator: Dave Greenberg) »
  • Restricted Access to Frontend Profile Listings [SOLVED]

This forum was archived on 2017-11-26.