CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM (Moderator: Dave Greenberg) »
  • Do we need some 'view / edit own contact' permissions?
Pages: [1]

Author Topic: Do we need some 'view / edit own contact' permissions?  (Read 1246 times)

Michael McAndrew

  • Forum Godess / God
  • I live on this forum
  • *****
  • Posts: 1274
  • Karma: 55
    • Third Sector Design
  • CiviCRM version: various
  • CMS version: Nearly always Drupal
  • MySQL version: 5.5
  • PHP version: 5.3
Do we need some 'view / edit own contact' permissions?
July 18, 2012, 06:55:17 am
Hey there,

When you grant someone access to CiviCRM, you also grant them access to view and edit their own contact.  I don't think this is always desirable.  Here is a use case.

The Green Party wants to grant access to CiviCRM to various local party secretaries to admin contacts in their local party.  Local party secretaries and local party membership is modeled in CiviCRM using relationship and custom data so we use hook_civicrm_aclWhereClause do define a where clause for these people.

But the hook_civicrm_aclWhereClause on its own isn't enough.  We also need to grant these people access to CiviCRM.  The approach that we have at the moment is to grant all members access to CiviCRM but not give them any 'access CiviCRM contacts' permissions.  This works fine apart from that is has the uncessary side effect that all people can view (and edit, i think) their own contact.  In the Green Party's case this is a pain because their might be information there that they don't want members to see (and it also gives people a link to edit their own contact from their /user page.

So two solutions are
1) seperate out 'view / edit own contact' from 'access civicrm' or
2) find a way to dynamically assign the permission to access CiviCRM if they are a local party secretary.

2. does sound like a good solution, but I'm not sure how you would go about implementing that in Drupal / if it is possible to implement.  I know that og does some interesting and non standard stuff with permissions but not sure how that works.  We could of course also use the CiviCRM group Drupal role sync here but it would be painful to create all the groups I need with the current search interface.

https://github.com/michaelmcandrew/gp/tree/master/drupal/sites/all/modules/custom/gpew_edit_own_contact is our dirty hack for the moment in case anyone needs a workaround. This basically implements a check to see whether the person should be able to view edit their own contact record.

Michael
Service providers: Grow your business, build your reputation and support CiviCRM. Become a partner today

rogical

  • I post occasionally
  • **
  • Posts: 30
  • Karma: 1
  • CiviCRM version: 4.2
  • CMS version: Drupal
  • MySQL version: 5.1
  • PHP version: 5.3
Re: Do we need some 'view / edit own contact' permissions?
October 25, 2012, 12:11:46 am
Finally find someone got the same requirement, why it's so hard to let users have their own contacts? why do contacts always to be shared?

Michael McAndrew

  • Forum Godess / God
  • I live on this forum
  • *****
  • Posts: 1274
  • Karma: 55
    • Third Sector Design
  • CiviCRM version: various
  • CMS version: Nearly always Drupal
  • MySQL version: 5.5
  • PHP version: 5.3
Re: Do we need some 'view / edit own contact' permissions?
October 25, 2012, 01:07:56 am
Quote
why it's so hard to let users have their own contacts? why do contacts always to be shared?

Can you flesh out your use case a bit more? It might not be as hard as you think.

Access civicrm does allow people to edit THEIR OWN contact record.

If you want to segment access for users to other contacts without letting everyone see everything, that can be configured with CiviCRM ACL.

Service providers: Grow your business, build your reputation and support CiviCRM. Become a partner today
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM (Moderator: Dave Greenberg) »
  • Do we need some 'view / edit own contact' permissions?

This forum was archived on 2017-11-26.