CiviCRM Community Forums (archive)

Hey there,

I want to create an edit screen that is ACLed (i.e. only certain users can edit certain contacts via a custom ACL) and I am wondering whether I can use profiles to do this.

I think I am right in assuming that when you use a profile for a 'Standalone Form or Directory' then that bypasses ACL.  But it isn't clear if that happens for both listing and editing.

Can I define whether a certain profile should be available to edit a certain contact based on the logged in user using a CiviCRM hook? I hope so

I'll post the answer here when I know (although you should feel free to answer that question for me as well ).

Until then I'll reflect on how complex profiles are and why they are so complex, and how we could make them simpler  

Michael

yes profiles can be permissioned

I don't think that answer is specific enough. i know that profiles can be permissioned, but 1) I don't know how that interacts with using a profile for for a 'Standalone Form or Directory', and 2) if profiles will provide something suitable for this use case, which I'll describe in a bit more detail.

A logged in user should only be able to view a certain segment of contacts. They should also be able to edit a few fields core and custom fields for these contacts.  We want to define this with a profile and then say. contact A can use profile X to edit some contacts (which contacts depends on the logged in user). They shouldn't be able to view or edit any other contacts via this profile.

I'm going uncheck the 'Standalone Form or Directory' option, and see what happens when it comes to editing and ACL, etc.

I am going to presume that I need to use hook_civicrm_aclGroup to do this but the documentation and code is so obtuse that I have no idea if this is the right approach. I have tried to solve this in the past / tried to improve the documentation, but cannot get my head around it at all

The hook_civicrm_aclGroup documentation makes it sound like you can do just about anything with it "This hook is called when composing the ACL to restrict access to civicrm entities (civicrm groups, profiles and events)" but i have a sneaky feeling this is not true. It would be great if we could get more specific in the documentation about how this hook can be used.

Does anyone know the reason why this ACL appears so complicated and how we can simplify it in this instance?

Thanks for the input, Peter.  We'll finish this off in the next week or so and I'll post here with how we did it.

You don't like the webform approach? if those users had a particular Drupal role, then you can limit who can use the webform to that role