CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviEvent (Moderator: Yashodha Chaku) »
  • CiviEvents ACL Create permission?
Pages: [1]

Author Topic: CiviEvents ACL Create permission?  (Read 689 times)

Galieth

  • I’m new here
  • *
  • Posts: 3
  • Karma: 1
  • CiviCRM version: 4.1.1
  • CMS version: J 2.5.4
  • MySQL version: 5.1.61
  • PHP version: 5.3.3-7
CiviEvents ACL Create permission?
September 19, 2012, 07:04:51 am
I am having issues with the CiviEvents ACL.

Using Joomla 2.5 and civicrm 4.1.5.  I was able to reproduce this on both the 4.1 and 4.2 demo sites on civicrm.org.

Expected behaviour:
If a user group has: "CiviEvent: edit all events" set to "Denied" then that user will not have permissions to create new events.

What happens:
User receives permission denied when trying to edit existing events (good).  But they are also given buttons to creating new events.

Reproduce steps:
  • <yoursitehere>/administrator/?option=com_civicrm&task=civicrm/admin/access&reset=1
  • click on Joomla Access Control
  • Restrict the user group (for the user you want to restrict) setting to deny "CiviEvent: edit all events" to Denied
  • Login as the restricted user.
  • Go to civicrm
  • Go to the Events Dashboard
  • Click the create Event
  • This also allows you to edit the event you just created.

The next thing I tried was to see if removing all permissions except: "CiviEvent: access CiviEvent" to see if that would take away their ability to create events.  Sadly  when navigating to the CiviEvent tab the only thing it prompts for is "Create a new event".  On the upside it did block me from seeing the other events that were already configured on the system, but the user should not be able to create events.

Bug?

Jason W

  • I post frequently
  • ***
  • Posts: 197
  • Karma: 12
  • jason@civitrainingtutorials.com
  • CiviCRM version: 4.2
  • CMS version: Drupal 7
  • MySQL version: 5.x
  • PHP version: 5.x.x
Re: CiviEvents ACL Create permission?
September 28, 2012, 11:16:41 am
Hello Galieth,

Try this.
Create groups that include only:
1.the people you want to be able to perform all operations on events (Admin)

2. the people you only want to be able to view events (users)

Next:

1. Go to Administer-->Users and Permissions-->Access Control. Select manage roles. Add a role, Calling it something like Admin- Event. Under description put "All operations over Events" select enabled and save.

2. Return to Administer-->Users and Permissions-->Access Control, and select
Assign users to CiviCRM roles. Add a role assignment, and add the Admin group to the Admin-Event role. Enable and save.

3. Return once more to Return to Administer-->Users and Permissions-->Access Control, and select Manage ACLs. Add an ACL and call it something like Event- Admin. Add the role created in step 2, Operation should be all, Type of Data should be Events, set Event to All, Enable and Save.


Now Repeat the steps for the "User" group, but when you get to Operation in step 3, choose View, as opposed to all.

After you create these CiviCRM ACLs, you should be able to remove all of your CiviEvent permissions in Joomla. Your user contacts should now be able to view events, but Not create them.

Cheers!
Jason
civiTrainingTutorials
"Helping You Help Others"
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviEvent (Moderator: Yashodha Chaku) »
  • CiviEvents ACL Create permission?

This forum was archived on 2017-11-26.