CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviReport (Moderator: Dave Greenberg) »
  • user adds dashlets to dashboard but when role changes, still has access to them
Pages: [1]

Author Topic: user adds dashlets to dashboard but when role changes, still has access to them  (Read 806 times)

Mark Tompsett

  • I post frequently
  • ***
  • Posts: 143
  • Karma: 9
    • QualityTime Services Ltd
  • CiviCRM version: 4.3.4
  • CMS version: Drupal 7.22
  • MySQL version: 5.5.30-cll
  • PHP version: 5.3.23
user adds dashlets to dashboard but when role changes, still has access to them
February 20, 2013, 04:21:34 am
A user can add dashlets (which are restricted to specific roles) to their dashboard, but then the user is moved to a different role, which should not see these dashlets, yet the dashlets remain in their dashboard, and they can still see the data displayed in the dashlets.
The user has no access to the reports from which the dashlets were created yet they still appear in their dashboard.

This is either a bug or a missing feature, depending on your point of view, I guess.
I would argue that it is a security bug - would you agree?
If we agree that it is a bug then I will report it as such.

Mark   :)

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: user adds dashlets to dashboard but when role changes, still has access to them
February 20, 2013, 07:39:12 am

what happens when you do a refresh of the dashboard cache after the role has changed?

I would classify it as a missing feature. Would be great if you can investigate and submit a patch. Seems like you'll need to implement a hook to detect for any role changes and if so reset the dashboard cache for that user

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: user adds dashlets to dashboard but when role changes, still has access to them
February 20, 2013, 10:26:53 am

filed an issue here:
http://issues.civicrm.org/jira/browse/CRM-11936
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviReport (Moderator: Dave Greenberg) »
  • user adds dashlets to dashboard but when role changes, still has access to them

This forum was archived on 2017-11-26.