CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Event ACL: locking access to individual events
Pages: [1]

Author Topic: Event ACL: locking access to individual events  (Read 660 times)

Simon West

  • I’m new here
  • *
  • Posts: 19
  • Karma: 1
  • CiviCRM version: 44311
  • CMS version: Drupal 7
  • MySQL version: 5.5.9
  • PHP version: 5.3.6
Event ACL: locking access to individual events
February 27, 2013, 09:32:42 am
Hi,

I thought I had my head firmly wrapped around the ACL concept, but sometimes such thinking has a tendency to fly out the window the moment you try putting it into practice.

Background/intended functionality (Drupal)

The organisation has a members-only area of the website defined through CiviMember Roles Sync. When a membership is in "current" status, the contact's user role is set to "Active". In Drupal, using blocks and a module to control node access, the pages this user may view changes according to their role.

There is a directory of member-only events available to view too, but registration to the individual events must be locked depending on (a) whether they have an active membership and (b) their age. To tackle this I have created a parent ACL group, within which a child smart group checks for contacts meeting that membership status and age. The idea is to then use an ACL (or series of ACLs) to restrict event access to one or more groups of contacts. Perhaps a validate hook could be used on event page load, but I don't have the experience to do this myself, and the organisation is definitely not in a position to replicate this for future events (creating new ACLs might be pushing it too).


My issue

My question is how does the CiviEvents ACL work? The documentation skims over this.

Since there doesn't appear to be a "deny view/edit/etc" operation, I was under the impression that if an ACL were created, all contacts/users who do not fall under the ACL automatically lose the ability to perform that operation. This doesn't work for me (note that I have revoked the Drupal "Register for Events" permission to prevent an override).

Could somebody correct me please?


Many thanks,
Simon

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Event ACL: locking access to individual events
February 27, 2013, 12:46:07 pm

simon, might be easier to chat about this on irc

from my vague memory banks:

1. all acls in civi are positive. i.e. u grant permission to a group to do something. there is no deny acls

2. the civievent acls are primarily for the event and registration pages. I think u can use acl's to control the manage stuff, but that needs to be done via a hook (I think circle might have implemented this part)

3. your requirements seems a wee bit complex, so in your case, i would most likely recommend using the buildForm hook on the register page to admit / deny a person access to that page.

i think in 4.4 we need to figure out a permissioning hook and allow modules to make a decision

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

Simon West

  • I’m new here
  • *
  • Posts: 19
  • Karma: 1
  • CiviCRM version: 44311
  • CMS version: Drupal 7
  • MySQL version: 5.5.9
  • PHP version: 5.3.6
Re: Event ACL: locking access to individual events
February 28, 2013, 12:53:17 pm
Thanks Lobo.

I agree, with hindsight, the requirements are quite complex. I'm due to discuss the project with Olly Gibson tomorrow; there may be a compromise I could harness which would make administration of this easier for the organisation, in particular. However, it does seem the buildForm hook is the closest and cleanest solution.

Thank you.

Simon West

  • I’m new here
  • *
  • Posts: 19
  • Karma: 1
  • CiviCRM version: 44311
  • CMS version: Drupal 7
  • MySQL version: 5.5.9
  • PHP version: 5.3.6
Re: Event ACL: locking access to individual events
March 06, 2013, 09:15:33 am
Replied to wrong post - Sorry!
« Last Edit: March 08, 2013, 08:12:56 am by Simon West »
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Event ACL: locking access to individual events

This forum was archived on 2017-11-26.