CiviCRM Community Forums (archive)

It sounds like you are missing the multisite permissioning extension.

We are now using this version

https://github.com/eileenmcnaughton/org.civicrm.multisite

Which is not yet published as the new version but gets around some of the group nesting performance overhead of the published one.

I wouldn't go down the track of adding permissioning without upgrading to at least 4.2.10 (that's not out yet - but you could get a pretty good approximation by git clone git://github.com/fuzionnz/civicrm.git). There are some nasty performance gotchas prior to that.

However, it looks like you can still get the old module here

http://svn.civicrm.org/tools/branches/v4.1/drupal/modules/multisite/

You might need to edit the drupal version in the .info file

OK - I don't think there is a current way to do that. ie. standard ACLs apply to all domains

The multisite ACLs are outside the code base. They use the ACL hook.

You could try prefixing your drupal user_role or permissions table (using domain_prefix module) to give different permissions on different domains

Found the problem! The civicrm_uf_match table includes domain_id; my drupal user was mapping to two different civicrm contacts, the second of which wasn't in the admin group and hence wasn't being given the correct permissions.

In James' case he is using domain_access so the user table is shared as a matter of course.

However, CiviCRM doesn't really understand this - you probably need a hook like this running to keep your uf match from getting in a mess - it just makes sure that when the uf_name for one domain is updated it is updated for others as well




/**
* * Implementation of hook_civicrm_post
*
* Current implemtation assumes shared user table for all sites -
* a more sophisticated version will be able to cope with a combination of shared user tables
* and separate user tables
*
* @param string $op
* @param string $objectName
* @param integer $objectId
* @param object $objectRef
*/
function multisite_civicrm_post($op, $objectName, $objectId, &$objectRef) {
  if ($op == 'edit' && $objectName == 'UFMatch') {
    static $updating = FALSE;
    if ($updating) {
      return; // prevent recursion
    }
    $updating = TRUE;
    $ufs = civicrm_api('uf_match', 'get', array(
      'version' => 3,
      'contact_id' => $objectRef->contact_id,
      'uf_id' => $objectRef->uf_id,
      'id' => array(
        '!=' => $objectRef->id
      )
    ));
    foreach ($ufs['values'] as $ufMatch) {
      civicrm_api('UFMatch', 'create', array(
        'version' => 3,
        'id' => $ufMatch['id'],
        'uf_name' => $objectRef->uf_name
      ));
    }
  }
}

You have all your domains sharing one user table - but Civi doesn't understand that. So, if someone logs on & changes their drupal email address the uf_name field in the uf_match table will be updated - but ONLY for that domain (let's say domain #1). If that is a generic type address e.g. admin@org.com then that email might now belong to someone else - but if they try to create a contribution on domain #2 you will get an FK error as it tries to add a domain 2 entry for that email but it already exists.

The hook keeps the uf_match entries in sync