CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • How to "armour" a group and avoid editing by other roles
Pages: [1]

Author Topic: How to "armour" a group and avoid editing by other roles  (Read 560 times)

rhrueda

  • I post occasionally
  • **
  • Posts: 45
  • Karma: 0
  • CiviCRM version: 4.4.3
  • CMS version: Drupal Pressflow 6.22
  • MySQL version: 5.5.22
  • PHP version: 5.3.10
How to "armour" a group and avoid editing by other roles
October 08, 2013, 06:57:11 am
Hi everybody,

I wonder how I can "armour" a group, so only the people with the role with permissions (ACL) of editing the group can do it. Let´s put an example:

- Contact1 belongs to GroupA and GroupB
- RoleA has edit permissions on GroupA
- Everyone has view permissions on GroupA
- RoleB has edit Permissions on GroupB
- Everyone has view permissions on GroupB

In this case, people with RoleA, and people with RoleB, can edit Contac1.

I would like people with RoleA to be the only one that edit Contact1.

Is there a way to achieve this??

JonGold

  • Ask me questions
  • ****
  • Posts: 638
  • Karma: 81
    • Palante Technology
  • CiviCRM version: 4.1 to the latest
  • CMS version: Drupal 6-7, Wordpress 4.0+
  • PHP version: PHP 5.3-5.5
Re: How to "armour" a group and avoid editing by other roles
October 08, 2013, 07:16:57 am
Could you simply remove this person from GroupB?  Or remove Edit permissions on GroupB from RoleB?

If there's a reason you can't, you could always write an ACL hook to enforce your specific logic, but that's more work.

Alternatively - what about creating a GroupC: "Members of GroupB who shouldn't be editable by RoleB" and put Contact1 in that group and remove them from GroupB?
Sign up to StackExchange and get free expert CiviCRM advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

rhrueda

  • I post occasionally
  • **
  • Posts: 45
  • Karma: 0
  • CiviCRM version: 4.4.3
  • CMS version: Drupal Pressflow 6.22
  • MySQL version: 5.5.22
  • PHP version: 5.3.10
Re: How to "armour" a group and avoid editing by other roles
October 08, 2013, 07:48:27 am
Hi JonGold,

Well, I think that is a mess because in my case I have around 200 groups, and around 10 groups that I want to armour.

This 10 groups should be only edited by RoleaA. The other groups can be edited by RoleB, RoleC, and other roles.

If I remove Contact1 from GroupB and somebody from RoleB want to send a mailing, for instance, this person wont receive it...

Does this make sense??

Thanks!

JonGold

  • Ask me questions
  • ****
  • Posts: 638
  • Karma: 81
    • Palante Technology
  • CiviCRM version: 4.1 to the latest
  • CMS version: Drupal 6-7, Wordpress 4.0+
  • PHP version: PHP 5.3-5.5
Re: How to "armour" a group and avoid editing by other roles
October 08, 2013, 09:44:04 am
Hi there,

This is a use case that would be satisfied by the existence of "Deny ACLs" - I've seen lots of folks post about the need for them, but unfortunately no one so far has indicated that they'd be able to provide funding for the development of such a feature.

For now, I think your only option is an ACL hook.

Jon
Sign up to StackExchange and get free expert CiviCRM advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

rhrueda

  • I post occasionally
  • **
  • Posts: 45
  • Karma: 0
  • CiviCRM version: 4.4.3
  • CMS version: Drupal Pressflow 6.22
  • MySQL version: 5.5.22
  • PHP version: 5.3.10
Re: How to "armour" a group and avoid editing by other roles
October 09, 2013, 12:57:54 am
I also tried an ACL applied to custom groups. In my contacts profile I have some fields grouped within a "Group-A-fields" tab. So I only allow edit permissions to roleA, but it doesn´t look to work either.

roleA   Edit   Custom Group   GroupA   Edit Group-A-fields

People from roleB also can edit the tab "group-A-fields" as the contact belongs also to GroupB...

I don´t really understand in what cases this ACLs are useful...

I guess a hook like this should work?: "when a user tries to edit a contact, and the contact belongs to groupA, and the user has not rolA, then Don´t allow edition".
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • How to "armour" a group and avoid editing by other roles

This forum was archived on 2017-11-26.