CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviMail (Moderator: Piotr Szotkowski) »
  • View email in browser link access control
Pages: [1]

Author Topic: View email in browser link access control  (Read 1243 times)

m4olivei

  • I post occasionally
  • **
  • Posts: 39
  • Karma: 2
  • CiviCRM version: 4.3.5
  • CMS version: Drupal 7.23
  • MySQL version: MySQL 5
  • PHP version: PHP 5.3
View email in browser link access control
October 30, 2013, 11:52:06 am
Drupal 7.23
CiviCRM 4.3.5

I've discovered this handy CiviMail tag to use to give users a 'View email in your browser link':

{mailing.viewUrl}

However, I discovered that link (eg. http://bbi.peapoddev.com/en/civicrm/mailing/view?reset=1&id=12) requires these permissions:

view public CiviMail content
access CiviMail

That's cool, so I gave those permissions to all anonymous and authenticated users.  Trouble is that gives anonymous users too much power.  They can then access pages such as:

/civicrm/admin/mail
/civicrm/admin/component (they can add new stuff here)
/civicrm/admin/mailSettings

There are probably more, I didn't try all the paths, but just look for 'access CiviMail' in all *.xml files in the CiviCRM codebase and you can glean the CiviCRM pages which are allowed just for having 'access CiviMail'.

This is bad.  Am I doing something wrong, or is this intended behaviour? 

Anyone know of a way just to expose the view mailing URL (/civicrm/mailing/view), without giving away other admin paths?

Thanks!
Matt

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: View email in browser link access control
October 30, 2013, 11:56:35 am

u dont need access CiviMail permission to view newsletters.

in drupal, you can also use a view to display a list. we do this on civicrm.org:

https://civicrm.org/newsletter

i'll ask colemanw to attach the view code here along with the relevant version numbers

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

m4olivei

  • I post occasionally
  • **
  • Posts: 39
  • Karma: 2
  • CiviCRM version: 4.3.5
  • CMS version: Drupal 7.23
  • MySQL version: MySQL 5
  • PHP version: PHP 5.3
Re: View email in browser link access control
October 30, 2013, 12:08:14 pm
At least for me, I do require 'access CiviMail' to see /civicrm/mailing/view as an Anonymous user.  I tried with only 'view public CiviMail content' and get access denied, then when I add 'access CiviMail' I go through.

Also, take a look at /civicrm/CRM/Mailing/xml/Menu/Mailing.xml, line 197, the definition for the civicrm/mailing/view.  The <access_arguments> tag there reads this for me:

<access_arguments>view public CiviMail content;access CiviMail;approve mailings</access_arguments>

Doesn't that corroborate my experience where 'access CiviMail' is required?

In any case, thanks for your time and please do send along that view code, I'd love to take a look see.

Thanks!
Matt

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: View email in browser link access control
October 30, 2013, 12:37:54 pm

1. make sure the mailing is public so anonymous users can view it

2. unfortunately you cannot change this for mailings already sent, u'll need to do this directly in the db

3. the ';' in the permission string signifies an OR operation. i.e. that url takes any of those 3 permissions

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

m4olivei

  • I post occasionally
  • **
  • Posts: 39
  • Karma: 2
  • CiviCRM version: 4.3.5
  • CMS version: Drupal 7.23
  • MySQL version: MySQL 5
  • PHP version: PHP 5.3
Re: View email in browser link access control
October 30, 2013, 01:09:07 pm
Ahhhhh, I see.  Point #1 was what I was missing.  Works beautifully now.  For future reference, if my client misses that setting and comes calling, where abouts in the DB?  I briefly scanned over the schema and I think it's:

civicrm_mailing::visibility = Public Pages

Sound right?

Thanks a bunch for your help.  You sir, are the man.

Coleman Watts

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 2346
  • Karma: 183
  • CiviCRM version: The Bleeding Edge
  • CMS version: Various
Re: View email in browser link access control
October 30, 2013, 01:13:29 pm
Here's a screenshot of our newsletter view. Views integration with civimail leaves a few things to be desired, such as filters and sorting. But it works for now.
Try asking your question on the new CiviCRM help site.

m4olivei

  • I post occasionally
  • **
  • Posts: 39
  • Karma: 2
  • CiviCRM version: 4.3.5
  • CMS version: Drupal 7.23
  • MySQL version: MySQL 5
  • PHP version: PHP 5.3
Re: View email in browser link access control
October 31, 2013, 06:08:01 am
That's cool, thanks Coleman.
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviMail (Moderator: Piotr Szotkowski) »
  • View email in browser link access control

This forum was archived on 2017-11-26.