CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM (Moderator: Dave Greenberg) »
  • ACL not working - inconsistent behaviour
Pages: [1]

Author Topic: ACL not working - inconsistent behaviour  (Read 509 times)

mcternan

  • I’m new here
  • *
  • Posts: 27
  • Karma: 0
  • CiviCRM version: 4.4.11
  • CMS version: Drupal 7.10
  • MySQL version: 5.1.58
  • PHP version: 5.3
ACL not working - inconsistent behaviour
February 03, 2015, 12:40:57 am
Our ACLs have not been behaving properly the past few days. I strongly suspect there is something wrong in our DB but I have no idea where to start.

We have configured ACLs to restrict certain users to be able to edit certain groups. Generally, users are permitted to view all groups. Recently users have been unable to edit contacts that they have permission to edit. When they view the contact the "edit" button is displayed, but when they attempt to click it, they are told they do not have permission to edit the record.

After a period of time the user will then begin to receive an error message stating the following:
Quote
Sorry but we are not able to provide this at the moment.
is not of the type Integer

If we enable debugging we get the following in the logs:

Code: [Select]
Feb 03 17:03:07  [info] $backTrace = #0 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Core/Error.php(322): CRM_Core_Error::backtrace("backTrace", TRUE)
#1 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Utils/Type.php(229): CRM_Core_Error::fatal(" is not of the type Integer")
#2 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(4942): CRM_Utils_Type::escape(NULL, "Integer")
#3 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(3492): CRM_Contact_BAO_Query::buildClause("civicrm_address.country_id", "LIKE", NULL, "Integer")
#4 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(1637): CRM_Contact_BAO_Query->country((Array:5), FALSE)
#5 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(1794): CRM_Contact_BAO_Query->whereClauseSingle((Array:5))
#6 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(505): CRM_Contact_BAO_Query->whereClause()
#7 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(466): CRM_Contact_BAO_Query->initialize()
#8 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/GroupContactCache.php(450): CRM_Contact_BAO_Query->__construct((Array:6), (Array:6), NULL, FALSE, FALSE, 1, TRUE, TRUE, FALSE, NULL, (Array:2))
#9 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(2773): CRM_Contact_BAO_GroupContactCache::load(Object(CRM_Core_DAO))
#10 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(2739): CRM_Contact_BAO_Query->addGroupContactCache((Array:1))
#11 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(2705): CRM_Contact_BAO_Query->savedSearch((Array:5))
#12 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(1556): CRM_Contact_BAO_Query->group((Array:5))
#13 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(1794): CRM_Contact_BAO_Query->whereClauseSingle((Array:5))
#14 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(505): CRM_Contact_BAO_Query->whereClause()
#15 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(466): CRM_Contact_BAO_Query->initialize()
#16 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Query.php(4190): CRM_Contact_BAO_Query->__construct((Array:1), (Array:1), NULL, TRUE, FALSE, 1, TRUE, TRUE, FALSE)
#17 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Group.php(211): CRM_Contact_BAO_Query::apiQuery((Array:1), (Array:1), NULL, NULL, 0, 0, FALSE)
#18 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/GroupContactCache.php(518): CRM_Contact_BAO_Group::getMember("211", FALSE)
#19 /home/www/mysite.com/sites/all/modules/civicrm/CRM/ACL/BAO/ACL.php(788): CRM_Contact_BAO_GroupContactCache::load(Object(CRM_Core_DAO))
#20 /home/www/mysite.com/sites/all/modules/civicrm/CRM/ACL/API.php(131): CRM_ACL_BAO_ACL::whereClause(1, (Array:12), (Array:2), "68698")
#21 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/BAO/Contact/Permission.php(70): CRM_ACL_API::whereClause(1, (Array:12), (Array:2))
#22 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/Page/View.php(298): CRM_Contact_BAO_Contact_Permission::allow("44338", 1)
#23 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/Page/View.php(187): CRM_Contact_Page_View::checkUserPermission(Object(CRM_Contact_Page_View_Summary))
#24 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/Page/View/Summary.php(51): CRM_Contact_Page_View->preProcess()
#25 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Contact/Page/View/Summary.php(98): CRM_Contact_Page_View_Summary->preProcess()
#26 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Core/Invoke.php(323): CRM_Contact_Page_View_Summary->run((Array:3), NULL)
#27 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Core/Invoke.php(72): CRM_Core_Invoke::runItem((Array:14))
#28 /home/www/mysite.com/sites/all/modules/civicrm/CRM/Core/Invoke.php(52): CRM_Core_Invoke::_invoke((Array:3))
#29 /home/www/mysite.com/sites/all/modules/civicrm/drupal/civicrm.module(457): CRM_Core_Invoke::invoke((Array:3))
#30 [internal function](): civicrm_invoke("contact", "view")
#31 /home/www/mysite.com/includes/menu.inc(517): call_user_func_array("civicrm_invoke", (Array:2))
#32 /home/www/mysite.com/index.php(21): menu_execute_active_handler()
#33 {main}

We are running CiviCRM 4.4.11 and Drupal 7 with all recent updates applied.

I've been trying to get to the bottom of this for a couple of days now and am extremely puzzled.

mcternan

  • I’m new here
  • *
  • Posts: 27
  • Karma: 0
  • CiviCRM version: 4.4.11
  • CMS version: Drupal 7.10
  • MySQL version: 5.1.58
  • PHP version: 5.3
Re: ACL not working - inconsistent behaviour
February 04, 2015, 09:46:20 pm
I've been doing some testing and it seems that if I create an ACL which provides edit access to a nested group more than 1 level deep, all other rules are ignored.

e.g.
Code: [Select]
Group-1
-----> Group-1-A
----------> Group 1-A-1

If I create an ACL allowing edit rights on Group-1 or Group-1-A to a particular role I have no problems. Once I create a new ACL which allows the same role access to Group-1-A-1 all other ACLs are invalidated i.e. the role is no longer permitted to edit Group-1 or Group-1-A

Have I stumbled across a bug?

We are not running multi-site.
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM (Moderator: Dave Greenberg) »
  • ACL not working - inconsistent behaviour

This forum was archived on 2017-11-26.