CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • ACL - able to edit (and so delete) data without permission
Pages: [1]

Author Topic: ACL - able to edit (and so delete) data without permission  (Read 2190 times)

JoopSJ

  • I post occasionally
  • **
  • Posts: 80
  • Karma: 2
ACL - able to edit (and so delete) data without permission
May 28, 2009, 02:34:18 am
Hello,
I have a user with a drupal "viewer"-role.
Access is only controlled in Drupal, only the following permissions are set:
  • view all contacts
  • profile listings and forms
  • access uploaded files
  • access CiviCRM
So I would say there is no permission te Edit.

However when viewing a contact, customdata (located on a custom-tab) can be deleted (using the JS icon).  Also Tags and Groups checkboxes can be changed.
Is this by design, or is is there something else?
Thanks.

Kurund Jalmi

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4169
  • Karma: 128
    • CiviCRM
  • CiviCRM version: 4.x, future
  • CMS version: Drupal 7, Joomla 3.x
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: ACL - able to edit (and so delete) data without permission
May 28, 2009, 09:55:55 am
This looks like a bug, I have filed: http://issues.civicrm.org/jira/browse/CRM-4550

thanx,

Kurund
Found this reply helpful? Support CiviCRM

Kurund Jalmi

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4169
  • Karma: 128
    • CiviCRM
  • CiviCRM version: 4.x, future
  • CMS version: Drupal 7, Joomla 3.x
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: ACL - able to edit (and so delete) data without permission
May 28, 2009, 10:23:50 am
Can you confirm if this patch works: http://fisheye.civicrm.org/changelog/CiviCRM/?cs=21508

Kurund

Found this reply helpful? Support CiviCRM

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: ACL - able to edit (and so delete) data without permission
May 28, 2009, 10:40:30 am

kurund:

can you also file and fix the issue for tags/groups

thanx

lobo

A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

Kurund Jalmi

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4169
  • Karma: 128
    • CiviCRM
  • CiviCRM version: 4.x, future
  • CMS version: Drupal 7, Joomla 3.x
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: ACL - able to edit (and so delete) data without permission
May 28, 2009, 11:55:21 am
We don't show option to add / remove group. So filed an issue to fix tags: http://issues.civicrm.org/jira/browse/CRM-4552

Kurund
Found this reply helpful? Support CiviCRM

JoopSJ

  • I post occasionally
  • **
  • Posts: 80
  • Karma: 2
Re: ACL - able to edit (and so delete) data without permission
May 29, 2009, 07:06:33 am
Quote from: Kurund Jalmi on May 28, 2009, 09:55:55 am
This looks like a bug, I have filed: http://issues.civicrm.org/jira/browse/CRM-4550

thanx,

Kurund

Hello Kurund,
The patch is good. Thanks for the quick response.
I see it is already included in 2.2.4.

Do I have to file an issue for the tag-checkboxes? they can still be edited without permission.
Clivesj

Kurund Jalmi

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4169
  • Karma: 128
    • CiviCRM
  • CiviCRM version: 4.x, future
  • CMS version: Drupal 7, Joomla 3.x
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: ACL - able to edit (and so delete) data without permission
May 29, 2009, 03:36:14 pm
Quote
Do I have to file an issue for the tag-checkboxes? they can still be edited without permission.
Already file an issue for this: http://issues.civicrm.org/jira/browse/CRM-4552

Kurund
Found this reply helpful? Support CiviCRM
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • ACL - able to edit (and so delete) data without permission

This forum was archived on 2017-11-26.