CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site

This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Discussion (deprecated) »
  • Feature Requests and Suggestions »
  • Usability Improvements (Moderator: Dave Greenberg) »
  • "secure" contributions and donations showing up under activites
Pages: [1]

Author Topic: "secure" contributions and donations showing up under activites  (Read 2319 times)

mlampard

  • I post occasionally
  • **
  • Posts: 42
  • Karma: 3
"secure" contributions and donations showing up under activites
June 26, 2009, 02:47:00 pm
My client has a policy that only a given group of people are allowed to add/edit/view contributions. To this end, I created a Drupal role called contribution_access_allowed and checked the "Access CiviContribute" check box. I then unchecked this box for all other roles. Then I assigned the role to  specific individuals so they could manage contributions. This side of it worked OK, except that contributions added via civiContribute show up under Activities for any/all users, which violates the security policy!

So, what I have done is to temporarily obscure contribution "activities" in the activity view, by modifying civicrm/templates/CRM/Activity/Selector/Activity.tpl and adding  {if $row.activity_type NEQ "Contribution"} on line 28 (with a subsequent {/if} of course)

This is simply an "obscure" though and I think that from a security perspective it would be good to have finer grained control over this. Thoughts? Is there a way to do this already that I'm missing?

Thanks,
Marty.

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: "secure" contributions and donations showing up under activites
June 29, 2009, 04:15:47 pm
I just ran a quick test on my local 2.2.6 sandbox where I removed 'access CiviContribute' permission from a user's role - and that caused the Activities where Activity Type = Contribution to disappear. If you're not running the latest version of CiviCRM - that might explain the difference in behavior. Or ???
Protect your investment in CiviCRM by  becoming a Member!

mlampard

  • I post occasionally
  • **
  • Posts: 42
  • Karma: 3
Re: "secure" contributions and donations showing up under activites
July 02, 2009, 10:19:47 am
Possibly it's been changed in one of the minor 2.2.x versions - we're running 2.2.0 - although I haven't seen any reference to it... I'll wait for 2.3, as I need to upgrade to fix another "bug" anyway:
http://forum.civicrm.org/index.php/topic,8367.0.html

Cheers,
Marty.

Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Discussion (deprecated) »
  • Feature Requests and Suggestions »
  • Usability Improvements (Moderator: Dave Greenberg) »
  • "secure" contributions and donations showing up under activites

This forum was archived on 2017-11-26.