Details
-
Type:
Improvement
-
Status: Done/Fixed
-
Priority:
Minor
-
Resolution: Duplicate
-
Affects Version/s: 4.1.1
-
Fix Version/s: 4.4.0
-
Component/s: None
-
Labels:None
Description
To allow a user to see the "User ID" field on a contact record in CiviCRM, the user must have the following drupal permissions: Administer CiviCRM and Administer Users.
This combination seems a bit strange, unless I've missed some logic. Perhaps a better way to control the visibility of this field would be via the existing "View user profiles" permission.
I haven't been able to test this on the demo site as don't have access to permissions..
Attachments
Issue Links
- has patch in
-
-
- Done/Fixed
-
Activity
Thanks! I'll try and take a look on my next leisure moment 
Hi,
I have attached a patch for this issue. It will work for following condition.
1) If user is having "View user profiles" drupal permission then he can access his own drupal account but not others.
2) If user don't have "View user profiles" permission then he can only view drupal ID but can't access his own drupal account.
3) If user is having "View user profiles" + "Administer users" permission then he can access his own drupal account as well as others account.
That's sounds more logical thanks for doing this.
CRM-12499 provides a more complete solution.
Peter - Kurund and I played around with this a bit fairly recently. If you check CRM/Contact/Page/View.php line 251 in trunk - you'll see that we got stumped trying to use the view user profile perm (which i think SHOULD BE valid for D7 but not D6):
// To do: we should also allow drupal users with CRM_Core_Permission::check( 'view user profiles' ) true to access $userRecordUrl
// but this is currently returning false regardless of permission set for the role. dgg
If you can figure this out - patch would be welcome (with conditional for d7 vs d6).