Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-10853

Separate the Create, View and Edit permissions for profiles. This allows a high security setup for anonymous profile users.

    Details

    • Type: Improvement
    • Status: Done/Fixed
    • Priority: Trivial
    • Resolution: Fixed/Completed
    • Affects Version/s: 4.2.1
    • Fix Version/s: 4.3.0
    • Component/s: CiviCRM Profile
    • Labels:

      Description

      Modify permissioning code for 'profile create' and 'profile edit' so that they can function properly WITHOUT assigning 'profile view' to a give role.

      • On save, profile/create is redirected to profile/view with a checksum appended to the URL which gives the anonymous or authenticated user the right to view their own record WITHOUT requiring 'profile view' permission. They can not view any other contact record UNLESS that role has also been granted 'profile view' permissions.
      • 'Profile edit' permission is now granted implicit permission for profile/view - but ONLY for the user's own contact record.

      Prior to this fix, if an anonymous role was granted 'profile create' without 'profile view' they would get 'access denied' after submitting the create form unless 'profile view' was also granted to anonymous role.

      With this fix, 'profile view' should only granted to roles where the requirement is to use the profile-driven directory listing feature. If 'profile view' is assigned to non-trusted roles then all profiles should use the 'Limit Listings to Group' option OR configure ACLs on profile in order to control which contact records can be browsed.

      ---- Original Post -----
      A problem exists with giving CiviCRM: profile view to the anonymous user:
      If you don't disable the Profile View Mode (CiviCRM: profile view) the anonymous user can manipulate the URL to view contacts one by one: http://oursite.com/civicrm/profile/view?gid=11&reset=1&id=3066 << increment this id one by one The other part of the problem is that by default giving the edit permission also provides the view permission and we want to give the edit permission so that the user can edit their details via emailed links.
      An attached patch fixes this in conjunction with removing the CiviCRM: profile view from the anonymous user and giving them only CiviCRM: profile create (for signups) and CiviCRM: profile edit (for links emailed with checksums).

        Attachments

        1. 10853.patch
          0.5 kB
          britebyte
        2. 10853-option4.patch
          1 kB
          britebyte

          Activity

            People

            • Assignee:
              dgg David Greenberg
              Reporter:
              britebyte britebyte
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours
                2h