CRM-1163 Users without Drupal permission to manage civicrm groups can disable or enable newly disabled civicrm groups

    Details

    • Type: Bug
    • Status: Done/Fixed
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 1.5
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      CiviCRM 1.5
      Drupal 4.7

      I created a user role that did not have permission to manage civicrm groups.

      I then disabled a civicrm group.

      I logged in as the user without group management permission.

      I was able to either 'disable' or 'enable' that newly disabled group. This did nothing in reality - either choice led to the management options being removed.

      Not sure if this is a drupal issue or a civicrm issue.

        Attachments

          Activity

          [CRM-1163] Users without Drupal permission to manage civicrm groups can disable or enable newly disabled civicrm groups
          josh milane added a comment -

          I was not able to test this on the online demo because I cannot see the permissions and create users with limited permissions. I did recreate it locally, however, on two seperate installations of Drupal 4.7 and CiviCRM 1.5

          Donald A. Lobo added a comment -

          I did the foll and could not reproduce:

          1. create a user: no civicrm access at all. user could not get to the groups page

          2. give user access civicrm and manage groups, but no view/edit access to any groups. Did not see any groups

          3. gave user view access to one group. user could see that group only but not delete/disbale/enable

          lobo

          josh milane added a comment -

          The group 'ULEM Database Volunteers' has just been disabled by admin.

          The current user has rights to use civicrm, but no rights to manage civicrm groups.Their rights are restricted by assigning them to a role that has restrictions (can use civicrm but cannot manage groups or do much else)

          In the screenshot, the restricted user can apparently both disable and enable the group - but either choice leads to the group looking like the others.

          So, this really doesnt DO anything bad - just a little confusing for the user.

            People

            • Assignee:
              Donald A. Lobo
              Reporter:
              josh milane

              Dates

              • Created:
                Updated:
                Resolved: