Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-11730

Auto-complete widget fails for non-super-admin with appropriate permissions

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Major
          • Resolution: Fixed/Completed
          • Affects Version/s: 4.3.0
          • Fix Version/s: 4.3.0
          • Component/s: Core CiviCRM
          • Labels:
            None

            Description

            Tried to use auto-complete widget in Add Participant form (standalone) when logged in as a user w/ a role that has appropriate permissions including:
            CiviEvent: edit event participants
            CiviCRM: access AJAX API
            CiviCRM: add contacts
            CiviCRM: view all contacts
            CiviCRM: edit all contacts

            No response in widget so went to view response in new tab:

            http://civicrm43/civicrm/ajax/rest?className=CRM_Contact_Page_AJAX&fnName=getContactList&json=1&context=newcontact&s=ad&limit=10&timestamp=1358799908000

            ... and get this result (maybe because I'm in a new browser tab or ??):

            {"IP":"127.0.0.1","level":"security","referer":"","reason":"CSRF suspected","is_error":1,"error_message":"SECURITY ALERT: Ajax requests can only be issued by javascript clients, eg. CRM.api()."}

              Attachments

                Activity

                  People

                  • Assignee:
                    kurund Kurund Jalmi
                    Reporter:
                    dgg David Greenberg
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: