Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: None
-
Fix Version/s: 1.5
-
Component/s: None
-
Labels:None
Description
With the default developer set:
1. Create a new Drupal access control role with 'access CiviCRM' and 'view contacts in Advisory Board', but without 'view all contacts'.
2. Create a user with this role.
3. Login as that user.
Now, several issues:
That user can't go to /civicrm, so the 'CiviCRM' link doesn't work for them. They basically can't access CiviCRM.
That user can't go to /civicrm/dashboard?reset=1, so the 'CiviCRM Home' wouldn't work for them.
That user can go to /civicrm/contact/view?reset=1&cid=48 (an example contact from the allowed group), but sometimes sees a 'You do not have the necessary permission to view this contact.' notice - my guess is that's a 'buffored' notice from previous attempts at accessing /civicrm.
When that user refreshes, the notice goes away.
If that user tries to click 'CiviCRM' or 'CiviCRM Home' (/civicrm or /civicrm/dashboard?reset=1, respectively), they get back to the viewed contact with the notice that they can't view this particular contact (which they can, and they see).