Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-12646

Suppress the ability to edit custom data unless the user has edit rights on the contact.

    Details

    • Type: Improvement
    • Status: Done/Fixed
    • Priority: Trivial
    • Resolution: Fixed/Completed
    • Affects Version/s: 4.3.3
    • Fix Version/s: 4.3.4
    • Component/s: Core CiviCRM
    • Labels:

      Description

      The scenario is this: You create an ACL that gives a user View rights on custom data. That user also has View rights on a contact. However, when the user view the custom data associated with the contact, they are given the ability to edit those data. I don't think that is the intention of the application. What should happen, I think, is that the user should have view access unless they have edit access to the contact via an ACL or privilege. The attached file ("..\CRM\Contact\Page\View\CustomData.php") only lets the user edit the custom data if they have that edit access.

      As in my other issue, please forgive me if I am not complying with the coding standards etc. No doubt someone with more knowledge than I can correct me, or point out any flaws in the logic.

        Attachments

        1. CustomData.diff
          1.0 kB
          Stephen Palmstrom
        2. CustomData.php
          5 kB
          Stephen Palmstrom

          Activity

            People

            • Assignee:
              lobo Donald A. Lobo
              Reporter:
              spalmstr Stephen Palmstrom
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: