Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Minor
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.3.5
-
Fix Version/s: 4.4.0
-
Component/s: CiviReport
-
Labels:None
Description
See http://forum.civicrm.org/index.php/topic,24557.msg129294.html#msg129294 & following comments.
- Problem with the fix for
CRM-11962which was introduced in 4.3.0: testing in 4.3.5, users with 'access all custom data' permission are only permitted to see (in reports) custom groups that they have been granted access to via Civi ACLs, whereas they should be able to see all custom groups regardless of ACLs.
There are 4 cases:
1. A user with 'access all custom data' permission and with ACL access to some custom groups: should allow access to all custom groups.
2. A user with 'access all custom data' permission but no ACL access to custom groups: should allow access to all custom groups.
3. A user without 'access all custom data' permission but with ACL access to some custom groups: should allow access only to the ACL-permitted custom groups.
4. A user without 'access all custom data' permission and with no ACL access to custom groups: should allow access to no custom groups.
It's case (1) where the existing code fails: it only allow access to the custom groups that they have been granted access to via Civi ACLs.
Patch attached.