[CRM-13644] ACL does not protect group listing (in civiMail and other places) in Joomla and WordPress - CiviCRM Issue Tracker

Details

Type: Bug
Status: Done/Fixed
Priority: Trivial
Resolution: Fixed/Completed
Affects Version/s: 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.4.0
Fix Version/s: 4.6.7, 4.7
Component/s: Core CiviCRM
Labels:
- acl
- civimail
- joomla

Documentation Required?:
None
Funding Source:
Core Team Funds

Description

When setting up ACL protection in CiviCRM, you can configure that specific users see only a specific mailing list group. This is ok in Contacts -> Manage Groups area where only the allowed group appears. However in CiviMail the user is allowed to see and send mailings to all groups.

The first github PR is valid and does the right thing. However there are more changes that need to be done for this patch to be complete. Specifically, we need to load the right user so that we can get the permissions as entered in the system. The changes need to be made in CRM/Utils/System/

{Joomla,WordPress}

.php, specifically where we see loadUser (a function and an option).

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

civicrmaclissue.pdf
2013-10-24 14:57
770 kB
Nicholas Antimisiaris

Activity

People

Assignee:

Coleman Watts

Reporter:

Nicholas Antimisiaris

Votes:

1 Vote for this issue

Watchers:

8 Start watching this issue

Dates

Created:

2013-10-24 14:57

Updated:

2015-10-05 10:17

Resolved:

2015-08-26 19:55