Details
Major
Description
1) create a new case and make contact A the case manager. make sure the case only has the completed open case activity.
2) give contact/user A a role with the my cases and activities permission – but not the all cases and activities permission
3) login as contact/user A and view the contact with the case. the case will be listed on the case tab. click manage.
this triggers a fatal error.
when we retrieve cases for the user to see if the requested case is one of them, we call CRM_Case_BAO_Case::getCases() which calls CRM_Case_BAO_Case::getCaseActivityQuery(). passed through each of these is the type param – which may be upcoming or recent (in this use it calls the default upcoming).
but in this case, we shouldn't care if there are recent or upcoming activities in the case. we just need to know if the user is permissioned to access the case.
I propose we add a new type = "all" to getCaseActivityQuery and then pass that through. I suspect there are other places where we may want to retrieve cases irrespective of the activities.
I can supply a PR if there's agreement on the solution.
Attachments
Activity
here you go...
Brian - Hoping you can extend this patch a bit to fix 2 related issues.
1. The Cases tab count still shows 0 for the situation you covered with the patch (i.e. no upcoming activities and user has "my cases and activities" only).
2. I'm getting a fatal error when trying to add new activity to that case from the Manage Case page - New Activity drop-down (permission related so I think it's the same issue). Backtrace below:
#0 /Users/dgg/git/crm_v4.4/CRM/Core/Error.php(315): CRM_Core_Error::backtrace()
#1 /Users/dgg/git/crm_v4.4/CRM/Case/Form/Activity.php(120): CRM_Core_Error::fatal("You are not authorized to access this page.")
#2 /Users/dgg/git/crm_v4.4/CRM/Core/Form.php(351): CRM_Case_Form_Activity->preProcess()
#3 /Users/dgg/git/crm_v4.4/CRM/Core/QuickForm/Action/Display.php(93): CRM_Core_Form->buildForm()
#4 /Users/dgg/git/crm_v4.4/packages/HTML/QuickForm/Controller.php(203): CRM_Core_QuickForm_Action_Display->perform(Object(CRM_Case_Form_Activity), "display")
#5 /Users/dgg/git/crm_v4.4/packages/HTML/QuickForm/Page.php(103): HTML_QuickForm_Controller->handle(Object(CRM_Case_Form_Activity), "display")
#6 /Users/dgg/git/crm_v4.4/CRM/Core/Controller.php(345): HTML_QuickForm_Page->handle("display")
#7 /Users/dgg/git/crm_v4.4/CRM/Utils/Wrapper.php(117): CRM_Core_Controller->run()
#8 /Users/dgg/git/crm_v4.4/CRM/Core/Invoke.php(297): CRM_Utils_Wrapper->run("CRM_Case_Form_Activity", "Case Activity", NULL)
#9 /Users/dgg/git/crm_v4.4/CRM/Core/Invoke.php(72): CRM_Core_Invoke::runItem((Array:14))
#10 /Users/dgg/git/crm_v4.4/CRM/Core/Invoke.php(52): CRM_Core_Invoke::_invoke((Array:3))
#11 /Users/dgg/git/crm_v4.4/drupal/civicrm.module(456): CRM_Core_Invoke::invoke((Array:3))
#12 [internal function](): civicrm_invoke("case", "activity")
#13 /Users/dgg/htdocs/drupal7/includes/menu.inc(517): call_user_func_array("civicrm_invoke", (Array:2))
#14 /Users/dgg/htdocs/drupal7/index.php(21): menu_execute_active_handler()
Dave, I updated the PR to fix those two issues.
In both cases an easy fix – we just needed to use the new 'any' param to ensure we were checking all cases for the valid perm.
Brian - obviously this needs to be fixed. Adding new type= param option seems to makes sense - although the semantic of 'any' might be better than 'all' since we already have an allCases parameter (v.s myCases). Assign back to me for QA once you have a PR posted.