Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Trivial
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.4.5
-
Fix Version/s: 4.5
-
Component/s: None
-
Labels:None
Description
We have a customer who on upgrade from 4.2 to 4.4 finds that many events are inaccessible to all logged in users.
On investigation it seems that the way the code is working in 4.4 is that you need CiviEvent: view event info AND specific permission to view that event to see it. This wasn't the case in 4.2 - although that MAY have been accidental as I saw a fix suggesting it was not working as desired.
A quick discussion with Kurund suggests that correct behaviour is that
contacts with 'View Event Info" / "Register for Events"
UNION
contacts with event-specific ACL
should be able to see the event info / registration pages
Current 4.4 behaviour is that IF any event ACLs are defined then
contacts with event-specific ACL AND contacts with 'View Event Info" / "Register for Events"
My take on this is that this is incorrect as it is not possible to give advanced users permission to view all events without configuring large numbers of ACLS. Technically the solution is simple - do an early return on these view permissions as we do with 'view all custom data' & 'view all contacts'
Can you confirm my analysis