[CRM-15614] No way to restrict Event Information Visibility - CiviCRM Issue Tracker

Details

Type: Bug
Status: Done/Fixed
Priority: Major
Resolution: Cannot Reproduce
Affects Version/s: 4.4.9, 4.5.3
Fix Version/s: None
Component/s: CiviEvent
Labels:
- drupal

Documentation Required?:
None

Description

Dear all,

when using CiviCRM with Drupal you can grant user roles the Drupal-Permission "CiviEvent: View Event info". To my understanding this permission should grant or deny access to event information pages such as civicrm/event/info?id=8&reset=1 (and all the event's data e.g. in custom fields).

However, it does not influence the visibility of events at all - even anonymous user (who don't have the permission "CiviEvent: View Event info") can always view the event information pages.

I could not reproduce this on the official demo as I am not able to view or change the drupal permissions there but I am having this issue on a number of installations.

In addition, even if I un-select "public event" in an event settings page the event information is still accessible. I was able to reproduce this on the official demo.

As a result there seems to be no way to restrict the access to event information.

For me, this looks like a bug - but maybe I am missing something? Any Feedback would be appreciated.

Regards
Fabian

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

Screen Shot 2014-11-21 at 11.53.54 AM.PNG
2014-11-21 20:02
28 kB
David Greenberg
Screen Shot 2014-11-21 at 11.56.07 AM.PNG
2014-11-21 20:02
74 kB
David Greenberg

Activity

People

Assignee:

Unassigned

Reporter:

Fabian Schuttenberg

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2014-11-18 8:00

Updated:

2014-11-24 10:18

Resolved:

2014-11-21 16:16