Details
-
Type: New Feature
-
Status: Done/Fixed
-
Priority: Critical
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.6
-
Fix Version/s: 4.7.5
-
Component/s: CiviContribute, CiviEvent, CiviMember, CiviReport, Core CiviCRM
-
Labels:
-
Documentation Required?:User and Admin Doc
-
Funding Source:Contributed Code
Description
Primary use case: hide some sensitive financial transactions, for example, major bequests, from staff who need to be able to see other financial transactions.
Technical objective: create role-based permissions to enable restricting the viewing and editing of contributions and the reporting of contribution income by financial types.
There can be several financial types associated with a contribution, eg different revenue accounts for each line item. For simplicity, a contribution will be viewable if all of the financial types it includes are viewable, and not viewable if any of them are not viewable. Similarly, to edit a contribution, all of the financial types associated with the contribution must be editable by the user.
The functionality needs to be implemented in core since an extension would need to override too many files or require the creation of too many new hooks.
Scope:
1. Configuration Settings:
- Enable / Disable creating Permissions for each Financial Type
- Prevent enabling permissions for financial types that have already been used for Memberships or Participants
- Prevent use of financial types that allow restrictions from being used for memberships or participants, either when managing pages or through backoffice create and update.
- Enforce for API CRUD operations on Financial Types.
2. Search
- Exclude viewing of Search options for financial types that are not viewable by user.
- Modify Find Contributions search to support FT permissions.
- Modify Advanced Search to support FT permissions.
- Modify Search Builder to support FT permissions.
3. Reports (12 contribution reports exposed in All Reports)
- Exclude viewing of Report options for financial types that are not viewable by user.
- Modify Find Contributions search to support FT permissions.
- These options result in hiding the existence of Financial Types from users who are are not permissioned to view contributions that include those financial types.
Core team agreed that automated testing for the new feature should focus testing on API and CRM levels, and not the hard to maintain web tests.
Attachments
Issue Links
- is supplemented by
-
CRM-17240 Financial Type must be required for Price Field Value
- Done/Fixed
- links to