Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-16526

ACLs for Financial Types

          Details

          • Documentation Required?:
            User and Admin Doc
          • Funding Source:
            Contributed Code

            Description

            Primary use case: hide some sensitive financial transactions, for example, major bequests, from staff who need to be able to see other financial transactions.

            Technical objective: create role-based permissions to enable restricting the viewing and editing of contributions and the reporting of contribution income by financial types.

            There can be several financial types associated with a contribution, eg different revenue accounts for each line item. For simplicity, a contribution will be viewable if all of the financial types it includes are viewable, and not viewable if any of them are not viewable. Similarly, to edit a contribution, all of the financial types associated with the contribution must be editable by the user.

            The functionality needs to be implemented in core since an extension would need to override too many files or require the creation of too many new hooks.

            Scope:

            1. Configuration Settings:

            • Enable / Disable creating Permissions for each Financial Type
            • Prevent enabling permissions for financial types that have already been used for Memberships or Participants
            • Prevent use of financial types that allow restrictions from being used for memberships or participants, either when managing pages or through backoffice create and update.
            • Enforce for API CRUD operations on Financial Types.

            2. Search

            • Exclude viewing of Search options for financial types that are not viewable by user.
            • Modify Find Contributions search to support FT permissions.
            • Modify Advanced Search to support FT permissions.
            • Modify Search Builder to support FT permissions.

            3. Reports (12 contribution reports exposed in All Reports)

            • Exclude viewing of Report options for financial types that are not viewable by user.
            • Modify Find Contributions search to support FT permissions.
            • These options result in hiding the existence of Financial Types from users who are are not permissioned to view contributions that include those financial types.

            Core team agreed that automated testing for the new feature should focus testing on API and CRM levels, and not the hard to maintain web tests.

              Attachments

              1. 2015-05-19_13-15-45.png
                117 kB
                Joe Murray
              2. Enable Disable FT perms.png
                41 kB
                Joe Murray
              3. Enable Disable FT perms 2.png
                17 kB
                Joe Murray
              4. FT_ACL_Enable_ContribComponentSettings.PNG
                136 kB
                David Greenberg

                Activity

                  People

                  • Assignee:
                    eileen Eileen McNaughton
                    Reporter:
                    joemurray Joe Murray
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    4 Start watching this issue

                    Dates

                    • Due:
                      Created:
                      Updated:
                      Resolved: