CRM-1679 contact Dashboard permissions

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Major
          • Resolution: Fixed/Completed
          • Affects Version/s: 1.7
          • Fix Version/s: 1.7, 2.0
          • Component/s: CiviMail
          • Labels:
            None

            Description

            Logically it would appear that the "access contact dashboard" drupal permission would be sufficient to enable contacts to view their dashboard. In fact they also need access civicrm, access civicrontibute, access civimail and profiles & listings permissions to view the dashboard - giving them much more access than they should have!

              Attachments

                Activity

                [CRM-1679] contact Dashboard permissions
                David Greenberg added a comment -

                We've tweaked a few things today in the Dashboard. The expected behavior is as follows with regards to permissioning in Drupal:

                • Only sections for ENABLED components are included in the Dashboard for any contact. (e.g. if CiviEvent is NOT enabled - there won't be an Events section)
                • User roles must have 'access Contact Dashboard' in order to get to the dashboard page. No other permissions are required to access the page ('access CiviCRM', 'profile listiings' are NOT required)
                • With this "base" permission, user will see Groups and Memberships
                • If you want them to see their own Contributions - add 'make online contributions' OR 'access CiviContribute' to the role
                • If you want them to see their own Event Registrations - add 'register for events' OR 'access CiviEvent' to the role

                This approach make things a bit more granular. A given site can decide to include Events but not Contributions or vice versa. When we imlement full ACL's - we'll probably add granularity for Memberships and Groups as well.

                Piotr Szotkowski added a comment -

                Reopening closed issues to make them editable.

                Piotr Szotkowski added a comment -

                Changing the issue to resolved and unverified for 1.8.

                Piotr Szotkowski added a comment -

                Make the issue unverified for 1.8.

                Piotr Szotkowski added a comment -

                Assigning to Pankaj for 1.8 verification.

                Manish Zope added a comment -

                Reopening for verification for 2.0

                Manish Zope added a comment -

                Reassigning to Shailesh for verification for 2.0

                Shailesh Lende added a comment -

                Not working as per Dave Greenberg's comment.
                We have to give 'Access CiviCRM' to access contact dashboard and also ' Profile Listing' to do Online Contribution.

                David Greenberg added a comment -

                In my testing w/ r 13093 - the Contact Dashboard can be accessed with ONLY the "access Contact Dashboard" permission checked. HOWEVER, the Shortcuts block is suppressed - so site admins will need to link to the dashboard "manually" by adding menu items or links on pages / blocks: http://<drupal root>/civicrm/user?reset=1. This is ok behavior for now.

                "profile listings and forms" permission was NOT required in my testing for access to Online Contribution page UNLESS the page is configured to embed one or more Profiles. This is expected behavior.

                Manish Zope added a comment -

                working fine with different combinations of permissions (v2.0)
                hence closing issue

                Sunil Pawar added a comment -

                Tested & Verify in r16640

                  People

                  • Assignee:
                    Sunil Pawar
                    Reporter:
                    Peter Hirst

                    Dates

                    • Created:
                      Updated:
                      Resolved: