Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-1698

ACL protected profile hits user with nasty traceback


    • Type: Bug
    • Status: Done/Fixed
    • Priority: Major
    • Resolution: Fixed/Completed
    • Affects Version/s: 1.7
    • Fix Version/s: 1.7
    • Component/s: Core CiviCRM
    • Labels:


      If you're too lazy to go through the case below, here's the shortcut:

      a/ Go to http://dgg.qdev.civicrm.org/
      b/ Log in as demo:demo
      c/ Go to http://dgg.qdev.civicrm.org/index.php?q=civicrm/profile&reset=1&gid=1 to see the final effect.

      Case step by step:

      0. Create new profile (ie. ProfileX) and remember it's ID (ProfileXID)
      1. Create new group (ie. ProfileXAdministrators) with visibility "User and User Admin Only"
      2. Turn off "profile listings and forms" in Drupal access control
      3. Go to "Administer CiviCRM" -> "Access control" -> "Manage Roles"
      4. Set up a new role (ie. ProfileXManager)
      5. Go to "Administer CiviCRM" -> "Access control" -> "Manage ACLs"
      6. Set up new ACL (Operation: "Edit", Type of Data: "A profile", Profile name: "ProfileX", Role: "ProfileXManager", Enabled: "Yes")
      7. Go to "Administer CiviCRM" -> "Access control" -> "Assign Users to Roles"
      8. Create new role assignment (ACL Role: "ProfileXManager", Assigned To: "ProfileXAdministrators")

      Verify that your user DOES NOT belong to "ProfileXAdministrators" group and DOES NOT have any Drupal role which would effect in having "profile listings and forms" or "administer CiviCRM" Drupal permissions.

      Now go to: /civicrm/profile?reset=1&gid=<ProfileXID>. You should see following traceback:
      /home/drupal/svn/civicrm_v1.7/CRM/Core/Error.php, backtrace, 231
      /home/drupal/svn/civicrm_v1.7/CRM/Core/BAO/UFGroup.php, fatal, 375
      /home/drupal/svn/civicrm_v1.7/CRM/Core/BAO/UFGroup.php, getFields, 175
      /home/drupal/svn/civicrm_v1.7/CRM/Profile/Page/Listings.php, getListingFields, 123
      /home/drupal/svn/civicrm_v1.7/CRM/Profile/Page/Listings.php, preProcess, 185
      /home/drupal/svn/civicrm_v1.7/CRM/Core/Invoke.php, run, 756
      /home/drupal/svn/civicrm_v1.7/CRM/Core/Invoke.php, profile, 115
      /home/drupal/svn/civicrm_v1.7/drupal/civicrm.module, invoke, 289
      , civicrm_invoke,
      /home/drupal/public_html/drupal-4.7.3/includes/menu.inc, call_user_func_array, 418
      /home/drupal/public_html/drupal-4.7.3/index.php, menu_execute_active_handler, 15

      Desired effect is to have some kind of "access denied message" instead.




            • Assignee:
              pankaj Pankaj Sharma
              mover Michał Mach
            • Votes:
              0 Vote for this issue
              0 Start watching this issue


              • Created: