Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-1698

ACL protected profile hits user with nasty traceback

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Major
          • Resolution: Fixed/Completed
          • Affects Version/s: 1.7
          • Fix Version/s: 1.7
          • Component/s: Core CiviCRM
          • Labels:
            None

            Description

            If you're too lazy to go through the case below, here's the shortcut:

            a/ Go to http://dgg.qdev.civicrm.org/
            b/ Log in as demo:demo
            c/ Go to http://dgg.qdev.civicrm.org/index.php?q=civicrm/profile&reset=1&gid=1 to see the final effect.

            Case step by step:

            0. Create new profile (ie. ProfileX) and remember it's ID (ProfileXID)
            1. Create new group (ie. ProfileXAdministrators) with visibility "User and User Admin Only"
            2. Turn off "profile listings and forms" in Drupal access control
            3. Go to "Administer CiviCRM" -> "Access control" -> "Manage Roles"
            4. Set up a new role (ie. ProfileXManager)
            5. Go to "Administer CiviCRM" -> "Access control" -> "Manage ACLs"
            6. Set up new ACL (Operation: "Edit", Type of Data: "A profile", Profile name: "ProfileX", Role: "ProfileXManager", Enabled: "Yes")
            7. Go to "Administer CiviCRM" -> "Access control" -> "Assign Users to Roles"
            8. Create new role assignment (ACL Role: "ProfileXManager", Assigned To: "ProfileXAdministrators")

            Verify that your user DOES NOT belong to "ProfileXAdministrators" group and DOES NOT have any Drupal role which would effect in having "profile listings and forms" or "administer CiviCRM" Drupal permissions.

            Now go to: /civicrm/profile?reset=1&gid=<ProfileXID>. You should see following traceback:
            /home/drupal/svn/civicrm_v1.7/CRM/Core/Error.php, backtrace, 231
            /home/drupal/svn/civicrm_v1.7/CRM/Core/BAO/UFGroup.php, fatal, 375
            /home/drupal/svn/civicrm_v1.7/CRM/Core/BAO/UFGroup.php, getFields, 175
            /home/drupal/svn/civicrm_v1.7/CRM/Profile/Page/Listings.php, getListingFields, 123
            /home/drupal/svn/civicrm_v1.7/CRM/Profile/Page/Listings.php, preProcess, 185
            /home/drupal/svn/civicrm_v1.7/CRM/Core/Invoke.php, run, 756
            /home/drupal/svn/civicrm_v1.7/CRM/Core/Invoke.php, profile, 115
            /home/drupal/svn/civicrm_v1.7/drupal/civicrm.module, invoke, 289
            , civicrm_invoke,
            /home/drupal/public_html/drupal-4.7.3/includes/menu.inc, call_user_func_array, 418
            /home/drupal/public_html/drupal-4.7.3/index.php, menu_execute_active_handler, 15

            Desired effect is to have some kind of "access denied message" instead.

              Attachments

                Activity

                  People

                  • Assignee:
                    pankaj Pankaj Sharma
                    Reporter:
                    mover Michał Mach
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: