Details
-
Type:
Improvement
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.6.13, 4.7.2
-
Fix Version/s: Unscheduled
-
Component/s: CiviCRM Profile
-
Labels:None
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:User and Admin Doc
-
Funding Source:Needs Funding
Description
As documented here:
http://gitbook.civicrm.org/organising-your-data/profiles.html
'To use fields for Search Views, you must set Visibility to Public Pages or Public Pages and Listings.'
This means it is impossible to create a new 'internal' search screen with custom fields. Whenever you create a new 'search view' it exposes information publicly.
This isn't a security issue in itself, but can easily lead to one - where a 'bad' profile configuration can display your contact information publicly, or make it searchable, via URLs like:
civicrm/profile/view?gid=753&reset=1&id=1
Improvements in this area should/could include:
- Ensure flexible access controls are applied (via ACLs?) so that users can only view contacts they are allowed to see
- Really clear documentation / in-page help that the 'Public pages' and 'Listings' settings do override any other permissions in the system, and display your contact data publicly.
- Allow search views to use the 'user or user admin' view setting, so that 'internal' search pages can be created without exposing all the data publicly.
Attachments
Issue Links
- supplements
-
-
- Done/Fixed
-