Details
-
Type:
Bug
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 4.7.13
-
Fix Version/s: None
-
Component/s: CiviCase
-
Labels:
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Needs Funding
-
Verified?:No
Description
Following from issue 18116, users with the "CiviCase: add cases" and "CiviCase: access my cases and activities" permissions are now able to create cases and edit existing activities, but still can't manage their own cases (cases in which the user has the Case manager role). Clicking on the "Manage" link leads to the "You are not authorized to access this page." error. Could it be possible that when fixing the linked issue, managing cases was simply overlooked?
Encountered this on a fresh local install of CiviCRM (4.7.13) under Wordpress (4.6.1).
Edit:
I did some digging, and am pretty sure the code responsible for checking permissions is on lines 76 - 77 of CRM\Case\Form\CaseView.php:
if (!CRM_Case_BAO_Case::accessCase($this->_caseID, FALSE)) {
CRM_Core_Error::fatal(ts('You are not authorized to access this page.'));
}
To my limited knowledge, this would mean the core of the problem is in the CRM_Case_BAO_Case::accessCase function, right? The function is on lines 2797 - 2814 of CRM\Case\BAO\Case.php, I think. But this is about as far as I'm able to get, I'm simply not skilled enough in php to see what the problem could be.
The issue is also on StackExchange