Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-2625

Exclude Contribution-related Activity Records from Activity Listings if User does NOT have access CiviContribute Permission

          Details

          • Type: Improvement
          • Status: Done/Fixed
          • Priority: Minor
          • Resolution: Fixed/Completed
          • Affects Version/s: 2.0
          • Fix Version/s: 2.0
          • Component/s: CiviContribute, Core CiviCRM
          • Labels:
            None

            Description

            Online contributions are also automatically recorded to the Activities table. This means that a contact's contribution history can be viewed by a user who does not have "access CiviContribute" permission (and hence does not see the "Contributions" tab).

            Modify Activity Selector query to check for 'access CiviContribute' permission - and exclude activities with activity type = 'Contribution' if user does not have that permission.

            NOTE: This fix is narrowly focussed on contributions as they are more sensitive - and we have an explicit permission to prevent some users from viewing them. At some point, we may need to add a more general method of filtering various activity types.

              Attachments

                Activity

                  People

                  • Assignee:
                    junia Junia Biswas
                    Reporter:
                    dgg David Greenberg
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: