Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-3952

Remove 'Access CiviCRM' permission requirment for Editing Contacts via Profile

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Major
          • Resolution: Won't Fix
          • Affects Version/s: 2.0
          • Fix Version/s: 4.3.0
          • Component/s: CiviCRM Profile
          • Labels:
            None

            Description

            Per CRM/Profile/Page/Listing.php, lines 248-250:

            if ( ! CRM_Core_Permission::check( 'access CiviCRM' ) )

            { $editLink = false; }

            This means that even if a user has permission to edit a contact via ACLs or via 'edit all contacts' permission, they still can't use a profile form to edit a contact unless they have 'access CiviCRM' permission also.

            For me, the entire purpose of using profile edit forms is to avoid granting users full access the CiviCRM interface. So, it's my opinion that the above code should simply be removed. Doing so works for me, but I haven't thoroughly tested the implications of this yet, so someone smarter than me should take a look.

            Thanks.

              Attachments

                Activity

                  People

                  • Assignee:
                    lobo Donald A. Lobo
                    Reporter:
                    mchapman2000 Matt Chapman
                  • Votes:
                    1 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: