Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 1.1
-
Fix Version/s: 1.2
-
Component/s: None
-
Labels:None
Description
Contact action options should be dynamically controlled based on the user's access control permissions. Include an action in the select options if one or more of the permissions shown below are assigned to the user:
Add Contacts to a Group:
- 'edit contacts'
- 'edit contacts in...'
Remove Contacts from a Group
- 'edit contacts'
- 'edit contacts in...' (one or more instances)
Tag Contacts (assign tags)
- 'edit contacts'
- 'edit contacts in...' (one or more instances)
Send Email to Contacts
- (always included)
Delete Contacts
- 'edit contacts'
- 'edit contacts in...' (one or more instances)
New Saved Search
- (always included)
Add Contacts to Household
- 'edit contacts'
- 'edit contacts in...' (one or more instances)
Add Contacts to Organization
- 'edit contacts'
- 'edit contacts in...'
Map Contacts using Google Maps
- (always included)
— Original Bug Report ------
If I create a group of contacts 'MyGroup' and in the administer site->access control settings allow a user role to only 'access CiviCRM' and 'view contacts in MyGroup", they can search for members in that group and then on the search screen get links to 'Add members to group' as well as select members and pick 'Remove contacts from a Group' to them, even though they do not have the 'edit contacts in MyGroup' privilege.
The pop-down menu should only show options that the user has permissions for and the 'add members to group' link should not appear if the user only has view privileges on that group.