Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-4489

Profile search disregarding "edit link" setting

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Critical
          • Resolution: Fixed/Completed
          • Affects Version/s: 2.2.2
          • Fix Version/s: 2.2.4
          • Component/s: Core CiviCRM
          • Labels:
            None

            Description

            v2.2.3

            The profile search listing page is disregarding the profile setting to disallow editing. Even with that option off, the edit link is present in search results. It looks like it's happening in both Joomla and Drupal: http://drupal.demo.civicrm.org/civicrm/profile?reset=1&gid=1

            I think it's a bug in the ACL check. The change in $editLink happens in CRM/Profile/Selector/Listings.php around line 396 where Core/Permissions is called. It appears that it overrides the profile setting if the user has sufficient permissioning. That might be fine in Drupal where you can control permissioning, but in Joomla, it opens the editing to all site visitors who search the profile.

              Attachments

                Activity

                  People

                  • Assignee:
                    dgg David Greenberg
                    Reporter:
                    lcdweb Brian Shaughnessy
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved:

                      Time Tracking

                      Estimated:
                      Original Estimate - 15 minutes
                      15m
                      Remaining:
                      Remaining Estimate - 15 minutes
                      15m
                      Logged:
                      Time Spent - Not Specified
                      Not Specified