Details
-
Type: New Feature
-
Status: Done/Fixed
-
Priority: Major
-
Resolution: Fixed/Completed
-
Affects Version/s: None
-
Fix Version/s: 1.0
-
Component/s: None
-
Labels:None
Description
This version will support two types of permissioning - menu access and view/edit access for contacts based on contact groups. Edit permissions always encompass view permissions. Permissioned access applies to both UI access and API access.
User interfaces should 'intelligently' adapt to permission restrictions so as to avoid presenting users with options that they are not authorized to use. Preferred method is to suppress these links/buttons. 2nd best option is to deactivate - with clear visual indication of deactivated state.
Menu Access
===========
Static permissions at the menu level are:
'view any contact'
'add/edit any contact'
'view any group'
'add add/edit group'
'administer CiviCRM'
All five of these permissions are assigned by default (by module install script?) to the site's super-user (users.uid = 1) to ensure that SOMEONE has access to all data. The 'administer...' covers all local task under the Admin menu as well as Import.
Dynamic Group/contact access
============================
Two permissions will be created automatically whenever a new Group is added.
'view $groupTitle members'
'edit $groupTitle members'
The edit permission will encompass editing the group properties as well as edit access for all members of the group. This permission also allows adding and removing group members - although 'add' is contingent on the user having 'edit' permission on the new contact being added.