Details
-
Type:
New Feature
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 3.1
-
Fix Version/s: 3.1
-
Component/s: Core CiviCRM
-
Labels:None
Description
I'm using CiviCRM 3.1alpha1. I have the custom ACL hook to allow certain users to edit some contacts. However, I don't want those users to be able to create new contacts.
I have altered civicrm/CRM/Core/xml/Menu/Contact.xml so that only 'Access CiviCRM' permission is needed to access 'civicrm/contact/add'. Then CiviCRM uses its own internal ACL system to determine edit access to exisiting contacts. The existing code at line 132 of civicrm/CRM/Contact/Form/Contact.php then controls "add contact" access. However when that code directs the user to the 'access denied' page, CiviCRM still appears to execute the buildQuickForm( ) function in that file, generating PHP errors because the preProcess( ) function was terminated early by the access check.
I have tried to add some code to buildQuickForm( ) to check whether the preProcess( ) function has completed correctly. This works, but then other functions in the file still run, and generate PHP errors.
I can think of two ways around this: either (a) we add some code to civicrm/CRM/Contact/Form/Contact.php to do the access checks, and prevent the other functions in that file from executing in the 'access denied' case; or (b) we create a different system path for editing a contact, in order to eliminate the 'civicrm/contact/add' bottleneck. Then we could do access checking for both 'add contacts' and 'edit contacts' properly in civicrm/CRM/Core/xml/Menu/Contact.xml.
Option (a) is a hack, IMHO. Option (b) would be the proper way to do it, but would be a much bigger change to the system.
I'm attaching my (rather trivial) patch to Contact.xml. I'm willing to work a bit more on civicrm/CRM/Contact/Form/Contact.php, but some advice for other developers would be appreciated.