Details
Major
Description
Currently there are two different methods -
1. CRM/Core/Permission::event() - which handles permissioning for register and info operations - and -
2. CRM/Event/BAO/Event::checkPermission() - which handles permissioning for add/edit/delete operations.
Merging two methods requires adding new constants in CRM/Core/Permission.php - REGISTER and INFO.
Migration if any should also be taken care of.
Following is what current permissions are w.r.t Events:
==========================================
Event iCal => view event info + access CiviEvent + view event participants / edit all events
Event Info => view event info / register for events
Event Registration => register for events
Event Dashboard
- view / listing => access CiviEvent + view event participants / edit all events
- configure => edit all events
- new event button => access CiviEvent
- manage event button => access CiviEvent
Event Templates => access CiviEvent
Manage Event - view / listing => access CiviEvent + view event participants / edit all events
- configure => edit all events
- delete => delete in CiviEvent
Following is how we would like to fix:
============================
Event iCal => view event info + acl hook for user events
Event Info => view event info / register for events + acl hook for user events
Event Registration => register for events + acl hook for user events
Event Participant Listing => view event participants + acl hook for user events
Event Dashboard
- view / listing => access CiviEvent / edit all events + acl hook for admin events
- configure => edit all events + acl hook for admin events
- new event button => access CiviEvent + acl hook for admin events
- manage event button => access CiviEvent + acl hook for admin events
Event Templates => access CiviEvent
Manage Event - view / listing => access CiviEvent / edit all events + acl hook for admin events
- configure => edit all events + acl hook for admin events
- delete => access CiviEvent + delete in CiviEvent + acl hook for admin events