Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-6003

Multi-Org: implement ACL for admin operations on profiles

          Details

          • Type: Improvement
          • Status: Done/Fixed
          • Priority: Trivial
          • Resolution: Fixed/Completed
          • Affects Version/s: 3.1.3
          • Fix Version/s: 3.1.4
          • Component/s: CiviCRM Profile
          • Labels:
            None

            Description

            Use cases: an L2 admin user* on L2 site A should not see profiles belonging to L2 site B, in contexts such as: profile admin page, event reg page. E.g. Site A set up a profile for event registration, with fields fitting their needs. Currently Site B L2 admin can see and alter this profile under administer profiles & include it on event registration pages etc. Site B may then add or remove fields to fit their needs - possibly removing fields needed by Site A.

            • I.e. a user with "administer CiviCRM" permission but not "view/edit all contacts" or "administer multi-org".

            Discussed on IRC today (times are GMT):

            [13:59] davej_: Another important one: restricting which profiles L2 admins can see, alter and use.
            [14:00] davej_: General issue I think is that there's no ACL for admin operations.
            [14:00] davem_: this is also quite an urgent one as it will hold up use by the new orgs coming online
            [14:02] davej_: I guess one approach would be optional domain_id for profile
            [14:02] dlobo: ok, let me think about profiles
            [14:02] dlobo: we do have the creted_id
            [14:02] deepaks: dlobo: right
            [14:02] dlobo: so cna use the same trick as events
            [14:02] dlobo: back in a min
            [14:04] davem_: and events now seems to be fine
            [14:05] davej_: deepaks: will a hook get called that would allow us to use civicrm_uf_group created_id to restrict which profiles an L2 admin can see/alter/use ?
            [14:05] deepaks: davej_: yes
            [14:07] dlobo: davej_: deepaks we'll need to maybe create one hook for all objects "acl'ed" by create_id etc, or kinds generalize it to avoid hook proliferation
            [14:07] davej_: deepaks: Great. Use cases: admin user on L2A should not see profiles belonging to L2B, in contexts such as: profile admin page, event reg page.
            [14:08] deepaks: davej_: its same hook _civicrm_aclGroup. Just needs another query for another table name
            [14:08] dlobo: deepaks: excellent
            [14:08] dlobo: so we can do profile pretty quickly also
            [14:09] davej_: OK, I'll have a go at an acl hook.
            [14:09] davem_: does that work for reports too?
            [14:09] dlobo: davej_: profiles dont use it as yet, so wont work right now. but adding it should not be too hard
            [14:14] davej_: BAck to profiles for a mo
            [14:14] davej_: Shall I create an issue for the change needed in core to get acl hook firing for profiles?
            [14:14] dlobo: davej_: yes
            [14:15] davej_: When might you be able to get that done?
            [14:15] dlobo: can we shoot to get this done by middle of next week?
            [14:15] dlobo: (profiles and dedupe import)
            [14:15] davem_: that would be cool
            [14:15] dlobo: i.e. by wed or so
            [14:15] dlobo: so this is for 3.1.x
            [14:16] davej_: Excellent.

            Dave J

              Attachments

                Activity

                  People

                  • Assignee:
                    deepak Deepak Srivastava
                    Reporter:
                    davej Dave Jenkins
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: