Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Minor
-
Resolution: Fixed/Completed
-
Affects Version/s: 3.2.5, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.5
-
Component/s: Core CiviCRM
-
Labels:None
Description
As reported in this forum post:
Logged in Drupal user has the following permissions (admin/user/permissions):
- CiviCRM: access Contact Dashboard
- user module: access user profiles
There are no ACLs so this user doesn't have permission to view or edit any other CiviCRM contacts.
Expected Behavior:
- When they view their own user page (user or user/$theirUserId) - they get a link to their Contact Dashboard
- When they view any other user page - the "View Contact Dashboard" should NOT be displayed
Current Behavior:
- A link to "View Contact Dashboard" is displayed both on their "own page", AND when viewing other user/xxx pages.
NOTE: If the user clicks the dashboard link on another user's page, they get Access Denied - which is the correct behavior. However, they should never see the link in this situation.