Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Critical
-
Resolution: Fixed/Completed
-
Affects Version/s: 1.4
-
Fix Version/s: Unscheduled
-
Component/s: Technical infrastructure
-
Labels:None
Description
civinode_util_group_contacts terminates a request with a "unrecoverable error" (Sorry. A non-recoverable error has occurred. You do not have permission to access group with id: ) screen when the user does not have the "view all contacts" permission.
Since this is an API call, it should return with an error object, and let the calling code handle it. And especially, it should never, never, write to the output screen: this was being called from an XML-RPC handler, and it took a while to figure out why our XML parser was crapping out.
This is part of the larger problem with the permissions model when code is calling the API. CRM is correct to refuse the the action, but should not be handling the error in this case.