Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 3.4.5, 4.0.5
-
Fix Version/s: 4.1.0
-
Component/s: CiviReport, Core CiviCRM
-
Labels:None
Description
the activity report (and perhaps other places) builds links to the activity detail view using the following path:
civicrm/contact/view/activity
that is different from elsewhere, such as the contact's activity tab, where the path is built with:
civicrm/activity/view
for the latter – the path correctly limits some of the actions that can be performed on certain activity types – for example, the bulk email activity type should not be edited, deleted, or filed on case (it probably wouldn't be harmful to allow the file on case, but it currently is not allowed). however – the first path, generated from reports, does not respect these restrictions. which means someone could view the activity and edit it.
we either need to condense those two paths into a single common path (with the necessary restrictions), or make sure the report version of the path maintains those restrictions properly.
also refer to: http://issues.civicrm.org/jira/browse/CRM-8653
where we need to make sure the link will respect the context url variable (the short version of the path does not appear to, currently)