Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-8751

activity view link in reports does not respect various type-based restrictions

    Details

    • Type: Bug
    • Status: Done/Fixed
    • Priority: Major
    • Resolution: Fixed/Completed
    • Affects Version/s: 3.4.5, 4.0.5
    • Fix Version/s: 4.1.0
    • Component/s: CiviReport, Core CiviCRM
    • Labels:
      None

      Description

      the activity report (and perhaps other places) builds links to the activity detail view using the following path:
      civicrm/contact/view/activity

      that is different from elsewhere, such as the contact's activity tab, where the path is built with:
      civicrm/activity/view

      for the latter – the path correctly limits some of the actions that can be performed on certain activity types – for example, the bulk email activity type should not be edited, deleted, or filed on case (it probably wouldn't be harmful to allow the file on case, but it currently is not allowed). however – the first path, generated from reports, does not respect these restrictions. which means someone could view the activity and edit it.

      we either need to condense those two paths into a single common path (with the necessary restrictions), or make sure the report version of the path maintains those restrictions properly.

      also refer to: http://issues.civicrm.org/jira/browse/CRM-8653
      where we need to make sure the link will respect the context url variable (the short version of the path does not appear to, currently)

        Attachments

          Activity

            People

            • Assignee:
              rohan Rohan S. Chavan
              Reporter:
              lcdweb Brian Shaughnessy
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: