Resolution: Cannot Reproduce
Affects Version/s: 1.4
Fix Version/s: None
Component/s: Technical infrastructure
When using the Web interface, a Drupal user with the 'view all contacts' permission is denied access to group contacts via crm_get_group_contacts. The contact belongs to two groups, but the API call comes back empty any way. Commenting out these lines in GroupContacts.php resolves the problem:
//$permission = CRM_Core_Permission::whereClause( CRM_Core_Permission::VIEW, $tables, $whereTables );
//$where .= " AND $permission ";
If these lines are not commented out, the following SQL is generated:
civicrm_group_contact.id as civicrm_group_contact_id,
civicrm_group.title as group_title,
civicrm_group.visibility as visibility,
civicrm_group_contact.status as status,
civicrm_group.id as group_id,
civicrm_subscription_history.date as date,
civicrm_subscription_history.method as method FROM civicrm_contact LEFT JOIN civicrm_group_contact ON civicrm_contact.id = civicrm_group_contact.contact_id LEFT JOIN civicrm_group ON civicrm_group.id = civicrm_group_contact.group_id LEFT JOIN civicrm_subscription_history
ON civicrm_group_contact.contact_id = civicrm_subscription_history.contact_id
AND civicrm_group_contact.group_id = civicrm_subscription_history.group_id WHERE civicrm_contact.id = 107 AND civicrm_group.is_active = '1' AND civicrm_group_contact.status = "Added" AND ( 0 ) ORDER BY civicrm_group.title ;
The "AND (0)" is what the permissioning code is adding, improperly.
This is with rev 5136 built out of this morning's SVN.
Either this permission stuff needs to be audited and fixed, or it really needs to go out until it's proven valid. I'm at wits end on the behavior of this call.