Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-894

Need an access type that allows for API access but locks the user out of CiviCRM UI


    • Type: Improvement
    • Status: Done/Fixed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.4
    • Fix Version/s: 1.5
    • Labels:


      I need a finer grained access scheme for granting or denying access to contacts that CiviCRM is likely to allow in the near future. So I've created a Drupal-based access scheme to allow this.

      The easiest way for me to proceed is to manage access to CRM data solely via Drupal-based UI, and keep non-authorized users entirely out of the CiviCRM-based UI. This would likely be implemented by a simple access check on the main menu handler in civicrm_menu().

      Currently, this is done by checking the Drupal permission "access civicrm". But this access is used very widely throughout CiviCRM, and denying a user this access would hork API access as well.

      I can probablly do this as a patch short run, but it would be very helpful if this were adopted into the main tree, since it makes a lot of access related problems go away for most applications.




            • Assignee:
              lobo Donald A. Lobo
              torenware Rob Thorne
            • Votes:
              0 Vote for this issue
              0 Start watching this issue


              • Created: