Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Minor
-
Resolution: Cannot Reproduce
-
Affects Version/s: 3.4.6, 4.0.6
-
Fix Version/s: 4.1.0
-
Component/s: CiviContribute
-
Labels:None
Description
My online contribution form uses a profile that includes a "groups" field, which allows people to sign up for our mailing list. Only groups visible on "public pages" are shown as options. This is correct.
However, when the contribution receipt is sent, that field lists not just the public "mailing list" groups, but every group that contact is in. In other words, it does not respect the setting to have a group be only visible to user admin.
So if you have privately put someone in the "Assholes" group, this could be very embarrassing. 
Attachments
Activity
Yes, I noticed this when a user forwarded me their receipt (they had done the donation as anon)
Maybe the problem is just that I haven't set permissions properly for those groups? I'll check.
I checked the code and tried a few different things as anon and could not reproduce this. If you can, lets reopen and fix
coleman:
were u able to reproduce this as anonymous user.
The code basically sends the user a list of all groups that the user has "permission" on (in addition to all public groups):
CRM-8362If you were doing a contribution as yourself or admin with view all contacts, u'll get all groupss