Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Won't Fix
-
Affects Version/s: 1.4
-
Fix Version/s: None
-
Component/s: Technical infrastructure
-
Labels:None
Description
API code (and not the CiviCRM UI) checks group memberships via crm_get_contact_groups. Right now, the permissions check is creating multiple problems for Drupal coders. This really should have gone out in 1.4, per conversations I had with Lobo at the end of the 1.3 cycle. Please remove it now from the trunk. I would be happy to see this removed from 1.4 branch as well, since I am going to need to tell my users to patch 1.4 in order to use CiviNode. This is exactly what I was trying to avoid.
Remember that you are relying upon the frame work to determine your permissions; it makes no sense to prevent the framework from seeing data it may need to make permissions checks.