Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Won't Fix
-
Affects Version/s: 1.4
-
Fix Version/s: None
-
Component/s: Technical infrastructure
-
Labels:None
Description
API code (and not the CiviCRM UI) checks group memberships via crm_get_contact_groups. Right now, the permissions check is creating multiple problems for Drupal coders. This really should have gone out in 1.4, per conversations I had with Lobo at the end of the 1.3 cycle. Please remove it now from the trunk. I would be happy to see this removed from 1.4 branch as well, since I am going to need to tell my users to patch 1.4 in order to use CiviNode. This is exactly what I was trying to avoid.
Remember that you are relying upon the frame work to determine your permissions; it makes no sense to prevent the framework from seeing data it may need to make permissions checks.
We chatted with Rob on this. We decided that we this is more of an integration challenge rather than a bug in civicrm per se and will defer till an ACL solution