Uploaded image for project: 'CiviVolunteer'
  1. CiviVolunteer
  2. VOL-166

Complete Permissions for volunteer_project_contact::create

          Details

          • Type: Task
          • Status: Done/Fixed
          • Priority: Trivial
          • Resolution: Fixed/Completed
          • Affects Version/s: 2.0
          • Fix Version/s: 2.0
          • Labels:
            None
          • Versioning Impact:
            Patch (backwards-compatible bug fixes)
          • Documentation Required?:
            None

            Description

            Currently the default permission level for volunteer_project_contact::create is 'edit own volunteer project'. There is no project level permission checking done. So anyone with 'edit own volunteer project' could create an api call to make themselves owner of any other volunteer project. This should be filtered to what projects a user actually has access to.

            The API method will need to be fleshed out as it is currently a magic method.

              Attachments

                Issue Links

                is blocked by

                Task - A task that needs to be done. VOL-167 Handle Default Owner

                • Trivial - Cosmetic problem like misspelt words or misaligned text.
                • Done/Fixed

                  Activity

                    People

                    • Assignee:
                      pittstains Frank J. Gómez
                      Reporter:
                      tobiaslounsbury Tobias Lounsbury
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      2 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved: