Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix entity permission for related contact #262

Open
wants to merge 2 commits into
base: 8.x-3.x
Choose a base branch
from

Conversation

jitendrapurohit
Copy link
Collaborator

Views having related contact does not respect view my contact + relationship permission.

To replicate

  • Build a view on CiviCRM Contact.
  • Add a relationship to civicrm_relationship table and display the related contact B on the view result.
  • Add a contextual filter for current user id (contact A).
  • Make sure contact A only has view my contact permission + civi relationship permission to view and update contact B.
  • Login as contact A and navigate to the view result. The contact B is not displayed to the user even if it has the required permission.

Here's the view config from our setup - https://gist.githubusercontent.com/jitendrapurohit/9e35965342e76b5f39f3d8074aceb4c5/raw/ddab9936487f5bb880fac770740e711738e95276/relationship-view-config

@jackrabbithanna
Copy link
Collaborator

Thanks for contributing, in our testing queue now to get in before beta2 release

@jitendrapurohit
Copy link
Collaborator Author

Have pushed another related update that fixes the loading of related contacts membership. Eg

  • Contact A is the primary member with a related/inherited membership to contact B.
  • Consider a view that loads the logged-in user membership data. (member id, status, start date, end date, primary member id, etc)
  • As contact B - the current code does not load the value in the primary member id column.

@jackrabbithanna
Copy link
Collaborator

I have trouble replicating the original issue.
I have test user, with only 'view my contact' permission
Test user has "Employee of" relationship, with "View and update" permission, to an org contact

I created a View, base table civicrm_contact with relationships:
CiviCRM Relationship using contact_id_a .. to join to civicrm_relationship table, civicrm_contact.id = civicrm_relationship.contact_id_a
CiviCRM Contact (id of the second contact)

I then add 2 fields, display name, and display name again, using the "id of second contact" relationship

When I look at the View page, the test user is able to see the the display name of the related contact.
Using CiviCRM 5.27

I also tried adding the related user relationship, and contextual filter of user id, using default value of logged in user.

@jackrabbithanna
Copy link
Collaborator

I've tried to import your View on two sites .. I get error trying to import. Not sure why.

Here's a gist of the View I'm building to test this:
https://gist.github.com/jackrabbithanna/503370c64a07120c3544445cff5b3697

@jackrabbithanna
Copy link
Collaborator

Re-considering this PR .. will be reviewing and testing for possible inclusion to the module

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants