The [op] any [entity_type] entity of bundle [bundle_name] is not working, at least on the create/edit pages. It appears that the second value in crm_core_contact_access() and crm_core_activity_access() is the contact_id, so line 280 in crm_core_contact.module is setting the $contact_type to the entities id.
if (is_object($contact)) {
$contact_type = $contact->type;
}
else {
$contact_type = $contact;
}
So the bundle specific permissions are returning false unless the user has the global any permission:
$delete_any_contact = user_access('delete any crm_core_contact entity', $account);
$delete_type_contact = user_access('delete any crm_core_contact entity of bundle ' . $contact_type, $account);
This is most noticeable with the delete action as there is no Delete any [bundle] [entity_type] permission.
I'm not sure if this is the correct way to do it but it solve the issue for me. I added this to line 283 of crm_core_contact.module. I'll submit a patch shortly.
if (is_object($contact)) {
$contact_type = $contact->type;
}
elseif (is_numeric($contact)) {
$contact = crm_core_contact_load($contact);
$contact_type = $contact->type;
}
else {
$contact_type = $contact;
}
Comment | File | Size | Author |
---|---|---|---|
#1 | crm_core-bundle_permission_fix-2428181-1.patch | 2.07 KB | jphelan |
Comments
Comment #1
jphelan CreditAttribution: jphelan commentedHere a patch that address both contacts and activities as well as adds a global delete permission for both.
Comment #2
RoSk0FIrst of all thanks for your work!
Why did you decided so? Can you provide a scenario or point to place in code where crm_core_activity_access() get called with ID instead of object?
There is also a white space code style violation(line 194).
Comment #3
jphelan CreditAttribution: jphelan commentedYeah, permissions were not working for me so I put dpm($contact) in crm_core_contact_access() to see what was going on and it returned the entities id. I believe I was just on the contact page and the edit page. The delete button on the edit page would only ever show up for uid 1.
Comment #4
RoSk0OK, thanks. Will try to test this asap.
Comment #6
RoSk0Thank you for your report and your work @jphelan!
I have fixed the but in slightly different manner.
New permissions introduced by your patch was not included because this is a new feature and besides having the permissions it must be supported by other code which is not on my plate now. If you want to see this permissions in please create new feature request and provide a patch.