CRM-21348: Don't hide the "edit" link from logged-in users in profile listings in joomla front-end

[twomice]

Don't hide the "edit" link from logged-in users in profile listings in joomla front-end.

Overview

CiviCRM hides the "edit" link in profile search results for logged in users, if in the Joomla front end. Seems like if the user is logged in, and has permissions to access the "edit" link, we should allow it.

For example, this image shows the settings form for the profile "Supporter Profile"; note that the "Include profile edit links in search results?" setting is enabled . (This profile is also otherwise configured for use as a search listing.)

---

Before

Signed in on the Joomla frontend, a user navigates to this profile's "listing mode" search form (http://example.com/index.php?option=com_civicrm&task=civicrm/profile&gid=[GID]&reset=1), performs a search, and sees the results; we would expect to see an "Edit" link next to the "View" link for each result row, but that Edit link is missing.

---

After

Signed in on the Joomla frontend, a user navigates to this profile's "listing mode" search form (http://example.com/index.php?option=com_civicrm&task=civicrm/profile&gid=[GID]&reset=1), performs a search, and sees the results; the expected "Edit" link now appears next to the "View" link for each result row.

---

Technical Details

None.

Comments

None.

---

• CRM-21348: Don't hide the "edit" link from logged-in users in profile listings in joomla front-end.

[mattwire]

@twomice I'm happy to test this, any chance of providing a screenshot or some more detail as I'm not quite sure what you mean?

[mattwire]

Also, can you rename the PR title so it matches the others - put the issue number at the start, followed by a short description. That will trigger it to automatically link up with the Jira issue

[twomice]

@mattwire Thanks for the offer and the suggestions. I've added screenshots and more details to the explanation. Please let me know if you have questions.

[eileenmcnaughton]

As a general principle we are trying to push the definition of 'what should happen where' to the relevant CMS System & Permission classes.

It looks to me like this IF could go altogether:

if (!$config->userFrameworkFrontend || CRM_Core_Session::singleton()->getLoggedInContactID()) {

And

CRM_Core_Permission_Joomla

could override the following function on its parent

  /**
   * Get the current permission of this user.
   *
   * @return string
   *   the permission of the user (edit or view or null)
   */
  public function getPermission() {
    return CRM_Core_Permission::EDIT;
  }

The function seems old & lacking in nuance but it's implemented in drupal & appears to mean 'are there contacts in the database that I have permission to edit/view' - it returns the lowest permission - ie. if there is ANY contact that can be edited then CRM_Core_Permission::EDIT, if there is any that can be viewed then CRM_Core_Permission::VIEW else NULL. Note that it doesn't seem to be used in a very nuanced way - other CMS just return EDIT all the time.

I suspect adding this to the Joomla! class could work?

  /**
   * Get the current permission of this user.
   *
   * @return string
   *   the permission of the user (edit or view or null)
   */
  public function getPermission() {
  if (CRM_Core_Session::singleton()->getLoggedInContactID()) {
    return CRM_Core_Permission::EDIT;
  }
  return CRM_Core_Permission::View;

This would only downgrade from EDIT to VIEW for anon users so I doubt there would be any impact in the other places it is called from

[mattwire]

@twomice Your patch seems to work - I've tried Eileen's suggestion and it did not seem to, but would be much cleaner if something like that could be made to work? As it would remove CMS specific code from a non-CMS specific function.

[twomice]

OK, I will try to make time for this. Thanks!

[eileenmcnaughton]

@twomice @mattwire this has been stalled a long time on a minor detail (ie. code would be better if...) - since that part hasn't happened I'm inclined to merge it now if you both feel it should still be merged.

[twomice]

While I do agree with the spirit of the suggested improvements, I haven't had time to make them, and don't expect to any time soon. @eileenmcnaughton , if you're looking to merge this as-is, I have no reason to talk you out of it.

[eileenmcnaughton]

OK - I'm merging, I think it has been tested to fix something & we should push this one in