CRM-21473: Add new permission to add contact notes and prevent users without edit contact permission to edit or delete notes #11314
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…without edit contact permission to edit or delete notes
omarabuhussein
changed the title
omarabuhussein
changed the title
|
Looks promising - perhaps you could trade review with @jitendrapurohit on this one #11301 (which also looks like a fairly simple review job) |
|
yup sure @eileenmcnaughton , will do it in the weekend |
jitendrapurohit
approved these changes
Nov 24, 2017
There was a problem hiding this comment.
@omarabuhussein @eileenmcnaughton Tested and confirmed adding, editing and deleting notes for a contact. This works as expected as shown in the list of screencast videos.
|
Merging based on @jitendrapurohit reivew |
|
@omarabuhussein Are you able to review #11301 as mentioned by Eileen above? |
|
hey @jitendrapurohit , sorry I couldn't do it at weekend but I am on it currently. |
sluc23
pushed a commit
to ixiam/civicrm-core
that referenced
this pull request
Jan 10, 2018
…-add-note-permission CRM-21473: Add new permission to add contact notes and prevent users without edit contact permission to edit or delete notes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
Add new permission to add contact notes and prevent users without edit contact permission to edit or delete notes
Before
Currently only users with ability to "edit" contact can see "add note" button in contact page notes tab, but if the add note link civicrm/contact/view/note?cid=CONTACT_ID&action=add was access directly by a user with no ability to "edit" the contact he will still be able to access the add note button, Also the user can still edit or delete the note by direct access using the URL.
Here is an example of user who only has "view all contacts" permission, this is how notes table will appear to him :
And while there is not way to add, delete or edit any note from UI, you can still do it if you know which URL to use, here are some examples for each case for the same user :
Add
Edit
Delete
After
Now only users with "edit" ability can edit or delete notes, and a new permission is added called "add contact notes" so the user either need the ability to "edit" the contact or the new "add contact notes" permission to be able to add note for the currently viewed user.
So back to our user with only "view all contacts" permission, the notes tab will still appear as before :
But now the user cannot even use direct access to add,edit or delete a note :
Add
Edit
Delete
But additionally, we can grant this user role "add contact notes" permission :
which will allow the user to add notes (only add, no edit or delete will be allowed) :