dev/core#2426 Fix regression whereby the dashboard crashes (permission related) #19694
Conversation
|
(Standard links)
|
eileenmcnaughton
force-pushed
the
dash
branch
from
e10e929 to
b1b8d28
Compare
|
@colemanw did you see this one? It threw up a lot of thoughts for me - but I'm inclined to consider those outside of getting the regression fixed |
|
Dashlet add loading on dahsboard, but when you try to delete it from dashabord. its giving permission issue. $record = Array
(
[dashboard_id] => 1
[id] => 202
[is_active] =>
[contact_id] => 202
[check_permissions] => 1
)here id become contact id, instead it should be primary id of in Also when dashboard is loading , format of the output with your patch is like Array
(
[id] => 1
[domain_id] => 1
[name] => blog
[label] => CiviCRM News
[url] => civicrm/dashlet/blog?reset=1
[permission] => Array
(
[0] => access CiviCRM
)
[permission_operator] =>
[fullscreen_url] => civicrm/dashlet/blog?reset=1&context=dashletFullscreen
[is_active] => 1
[is_reserved] => 1
[cache_minutes] => 1440
[directive] =>
[dashboard_contact.id] => 202
[dashboard_contact.weight] => 0
[dashboard_contact.column_no] => 1
[dashboard_contact.is_active] => 1
)Somewhere |
CRM/Core/BAO/Dashboard.php
Outdated
| foreach ($results as $item) { | ||
| $item['dashboard_contact.id'] = $contactDashboards[$item['id']]['contact_id'] ?? NULL; |
There was a problem hiding this comment.
Ah - this line - @sunilpawar do you want to try changing this to
$item['dashboard_contact.contact_id'] = $contactDashboards[$item['id']]['contact_id'] ?? NULL;
$item['dashboard_contact.id'] = $contactDashboards[$item['id']]['id'] ?? NULL;
If that works I'll push it up
There was a problem hiding this comment.
Replaced :
$item['dashboard_contact.id'] = $contactDashboards[$item['id']]['contact_id'] ?? NULL;
with
$item['dashboard_contact.id'] = $contactDashboards[$item['id']]['id'] ?? NULL; $item['dashboard_contact.contact_id'] = $contactDashboards[$item['id']]['contact_id'] ?? NULL;
It working for me ...
CRM/Core/BAO/Dashboard.php
Outdated
| foreach ($results as $item) { | ||
| $item['dashboard_contact.id'] = $contactDashboards[$item['id']]['contact_id'] ?? NULL; |
There was a problem hiding this comment.
This resolve issue with DB Errror and permission issue when we delete dashlet from contact dashboard
$item['dashboard_contact.id'] = $contactDashboards[$item['id']]['id'] ?? NULL;
$item['dashboard_contact.contact_id'] = $contactDashboards[$item['id']]['contact_id'] ?? NULL;There was a problem hiding this comment.
thanks @sunilpawar - I've pushed it up
…ts unable to view their own contact record. As noted in the code comments this was not my preferred technical fix but I do lean towards using this in the rc & reconsidering the other approaches in master. Also, in master I got a different error that I think related to new work
|
@eileenmcnaughton i have tested all changes again, its works perfectly .. |
|
Thanks for reviewing @sunilpawar |
Overview
Per https://lab.civicrm.org/dev/core/-/issues/2426 a user without the permission to see their own contact record will experience crashes on the main civicrm page as the code to load their dashlets uses setCheckPermissions(TRUE) (implicitly) which (implicitly) requires them to be able to view their own contact record.
Before
fatal error loading main civicrm screen for users with no access to view their own contact record
After
tada
Technical Details
As noted in the code comments this was not my preferred technical fix but I do lean
towards using this in the rc & reconsidering the other approaches in master (not least because I think we have a couple of other regressions to focus on and because this manefests differently in master)
Comments
With this patch I can add appropriate dashlets on 5.35 to a user with no ability to see their own contact record. However, on dmaster adding them results in a new error (@totten @colemanw @seamuslee001 ).