Allows Edit when only View permission is given #19
Comments
|
defnitely sounds like a bug - I wonder if only adding this line if a permission check passes would fix |
colemanw
added a commit
that referenced
this issue
Apr 3, 2019
|
Nope that's not the right place - that's a backend edit link on the layout editor. Try #20 |
eileenmcnaughton
added a commit
that referenced
this issue
Apr 4, 2019
Fix #19 check permissions before allowing edit
|
Thanks, the patch works and access control is now enforced. However, there is a curious Edit icon that now appears on the role that is not suppose to Edit above the Key Relationship Blocks, and it is not clickable. This does not appear on Admin role. I attach a screenshot here. |
|
I've submitted a core patch for that. We can also patch this extension but the core patch will ensure other extensions don't fall in the same trap. |
colemanw
added a commit
that referenced
this issue
Apr 16, 2019
Don't show the edit tooltip without edit permission
Merged
|
cool |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hello,
I have an account which is only set to view all records in CIVICRM and is able to edit the Relationship Block nonetheless. This happens when all other blocks in the Record Summary are not editable. Would this be a bug ? Thanks.
CIVICRM 5.10.4 WordPress 5.0.1 Relationship Block 1.3
The text was updated successfully, but these errors were encountered: