Git Product home page Git Product logo

eu.businessandcode.notepermissions's Introduction

eu.businessandcode.notepermissions

Control who can see which contact notes.

Introduction

By default there are 2 privacy levels for contact notes:

  • None (i.e. visible to all users)
  • Author only

This extension will create a CMS permission for every additional Privacy level you create.

By giving users that particular permission, you can give them access to contact notes of that privacy level.

Users without that CMS permission will not see contact notes of that privacy level.

Please note that users with the permission "view all notes" will always see all notes.

Setting the Note Privacy Level

You can create additional note privacy levels in two ways:

  • Administer > System Settings > Option Groups, then search for note_privacy
  • add a note to a contact, and click on the wrench icon next to "Privacy"

On creation (or modification) of a contact note, select the privacy level that is appropriate in your situation.

Assign Permissions

For each additional privacy level you have created in CiviCRM, a corresponding CMS permission will be created automatically. Search for "CiviCRM: access notes with privacy type".

Check you CMS (Drupal, Wordpress, Joomla) for more information about assigning permissions.

Requirements

  • PHP v7.0+
  • CiviCRM 5+

eu.businessandcode.notepermissions's People

Contributors

alainbenbassat avatar seamuslee001 avatar

Watchers

avatar avatar avatar

Forkers

seamuslee001 agileware megaphonejon colemanw

eu.businessandcode.notepermissions's Issues

CiviCRM Export data overrides security

Hi Alain - we have been using the extension for a while now (it's great, thank you) but by chance noticed an issue today when we did an export on staff members.

I think this is also a general Civi issue in term of exporting data, but raising it with you as it particualrly affects additional privacy levels.

If you add notes that are not supposed to be visible to others - either your additional privacy levels or even just 'Author only', you can simply do an Export contacts, choose all primary fields and you get to see the notes.

From my testing, as long as someone has 'View only' on a contact record, they can export to see hidden notes that would be hidden for that person via the UI - not a situation we want. I might just be missing the obvious of course...!

I am going to try and lockdown the export for the moment, I think there is a way to hide it on the menu with an extension until I can be sure we are secure.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.