0

I am facing issue with CRM Core contact module. Actually i want to enable security permissions to Contact form sothat a contact added by a user should not visible to other users.

Could you please suggest me how to manage this situation.

Thanks Garg

sharad-garg
  • 359
  • 1
  • 6
  • 12
  • Just a guess, but I'd expect such a setting to be available on the permissions page. http://www.example.com/admin/people/permissions – Neograph734 Feb 15 '14 at 10:58
  • I tried that option but actually every user is able to see others contact too. with blank value. – sharad-garg Feb 15 '14 at 11:52

1 Answers1

0

There are no permissions in CRM Core that would allow you to limit access based on the user. A user either has access to contacts or you do not.

You can create a custom access callback for contacts. hook_crm_core_entity_access enables you to define custom access rules for your site, and it gets called in crm_core_contact_access.

To limit access to contacts created by a user, you would do something like the following:

<?php
  function MYMODULE_crm_core_entity_access ($op, $contact, $account, $entity_type){
    if($op == 'edit'){
      global $user;
      if($user->uid !== $contact->uid){
        return false;
      }
    }
    return true;
  }
?>

Please note, the system was designed this way for a reason, and CRM Core's access controls are different from those of node / user. When creating custom access functions for contacts, be sure to take the time to test your work. NOTHING is as bad as being the person responsible for a site that exposes all of your contact details to the world.

The way I test custom access rules is as follows:

1) Test that they don't allow anonymous access to contacts

2) Test that they don't allow any authenticated user access to contacts (unless that is what you want)

3) Test that they don't allow access beyond your test subject

4) Test that they do allow access to your test subject

user3566637
  • 101