CiviCRM Core issueshttps://lab.civicrm.org/dev/core/-/issues2023-07-08T05:03:19Zhttps://lab.civicrm.org/dev/core/-/issues/2454Access Control by Financial Type permissioning does not cover contribution_recur2023-07-08T05:03:19ZandyburnsAccess Control by Financial Type permissioning does not cover contribution_recurWhen having _Access Control by Financial Type_ turned on a user without the permission over a given financial type can still access it in 3 ways:
- Can view corresponding recurring contribution (under recurring contributions tab)
- Can ...When having _Access Control by Financial Type_ turned on a user without the permission over a given financial type can still access it in 3 ways:
- Can view corresponding recurring contribution (under recurring contributions tab)
- Can cancel it
- Can view all contributions related to the recurring. So it is a backdoor around the permissioning.
I've checked the financial type in civicrm_contribution_recur and it is one they should not see.
![cancel-recurring](/uploads/f514ebffe682dfa823c54512a9a5b505/cancel-recurring.png)
![recurring-contritbutions-log](/uploads/a28ecf0d139ff3c11c1b3aad320576f3/recurring-contritbutions-log.png)
WP 5.6.2 Civi 5.31.1https://lab.civicrm.org/dev/core/-/issues/4417API 4 Explorer output is inconsistent for serialized fields in JSON view2023-07-07T15:10:50ZlarsssandergreenAPI 4 Explorer output is inconsistent for serialized fields in JSON viewEdit: See discussion below.
~~If we use API 4 to save JSON values for a JSON field, the JSON gets mucked up because the API expects an array. I suppose this works in a sense, but in another sense it is weird that you can't, for example,...Edit: See discussion below.
~~If we use API 4 to save JSON values for a JSON field, the JSON gets mucked up because the API expects an array. I suppose this works in a sense, but in another sense it is weird that you can't, for example, copy an entity by getting it from API 4 and then creating with the same values (because the API gives you JSON, but won't accept it).~~
~~If this is the expected behaviour, at least I can document it.~~
----
~~If we pass in `{"something": "thing"}`, what gets saved in the database is `[{"something": "thing"}]`.~~
~~If we use a save action and pass in a `records` array with a JSON value, what gets saved in the database is `["{\"something\": \"thing\"}"]`.~~https://lab.civicrm.org/dev/core/-/issues/2447Wrong event fee shown in CiviCRM2023-07-07T05:03:20ZjaapjansmaWrong event fee shown in CiviCRM**Steps to reproduce**
1. Set the localization settings to **decimal separator**: `,` and **thousand separator**: `.`
2. Create a price set with two quantity fields and a drop down.
3. Create an event with only registration and payments...**Steps to reproduce**
1. Set the localization settings to **decimal separator**: `,` and **thousand separator**: `.`
2. Create a price set with two quantity fields and a drop down.
3. Create an event with only registration and payments and select the created price set above
4. Do a registration and a payment. All amounts are correct on the registration screen
5. After you have done a registration check the participant list or the event tab on the contact card. And/or click on view participant. The total amount for the event fee is displayed wrong.
**Screenshot**
Below a screenshot which shows the wrong amount.
![Screenshot_20210309_114606](/uploads/c3150fda8f90aacccfc26b9c50584e92/Screenshot_20210309_114606.png)
**Remarks**
This also happens when you do an event registration from the contact record in CiviCRM.
**Environment**
Drupal 7
CiviCRM 5.37.aplha1 (dmaster)https://lab.civicrm.org/dev/core/-/issues/2456Explore use of JWTs for authentication2023-07-07T05:03:19ZcolemanwExplore use of JWTs for authentication(*Migrated from a totten comment on another thread about simulating permissions in afform and searchkit*)
## JSON Web Tokens: Microsoft example
(*This example demonstrates the data-flow. Many symbols/URLs are edited to improve readabil...(*Migrated from a totten comment on another thread about simulating permissions in afform and searchkit*)
## JSON Web Tokens: Microsoft example
(*This example demonstrates the data-flow. Many symbols/URLs are edited to improve readability/intuition.*)
A "JSON Web Token" (JWT) is a building-block for an access-control system. (Analogy: JSON serves a purpose like XML... but JSON is easier to encode/decode/remix/improvise. Similarly, JWT serves a purpose like ASN.1/X.509... but JWT is easier to encode/decode/remix/improvise.)
Microsoft uses JWT for their web-service APIs - and also for email APIs, like MS Exchange Online. When Civi talks to MS Exchange Online, it uses JWTs. In this process, a user "Alice" (`alice@example.com`) starts out in Civi web UI. We redirect her to `https://login.microsoftonline.com`, where she clicks a button to say "Yes, trust CiviCRM", and (long-story-short) MS sends us an access token.
This access token looks like a long, random password (`aSdF12.34QwErTy.DvORak`), and we can use it to make REST calls. For example, we might request a copy of Alice's user profile:
```
GET https://api.microsoft.com/about-me HTTP/1.1
Authorization: Bearer aSdF12.34QwErTy.DvORak
```
```
HTTP/1.1 200 OK
Content-type: application/json
{"email": "alice@example.com", "first_name": "Alice", "last_name": "Alison", ...}
```
Again, it looks like a password, so one can plug it into many different systems. We can use it to connect to IMAP or SMTP servers.
But it's not really a password. It is encoded JSON. If you clean it up, then it looks like this:
```js
{
"issuer": "login.microsoftonline.com",
"user": "alice@example.com",
"scopes": ["imap", "smtp", "profile"],
"expires": "2021-04-08 12:16:20"
}
```
This says that `login.microsoftonline.com` (the master security service at Microsoft) is vouching for us. We're approved to access a few services (`"scopes":["imap", "smtp", "profile"]`) on behalf of a particular person (`"user": "alice@example.com"`). When we connect to `api.microsoft.com` or IMAP or SMTP, the server parses the JWT, validates the signature cryptographically, and then gives us access.
The fields (`user`, `scopes`, etc) determine access control. If we try to access any other API -- editing Alice's address book, deleting Word docs, generating maps, etc -- then it will reject us. That's because our `"scopes"` do not include `address_book`, `manage_docs`, or `mapping`.
The token format doesn't *have* to be based on JSON or JWT. Civi's email hashes are a fine example of a token that doesn't use JSON. However, JSON is flexible and easy to parse. If you're designing a protocol, you have a lot of latitude to pick and choose which fields to include. Additionally, because it's standard, it's easier to inspect/debug. (Got a failed request? Decode the JWT and see if anything looks wrong.)
## JSON Web Tokens: Why
Why would someone like Microsoft adopt an access-token pattern like JWT?
Because they are actually running many distributed apps - and, when you get to a certain scale (#apps/#devs/#users), it gets hard to think straight (or run performantly) if they are linked-up one-by-one using a shared session.
Ordinarily, one would expect the demands on a self-hosted PHP app to be gentle enough to address with a straight-forward session/global variable (`$session->get('userID')`; `global $user`). There's a lot of mileage there. However, with the complexity of supporting multiple CMSs with different routing/session/identity mechanisms -- and with the goal of doing targeted permission escalations/changes/bypasses -- I'm not so sure. Civi is not positioned to be as simple as a singular PHP app - maybe it's more like a distributed app (where access+identity messages are coordinated among many different components - Drupal, Joomla, WordPress, Civi QF, Civi APIs, etc)
## Browser (JS) apps and alternative permissions
OK, so how would you use JWT to accomplish alternate permissions in a Civi/JS/Angular/API app?
Recall that the page-load goes a bit like this:
```
GET https://example.org/civicrm/search HTTP/1.1
Cookie: SESS=abcd1234
GET https://example.org/civicrm/ajax/api4/SavedSearch/get?name=foobar HTTP/1.1
Cookie: SESS=abcd1234
GET https://example.org/civicrm/ajax/api4/Contact/get?complexCriteria=... HTTP/1.1
Cookie: SESS=abcd1234
```
In each request, the permissions are determined by the cookie. But you don't want those permissions. So... don't use the cookie. Use something with different permissions - like a JWT.
```
GET https://example.org/civicrm/search HTTP/1.1
Cookie: SESS=abcd1234
GET https://example.org/civicrm/ajax/api4/SavedSearch/get?name=foobar HTTP/1.1
Authorization: Bearer aSdF12.34QwErTy.DvORak
GET https://example.org/civicrm/ajax/api4/Contact/get?complexCriteria=... HTTP/1.1
Authorization: Bearer aSdF12.34QwErTy.DvORak
```
During the initial page-view, you have to construct and output the token. This is where you decide what kind of actions will be permitted. Maybe it looks like:
```php
$token = Civi::service('crypto.jwt')->encode([
'exp' => time() + 3600,
'scopes' => ['api4/SavedSearch/get', 'api4/Contact/get'],
]);
Civi::resources()->addSetting('apiAuthToken', $token);
```
or maybe:
```php
$token = Civi::service('crypto.jwt')->encode([
'exp' => time() + 1800,
'scopes' => ['SavedSearch:foobar'],
]);
Civi::resources()->addSetting('apiAuthToken', $token);
```
or:
```php
$token = Civi::service('crypto.jwt')->encode([
'exp' => time() + 3600,
'contactId' => 1234,
'savedSearch' => 'foobar',
'perms' => ['access AJAX API']
Civi::resources()->addSetting('apiAuthToken', $token);
```
This is a very generic/flexible way to think about changing permissions while supporting AJAX apps.https://lab.civicrm.org/dev/core/-/issues/4300FormBuilder: Client-side email validation doesn't work2023-07-07T03:55:58ZkcristianoFormBuilder: Client-side email validation doesn't workThis is a follow up issue to https://lab.civicrm.org/dev/core/-/issues/4173 and relayed to https://lab.civicrm.org/dev/core/-/issues/4174#note_90537
Steps to Reproduce:
- Build WP site with latest CiviCRM - Cureently using WP 6.2.1 and...This is a follow up issue to https://lab.civicrm.org/dev/core/-/issues/4173 and relayed to https://lab.civicrm.org/dev/core/-/issues/4174#note_90537
Steps to Reproduce:
- Build WP site with latest CiviCRM - Cureently using WP 6.2.1 and CiviCRM 5.61.2
- Create a submission form with the following Fields - all required
- First Name
- Last Name
- Email
- Phone
Compete the form, but for email use `meatme` as the email address.
- expected behavior - fails validation
- Actual behavior form submits
Email validation not working client side or server side. I have confirmed this on WP and Drupal 7.
~~Possibly related - on phone or address - add a second item (second phone in my testing). Do not choose a location type. Form submits, but the record does not update CiviCRM. This behavior only exists on WP, I cannot reproduce on Drupal. I can break this out as another issue if needed. But adding here as I see this as validation failing.~~
EDIT: The location issue is fixed in WP with the master branch.
ping @eileen @colemanw @shaneonabike @JonGold As we all commented on original issue notifying and asking for feedback and comments on a possible way to fix.https://lab.civicrm.org/dev/core/-/issues/4416🌶️ CiviCRM 5.63.0 - Regression, Mailing click tracking now returns: Error 500...2023-07-06T22:46:14Zjustinfreeman (Agileware)🌶️ CiviCRM 5.63.0 - Regression, Mailing click tracking now returns: Error 500 malformed header from script 'url.php': Bad header for all tracked URLsRegression, Mailing click tracking now returns: Error 500 malformed header from script 'url.php': Bad header for all tracked URLs
As a result, Mailing click tracking no longer works. This bug warrants a new CiviCRM release IMHO.
eg, ht...Regression, Mailing click tracking now returns: Error 500 malformed header from script 'url.php': Bad header for all tracked URLs
As a result, Mailing click tracking no longer works. This bug warrants a new CiviCRM release IMHO.
eg, https://flippythongs.org.au/wp-content/plugins/civicrm/civicrm/extern/url.php?u=4238&qid=201344 returns **Error 500**
Patch submitted, https://github.com/civicrm/civicrm-core/pull/26747/
Version: CiviCRM 5.63.05.63.1https://lab.civicrm.org/dev/core/-/issues/4355New Activity with custom radio field gives fatal error2023-07-06T22:45:12ZDaveDNew Activity with custom radio field gives fatal error1. Create a radio field for activities.
2. Go to Contacts - New Activity.
3. Red alert box "network error" and the custom fields don't display. `TypeError: Cannot access offset of type string on string in include() (line 31 of .../templa...1. Create a radio field for activities.
2. Go to Contacts - New Activity.
3. Red alert box "network error" and the custom fields don't display. `TypeError: Cannot access offset of type string on string in include() (line 31 of .../templates_c/en_US/%%1D/1DB/1DB03A28%%CustomField.tpl.php).`
Using php 8. Doesn't happen in php 7.
Works ok in 5.61.5.64.0https://lab.civicrm.org/dev/core/-/issues/2455league/csv package a bit of a booby trap in waiting2023-07-06T05:03:19Zeileenleague/csv package a bit of a booby trap in waitingWe currently have v9.3 of csv/league on our wmf code and 9.2 in our civi code and have no issues - however we recently tried 9.6 in our CI and found it crashes when co-existing with 9.2 which civi has - due to this removal
https://githu...We currently have v9.3 of csv/league on our wmf code and 9.2 in our civi code and have no issues - however we recently tried 9.6 in our CI and found it crashes when co-existing with 9.2 which civi has - due to this removal
https://github.com/thephpleague/csv/commit/bbfb63b6c4df045353f095f842942038a529f69a#diff-fe65dcdace9cc44252b537bee79dd574edd1bccf6cee646cc860006a6ec50e8bL119
Although we have no specific reason to update to 9.6 at this stage we can assume that some WP sites might in the nearish future and I think we could mitigate the iminent pain by upgrading civi to a patched version of 9.6 that puts that function back & hence gets us past the transitional wobbles (we can unpatch later on)https://lab.civicrm.org/dev/core/-/issues/2441Print Report from Manage Case for closed cases doesn't show roles properly2023-07-06T05:03:18ZDaveDPrint Report from Manage Case for closed cases doesn't show roles properlyIt's not identical to https://lab.civicrm.org/dev/core/-/issues/1948 but might be the same underlying reason.
1. Create a case.
2. Add some roles.
3. Close the Case.
4. Choose Print Report on Manage Case.
5. Look at the roles near the t...It's not identical to https://lab.civicrm.org/dev/core/-/issues/1948 but might be the same underlying reason.
1. Create a case.
2. Add some roles.
3. Close the Case.
4. Choose Print Report on Manage Case.
5. Look at the roles near the top - they should be there.
Ditto for the Activity Audit which is the same codebase as Print Report.https://lab.civicrm.org/dev/core/-/issues/4392tarballs not working in 5.63+2023-07-05T23:49:06ZDaveDtarballs not working in 5.63+There's a new sql/civicrm_data folder that isn't getting included, so the UI installer doesn't work.
@totten
Also the use of `{php}` may not work in all environments. I'd have to double check but it didn't used to work in a normal for...There's a new sql/civicrm_data folder that isn't getting included, so the UI installer doesn't work.
@totten
Also the use of `{php}` may not work in all environments. I'd have to double check but it didn't used to work in a normal form tpl, but this might be a different context.5.63.0https://lab.civicrm.org/dev/core/-/issues/4317Import contribution fails with custom fields2023-07-05T23:48:39ZPhilipp MichaelImport contribution fails with custom fieldsOverview
----------------------------------------
When importing contributions with field mappings to a custom field, the process fails after continuing from step 2 of 3.
Reproduction steps
----------------------------------------
1. Cl...Overview
----------------------------------------
When importing contributions with field mappings to a custom field, the process fails after continuing from step 2 of 3.
Reproduction steps
----------------------------------------
1. Click on **Contributions -> Import Contributions**.
1. Choose mandotory options and continue to step 2.
1. In "Matching CiviCRM Field" choose at least one custom field and try to continue to step 3
1. Got an error "**TypeError: CRM_Import_Parser::getFieldMetadata(): Return value must be of type array, null returned**".
Current behavior
----------------------------------------
Regardless of the provided CSV data, the process fails with:
```
TypeError: CRM_Import_Parser::getFieldMetadata(): Return value must be of type array, null returned in CRM_Import_Parser->getFieldMetadata() (line 1768 of /var/www/html/vendor/civicrm/civicrm-core/CRM/Import/Parser.php).
CRM_Import_Parser->getFieldMetadata('Zu_belastendes_Konto.nur_anstehende_Zuwendungen._IBAN') (Line: 165)
CRM_Contribute_Import_Parser_Contribution->getMappedRow(Array) (Line: 221)
CRM_Contribute_Import_Parser_Contribution->validateValues(Array) (Line: 2551)
CRM_Import_Parser->validateRow(Array) (Line: 1842)
CRM_Import_Parser->validate() (Line: 90)
CRM_Import_Form_MapField->postProcess() (Line: 612)
CRM_Core_Form->mainProcess() (Line: 144)
CRM_Core_StateMachine->perform(Object, 'next', 'Next') (Line: 43)
CRM_Core_QuickForm_Action_Next->perform(Object, 'next') (Line: 203)
HTML_QuickForm_Controller->handle(Object, 'next') (Line: 103)
HTML_QuickForm_Page->handle('next') (Line: 355)
CRM_Core_Controller->run(Array, NULL) (Line: 319)
CRM_Core_Invoke::runItem(Array) (Line: 69)
CRM_Core_Invoke::_invoke(Array) (Line: 36)
CRM_Core_Invoke::invoke(Array) (Line: 88)
Drupal\civicrm\Civicrm->invoke(Array) (Line: 83)
Drupal\civicrm\Controller\CivicrmController->main(Array, '')
call_user_func_array(Array, Array) (Line: 123)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 580)
Drupal\Core\Render\Renderer->executeInRenderContext(Object, Object) (Line: 124)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->wrapControllerExecutionInRenderContext(Array, Array) (Line: 97)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 169)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1) (Line: 81)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1) (Line: 58)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1) (Line: 48)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1) (Line: 106)
Drupal\page_cache\StackMiddleware\PageCache->pass(Object, 1, 1) (Line: 85)
Drupal\page_cache\StackMiddleware\PageCache->handle(Object, 1, 1) (Line: 48)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1) (Line: 51)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel->handle(Object, 1, 1) (Line: 718)
Drupal\Core\DrupalKernel->handle(Object) (Line: 19)
```
Environment information
----------------------------------------
* __CiviCRM:__ _Master/5.60/5.62/5.64_
* __PHP:__ _8.0_
* __CMS:__ _Drupal 9.5.9_
* __Database:__ _MariaDB 10.4.28_
Comments
----------------------------------------
I've tested latest versions and can reproduce it in 5.60 and later. It was probably caused with changes in [Update Contribution Import to use apiv4 field names, prior to adding hooks](https://github.com/civicrm/civicrm-core/pull/25886). The way of getting custom fields available for import has changed, which leads to different field keys respectively option values. Previously you got the short version "custom_xy", now you get a long database field name like one.
5.59:
![mapping-custom-fields-options-5.59](/uploads/e4f4adc83357fd0c3e7613b6f92d5bb2/mapping-custom-fields-options-5.59.png)
5.60 (and 5.62, 5.64):
![mapping-custom-fields-options-5.62](/uploads/d0f7573c8f279bc53c794949d3183ea9/mapping-custom-fields-options-5.62.png)
The import parser can't find related field meta data regarding to those keys.
I'm not sure, if those key names provided by the API are intended and therefor can't provide a PR.5.63.0https://lab.civicrm.org/dev/core/-/issues/4258Show next scheduled contribution date for recurring contributions on contact2023-07-05T23:48:38ZlarsssandergreenShow next scheduled contribution date for recurring contributions on contactCurrently, the active recurring contribution start date is shown, but the next scheduled contribution date would be much more useful (I often find myself looking for the next contribution date, especially when there is a credit card issu...Currently, the active recurring contribution start date is shown, but the next scheduled contribution date would be much more useful (I often find myself looking for the next contribution date, especially when there is a credit card issue, but rarely need to know the start date for the series).
For inactive recurring contributions, it would be much more useful to know the cancellation date than the start date.
For reference, the current situation:
![image](/uploads/a955ce997cc6063eab4dee4852a0d282/image.png)
Will submit PR if supported.https://lab.civicrm.org/dev/core/-/issues/4260CiviEvent: Submit button has wrong label in online registrations with multipl...2023-07-05T23:48:38ZAndreasandreas.howiller@civiservice.deCiviEvent: Submit button has wrong label in online registrations with multiple participants (on free events without confirmation screen)Overview
----------------------------------------
On a registration page for an event that allows multiple attendees, the submit button is labelled "Review" instead of "Register" though confirmation screen is disabled and event has no f...Overview
----------------------------------------
On a registration page for an event that allows multiple attendees, the submit button is labelled "Review" instead of "Register" though confirmation screen is disabled and event has no fees:
![grafik](/uploads/212957e4dfcbd9d321ff468009e9fce7/grafik.png)
Reproduction steps
----------------------------------------
1. Create a event free of charge with online registration
1. Enable checkbox "Register multiple participants?"
1. Try out registration page
Current behaviour
----------------------------------------
1. Button is labelled "Review" when option for multiple participants is enabled and drop down option is "1".
2. For dropdown "2" the label is "Continue" in the first step of the form. The last step then shows "Continue" again.
Expected behaviour
----------------------------------------
The "final submission button" should here always have the label "register" as it is the case when disabling "Register multiple participants".
Environment information
----------------------------------------
Reproduced on:
* __CiviCRM:__ _5.61.alpha1/5.60.0/5.58.1_
* __PHP:__ _8.1/7.4_https://lab.civicrm.org/dev/core/-/issues/3815Drop-down (select-list) fields don't render if "Options per line" is set2023-07-05T23:48:36ZmessicaDrop-down (select-list) fields don't render if "Options per line" is setOverview
----------------------------------------
Drop-down custom fields are not displayed if "Options per line" is set, even if the setting is hidden.
Reproduction steps
----------------------------------------
1. Create a "Radio butt...Overview
----------------------------------------
Drop-down custom fields are not displayed if "Options per line" is set, even if the setting is hidden.
Reproduction steps
----------------------------------------
1. Create a "Radio buttons" Custom Field.
1. Set "Options per line" to any value besides 0
1. Change the Field Input Type to "Drop-down (select list)"
1. Save
Current behaviour
----------------------------------------
The Drop-down field is not rendered at all, in previews or on front end.
Expected behaviour
----------------------------------------
The Drop-down field should ignore any previously set values for "Options per line"
Environment information
----------------------------------------
* __CiviCRM__: 5.46.3
* __PHP__: 7.4.27
* __CMS__: _WordPress 6.0.1
* __Database:__ 10.3.34-MariaDB-0+deb10u1
* __Web Server:__ Apache/2.4.38 (Debian)5.63.0https://lab.civicrm.org/dev/core/-/issues/2448Possible bug: authenticated user with ACL Edit Right for a group of contacts ...2023-07-05T05:03:19ZalmeidamPossible bug: authenticated user with ACL Edit Right for a group of contacts can "Record Activity, Tag Contact and Add to Group" on ALL contactsOverview
----------------------------------------
I have an ACL role that has Edit right over a group of contacts (group A). When I list all my contacts this user is able perform some actions it shouldn't on the other contacts (not in g...Overview
----------------------------------------
I have an ACL role that has Edit right over a group of contacts (group A). When I list all my contacts this user is able perform some actions it shouldn't on the other contacts (not in group A).
Actions: "Record Activity", "Tag Contact" and "Add to group"
Reproduction steps
----------------------------------------
1. Create ACL with Edit Permission over a group of contacts (i.e. European Manager has Edit Access over European Contacts)
![image](/uploads/33e2bf2f5eadca89c6742b49072991f8/image.png)
2. Give "View All" permission to authenticated users in CMS
OR
Do not give "View All Contacts" permission to authenticated users in CMS AND create a group "All Contacts", add all contacts to that group and give ACL View permission to authenticated users
(Note: the only other CMS permissions set for this role are "CiviCRM: access CiviCRM backend and API and CiviCRM: access AJAX API).
3. List All Contacts
Current behaviour
----------------------------------------
You'll see that this user can perform actions "Record Activity", "Tag Contact" and "Add to Group" on all contacts.
![image](/uploads/7cbd921841b091cf276de03e0b47202d/image.png)
Expected behaviour
----------------------------------------
This user should only be allowed these actions (Record activity, etc) on the contacts it has Edit rights over. For the ones it has only View access, it should only be allowed to "View" and "Send Email".
Environment information
----------------------------------------
* __CiviCRM:__ 5.33.2
* __PHP:__ 7.4
* __CMS:__ Drupal 7
* __Database:__ MySQL 5.7
Comments
----------------------------------------
I am unsure if this is a bug or just a bad configuration on my part, but the inconsistency brought me to create this issue.
I have found a counter example that further exposes this inconsistency:
* When we don't have "View All Contacts" for authenticated users and we an ACL View Permissions on "All Groups" (instead of an ACL View permission over a group of all contacts) .
With this configuration we don't get "Record Activity", "Tag Contact" or "Add to Group" on any of the contacts:
![image](/uploads/6f28d4906016223ffc130e9228c89e19/image.png)
![image](/uploads/1e34b4040254cbfa90d31867b4052772/image.png)
This may actually be the expected result, since my user does not have "Manage Groups" permission.
However, what I would actually like to achieve is:
* All authenticated user can View All contacts
* Users with Edit ACLs can edit specific contacts
* Users with ACL's can Add to groups (and created groups) of contacts ONLY over which they have Edit Permission.
Which seems impossible at the moment.https://lab.civicrm.org/dev/core/-/issues/2445Soft Credit Type does not display in Contribution Detail report2023-07-05T05:03:18ZyashodhaSoft Credit Type does not display in Contribution Detail reportThe value for _Soft Credit Type_ is missing in _Contribution Detail_ report.
![missing_soft_credit_type](/uploads/3b85264817fa79fe1c993ec4a0de80eb/missing_soft_credit_type.png)The value for _Soft Credit Type_ is missing in _Contribution Detail_ report.
![missing_soft_credit_type](/uploads/3b85264817fa79fe1c993ec4a0de80eb/missing_soft_credit_type.png)yashodhayashodhahttps://lab.civicrm.org/dev/core/-/issues/4408Case Detail Report Template Missing City Field2023-07-05T03:43:28ZLKuttnerCase Detail Report Template Missing City FieldThe Case Detail report template is missing {contact.city} while all the other address fields are available. I do not know how long this has been like this, since we just began using this report. One thought I had was that this might be ...The Case Detail report template is missing {contact.city} while all the other address fields are available. I do not know how long this has been like this, since we just began using this report. One thought I had was that this might be caused by our using the Word replacement feature for City > Town, but disabling it did not help. This is with 59.5.4.
![Missing-City-Field](/uploads/d206a1e64547bdf40a778cd71f19a8c4/Missing-City-Field.PNG)https://lab.civicrm.org/dev/core/-/issues/4407SearchKit: Option to apply style to whole row2023-07-04T23:49:12Zaydunsaidan.saunders@squiffle.ukSearchKit: Option to apply style to whole rowThe most common use of `Style` conditionals for me is setting the `Style` to `Disabled` based on the `Enabled` field.
Currently this requires adding the same conditional to every field in the display.
Suggestion: allow a style to be ap...The most common use of `Style` conditionals for me is setting the `Style` to `Disabled` based on the `Enabled` field.
Currently this requires adding the same conditional to every field in the display.
Suggestion: allow a style to be applied to the whole row.colemanwcolemanwhttps://lab.civicrm.org/dev/core/-/issues/4405SearchKit: prevent Smarty parsing content in 'rewrite text'2023-07-04T21:43:41Zaydunsaidan.saunders@squiffle.ukSearchKit: prevent Smarty parsing content in 'rewrite text'Overview
----------------------------------------
The 'Rewrite Text' option in SearchKit tables allows use of Smarty, but Smarty attempts to parse the content of the tokens sometimes resulting in Smarty errors and no results being shown....Overview
----------------------------------------
The 'Rewrite Text' option in SearchKit tables allows use of Smarty, but Smarty attempts to parse the content of the tokens sometimes resulting in Smarty errors and no results being shown.
Reproduction steps
----------------------------------------
1. Create a SearchKit for Job Logs
1. Add `Description` and `Extended data`
1. Add a table with default fields
Check you have data!
1. Enable 'Rewrite Text' on `Description` or `Extended Data` - leave the tokens as provided.
Current behaviour
----------------------------------------
Depending on your job log content there may be no results showing.
My data included a description of `Finished execution of Civirules cron with result: Success (a:0:{}) `
The webserver log shows:
```
[Tue Jul 04 17:14:10.938281 2023] [php7:error] [pid 1081743] [client 127.0.0.1:42138] PHP Fatal error: Smarty error: [in string:Finished execution of Civirules cron with result: Success (a:0:{}) line 1]: syntax error: unrecognized tag: (Smarty_Compiler.class.php, line 440) in /opt/buildkit/build/adminui/web/wp-content/plugins/civicrm/civicrm/packages/Smarty/Smarty.class.php on line 1100, referer: http://adminui.localhost/wp-admin/admin.php?page=CiviCRM&q=civicrm%2Fadmin%2Fsearch
```
Expected behaviour
----------------------------------------
The tokens should be displayed without Smarty attempting to parse the content.
And relatedly, if using 'Rewrite Text' to combine multiple fields, you may want to enable HTML (eg to add bold or line breaks) without having the token content itself rendered as HTML.
Environment information
----------------------------------------
<!-- Some of the items below may not be relevant for every bug - if in doubt please include more information than you think is neccessary. -->
* __CiviCRM:__ _Master_ <!-- If this problem relates to an upgrade, then specify both old and new versions -->
Comments
----------------------------------------https://lab.civicrm.org/dev/core/-/issues/2437figure out a way to warn about potentially bad sums2023-07-04T05:03:26Zeileenfigure out a way to warn about potentially bad sumsThis is the left join problem - let's assume the search wants to get a list of dad's along with their total contributions - you would construct a search like the one below. However if the dad has 2 children the contribution amount will b...This is the left join problem - let's assume the search wants to get a list of dad's along with their total contributions - you would construct a search like the one below. However if the dad has 2 children the contribution amount will be doubled.
There is no easy answer but potentially we could at least find some way of making them aware there COULD be a problem
![image](/uploads/442277cfb87e21c8e01b4cdc1c3d353c/image.png)
https://dmaster.localhost:32353/civicrm/admin/search#/create/Contact?params=%7B%22version%22:4,%22select%22:%5B%22id%22,%22display_name%22,%22GROUP_CONCAT(Contact_RelationshipCache_Contact_01.display_name)%20AS%20GROUP_CONCAT_Contact_RelationshipCache_Contact_01_display_name%22,%22GROUP_CONCAT(Contact_RelationshipCache_Contact_01.birth_date)%20AS%20GROUP_CONCAT_Contact_RelationshipCache_Contact_01_birth_date%22,%22gender_id:label%22,%22SUM(Contact_Contribution_contact_id_01.total_amount)%20AS%20SUM_Contact_Contribution_contact_id_01_total_amount%22%5D,%22orderBy%22:%7B%7D,%22where%22:%5B%5D,%22groupBy%22:%5B%22id%22%5D,%22join%22:%5B%5B%22Contact%20AS%20Contact_RelationshipCache_Contact_01%22,true,%22RelationshipCache%22,%5B%22id%22,%22%3D%22,%22Contact_RelationshipCache_Contact_01.far_contact_id%22%5D,%5B%22Contact_RelationshipCache_Contact_01.near_relation:name%22,%22%3D%22,%22%5C%22Child%20of%5C%22%22%5D%5D,%5B%22Contribution%20AS%20Contact_Contribution_contact_id_01%22,false,%5B%22id%22,%22%3D%22,%22Contact_Contribution_contact_id_01.contact_id%22%5D%5D%5D,%22having%22:%5B%5D%7D