Deleting group invalidates ACL
Overview
Groups used in ACL's can be deleted without warning resulting in invalid ACL's.
Setup
- Create a group: TestGroup
- Create an ACL: Role: Everyone, Operation: View, Type: Group, Group: TestGroup (just created)
- Note that the ACL display will shows
Type
as 'Group' and shows the group name - In SQL, look at the
civicrm_acl
table and note theobject_table
is 'civicrm_group', andobject_id
is the new group id.
Now delete the TestGroup:
- There is no warning that this group is used in an ACL
- In the ACL display the group name is now blank - a situation which cannot be created through the Add or Edit ACL screens.
- In SQL, the
civicrm_acl
table still show theobject_id
as the now non-existent group id.
Prior to https://github.com/civicrm/civicrm-core/pull/27679 this causes DB Syntax Errors when calling CRM_Contact_BAO_Contact_Permission::allow()
Expected behaviour
Good question! Maybe a warning that the group is being used in an ACL, but what should then happen to the ACL? Disable it?
Environment information
- CiviCRM: Master but may be longstanding