Error when attempting to edit CiviEvent scheduled reminders
Overview
A user with tries to edit a scheduled reminder on an event and sees only a blank screen. Logs show errors.
Strangely, they can create new scheduled reminders on events no problem. But they then cannot edit the event scheduled reminder, not even for reminders they themselves created.
This occurs on CiviCRM 5.68 on Drupal 7 as well as on Civi 5.70.alpha1 generated today with buildkit drupal-demo.
** This worked on CiviCRM 5.52. There have been no changes to the user, roles, or permissions between it working on 5.52 and not working on 5.68. **
Posted on StackExchange but did not generate any discussion.
Role & Permissions
A user with "administrator" permissions can edit scheduled reminders on an event with no errors or issues.
A user with the following permissions receives an error when attempting to edit scheduled reminders on an event:
- CiviCRM: skip IDS check
- CiviCRM: access CiviCRM backend and API
- CiviEvent: access CiviEvent
- CiviEvent: edit event participants
- CiviEvent: edit all events
- CiviEvent: register for events
- CiviEvent: view event info
Error
When a user with the above permissions attempts to edit a scheduled reminder, what they see in the web UI is this:
What the Javascript Console shows is this:
What the logviewer shows is this on Civi 5.70.alpha1 (buildkit drupal-demo):
[error]
$Fatal Error Details = array:3 [
"message" => "Authorization failed"
"code" => null
"exception" => Civi\API\Exception\UnauthorizedException {#706
#message: "Authorization failed"
#code: 0
#file: "/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/Civi/API/Kernel.php"
#line: 230
#cause: null
-_trace: null
-errorData: array:1 [
"error_code" => "unauthorized"
]
trace: {
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/Civi/API/Kernel.php:230 {
Civi\API\Kernel->authorize($apiProvider, $apiRequest)
› if (!$event->isAuthorized()) {
› throw new \Civi\API\Exception\UnauthorizedException("Authorization failed");
› }
}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/Civi/API/Kernel.php:147 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/Civi/Api4/Generic/AbstractAction.php:256 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/api/api.php:91 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/CRM/Admin/Form.php:169 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/CRM/Admin/Form.php:79 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/CRM/Admin/Form/ScheduleReminders.php:50 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/CRM/Core/Form.php:731 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/CRM/Core/QuickForm/Action/Display.php:76 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/packages/HTML/QuickForm/Controller.php:203 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/packages/HTML/QuickForm/Page.php:103 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/CRM/Core/Controller.php:355 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/CRM/Utils/Wrapper.php:98 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/CRM/Core/Invoke.php:295 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/CRM/Core/Invoke.php:69 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/CRM/Core/Invoke.php:36 { …}
/buildkit/build/drupal-demo/web/sites/all/modules/civicrm/drupal/civicrm.module:472 { …}
/buildkit/build/drupal-demo/web/includes/menu.inc:527 { …}
/buildkit/build/drupal-demo/web/index.php:21 { …}
}
}
]
2024-02-06 05:12:58+0000 [debug] $backTrace = #0 /buildkit/build/drupal-demo/web/sites/all/modules/civicrm/CRM/Core/Error.php(443): CRM_Core_Error::backtrace("backTrace", TRUE)
#1 /buildkit/build/drupal-demo/web/sites/all/modules/civicrm/CRM/Core/Invoke.php(39): CRM_Core_Error::handleUnhandledException(Object(Civi\API\Exception\UnauthorizedException))
#2 /buildkit/build/drupal-demo/web/sites/all/modules/civicrm/drupal/civicrm.module(472): CRM_Core_Invoke::invoke((Array:4))
#3 /buildkit/build/drupal-demo/web/includes/menu.inc(527): civicrm_invoke("admin", "scheduleReminders", "edit")
#4 /buildkit/build/drupal-demo/web/index.php(21): menu_execute_active_handler()
#5 {main}
and what the logs show on a different system running CiviCRM 5.68 is this:
2024-01-15 15:30:56-0800 [debug] $API Request Authorization failed = #0 /var/www/html/sites/all/modules/civicrm/Civi/API/Kernel.php(151): CRM_Core_Error::backtrace("API Request Authorization failed", TRUE)
#1 /var/www/html/sites/all/modules/civicrm/Civi/Api4/Generic/AbstractAction.php(256): Civi\API\Kernel->runRequest(Object(Civi\Api4\Generic\DAOGetAction))
#2 /var/www/html/sites/all/modules/civicrm/api/api.php(91): Civi\Api4\Generic\AbstractAction->execute()
#3 /var/www/html/sites/all/modules/civicrm/CRM/Admin/Form.php(161): civicrm_api4("ActionSchedule", "get", (Array:1))
#4 /var/www/html/sites/all/modules/civicrm/CRM/Admin/Form.php(77): CRM_Admin_Form->retrieveValues()
#5 /var/www/html/sites/all/modules/civicrm/CRM/Admin/Form/ScheduleReminders.php(50): CRM_Admin_Form->preProcess()
#6 /var/www/html/sites/all/modules/civicrm/CRM/Core/Form.php(717): CRM_Admin_Form_ScheduleReminders->preProcess()
#7 /var/www/html/sites/all/modules/civicrm/CRM/Core/QuickForm/Action/Display.php(76): CRM_Core_Form->buildForm()
#8 /var/www/html/sites/all/modules/civicrm/packages/HTML/QuickForm/Controller.php(203): CRM_Core_QuickForm_Action_Display->perform(Object(CRM_Admin_Form_ScheduleReminders), "display")
#9 /var/www/html/sites/all/modules/civicrm/packages/HTML/QuickForm/Page.php(103): HTML_QuickForm_Controller->handle(Object(CRM_Admin_Form_ScheduleReminders), "display")
#10 /var/www/html/sites/all/modules/civicrm/CRM/Core/Controller.php(355): HTML_QuickForm_Page->handle("display")
#11 /var/www/html/sites/all/modules/civicrm/CRM/Utils/Wrapper.php(98): CRM_Core_Controller->run()
#12 /var/www/html/sites/all/modules/civicrm/CRM/Core/Invoke.php(295): CRM_Utils_Wrapper->run("CRM_Admin_Form_ScheduleReminders", "Schedule Reminders", (Array:0))
#13 /var/www/html/sites/all/modules/civicrm/CRM/Core/Invoke.php(69): CRM_Core_Invoke::runItem((Array:17))
#14 /var/www/html/sites/all/modules/civicrm/CRM/Core/Invoke.php(36): CRM_Core_Invoke::_invoke((Array:4))
#15 /var/www/html/sites/all/modules/civicrm/drupal/civicrm.module(472): CRM_Core_Invoke::invoke((Array:4))
#16 /var/www/html/includes/menu.inc(527): civicrm_invoke("admin", "scheduleReminders", "edit")
#17 /var/www/html/index.php(21): menu_execute_active_handler()
#18 {main}
2024-01-15 15:30:56-0800 [error]
$Fatal Error Details = array:3 [
"message" => "Authorization failed"
"code" => null
"exception" => Civi\API\Exception\UnauthorizedException {#2401
-errorData: array:1 [
"error_code" => "unauthorized"
]
#cause: null
-_trace: null
#message: "Authorization failed"
#code: 0
#file: "/var/www/html/sites/all/modules/civicrm/Civi/API/Kernel.php"
#line: 230
trace: {
/var/www/html/sites/all/modules/civicrm/Civi/API/Kernel.php:230 {
Civi\API\Kernel->authorize($apiProvider, $apiRequest)
› if (!$event->isAuthorized()) {
› throw new \Civi\API\Exception\UnauthorizedException("Authorization failed");
› }
}
/var/www/html/sites/all/modules/civicrm/Civi/API/Kernel.php:147 { …}
/var/www/html/sites/all/modules/civicrm/Civi/Api4/Generic/AbstractAction.php:256 { …}
/var/www/html/sites/all/modules/civicrm/api/api.php:91 { …}
/var/www/html/sites/all/modules/civicrm/CRM/Admin/Form.php:161 { …}
/var/www/html/sites/all/modules/civicrm/CRM/Admin/Form.php:77 { …}
/var/www/html/sites/all/modules/civicrm/CRM/Admin/Form/ScheduleReminders.php:50 { …}
/var/www/html/sites/all/modules/civicrm/CRM/Core/Form.php:717 { …}
/var/www/html/sites/all/modules/civicrm/CRM/Core/QuickForm/Action/Display.php:76 { …}
/var/www/html/sites/all/modules/civicrm/packages/HTML/QuickForm/Controller.php:203 { …}
/var/www/html/sites/all/modules/civicrm/packages/HTML/QuickForm/Page.php:103 { …}
/var/www/html/sites/all/modules/civicrm/CRM/Core/Controller.php:355 { …}
/var/www/html/sites/all/modules/civicrm/CRM/Utils/Wrapper.php:98 { …}
/var/www/html/sites/all/modules/civicrm/CRM/Core/Invoke.php:295 { …}
/var/www/html/sites/all/modules/civicrm/CRM/Core/Invoke.php:69 { …}
/var/www/html/sites/all/modules/civicrm/CRM/Core/Invoke.php:36 { …}
/var/www/html/sites/all/modules/civicrm/drupal/civicrm.module:472 { …}
/var/www/html/includes/menu.inc:527 { …}
/var/www/html/index.php:21 { …}
}
}
]
2024-01-15 15:30:56-0800 [debug] $backTrace = #0 /var/www/html/sites/all/modules/civicrm/CRM/Core/Error.php(443): CRM_Core_Error::backtrace("backTrace", TRUE)
#1 /var/www/html/sites/all/modules/civicrm/CRM/Core/Invoke.php(39): CRM_Core_Error::handleUnhandledException(Object(Civi\API\Exception\UnauthorizedException))
#2 /var/www/html/sites/all/modules/civicrm/drupal/civicrm.module(472): CRM_Core_Invoke::invoke((Array:4))
#3 /var/www/html/includes/menu.inc(527): civicrm_invoke("admin", "scheduleReminders", "edit")
#4 /var/www/html/index.php(21): menu_execute_active_handler()
#5 {main}
Reproduction steps
- Build a buildkit drupal-demo
- Log in as administrator, create a new role and give it the permissions noted above.
- Create a new user ("eventhelper"), assign user this role.
- (Still as administrator, or any other user) Create an event and create a scheduled reminder for the event.
- Log out. Log in as eventhelper.
- Go to the event, edit, go to the scheduled reminders tab, click edit next to the reminder.
Current behaviour
As above.
Expected behaviour
The user should be able to edit and save the scheduled reminder.
Comments
There are no permissions related to scheduled reminders. So although the log output says this is an authorization error, I don't see what authorization to give.
I'd also emphasize this worked in 5.52 with no changes to the user, role, or permissions.
Last, the user can create scheduled reminders on events, just not edit schedule reminders on events, even editing schedule reminders they themselves created. This is inconsistent so suggests a bug.