CiviCRM Core issueshttps://lab.civicrm.org/dev/core/-/issues2024-03-06T10:57:35Zhttps://lab.civicrm.org/dev/core/-/issues/4909Split 'Edit all contacts' permission2024-03-06T10:57:35ZGuillaumeSorelSplit 'Edit all contacts' permissionI jumped into a user case where some admin should be able to edit contacts they're allowed to manage but shouldn't be able to manage tags. After looking inside the documentation, stackexchange and the ACL I discovered that the 'Edit all ...I jumped into a user case where some admin should be able to edit contacts they're allowed to manage but shouldn't be able to manage tags. After looking inside the documentation, stackexchange and the ACL I discovered that the 'Edit all contacts' embeds several sub-permissions like editing the contacts information and also tags or groups. It's everything or nothing within this permission.
I'm not talking about the capability to manage Tags as entity (which as a separate permission) but to manage the use of them.
I think it could be interesting to split this permission with a 'edit all contacts' on the one hand and create a new 'edit contact tags / groups' on the other hand.https://lab.civicrm.org/dev/core/-/issues/4908Integrate Angular calendar for better usability2024-01-15T11:36:56ZshaneonabikeIntegrate Angular calendar for better usabilityI don't mind the existing calendar date picker, but I was wondering if there are other solutions that might work a bit better for usability. I came across this [Angular version](https://laros.io/using-angular-material-calendar-with-date-...I don't mind the existing calendar date picker, but I was wondering if there are other solutions that might work a bit better for usability. I came across this [Angular version](https://laros.io/using-angular-material-calendar-with-date-ranges-and-range-presets) (maybe there is an alternative)
Since we are already starting to use a lot of Angular I thought it could be something to consider. There is even a date range option, which could be interesting for other areas.
You can spin a demo on this stackblitz https://stackblitz.com/edit/angular-material-calendar-with-date-ranges-and-presets?file=package.json
What I like about it:
* When choosing a different year it automatically prompts to choose the month which is fairly logical and usable
* There is the possibility to set ranges (future integration with Events?)
* There is the option to have quick options like Last 30 days, Last 12 months, etc.
![Angular Material Calendar with Date Range and Range Presets](https://laros.io/images/angular-material-calendar-date-range.png)
Anyway it was just something I wanted to raise but it's not a high priority but could be a great enhancement.https://lab.civicrm.org/dev/core/-/issues/4907Event full inconsistencies2024-01-15T11:35:24ZeileenEvent full inconsistenciesThe way EventFull is calculated in apiv4 is not consistent with elsewhere
apiv4 returns a field `'remaining_participants'` which is
event.max_participants - COUNT(participant rows for the event where contact is not deleted, participant ...The way EventFull is calculated in apiv4 is not consistent with elsewhere
apiv4 returns a field `'remaining_participants'` which is
event.max_participants - COUNT(participant rows for the event where contact is not deleted, participant is not test and participant status is_counted)
By contrast apiv3 returns the contents of `CRM_Event_BAO_Participant::eventFull()` which also takes into account the participant role and other aspects of the status
`eventFull()` has some funky parameters - there are 12 calls to it
| caller | returnEmptySeats |includeWaitingList|returnWaitingCount|considerTestParticipant|onlyPositiveStatuses|
| ------ | ------ |------ |------ |------ |------ |
| apiv3-event | TRUE |TRUE|FALSE|FALSE|FALSE|
| Participant::eventFullMessage | FALSE |FALSE|FALSE|FALSE|FALSE|
| Participant::eventFullMessage(2) | FALSE |TRUE|TRUE|FALSE|FALSE|
|ParticipantStatusType::process|TRUE|FALSE|FALSE|FALSE|
|ParticipantTest|FALSE|TRUE|FALSE|FALSE|FALSE|
|Registration::preProcess|FALSE|if-event-has-waitlist|FALSE|FALSE|FALSE|
|Registration::preProcess(2)|TRUE|if-event-has-waitlist|FALSE|FALSE|FALSE|
|Event_Confirm::formRule|FALSE|if-event-has-waitlist|FALSE|FALSE|FALSE|
|ParticipantConfirm|TRUE|FALSE|TRUE|FALSE|TRUE|
|Register::preProcess|FALSE|if-event-has-waitlist|FALSE|FALSE|FALSE|
|EventInfo::run|FALSE|if-event-has-waitlist|FALSE|FALSE|FALSE|
|event-cart|TRUE|TRUE|FALSE|FALSE|FALSE|
Note that this issue somewhat relates/ explains
https://lab.civicrm.org/dev/event/-/issues/23https://lab.civicrm.org/dev/core/-/issues/4906UI to make multivalue custom field sets on any entity2024-01-17T18:16:59ZMichael McAndrewUI to make multivalue custom field sets on any entityFollowing https://github.com/civicrm/civicrm-core/pull/27549 it appears that the ability to make custom data multi-value is missing from the create custom data set UI
![image](/uploads/e6c5ab54c7c80e33b34c206c41c1339a/image.png)
The ab...Following https://github.com/civicrm/civicrm-core/pull/27549 it appears that the ability to make custom data multi-value is missing from the create custom data set UI
![image](/uploads/e6c5ab54c7c80e33b34c206c41c1339a/image.png)
The above screenshot shows the form with the missing field. I would expect all entities to now show the 'Does this Custom Field Set allow multiple records?' checkbox as per the screenshot below (taken when the entity was set to individual).
![image](/uploads/38e5b73c0ebf6f44638c36b8bf1e262e/image.png)
@colemanw - you might have some thoughts on this. Guessing it might have something to do with the ' (in theory)' ending to https://github.com/civicrm/civicrm-core/pull/27549https://lab.civicrm.org/dev/core/-/issues/4902Unnecessary Event Breadcrumb When Editing Event2024-02-01T10:45:52ZthemakUnnecessary Event Breadcrumb When Editing EventWhen editing an event - the breadcrumbs that display are:
CiviCRM > CiviEvent Dashboard > Manage Events > Manage Events
The first 3 make sense, but the last one actually links to the edit event page that you are editing. While I have se...When editing an event - the breadcrumbs that display are:
CiviCRM > CiviEvent Dashboard > Manage Events > Manage Events
The first 3 make sense, but the last one actually links to the edit event page that you are editing. While I have seen breadcrumbs include the current page you are on, usually they are not linked and sometimes greyed out. To stay consistent with other parts of civi, I would remove the last breadcrumb. If we decide to keep for some reason - at very least it should say Configure Event - not Manage Event.
5.69.1 - also replicated in 5.71.alpha1
![Screenshot_2024-01-10_at_12.52.30_PM](/uploads/d6048cb7a5167aab82e3dca9c2aba45d/Screenshot_2024-01-10_at_12.52.30_PM.png)https://lab.civicrm.org/dev/core/-/issues/4901financialacls has a missing dependency on civi_contribute2024-01-19T19:31:27Zfkohrtfinancialacls has a missing dependency on civi_contributeThis is just to report an anomaly I experienced on two separate CiviCRM instances.
After we updated our CiviCRM 5.68.0 running on Drupal 10.2.1 to version 5.69.1, I received the following extension error in the _CiviCRM System Status_:
...This is just to report an anomaly I experienced on two separate CiviCRM instances.
After we updated our CiviCRM 5.68.0 running on Drupal 10.2.1 to version 5.69.1, I received the following extension error in the _CiviCRM System Status_:
> "Financial ACLs" (`financialacls`) has a missing dependency on "CiviContribute" (`civi_contribute`)
It also says "To resolve any errors, go to __Manage Extensions__.", but after following that link I don't know what to do next.
We had the following extensions installed:
- AuthX
- CiviEvent
- CiviReport
- CKEditor4
- Contributor cancel actions
- Custom search framework
- Form Core
- FlexMailer
- SearchKit
After installing CiviContribute due to the extension error, I got the following full page error message:
> Sorry, due to an error, we are unable to fulfill your request at the moment. You may want to contact your administrator or service provider with more details about what action you were performing when this occurred.
>
> DB Error: already exists
CiviContribute is now also listed as installed extension.
Is there something I could/should have done different?https://lab.civicrm.org/dev/core/-/issues/4900Crash when disabling an extension that provides an entity that is referenced ...2024-01-15T11:40:21ZufundoCrash when disabling an extension that provides an entity that is referenced in a custom fieldReproduction steps
----------------------------------------
1. Enable an extension which adds a new entity
1. Add a Custom Field through the UI which is an EntityReference to the entity from the extension
1. Disable the extension
2. Cras...Reproduction steps
----------------------------------------
1. Enable an extension which adds a new entity
1. Add a Custom Field through the UI which is an EntityReference to the entity from the extension
1. Disable the extension
2. Crash ensues
Current behaviour
----------------------------------------
Every Civi page crashes with
```
The website encountered an unexpected error. Please try again later.
TypeError: CRM_Core_DAO_AllCoreTables::getTableForEntityName(): Return value must be of type string, null returned in CRM_Core_DAO_AllCoreTables::getTableForEntityName() (line 365 of /var/www/html/vendor/civicrm/civicrm-core/CRM/Core/DAO/AllCoreTables.php).
Civi\Api4\Service\Schema\SchemaMapBuilder::getTableName('MyCustomEntity') (Line: 149)
Civi\Api4\Service\Schema\SchemaMapBuilder->addCustomFields(Object, Object, 'Contact') (Line: 74)
Civi\Api4\Service\Schema\SchemaMapBuilder->loadTables(Object) (Line: 52)
Civi\Api4\Service\Schema\SchemaMapBuilder->build() (Line: 309)
Civi\Api4\Utils\CoreUtil::getSchemaMap() (Line: 773)
Civi\Api4\Query\Api4SelectQuery->autoJoinFK('dashboard_contact.id') (Line: 183)
Civi\Api4\Query\Api4SelectQuery->buildSelectClause() (Line: 79)
Civi\Api4\Query\Api4Query->getSql() (Line: 90)
Civi\Api4\Query\Api4Query->getResults() (Line: 106)
Civi\Api4\Query\Api4SelectQuery->run() (Line: 107)
Civi\Api4\Generic\DAOGetAction->getObjects(Object) (Line: 94)
Civi\Api4\Generic\DAOGetAction->_run(Object) (Line: 72)
Civi\Api4\Provider\ActionObjectProvider->invoke(Object) (Line: 156)
Civi\API\Kernel->runRequest(Object) (Line: 256)
Civi\Api4\Generic\AbstractAction->execute() (Line: 91)
civicrm_api4('Dashboard', 'get', Array) (Line: 69)
CRM_Core_BAO_Dashboard::getContactDashlets() (Line: 46)
CRM_Contact_Page_DashBoard->run(Array, NULL) (Line: 322)
CRM_Core_Invoke::runItem(Array) (Line: 69)
CRM_Core_Invoke::_invoke(Array) (Line: 36)
CRM_Core_Invoke::invoke(Array) (Line: 88)
Drupal\civicrm\Civicrm->invoke(Array) (Line: 83)
Drupal\civicrm\Controller\CivicrmController->main(Array, '')
call_user_func_array(Array, Array) (Line: 123)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 592)
Drupal\Core\Render\Renderer->executeInRenderContext(Object, Object) (Line: 124)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->wrapControllerExecutionInRenderContext(Array, Array) (Line: 97)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 181)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1) (Line: 76)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1) (Line: 58)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1) (Line: 48)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1) (Line: 106)
Drupal\page_cache\StackMiddleware\PageCache->pass(Object, 1, 1) (Line: 85)
Drupal\page_cache\StackMiddleware\PageCache->handle(Object, 1, 1) (Line: 48)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1) (Line: 51)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1) (Line: 51)
Drupal\Core\StackMiddleware\StackedHttpKernel->handle(Object, 1, 1) (Line: 704)
Drupal\Core\DrupalKernel->handle(Object) (Line: 19)
```
Expected behaviour
----------------------------------------
I think it would be good to check for any custom fields referencing entities that are about to disappear before disabling the extension, and then:
a) disable those custom fields
OR
b) prevent you disabling the extension
Comments
----------------------------------------
I wonder if some very diligent extension authors may already handle this case in the extension disable logic and/or maybe there should be an option c) resolve the issue in some custom way specified by the extension?
Or maybe the `SchemaMapBuilder` could fail less catastrophically?
Only tested on D10.https://lab.civicrm.org/dev/core/-/issues/4899Modelling many to many relationships with Entity reference, SearchKit, FormBu...2024-01-17T18:18:18ZMichael McAndrewModelling many to many relationships with Entity reference, SearchKit, FormBuilder, ECK, etc.Creating this issue as a way to keep track of different bits of functionality that can be used together to model many to many relationships in CiviCRM as when you put this all together, I think it is quite a game changer for data modelli...Creating this issue as a way to keep track of different bits of functionality that can be used together to model many to many relationships in CiviCRM as when you put this all together, I think it is quite a game changer for data modelling in CiviCRM :grinning:
Might make sense to document this at some point soon, and it would be good to collect feedback on how people are finding this functionality, ideas for improvement, etc.
Also, if you have any budget that you would like to put towards this work: to improve it or build out more features, etc. please get in contact with @colemanw or me :heart:.
* Entity Reference fields - allows you to reference other entities in custom data fields effectively creating **one to many** relationships.
* Multivalue custom data sets - [now available to all entities](https://github.com/civicrm/civicrm-core/pull/27549) allowing you to model **many to many** relationships _with additional meta data_ about the relationship
* Searchkit support for [joining via EntityRef fields in multivalue custom data](https://github.com/civicrm/civicrm-core/pull/28721) - allows you to create searches that span many to many joins
* FormBuilder support - allowing for editing of many to many relationships in entities (could probably do with some improvement)
* [ECK](https://github.com/systopia/de.systopia.eck) which allows people to make arbitrary new entities that can be joined via these relationshipshttps://lab.civicrm.org/dev/core/-/issues/4895Can't delete unused financial types2024-01-15T11:38:54ZJonGoldCan't delete unused financial typesOverview
----------------------------------------
Not a regression!
Financial types associated with quick config price sets can never be deleted.
Reproduction steps
----------------------------------------
1. Create a new financial typ...Overview
----------------------------------------
Not a regression!
Financial types associated with quick config price sets can never be deleted.
Reproduction steps
----------------------------------------
1. Create a new financial type.
1. Create a new event.
1. Select the financial type as the default for the event and save.
1. Delete the event.
1. Delete the financial type.
Current behaviour
----------------------------------------
Obtuse error.
```
The following tables have an entry for this financial type: CRM_Price_DAO_PriceSet, CRM_Price_DAO_PriceFieldValue
```
Expected behaviour
----------------------------------------
Financial type should be deletable.
When the warning `Deleting this event will also delete associated Event Registration Page and Event Fee configurations. This action cannot be undone. Do you want to continue?` appears - continuing should delete the price set if it's a quick-config. But since I hope quick config dies a painful death, let's generalize to "deleting an event
Comments
----------------------------------------
Tangentially - you can't delete a price set that has any payments associated with it. This should be doable IMO and I believe is an artifact of pre-CiviAccounts (Civi 4.3) behavior when line items didn't exist.https://lab.civicrm.org/dev/core/-/issues/4891[PHP 8.1] Weight notices @ trash contact folder2024-02-09T20:39:06Zjofranzfranz@systopia.de[PHP 8.1] Weight notices @ trash contact folderOverview
----------------------------------------
_Weight notices @ trash contact folder_
Reproduction steps
----------------------------------------
1. Delete a contact in a non-permanent way
2. Go to: https://dmaster.demo.civicrm.org/...Overview
----------------------------------------
_Weight notices @ trash contact folder_
Reproduction steps
----------------------------------------
1. Delete a contact in a non-permanent way
2. Go to: https://dmaster.demo.civicrm.org/civicrm/contact/search/advanced (user/pass: demo demo)
3. Select: "Search in Trash
(deleted contacts)" (Important!!!)
4. Hit "Search"
Current behaviour
----------------------------------------
Many weight notices:
```
Warning: Undefined array key "weight" in CRM_Core_Action::{closure}() (line 318 of /srv/buildkit/build/dmaster/web/sites/all/modules/civicrm/CRM/Core/Action.php).
Warning: Undefined array key "weight" in CRM_Core_Action::{closure}() (line 318 of /srv/buildkit/build/dmaster/web/sites/all/modules/civicrm/CRM/Core/Action.php).
Warning: Undefined array key "weight" in CRM_Core_Action::{closure}() (line 318 of /srv/buildkit/build/dmaster/web/sites/all/modules/civicrm/CRM/Core/Action.php).
Warning: Undefined array key "weight" in CRM_Core_Action::{closure}() (line 318 of /srv/buildkit/build/dmaster/web/sites/all/modules/civicrm/CRM/Core/Action.php).
```
Expected behaviour
----------------------------------------
No notices.
Environment information
----------------------------------------
* __Browser:__ _Firefox_
* __CiviCRM:__ _5.68.1 (guess also below and above)_
* __PHP:__ _8.1+_
* __CMS:__ _Drupal10_
* __Database:__ _WhateverDB_
* __Web Server:__ _An amazing one even!_
----------------------------------------
_systopia reference: 23444_eileeneileenhttps://lab.civicrm.org/dev/core/-/issues/4890CiviCRM could not create trigger2024-02-01T10:38:38ZktatgenhorstCiviCRM could not create triggerOverview
----------------------------------------
_Please describe your problem or bug in detail._
Installation of version 5.69.0 on a fresh Ubuntu install with WordPress.
1. I used this link to setup Wordpress on Ubuntu:
https://ub...Overview
----------------------------------------
_Please describe your problem or bug in detail._
Installation of version 5.69.0 on a fresh Ubuntu install with WordPress.
1. I used this link to setup Wordpress on Ubuntu:
https://ubuntu.com/tutorials/install-and-configure-wordpress#1-overview
2. I followed this set of instructions to install CiviCRM:
https://docs.civicrm.org/installation/en/latest/wordpress/
3. When I go to the installation/setup wizard I add the credentials for the database I created (separate from WP database and the user has grant all and specifically grant trigger on civicrm.*). I did destroy the VM and build a second time with same steps and results.
_If you have already posted on https://civicrm.stackexchange.com or https://chat.civicrm.org, please include the link to that conversation._
I have not posted there, but I see older posts regarding this on previous versions. None of those offer a valid solution for this present issue,
Reproduction steps
----------------------------------------
1. Click on **Contacts -> New Individual**.
1. Entered **First Name** and **Last Name** and clicked **Save**.
1. Got an error "**Fatal error: DB error**".
Current behaviour
The setup stops after DB connect and reports unable to create triggers.
----------------------------------------
_What happens currently. Please provide error messages, screenshots or gifs ([LICEcap](http://www.cockos.com/licecap/), [SilentCast](https://github.com/colinkeenan/silentcast)) where appropriate._
```
TIP: The best way to convey an error message is to copy it in here and use
three backtick ` symbols. You may edit the message to remove private
information (like passwords). The backticks will help to preserve any
special characters or spaces.
```
Expected behaviour
----------------------------------------
_What should happen._
I should pass through the setup screen and have a functioning CiviCRM install.
Environment information
----------------------------------------
<!-- Some of the items below may not be relevant for every bug - if in doubt please include more information than you think is neccessary. -->
Ubuntu 20.04
MySqlD 8.0.35
Php 8.2.4
Apache2 2.4.41
CiviCRM 5.69.0
* __Browser:__ _Firefox 59.0.1/Chrome 78.0.3904/Safari 13_
* __CiviCRM:__ _Master/5.20.0/5.19.1/5.18.2/..._ <!-- If this problem relates to an upgrade, then specify both old and new versions -->
* __PHP:__ _7.0/7.1/7.2/7.3/...__
* __CMS:__ _Backdrop 1.5/Drupal 7.30/Joomla 3.3/WordPress 4.5/..._
* __Database:__ _MySQL 5.7.7/MariaDB 10.4/..._
* __Web Server:__ _Apache 2.4/Nginx 1.16/..._
Comments
----------------------------------------
_Anything else you would like the reviewer to note._
Thank you,
Karl Tatgenhorsthttps://lab.civicrm.org/dev/core/-/issues/4887Discussion / clarification on Api4 permissions2024-01-05T13:49:04ZRichDiscussion / clarification on Api4 permissionsI've been trying to [grok](https://en.wikipedia.org/wiki/Grok) this while working on Standalone, and it's raised a few questions for me. It looks like there are several nuances/quirks/gotchas. This is my attempt to document these. I'd re...I've been trying to [grok](https://en.wikipedia.org/wiki/Grok) this while working on Standalone, and it's raised a few questions for me. It looks like there are several nuances/quirks/gotchas. This is my attempt to document these. I'd really appreciate anyone chipping in to improve this understanding. I'll close this issue off once I understand things, hopefully after having opened other issues/PRs including for the docs.
See: [Developer docs on security](https://docs.civicrm.org/dev/en/latest/security/permissions/#apiv4)
API access is split between Coarse and Fine grained levels.
- Coarse is: `action::permissions()`, `api::authorize`, `AuthorizeEvent`,
`PermissionCheckSubscriber`...
- Fine is: `CoreUtil::checkAccessRecord`, `_checkAccess`, `AuthorizeRecordEvent`
**Coarse** level control is at the entity.action level only is handled by the
`API\Kernel->authorize()` method, which dispatches an `AuthorizeEvent` over
`civi.api.authorize`.
- `Api4/Event/Subscriber/PermissionCheckSubscriber` subscribes `W_LATE` and
authorizes the event: where checkPermissions is false or where the action is
getLinks, or if `$apiRequest->isAuthorized()` returns true. This generally is
handled by code in `AbstractAction` which finds the permissions needed
(`getPermissions()`) finds a match for the action name in the array returned
by the Api Action classes’ `permissions()` method) and checks them with
`\CRM_Core_Permission::check();`
Gotcha: the `save` action, if unspecified in the action's `permissions()`
method gets defaults from `create` (if specified) rather than `default`.
- there are other listeners too, (e.g. `AdhocProvider` (api4) and
`API/Subscriber/PermissionCheck` which is mostly api3 but it also authorizes
requests for api4 where `checkPermissions` has been set false, duplicating the
same logic above.)
**Fine** level control (at least for DAO entites) is at an Action-and-Record
level control (termed ACLs) rely on a single method on the entity's **BAO**:
public static function _checkAccess(string $entityName, string $action, array $record, ?int $userID): bool
- These methods are used by `\Civi\Api4\Utils\CoreUtil::checkAccessRecord`
- This only calls the BAO's `_checkAccess()` for actions that do not extend
`AbstractGetAction`; intended to be write actions, but could be others.
When it is called it must return TRUE for OK. A FALSE value will cause an
exception.
- `_checkAccess` is **not** called if a listener to
`\Civi\Api4\Event\AuthorizeRecordEvent` authorizes or explicitly declares
the event unauthorized.
- `_checkAccess` must only check data as follows: entity and action name and nothing else from `$apiRequest`. Data in `$record` (see below for what this contains). It may identify the record's primary key ID and fetch data from the database to consider, too.
- `checkAccessRecord` is used:
- `AbstractUpdateAction::_run` calls it per row to be updated
- `DAODeleteAction::_run` calls it per row.
- `BasicBatchAction::_run` calls it per row.
- `AbstractCreateAction::validateValues` calls it. (before `ValidateValuesEvent`)
### `$record` for Delete
This is `[$idFieldName => $id]` only.
### `$record` for Create
validateValues calls `_checkAccess` with data that has been pre processed via: *formatWriteValues » fillDefaults*
### `$record` for Update
- formatWriteValues
- some special code to convert passing a primary key value in values to a WHERE
clause, and to rule out the possiblity of changing an existing primary key
- For single row updates:
- populate only the row's id field (from the where)
- calls `_checkAccess` with the id field + input (after formatWriteValues)
- For batch updates:
- getBatchRecords
- each row, we take the input (after formatWriteValues) and fill from
existing row data. Then call `_checkAccess`.
- *then* call validateValues() which dispatches a ValidateValuesEvent
over `civi.api4.validate`
### `$record` for Save
- Loops rows
- applies defaults passed in to this specific row
- `formatWriteValues`
- `matchExisting` (presumably sets PKs?)
- if a create, fills defaults
- calls `validateValues` which loops records and for each calls
`checkAccessDelegated` with either 'create' or 'update'
- `checkAccessDelegated` creates a new API request of the same type and calls
`authorize`, as a way to check permissions for the entity.action pair.
(inside loop!)
- it then calls `_checkAccess` for the record with this new empty api request
and the record as a separate array. i.e. the `$apiRequest` handled by
`_checkAccess` only contains the entity name and action name.
## Questions
- There's a couple of places where I think we could reduce work that is
unnecessarily repeated in a loop.
- `AbstractSaveAction::validateValues` calls `checkAccessDelegated` which in
turn calls `authorize()` on a blank API call every time. The answer to this
won't change during the loop; there may be one answer for 'create' and one
for 'update'.
- `Generic\BasicBatchAction` (minor): move if(checkPermissions) to outside
the loop and cache the logged in user outside the loop too.
- `_checkAccess` is only called for actions that don't extend the
AbstractGetAction. This could potentially be confusing for other reporting
actions that don't extend this (maybe they should?). I've seen quite a few
examples where specific cases return FALSE and at the end there's a default
return TRUE. I'm not suggesting there's a security problem, but this doesn't
feel "security-first", i.e. it's a blanket allow with some exceptions rather
than a blanket deny with allow being explicitly checked.
- It feels weird that we start from an entity-action-specific class, then call
a wider entity-specific method, passing in the name of the action, meaning that
the logic then needs to disaggregate the action-specifics. It also feels weird
that `_checkAccess` is in the BAO, though it's only called by Api4 code.
Wouldn't it be better to have `_checkAccess` in the action classes?
- `$record` passed as part of update actions is inconsistent. It contains full original
data with updated field values replaced for *batch* updates, but only the
updated field values and primary key for *single* updates. Later,
validateValues is called with a `CRM_Utils_LazyArray` that would *reload* this
data (in the case of a batch update). The `ValidateValuesEvent->records` *only*
contains the updated values. So three possible different sets of data.
- A comment in the `ValidateValuesEvent` notes that it's expensive to lookup the
original values (because it would be one query per record), so avoid if possible.
The lazy array returns only the update values as 'new', not the merged array
(this is the same as in its records property). There is duplication for an
*update action* since these are already present on the event under 'records'
and are shared between all rows. However for a *save action*, there could be
per-row specific updates.
Q. where we've loaded the data (e.g. batch update) couldn't we make that available
to save the lazy function doing a one-query-per-row?RichRichhttps://lab.civicrm.org/dev/core/-/issues/4885[5.68.1] Missing Relationship Cache Trigger2024-01-15T11:28:29ZDmitry Smirnov[5.68.1] Missing Relationship Cache TriggerAfter upgrade from 5.53.0 to 5.68.1, _System Status_ page shows "Missing Relationship Cache Trigger" warning.
Attempt to "Rebuild triggers" using the provided button yields no effect.
`civicrm.civicrm_relationship_cache` table have ple...After upgrade from 5.53.0 to 5.68.1, _System Status_ page shows "Missing Relationship Cache Trigger" warning.
Attempt to "Rebuild triggers" using the provided button yields no effect.
`civicrm.civicrm_relationship_cache` table have plenty of records but no triggers.
Debug log is enabled but I could not spot any errors so "rebuilding triggers" appears to fail silently...https://lab.civicrm.org/dev/core/-/issues/4882Fatal error / incomplete form validation: Batch Data Entry for Contributions2024-01-15T11:27:43ZAllenShawFatal error / incomplete form validation: Batch Data Entry for Contributions**Summary:**
For Batch Data Entry of contributions, incomplete validation of the "Received" column value can lead to a fatal error and import of only a subset of batch entries.
**Repro:**
To reproduce on dmaster (currently "Powered b...**Summary:**
For Batch Data Entry of contributions, incomplete validation of the "Received" column value can lead to a fatal error and import of only a subset of batch entries.
**Repro:**
To reproduce on dmaster (currently "Powered by CiviCRM 5.70.alpha1"):
1. Create a new Batch (Contributions \> Batch Data Entry : New Data Entry Batch) containing 2 or more entries.
2. For the first entry, fill all relevant fields with sensible data; important for repro: leave the Contribution Date date/time at its default value (or enter any other date/time value)
3. For the second entry, fill all relevant fields with sensible data; important for repro: delete the date portion of the Contribution Date date/time value (but ensure there is a time component. E.g. NULL date, 10:20AM)
![received.png](/uploads/f7758c48d66461ea0d77c3dc2ae63d2e/received.png)
4. Submit the form with "Validate and Process the Batch"
**Expected (good) behavior:**
* Form validation should notice that date component is empty in the second entry and alert the user that this is required.
* No entries are processed (no new contributions are created)
**Actual (bad) behavior:**
* Form is submitted without any validation errors.
* User observes fatal error: "Sorry, due to an error, we are unable to fulfill your request at the moment. You may want to contact your administrator or service provider with more details about what action you were performing when this occurred. DB Error: unknown error"
* The first entry is fully processed (a new contribution is created), but no subsequent entries are processed.
* The SQL error here is:
```
"INSERT INTO `civicrm_contribution` (`contact_id` , `financial_type_id` , `payment_instrument_id` , `receive_date` , `total_amount` , `fee_amount` , `net_amount` , `invoice_id` , `invoice_number` , `currency` , `source` , `contribution_status_id` , `check_number` , `campaign_id` , `tax_amount` ) VALUES ( 45968 , 48 , 4 , 10 , 200 , 0 , 200 , NULL , 'INV_11998' , 'USD' , '2023 EOY gift' , 1 , '297' , 95 , 0 ) [nativecode=1292 ** Incorrect datetime value: '10' for column `hft_civicrm`.`civicrm_contribution`.`receive_date` at row 1]"
```
(Note that the '10' in `Incorrect datetime value: '10'` is the Hour part of the time component as submitted for the second entry.)
**Proposed fix:**
Form validation should ensure that a Date component is entered; a Time component without a Date component will result in the above misbehavior.https://lab.civicrm.org/dev/core/-/issues/4876Email greeting config crashes on some smarty `if` statements if quotes are in...2024-01-15T11:27:07ZDaveDEmail greeting config crashes on some smarty `if` statements if quotes are involvedI don't think this is recent, but in message templates I remember there was some handling so that you could do e.g. `{if '{token.something}' == ''}aaa{else}bbb{/if}`, and if `{token.something}`'s value contained apostrophes it would stil...I don't think this is recent, but in message templates I remember there was some handling so that you could do e.g. `{if '{token.something}' == ''}aaa{else}bbb{/if}`, and if `{token.something}`'s value contained apostrophes it would still work. I haven't checked if that's still working but if you do the same in an email greeting it will crash. Example:
1. Create a new contact with first name `D'Andre`.
2. Down in communication prefs choose customized for the email greeting and put `Dear {if '{contact.first_name}' == ''}Friend{else}{contact.first_name}{/if}`.
3. When you save it crashes because the apostrophe confuses it.
4. It's not related to choosing "customized". It happens if this is your normal config at admin - communications - email greetings.
5. It also happens if you try double-quotes and then the name contains a double-quote.
I can work around it with `Dear {if {contact.first_name|boolean}}{contact.first_name}{else}Friend{/if}`, but if I wanted to compare to an actual value that wouldn't help.https://lab.civicrm.org/dev/core/-/issues/4875Better tracking of Scheduled Reminders including Reporting2024-02-21T19:56:17ZshaneonabikeBetter tracking of Scheduled Reminders including Reporting## Overview
_It has come up quite a few times with several clients of ours, whereby they want to see what Scheduled messages went out, if they bounced, and other details. In a few cases, the Scheduled Reminders were not configured prope...## Overview
_It has come up quite a few times with several clients of ours, whereby they want to see what Scheduled messages went out, if they bounced, and other details. In a few cases, the Scheduled Reminders were not configured properly by the client, which is understandable but that's another UI issue._
_So I think it could be really helpful to provide this type of tracking, including click-through, FFWD, etc for Scheduled Reminders like regular mailings._
## Example use-case
1. Set up a Scheduled Reminder for an Event or Membership Renewal
2. Go to Reports to view the progress of Scheduled Reminders
3. Filter by click-throughs, bounce, etc.
## Current behaviour
_Same as above. Presently, the only workaround in some cases like Scheduled Reminders is to create a "fake" mailing that is sent out to one person. Then copying the code generated into the Scheduled Reminder allows a person to actually track the Scheduled Reminder information like you would with a regular mailing because it is associated to our "fake" mailing. But this is super not sustainable or even doable for Event Reminders._
## Proposed behaviour
_Basically, I think it could be extremely useful to integrate the same functionality for Mailing tracking (including bounce) to Scheduled Reminders._https://lab.civicrm.org/dev/core/-/issues/4873SearchKit - Add inputMode setting to allow clauses to reference column values...2024-02-12T16:30:40ZsamuelsovSearchKit - Add inputMode setting to allow clauses to reference column values in conditionsRelated to https://github.com/civicrm/civicrm-core/pull/28112
The next step is to allow the feature of field selection for conditions :
![image](/uploads/c400052bf32ca7944a87fdae2d2d3bf6/image.png)
I believe it's already possible from...Related to https://github.com/civicrm/civicrm-core/pull/28112
The next step is to allow the feature of field selection for conditions :
![image](/uploads/c400052bf32ca7944a87fdae2d2d3bf6/image.png)
I believe it's already possible from the managed file so it's likely only a UI limitation.colemanwcolemanwhttps://lab.civicrm.org/dev/core/-/issues/4871Afform - Reset button click does not refresh the search result table with emp...2023-12-20T19:19:39ZjitendraAfform - Reset button click does not refresh the search result table with empty filtersTo replicate:
- Create a search kit to search for contacts.
- Add a form builder with a filter input Display Name. Also enable Reset button.
- View the search form and search for display name:
![image](/uploads/61162fab96405b82341a39ddb...To replicate:
- Create a search kit to search for contacts.
- Add a form builder with a filter input Display Name. Also enable Reset button.
- View the search form and search for display name:
![image](/uploads/61162fab96405b82341a39ddb461d9d6/image.png)
- Click Reset and search again.
**Expected**: The search refreshes the table with empty displayname and returns all contacts.
**Actual**: The search does not refresh the table.
![image](/uploads/7b807b8aee9ee97d3b8c5b5c98a133aa/image.png)
Note: If i clear the textbox manually and hit search, the search is working fine.https://lab.civicrm.org/dev/core/-/issues/4868Add action for copy activity2023-12-20T19:16:21ZyashodhaAdd action for copy activityWe do have copy action on various entities like _Contribution Page_, _Events_.
It might be handy to have the same for _Activity _as well.
Also provide _Save as New_ feature/ when clicked we can have a new activity created with addition...We do have copy action on various entities like _Contribution Page_, _Events_.
It might be handy to have the same for _Activity _as well.
Also provide _Save as New_ feature/ when clicked we can have a new activity created with additional tweaks based on a pre-existing activity. This would come esp handy for activities which have lots of Activity Contacts/Targets/assignees and custom dat awith the original activity acting as a template.yashodhayashodhahttps://lab.civicrm.org/dev/core/-/issues/4865The "X" on advanced search accordions isn't doing the right thing anymore2023-12-20T19:15:35ZDaveDThe "X" on advanced search accordions isn't doing the right thing anymoreFollowup to https://lab.civicrm.org/dev/core/-/issues/4856
It looks like it's been a problem since at least 5.63.
What used to happen was if you just collapsed the accordion, it still used whatever search criteria had been entered (bec...Followup to https://lab.civicrm.org/dev/core/-/issues/4856
It looks like it's been a problem since at least 5.63.
What used to happen was if you just collapsed the accordion, it still used whatever search criteria had been entered (because after the search the form still needs to retain the search criteria even with them collapsed), and in fact even just opening the accordion would make it do the table joins (e.g. if you open the contributions accordion it's the same as "only show me contacts who have at least one contribution"). That's all working now again after 4856. But the "X" at the far right of the accordion header was there to completely remove the criteria and table joins from the query. That's not working anymore, and broke before any accordion changes.
It is _sort of_ working in the sense that it will clear contribution date for example, but not some other fields like id or transaction. And in both cases the accordion still pops open after search. Also note the defaults disappear so it's now including test and template contributions.
And additionally, for transaction, if you repeat and close the accordion again and click search again, you get a crash because it tries to pass array for some reason to mysqli_escape_string.