List of groups in search form and create new contact screen not respecting ACLs
If you have an ACL on your system and it limits access to one or a specific set of groups this is correctly reflected on the Manage Groups screen but not when you go to do an advanced search and click the list of groups nor when you go to create a new Individual and expand the Tags and Groups Section.
To replicate
- Grant the Subscriber role access to the CiviCRM backend
- Create a new ACL group called test group
- Create a new Individual Test Contact
- Add Test Contact into ACL group created in item 2
- Create new ACL role called Test ACL role
- Assign the Test ACL role to the Test Group created In item 2
- Create an ACL for the Test ACL role granting edit access to the contacts in the Newsletter Subscribers group
- Create a new WordPress role for the Test Contact created in item 3 give them just the Subscriber role.
- Now login at the new user account in a new private window
- Navigate to the Contacts -> Manage Groups Screen and see that it only shows you Newsletter Subscriber
- Navigate to Advanced Search and Click on groups and see you get more than just the Newsletter Subscriber group returned
ping @kcristiano @JoeMurray