Development issueshttps://lab.civicrm.org/groups/dev/-/issues2022-02-09T05:05:44Zhttps://lab.civicrm.org/dev/core/-/issues/3055System.check permissions changed in Civi 5.462022-02-09T05:05:44ZJonGoldSystem.check permissions changed in Civi 5.46This is a regression, but most folks aren't going to see this.
[PR 22369](https://github.com/civicrm/civicrm-core/pull/22369) adds a new system check to ensure dedupe rules are present. However, it makes [an API4 call](https://github.c...This is a regression, but most folks aren't going to see this.
[PR 22369](https://github.com/civicrm/civicrm-core/pull/22369) adds a new system check to ensure dedupe rules are present. However, it makes [an API4 call](https://github.com/civicrm/civicrm-core/blob/bf2fc668d9e458df17248e35968fbb06b97411d6/CRM/Utils/Check/Component/DedupeRules.php#L25) without bypassing a permission check.
Most of the time you need "Administer CiviCRM" to run `System.check` so this is usually fine. However, I have an extension that creates a custom permission that can also be used. This allows me to monitor CiviCRM remotely without storing an API key for an admin account on my monitoring server. So on 5.46 that user gets "authorization failed" when I run `System.check`.
Given the non-sensitive nature of this data, and the fact that someone must have permission to run `System.check`, I think it makes sense for this API call to bypass the permission check.5.46.1JonGoldJonGoldhttps://lab.civicrm.org/dev/core/-/issues/3054Searchkit: add an ability to embed searckit on normal forms when viewed in popup2023-11-20T16:18:07ZKurund JalmiSearchkit: add an ability to embed searckit on normal forms when viewed in popup### Current behavior
Currently, we can load the Searckit on a normal form only if it's opened in a new tab. Popup displays generates angular errors.
Below code is added using buiildForm hook.
Here is the working code:
```
Civi::se...### Current behavior
Currently, we can load the Searckit on a normal form only if it's opened in a new tab. Popup displays generates angular errors.
Below code is added using buiildForm hook.
Here is the working code:
```
Civi::service('angularjs.loader')->addModules('afformActivityImages');
$markup = '
<div id="bootstrap-theme" class="crm-activity-form-images">
<crm-angular-js modules="afformActivityImages">
<afform-activity-images options="{aid:' . $activityId . '}"></afform-activity-images>
</crm-angular-js>
</div>
';
CRM_Core_Region::instance('page-body')->add([
'markup' => $markup,
]);
```
Above Searckit display shows the images associated with the activity record.
### Expected behavior
It should also work when the form is loaded in popup modehttps://lab.civicrm.org/dev/core/-/issues/3053Usability issue reported by user: All Reports page overrides report results s...2023-11-20T05:03:18ZDevAppUsability issue reported by user: All Reports page overrides report results settingWhen clicking on a report name on the All Reports page located at /wp-admin/admin.php?page=CiviCRM&q=civicrm%2Freport%2Flist&reset=1
The resulting link loads the report with output=criteria on the end. This stops the default parameters ...When clicking on a report name on the All Reports page located at /wp-admin/admin.php?page=CiviCRM&q=civicrm%2Freport%2Flist&reset=1
The resulting link loads the report with output=criteria on the end. This stops the default parameters of the results from loading, which was set to view results. The user expected results to appear when loading the report per the saved report setting. The result to the user is the report is broken.
The output=criteria is overriding the saved report behaviour. Whilst there is a view results button the right hand side of the All Reports page, it does create some confusion to the user with consistency. Perhaps if the setting is already set on the report to view results, the output=criteria could be removed from that link to create consistency... Or the GUI clearer about why the report wasn't run.
This isn't a bug, but more a usability issue.https://lab.civicrm.org/dev/core/-/issues/3289SearchKit: In-place edit and Update Multiple action doesn't send full objectR...2022-04-22T15:53:55ZDaveDSearchKit: In-place edit and Update Multiple action doesn't send full objectRef object to the post hookThe objectRef is empty except for the id property. Not sure if this is expected from this action - in this particular situation it was a custom field being edited on an activity but I checked and it also happens with core activity fields...The objectRef is empty except for the id property. Not sure if this is expected from this action - in this particular situation it was a custom field being edited on an activity but I checked and it also happens with core activity fields. Normally objectRef is more populated during hook_post from elsewhere, e.g. it would normally have activity_type_id, subject, etc.https://lab.civicrm.org/dev/joomla/-/issues/38HTML Class generation assumes "class safe" names2022-02-11T20:21:03ZphilmorbruHTML Class generation assumes "class safe" namesBringing this issue over from the [iATS extension page](https://github.com/iATSPayments/com.iatspayments.civicrm/issues/367) where there are images and more documentation. Indications are that this also affects WordPress sites.
In short...Bringing this issue over from the [iATS extension page](https://github.com/iATSPayments/com.iatspayments.civicrm/issues/367) where there are images and more documentation. Indications are that this also affects WordPress sites.
In short, html classes that are generated for the iATS extension and possibly other contexts assume the machine name is class safe. If the name has spaces ("iATS Payments Credit Card" rather than "iATS_Payments_Credit_Card"), it results in multiple classes (.iATS .Payments .credit .card) rather than the single class (.iATS_Payments_Credit_Card).
A primary problem with this is that if the standard .card class is used on a site (very common with bootstrap), it leads to formatting problems for elements with Civi-generated classes. Otherwise this issue might fly under the radar on most sites.
Joomla! 3.9.24, Civi 5.39.0, iATS extension 1.7.45.48.0https://lab.civicrm.org/dev/core/-/issues/3052Homepage field does not accept non-ascii2022-09-29T14:42:48Zthoni56Homepage field does not accept non-asciiOverview
----------------------------------------
The Contact field "Homepage" does not accept anything other than ASCII.
Reproduction steps
----------------------------------------
1. Click on **Contacts -> New Individual**.
1. Entered...Overview
----------------------------------------
The Contact field "Homepage" does not accept anything other than ASCII.
Reproduction steps
----------------------------------------
1. Click on **Contacts -> New Individual**.
1. Entered the following URL in Homepage field: "https://www.linkedin.com/in/marcus-junström-8ba54626/".
Current behaviour
----------------------------------------
Got an error "Enter a valid web address beginning with 'http://' or 'https://'.", which is wrong, but also prevents using modern URLs which allows UTF8 or other encoding, such as LinkedIN pages.
Expected behaviour
----------------------------------------
It should be possible to enter modern, encoded, URL:s.
Environment information
----------------------------------------
* __Browser:__ _Safari 15.3_
* __CiviCRM:__ _5.45.1_
* __CMS:__ _Joomla 3.10_5.51.0https://lab.civicrm.org/dev/wordpress/-/issues/118Make CiviCRM's menu position an integer2022-03-17T20:45:35ZhaystackMake CiviCRM's menu position an integerIn WordPress 6.0, menu positions must be integers otherwise a `doing_it_wrong` error is triggered. CiviCRM currently sets the position to [a float expressed as a string](https://github.com/civicrm/civicrm-wordpress/blob/cce8f826a292ecceb...In WordPress 6.0, menu positions must be integers otherwise a `doing_it_wrong` error is triggered. CiviCRM currently sets the position to [a float expressed as a string](https://github.com/civicrm/civicrm-wordpress/blob/cce8f826a292ecceb9b04b93db4b38a17566eb08/includes/civicrm.admin.php#L600-L609) - this will need to be changed in due course.haystackhaystackhttps://lab.civicrm.org/dev/core/-/issues/3051Getting error when using custom searches2023-02-06T05:42:27ZErikHommelGetting error when using custom searchesOverview
----------------------------------------
When using a custom search (including most of the ones shipped with core but also ones in extensions) I can not select a single row and get this error:
```
User deprecated function: Depr...Overview
----------------------------------------
When using a custom search (including most of the ones shipped with core but also ones in extensions) I can not select a single row and get this error:
```
User deprecated function: Deprecated function CRM_Contact_Selector::fillupPrevNextCache,
use Custom searches should return sql capable of filling the prevnext cache..
in CRM_Core_Error::deprecatedFunctionWarning()
(regel 1044 van /var/www/html/speeltuin/sites/all/modules/civicrm/CRM/Core/Error.php).
```
Investigation shows that the error originates from the `fillWithSql` function in `CRM_Core_PrevNextCache_Sql`. This does not work in combination with the `count()` function in most custom searches. This means the next prev cache is not filled nor does the select option work.
Tested with 5.41.1 and replicated on dmaster.
Reproduction steps
----------------------------------------
1. Click on **Search>Custom Searches** and select Zip Code Range from the list
1. Select 1 as from and 9999 to search for the range
Current behaviour
----------------------------------------
* This error is one in the list of errors:
```
User deprecated function: Deprecated function CRM_Contact_Selector::fillupPrevNextCache,
use Custom searches should return sql capable of filling the prevnext cache..
in CRM_Core_Error::deprecatedFunctionWarning()
(line 1043 of /srv/buildkit/build/dmaster/web/sites/all/modules/civicrm/CRM/Core/Error.php).
```
* Try to select a single line, only selecting all rows will work
Expected behaviour
----------------------------------------
I should be able to select a single row or a couple of rows and perform actions on the selected ones
Environment information
----------------------------------------
* __Browser:__ _Firefox 95.0 (Linux Mint)
* __CiviCRM:__ _Master/5.41.1
* __PHP:__ _7.3__
* __CMS:__ _Drupal 7.81_
* __Database:__ _MySQL 5.7.7
* __Web Server:__ _Apache 2.4
Comments
----------------------------------------
Although custom searches are slowly being faded out this error breaks existing functionality so I think it is a regression? I think it certainly makes sense to remove the custom searches from future versions and encourage the usage of SearchKit. There are however quite a few extensions out there that use Custom Searches, and the Developer Guide still explains the civix _generate:search_. So I think this should be fixed AND the Developer Guide should be updated with instructions how we actually now want the PrevNext filled and used?
Happy to update the Developer Guide if someone can explain me what is required for the PrevNext new style?https://lab.civicrm.org/dev/core/-/issues/3049Auto-complete option values aren't available to anonymous users2023-09-02T01:04:32ZJonGoldAuto-complete option values aren't available to anonymous usersOverview
----------------------------------------
A custom field of input type "Autocomplete-Select" doesn't return results for anonymous users, even with the "Access AJAX API" permission granted.
Reproduction steps
--------------------...Overview
----------------------------------------
A custom field of input type "Autocomplete-Select" doesn't return results for anonymous users, even with the "Access AJAX API" permission granted.
Reproduction steps
----------------------------------------
1. Change an existing field (e.g. "Soup Selection") from **Dropdown** to **Autocomplete-Select**.
1. Add the field to a profile on a public-facing event page.
1. Grant the anonymous user the **Access AJAX API** permission.
1. View as an anonymous user.
Current behaviour
----------------------------------------
No results are returned.
Expected behaviour
----------------------------------------
Results are returned, as they are with a "Dropdown" input type.
Comments
----------------------------------------
The error is that anonymous users don't have access to the "Optionvalue.getlist" API because it requires "Access CiviCRM". This seems like the wrong permission; I think "Access AJAX API" should be sufficient. From a UX perspective, it's pretty inconsistent that a Select works but not an Autocomplete-Select.
I'm proposing that we allow anonymous users to access OptionValue.get - I'm interested in whether there are use cases where this results in an information disclosure vulnerability. I can't think of any myself.https://lab.civicrm.org/dev/core/-/issues/3410Registering a participant with Pending event payment gives misleading informa...2023-09-06T00:16:18ZspalmstromRegistering a participant with Pending event payment gives misleading information.1. Register a participant for an event.
1. Record a payment as pending, not complete.
The payment is not recorded in the database, but is displayed in the receipt emailed to that participant. Surely the receipt should not show that mone...1. Register a participant for an event.
1. Record a payment as pending, not complete.
The payment is not recorded in the database, but is displayed in the receipt emailed to that participant. Surely the receipt should not show that money has been paid when it is not recorded on the system?
No record of payment here:
![image](/uploads/cd696e04f6227e4446e142e35ffa81a0/image.png)
but here is the body of the email.
Dear First_1003,
===========================================================
Event Information and Location
===========================================================
Conference 2022
13th May, 2022 12:00 AM-15th May, 2022 12:00 AM
xxxxxxx
xxxxxx
xxx, xxxe xxx xxx
xxx xxx
Event Contacts:
Phone: xxxx
Email: xxxxx
===========================================================
Registered Email
===========================================================
first_1003.last_1003@somedomain.com
===========================================================
Event Fee(s)
===========================================================
---------------------------------------------------------
Item Qty Each Total
----------------------------------------------------------
En suite double 1 £ 150.00 £ 150.00
**Total Paid: £ 20.00
Balance: £ 130.00**
Registration Date: 31st January, 2022 4:40 PM
Transaction Date: 31st January, 2022 4:41 PM
Financial Type: Conference Fee
Paid By: Online payment
==========================================================
Conference Fields
==========================================================
Dietary Requirements:
Music:
Other:
Subsidy Fund (Optional):
==========================================================
Conference Payment
==========================================================
Payment options: Deposit of £20 per person online
Notice the payment is recorded.5.66.0https://lab.civicrm.org/dev/core/-/issues/3048Fatal error thrown in Contributions made in Year X and not Year Y custom search2023-11-19T05:03:26ZyashodhaFatal error thrown in Contributions made in Year X and not Year Y custom searchSteps to replicate :
--------------------
- Go to custom search _Contributions made in Year X and not Year Y_
- Enter _Inclusion Date One: Start/End_ and check _First time donor only?_
![demo_cus](/uploads/b03569e02aff60038ac9b4451e52...Steps to replicate :
--------------------
- Go to custom search _Contributions made in Year X and not Year Y_
- Enter _Inclusion Date One: Start/End_ and check _First time donor only?_
![demo_cus](/uploads/b03569e02aff60038ac9b4451e52be74/demo_cus.png)
- Search throws a fatal error
![dmater_error](/uploads/1607d514d535855ec6cfdd24aeadb335/dmater_error.png)
`| DebugInfo | REPLACE INTO civicrm_tmp_e_dflt_b78e21a09342a815fe62cebabffd98d6 SELECT DISTINCT contact_id AS contact_id FROM civicrm_contribution c WHERE c.is_test = 0 AND c.is_template = 0 AND c.receive_date < 2021-01-01 [nativecode=1292 ** Incorrect datetime value: '2019' for column `dmastercivi_g5lis`.`civicrm_contribution`.`receive_date` at row 1]`https://lab.civicrm.org/dev/core/-/issues/3047Contribution receipt no longer sends groupName to alterMailParams hook2022-01-30T16:44:44ZDaveDContribution receipt no longer sends groupName to alterMailParams hookLooks like it's these changes: https://github.com/civicrm/civicrm-core/pull/22615/files#diff-9a5050a22004395ee29b440cd543c11c4283cdb72563f28eae30806e5eba8cd3L418
I know there is some ongoing work to deprecate groupName etc but I thought...Looks like it's these changes: https://github.com/civicrm/civicrm-core/pull/22615/files#diff-9a5050a22004395ee29b440cd543c11c4283cdb72563f28eae30806e5eba8cd3L418
I know there is some ongoing work to deprecate groupName etc but I thought current hooks would still work for now, unless I missed it somewhere in a dev-digest.
Putting regression (in master) for the moment.https://lab.civicrm.org/dev/core/-/issues/3046searchkit: Where clauses no longer working2022-01-31T05:23:32ZDaveDsearchkit: Where clauses no longer workingNot sure when this broke. Probably recent.
It returns no records.
![Untitled2](/uploads/705e0f68edf50b8c44c264d0c2f7fd34/Untitled2.png)Not sure when this broke. Probably recent.
It returns no records.
![Untitled2](/uploads/705e0f68edf50b8c44c264d0c2f7fd34/Untitled2.png)5.47.0https://lab.civicrm.org/dev/core/-/issues/3045Upgrade error - unknown column 'entity_modified_date' in 'civicrm_managed'2022-02-02T01:47:08ZwmortadaUpgrade error - unknown column 'entity_modified_date' in 'civicrm_managed'Overview
----------------------------------------
I've come across an issue when upgrading a site from CiviCRM 5.33.5 to CiviCRM 5.45.1.
Looking at the error log, I think the issue is that the upgrade process is trying to set the `enti...Overview
----------------------------------------
I've come across an issue when upgrading a site from CiviCRM 5.33.5 to CiviCRM 5.45.1.
Looking at the error log, I think the issue is that the upgrade process is trying to set the `entity_modified_date` in `civicrm_managed` before this field is created.
I think the error occurs when the upgrader is running the `upgrade_5_39_alpha1` in `/CRM/Upgrade/Incremental/php/FiveThirtyNine.php`. The post hook calls `/CRM/Core/BAO/Managed.php`(which was added in CiviCRM 5.45). Line 37 of which executes this SQL:
```sql
UPDATE civicrm_managed SET entity_modified_date = CURRENT_TIMESTAMP WHERE entity_type = 'SavedSearch' AND entity_id = 348;
```
This fails with an error, because `entity_modified_date` field isn't added until CiviCRM 5.45. It is added in `/CRM/Upgrade/Incremental/php/FiveFortyFive.php`.
Reproduction steps
----------------------------------------
Update from CiviCRM 5.33.5 to CiviCRM 5.45.1 using `cv upgrade:db`.
Presumably the site needs to have some saved searches that are modified in the 5.39 upgrade process.
Current behaviour
----------------------------------------
Upgrade fails with error:
```shell
Dropping SQL triggers...
Preparing upgrade...
Executing upgrade...
...................................................PHP Warning: A non-numeric value encountered in phar:///usr/local/bin/cv/vendor/symfony/console/Output/Output.php on line 145
Warning: A non-numeric value encountered in phar:///usr/local/bin/cv/vendor/symfony/console/Output/Output.php on line 145
PHP Warning: A non-numeric value encountered in phar:///usr/local/bin/cv/vendor/symfony/console/Output/Output.php on line 148
Warning: A non-numeric value encountered in phar:///usr/local/bin/cv/vendor/symfony/console/Output/Output.php on line 148
Error executing task: %s
[CiviCRM_API3_Exception]
DB Error: no such field
```
Expected behaviour
----------------------------------------
Upgrade completes successfully.
Environment information
----------------------------------------
* __Browser:__ N/A
* __CiviCRM:__ 5.33.5 to 5.45.1
* __PHP:__ 7.3
* __CMS:__ WordPress 5.4
* __Database:__ MySQL 5.7.27
* __Web Server:__ Nginx 1.15.0
Comments
----------------------------------------
Possibly related error reported here: https://civicrm.stackexchange.com/questions/41040/upgrade-fails-unknown-column-entity-modified-date
Workaround
----------------------------------------
A workaround is to upgrade to CiviCRM 5.44 first and then to CiviCRM 5.45. This fixed the problem for me with this particular site.https://lab.civicrm.org/dev/core/-/issues/3044Saving a translated message template with no text version fails2023-11-16T05:03:20ZeileenSaving a translated message template with no text version failsThe text version should not be necessary - and in fact we have general agreement to always send both
https://lab.civicrm.org/dev/core/-/issues/2866
However, when we go to save it fatals because it attempts to save the text version
![i...The text version should not be necessary - and in fact we have general agreement to always send both
https://lab.civicrm.org/dev/core/-/issues/2866
However, when we go to save it fatals because it attempts to save the text version
![image](/uploads/8e0c5b9a784bf452c2dfaa89d1aa0f33/image.png)
This is slightly complicated because the fallback for 'no text version exists' should be 'use the relevant html' not 'fall back on default language;' - so we should probably save an empty string or null or somethinghttps://lab.civicrm.org/dev/core/-/issues/3043ReadOnly API4 trait needs to be renamed as 'readonly' is a reserved word in P...2022-01-27T01:20:32ZElliott EgglestonReadOnly API4 trait needs to be renamed as 'readonly' is a reserved word in PHP 8.1Attempting to run any Civi drush commands under php 8.1 yields the following fatal error:
Error: During class fetch: Uncaught ParseError: syntax error, unexpected token "readonly", expecting identifier in Civi/Api4/Generic/Traits/ReadOn...Attempting to run any Civi drush commands under php 8.1 yields the following fatal error:
Error: During class fetch: Uncaught ParseError: syntax error, unexpected token "readonly", expecting identifier in Civi/Api4/Generic/Traits/ReadOnly.php:17
https://www.php.net/manual/en/reserved.keywords.php
https://www.php.net/manual/en/language.oop5.properties.php#language.oop5.properties.readonly-propertieshttps://lab.civicrm.org/dev/core/-/issues/3042Search kit - allow same field to be added twice2022-01-27T02:17:52ZeileenSearch kit - allow same field to be added twiceIt is reasonable to add the same field into a search twice in order to use different field transformations - the UI blocks this.... presumably it is tricky from an sql POVIt is reasonable to add the same field into a search twice in order to use different field transformations - the UI blocks this.... presumably it is tricky from an sql POVhttps://lab.civicrm.org/dev/core/-/issues/3041SearchKit - Ability to COUNT() without any grouping2023-12-29T03:21:15ZeileenSearchKit - Ability to COUNT() without any groupingWhen using aggregates in search kit the assumptions about when it is good to offer aggregates is a bit off.
Scenario - contact has a custom field of type money & search has 2 tables - contribution and contact
Here are some things I can...When using aggregates in search kit the assumptions about when it is good to offer aggregates is a bit off.
Scenario - contact has a custom field of type money & search has 2 tables - contribution and contact
Here are some things I can't do:
- group by contact ID and then get a SUM of total_amount
- group by contact ID or contribution ID and get a sum of my custom money field
- group by contact ID and also display COUNT for contact id - or display name - this is useful to create a micro widget that gives a count of contacts that meet a criteria & which links to somewhere else.colemanwcolemanwhttps://lab.civicrm.org/dev/joomla/-/issues/37Events added in CIVICRM/CIVIEVENT are not showing up on the frontend calendar...2022-01-25T00:48:46Zmargaret@c2caz.comEvents added in CIVICRM/CIVIEVENT are not showing up on the frontend calendar all of a suddenWe originally installed CIVICRM under a development domain and all was working well. We needed to move the domain to the staging domain slot. Since then, any events that I add to CIVIEVENTS do not show up on the Events Calendar or Even...We originally installed CIVICRM under a development domain and all was working well. We needed to move the domain to the staging domain slot. Since then, any events that I add to CIVIEVENTS do not show up on the Events Calendar or Events Listing on the frontend. We have cleared the cache and rebuilt the menu under Administrative Support to no avail. They do show in the event calendar on the backend but do not show up in the frontend. We checked permissions and did not find anything there. Please advise.https://lab.civicrm.org/dev/core/-/issues/3039Permissions logic and error handling for view-only Contact Reference Autocomp...2023-11-17T05:03:23Zmartin.wPermissions logic and error handling for view-only Contact Reference Autocomplete-Select fieldOverview
----------------------------------------
I have a custom _view-only_ field with Data Type _Contact Reference_ and Field Type _Autocomplete-Select_. The field value is populated via custom PHP code.
A user with "_access CiviCRM_...Overview
----------------------------------------
I have a custom _view-only_ field with Data Type _Contact Reference_ and Field Type _Autocomplete-Select_. The field value is populated via custom PHP code.
A user with "_access CiviCRM_" permission can _view_ this field. But if they try to _edit_ the contact, they get a confusing "_QuickForm Error: nonexistent html element_" error message _unless_ they also have the "_access contact reference fields_" permission.
There are several issues to consider:
1. Should the error message be clarified by changing it to something like "Permission denied for Contact Reference field"? At a minimum, this would make diagnosing and troubleshooting the problem easier.
2. Since the user can already view the field, when entering "edit" mode, should the permission check be skipped so that the field shows up normally (as "_view-only_") on the "edit" form? **It seems to me this is the correct resolution.**
3. Should the view-only field be dropped from the "edit" form? It seems to me this doesn't make much sense, since the "view" and "edit" forms would then be inconsistent.
4. Should the view-only field be dropped from **both** the "view" and the "edit" forms? This depends on what is intended with the "_access contact reference fields_" permission. If the intention is to prevent the user from even viewing such fields, then the Contact Reference field should be dropped from both.
The most relevant code is https://lab.civicrm.org/dev/core/-/blob/master/CRM/Core/BAO/CustomField.php#L905 and https://lab.civicrm.org/dev/core/-/blob/master/CRM/Core/BAO/CustomField.php#L984. See additional comments below.
Reproduction steps
----------------------------------------
1. Create a custom Contact Reference field and configure it with Field Type "Autocomplete-Select".
1. As a Civi administrator, create a test contact with data in the new custom field.
1. Change the settings for the custom field to "view-only".
1. As a less privileged Civi user, **without** the "access contact reference fields" permission, view the test contact. **Result**: The Contact Reference field is visible.
1. As the less privileged user, attempt to edit the contact. **Result**: "_QuickForm Error: nonexistent html element_"
Current behaviour
----------------------------------------
Current behavior is described in the _Reproduction steps_.
Expected behaviour
----------------------------------------
As noted in the description, the correct behavior depends on what is intended by the "_access contact reference fields_" permission. I will assume that the correct interpretation is that users **lacking** the "_access contact reference fields_" permission are allowed to _view_ such fields, but are not allowed to _edit_ such fields.
Assuming this is the correct understanding, then when a user tries to edit a contact, the "view-only" Contact Reference field should simply be displayed normally. Please see below for a suggested code fix.
Environment information
----------------------------------------
* __Browser:__ Chrome 97.0.4692.71
* __CiviCRM:__ 5.45.1
* __PHP:__ 7.3
* __CMS:__ WordPress 5.8.3
* __Database:__ MariaDB 10.4
* __Web Server:__ Apache 2.4
Comments
----------------------------------------
I believe the following code change would produce the _Expected behavior_:
Starting at https://lab.civicrm.org/dev/core/-/blob/master/CRM/Core/BAO/CustomField.php#L901, change:
```lang-php
case 'Autocomplete-Select':
static $customUrls = [];
if ($field->data_type == 'ContactReference') {
// break if contact does not have permission to access ContactReference
if (!CRM_Core_Permission::check('access contact reference fields')) {
break;
}
```
to:
```lang-php
case 'Autocomplete-Select':
static $customUrls = [];
if ($field->data_type == 'ContactReference') {
// break if contact does not have permission to access ContactReference
if (!$field->is_view && !$search && !CRM_Core_Permission::check('access contact reference fields')) {
break;
}
```
Line # 905 is changed. The `!$field->is_view && !$search` condition is copied from https://lab.civicrm.org/dev/core/-/blob/master/CRM/Core/BAO/CustomField.php#L984.
With this change, the "view-only" field will become "frozen" (view-only) on the "edit" form.