From a9e6a37035e09380b0f2dcbe19ae32b657b97402 Mon Sep 17 00:00:00 2001 From: Mathieu Lu Date: Tue, 22 Aug 2023 09:58:40 -0400 Subject: [PATCH] Standalone: Fix ACL help/links, tweak Users and Permissions menu --- CRM/Utils/System/Standalone.php | 2 +- .../Civi/Standalone/Security.php | 2 +- .../afsearchAdministerUserAccounts.aff.json | 4 +- .../ang/afsearchUserRoles.aff.json | 2 +- templates/CRM/Admin/Page/Access.tpl | 57 +++++++++++-------- xml/templates/civicrm_navigation.tpl | 4 +- 6 files changed, 39 insertions(+), 32 deletions(-) diff --git a/CRM/Utils/System/Standalone.php b/CRM/Utils/System/Standalone.php index 93359926fdf2..bf2a4fa85374 100644 --- a/CRM/Utils/System/Standalone.php +++ b/CRM/Utils/System/Standalone.php @@ -574,7 +574,7 @@ public function languageNegotiationURL($url, $addLanguagePart = TRUE, $removeLan */ public function getCMSPermissionsUrlParams() { if ($this->missingStandaloneExtension()) { - return ['ufAccessURL' => '/fixme/standalone/permissions/url/params']; + return ['ufAccessURL' => '/civicrm/admin/roles']; } return Security::singleton()->getCMSPermissionsUrlParams(); } diff --git a/ext/standaloneusers/Civi/Standalone/Security.php b/ext/standaloneusers/Civi/Standalone/Security.php index 411e4eca3d2c..a6ddaa0792bc 100644 --- a/ext/standaloneusers/Civi/Standalone/Security.php +++ b/ext/standaloneusers/Civi/Standalone/Security.php @@ -295,7 +295,7 @@ public function languageNegotiationURL($url, $addLanguagePart = TRUE, $removeLan * @return array */ public function getCMSPermissionsUrlParams() { - return ['ufAccessURL' => '/fixme/standalone/permissions/url/params']; + return ['ufAccessURL' => '/civicrm/admin/roles']; } /** diff --git a/ext/standaloneusers/ang/afsearchAdministerUserAccounts.aff.json b/ext/standaloneusers/ang/afsearchAdministerUserAccounts.aff.json index 30cf8bf663f5..0608fbdfe33a 100644 --- a/ext/standaloneusers/ang/afsearchAdministerUserAccounts.aff.json +++ b/ext/standaloneusers/ang/afsearchAdministerUserAccounts.aff.json @@ -16,8 +16,8 @@ "redirect": null, "create_submission": false, "navigation": { - "parent": "Administer", - "label": "Administer User Accounts", + "parent": "Users and Permissions", + "label": "User Accounts", "weight": 0 } } diff --git a/ext/standaloneusers/ang/afsearchUserRoles.aff.json b/ext/standaloneusers/ang/afsearchUserRoles.aff.json index cc62bb4a7efe..46224d8692dd 100644 --- a/ext/standaloneusers/ang/afsearchUserRoles.aff.json +++ b/ext/standaloneusers/ang/afsearchUserRoles.aff.json @@ -6,7 +6,7 @@ "server_route": "civicrm/admin/roles", "permission": "cms:administer users", "navigation": { - "parent": "Administer", + "parent": "Users and Permissions", "label": "User Roles", "weight": 0 }, diff --git a/templates/CRM/Admin/Page/Access.tpl b/templates/CRM/Admin/Page/Access.tpl index db04f7f1c349..dd63c63f4764 100644 --- a/templates/CRM/Admin/Page/Access.tpl +++ b/templates/CRM/Admin/Page/Access.tpl @@ -10,29 +10,36 @@ {capture assign=docUrlText}{ts}Access Control Documentation{/ts}{/capture} {capture assign=docLink}{docURL page="user/initial-set-up/permissions-and-access-control/" text=$docUrlText}{/capture}
-

{ts 1=$docLink}ACLs (Access Control Lists) allow you control access to CiviCRM data. An ACL consists of an Operation (e.g. 'View' or 'Edit'), a set of Data that the operation can be performed on (e.g. a group of contacts), and a Role that has permission to do this operation. Refer to the %1 for more info.{/ts} - {if $config->userSystem->is_drupal EQ '1'}{ts}Note that a CiviCRM ACL Role is not related to the Drupal Role.{/ts}{/if}

-

{ts}EXAMPLE: 'Team Leaders' (ACL Role) can 'Edit' (Operation) all contacts in the 'Active Volunteers Group' (Data).{/ts}

-

{ts 1=$ufAccessURL|smarty:nodefaults 2=$jAccessParams 3=$config->userFramework}Use %3 Access Control to manage basic access to CiviCRM components and menu items. Use CiviCRM ACLs to control access to specific CiviCRM contact groups. You can also configure ACLs to grant or deny access to specific Events, Profiles, and/or Custom Data Fields.{/ts}

-

{ts 1=$config->userFramework}Note that %1 Access Control permissions take precedence over CiviCRM ACLs. If you wish to use CiviCRM ACLs, first disable the related permission in %1 Access control for a user role, and then gradually add ACLs to replace that permission for certain groups of contacts.{/ts} +

{ts 1=$docLink}ACLs (Access Control Lists) allow you control access to CiviCRM data. An ACL consists of an Operation (e.g. 'View' or 'Edit'), a set of Data that the operation can be performed on (e.g. a group of contacts), and a Role that has permission to do this operation. Refer to the %1 for more info.{/ts} + {if $config->userSystem->is_drupal EQ '1'}{ts}Note that a CiviCRM ACL Role is not related to the Drupal Role.{/ts}{/if}

+

{ts}EXAMPLE: 'Team Leaders' (ACL Role) can 'Edit' (Operation) all contacts in the 'Active Volunteers Group' (Data).{/ts}

+

{ts}CiviCRM ACLs can control access to specific CiviCRM contact groups. You can also configure ACLs to grant or deny access to specific Events, Profiles or Custom Data Fields.{/ts}

+ {if $config->userFramework == 'Standalone'} +

{ts 1=$ufAccessURL|smarty:nodefaults}Note that User Role permissions take precedence over CiviCRM ACLs. If you wish to use CiviCRM ACLs, first disable the related permission in User Roles, and then gradually add ACLs to replace that permission for certain groups of contacts.{/ts} + {else} +

{ts 1=$ufAccessURL|smarty:nodefaults 2=$jAccessParams 3=$config->userFramework}Note that %3 permissions take precedence over CiviCRM ACLs. If you wish to use CiviCRM ACLs, first disable the related permission in %3 for a user role, and then gradually add ACLs to replace that permission for certain groups of contacts.{/ts} + {/if}

- - - - - - - - - - - - - - - - - - - -
{ts 1=$config->userFramework}%1 Access Control{/ts}{ts}Grant access to CiviCRM components and other CiviCRM permissions.{/ts}
{ts}Use following steps if you need to control View and/or Edit permissions for specific contact groups, specific profiles or specific custom data fields.{/ts}
{ts}1. Manage Roles{/ts}{ts}Each CiviCRM ACL Role is assigned a set of permissions. Use this link to create or edit the different roles needed for your site.{/ts}
{ts}2. Assign Users to CiviCRM ACL Roles{/ts}{ts}Once you have defined CiviCRM ACL Roles and granted ACLs to those Roles, use this link to assign users to role(s).{/ts}
{ts}3. Manage ACLs{/ts}{ts}ACLs define permission to do an operation on a set of data, and grant that permission to a CiviCRM ACL Role. Use this link to create or edit the ACLs for your site.{/ts}
+ + + {if $config->userFramework == 'Standalone'} + + {else} + + {/if} + + + + + + + + + + + + + + + +
{ts}User Roles{/ts} {ts 1=$config->userFramework}%1 Permissions{/ts}{ts}Grant access to CiviCRM components and other CiviCRM permissions.{/ts}
{ts}Use following steps if you need to control View and/or Edit permissions for specific contact groups, specific profiles or specific custom data fields.{/ts}
{ts}1. Manage Roles{/ts}{ts}Each CiviCRM ACL Role is assigned a set of permissions. Use this link to create or edit the different roles needed for your site.{/ts}
{ts}2. Assign Users to CiviCRM ACL Roles{/ts}{ts}Once you have defined CiviCRM ACL Roles and granted ACLs to those Roles, use this link to assign users to role(s).{/ts}
{ts}3. Manage ACLs{/ts}{ts}ACLs define permission to do an operation on a set of data, and grant that permission to a CiviCRM ACL Role. Use this link to create or edit the ACLs for your site.{/ts}
diff --git a/xml/templates/civicrm_navigation.tpl b/xml/templates/civicrm_navigation.tpl index b628524d6182..33f02e768abd 100644 --- a/xml/templates/civicrm_navigation.tpl +++ b/xml/templates/civicrm_navigation.tpl @@ -344,8 +344,8 @@ SET @usersPermslastID:=LAST_INSERT_ID(); INSERT INTO civicrm_navigation ( domain_id, url, label, name, permission, permission_operator, parent_id, is_active, has_separator, weight ) VALUES - ( @domainID, 'civicrm/admin/access?reset=1', '{ts escape="sql" skip="true"}Permissions (Access Control){/ts}', 'Permissions (Access Control)', 'administer CiviCRM', '', @usersPermslastID, '1', NULL, 1 ), - ( @domainID, 'civicrm/admin/synchUser?reset=1', '{ts escape="sql" skip="true"}Synchronize Users to Contacts{/ts}', 'Synchronize Users to Contacts', 'administer CiviCRM', '', @usersPermslastID, '1', NULL, 2 ); + ( @domainID, 'civicrm/admin/access?reset=1', '{ts escape="sql" skip="true"}Access Control Lists{/ts}', 'Permissions (Access Control)', 'administer CiviCRM', '', @usersPermslastID, '1', NULL, 5 ), + ( @domainID, 'civicrm/admin/synchUser?reset=1', '{ts escape="sql" skip="true"}Synchronize Users to Contacts{/ts}', 'Synchronize Users to Contacts', 'administer CiviCRM', '', @usersPermslastID, '1', NULL, 10 ); INSERT INTO civicrm_navigation ( domain_id, url, label, name, permission, permission_operator, parent_id, is_active, has_separator, weight )