-
-
Notifications
You must be signed in to change notification settings - Fork 808
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dev/core#641: Case Activity Assignment Restriction #13541
dev/core#641: Case Activity Assignment Restriction #13541
Conversation
(Standard links)
|
26a965c
to
0bd1799
Compare
Due to proposed changes in civicrm/civicrm-core#13541, This PR updates the doc to reflect the new fields added.
Thanks for pushing this change. I think it's useful. |
Thanks @colemanw, didn't catch that in the chat. Will take a quick look at what you suggested now. |
Another thing I think I mentioned in the chat is you can restrict an entityRef to only lookup contacts who have a user account. That alone could prevent a lot of mistakes. |
0bd1799
to
c8b3c5e
Compare
@colemanw , I updated the PR, can you take a look again? |
c8b3c5e
to
3dc88fd
Compare
I like the idea of this. But I have a couple of concerns / thoughts about the implementation that I think we need input from a few people:
Not sure who to tag as an extensive cases user... @lcdservices @guanhuan @JoeMurray ? |
I'm a strong +1 on this. I have had to implement this functionality many times via hooks, but I think it deserves to be in core. Re: @mattwire 's items:
|
+1 on the replies by @lcdservices I would agree to the idea of having this as an extension, but the fact that it's got the current permissions as "default" - I would say that it warrants itself to be in core. Also agree with the ACL part ie this is just filtering on the form level who you can assign the activity to. |
} | ||
|
||
return FALSE; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would suggest making this function more generic - rename it to restrictAssignment
and have it return the value of restrictActivityAsgmt
(0, 1, or 2)
$xmlFile .= "<Group>$value</Group>\n"; | ||
} | ||
$xmlFile .= "</ActivityAsgmtGrps>\n"; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could save some space in the xml file and prevent errors by skipping this section if not needed. E.g. have the conditional on 197 read
if (!empty($definition['activityAsgmtGrps']) && $definition['restrictActivityAsgmt'] == 2) {
I've tested this and it works 👍 I'm a little hung up on the UI and workflow. It seems to me that the 2 modes: "restrict to group" and "restrict to cms users" are not mutually exclusive, and perhaps instead of a 3-option radio button we want a checkbox for "restrict to cms users" followed by a dropdown for "restrict to group" - leaving them both blank would have no restrictions, and checking the box + selecting groups would apply both restrictions. |
@colemanw agree that these are not mutually exclusive. Just trying to interpret your suggestion there - if we check the box + select a group - should it then filter this list to:
As far as I understand, there will still be an intersection of contacts somewhere ie contacts who belong to the selected group who have a CMS login ie 1 contact can meet 2 criteria. The CMS login wasn't necessarily in our initial requirement - so maybe adding it is adding a layer of complexity? Perhaps we can leave it at the CRM contact level? Thanks and let me know what you think. |
Hi @colemanw , did you have time to check Shitij's comments? Tks |
@shitijg yes that's right. If you add both params to the api call then it will filter out non cms users and contacts who don't belong to the group. |
@colemanw , Made changes and update screenshots. |
e52a93d
to
06f2106
Compare
@colemanw , seems the the check is failing because of some tests unrelated with this PR. Can you help take a look? Thanks |
test this please |
@tunbola if you wish to re-run tests I think you can just comment test this please. If that doesn't work any change to your PR (e.g improving the commit message & force-pushing) will re-trigger it |
test this please |
Overview
Currently, a user can create and assign an activity to any CiviCRM contact. This in turn sends an email notification to the assignee. However, some users have reported that they mistakenly assigned activities to contacts with similar names which meant that someone who should not have access to any details of the activity got a link in the email stating some basic details of the activity.
This PR adds the ability to restrict the assignment of case activities to a group. A user will not be able to assign activities to contacts that does not belong to the restricted groups.
Activity assignment can also be restricted to only contacts having user accounts.
Before
It is not possible to restrict the assignment of case activities to a group or to contacts having user accounts.
After
It is now possible to restrict the assignment of case activities to a group or to contacts having user accounts.
When searching for a contact to assign for an activity, it displays only people assigned to that group - if that case type has group restriction, or it displays only contacts with user accounts if that case type has restriction to only website users. Also the option to create a new contact when that activity is associated with a case type which is restricted to a group or to only website users is removed.
Technical Details
Two new parameters
RestrictActivityAsgmt
andActivityAsgmtGrps
added for this task were simply appended to the existing xml data of the definition column for a case type.The
buildQuickForm
function of theCRM_Case_Form_Activity
form class was modified to restrict the assignee related fields to only fetch contacts associated with restricted groups for case types with such restrictions or to restrict assignee related fields to only fetch contacts with user accounts when the case type is restricted to website users.Comments
PR to update user guide here: civicrm/civicrm-user-guide#375