You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently to use the 'forget contact' button the user also needs 'administer GDPR' permission. It would be good if this the admin permission was not required to allow delegation to team members.
Instead of removing the permission check it would seem better to replace it with a separate permission to "forget contact".
Otherwise anyone with some kind of access to CiviCRM can forget contacts.
There is still a 'forget contact' permission check so delegation is permitted. The issue is in the current code within the 'forget contact' check the button is only rendered of the person also has administer permissions. This PR keeps the 'forget contact' but removes the 'administer GDPR' requirement.
Currently to use the 'forget contact' button the user also needs 'administer GDPR' permission. It would be good if this the admin permission was not required to allow delegation to team members.
Relevant lines:
https://github.com/veda-consulting/uk.co.vedaconsulting.gdpr/blob/fe3e51145abc8822dd1e447e5b16122e9ecaac17/templates/CRM/Gdpr/Page/Tab.tpl#L2-L10
The text was updated successfully, but these errors were encountered: