I've installed Case Tracker on http://test.permaculture.org.nz and given permissions only to administrators and the second highest level of user. But when I log out, Case Tracker is there on the menu and I can view my test case. I shouldn't be able to do this even as an authenticated user.

I've double-checked permissions and everything connected to case is restricted (anons only have four permissions total).
I cannot deploy without resolving this.

Comments

musicalvegan0’s picture

Category: support » feature

I have this same problem, but I think I've found a resolution.

The Case Tracker interface is defined by a view. You can restrict access to the view using the Custom Permissions module. Simply install the module, create a custom permission called "access case tracker" or whatever, and then require that permission to view the case tracker page.

This should probably be done automatically by the module, so I'm going to change this to a feature request. However, we should get some feedback from the project owners; this could be intentional behavior.

permaculturegeek’s picture

I discovered that I can set the view access by role rather than by permission. One less module required!
So adequate documentation could overcome this problem.