Aller directement à la fin des métadonnées
Aller au début des métadonnées

The proposed solution below deals with the problems around group nesting described

Multisites, Multidomain, and Multilevel ACLs

L1 site – should multisite be enabled?

It seems that if multisite is not enabled on the L1 site then it is by definition the whole CiviCRM universe and that enabling multisite at this level incurs group nesting cost without changing behaviour. By removing multisite at this level & making L2 groups parentless the group_nesting load is much reduced


Plan – use group organization to denote that a group should be visible to a domain (& it’s parents).

-          Visible groups will include both those that are nested & those whose organisation is linked to the domain group. This is primarily for the purposes of backward compatibility.

-          Contact permissioning will continue to be via nesting (which can be applied more deliberately)

Phase 1 (done)

1)      Make the parent group field optional for those who can administer (this has been done – parent id is optional is group id is not set)

2)      Make the group hook respect group_organization to suggest which groups to show

3)      Various fixes to core were required where group behaviour was incorrect.


Phase 2 non-automated recommended config

1)      Disable multisite on level 1, remove all extraneous group nesting from domain 1

2)      On child sites remove extraneous nesting & replace with group_organization links as appropriate


Phase 3


3)      Make the organization auto-fill to current domain org (hidden for non-admins)

4)      Add some sensible validation for organisation for admins

5)      Make the group hook respect (show) groups that are  associated with child group organizations

Phase 4

6)      Allow groups to be linked to more than one organisation through the UI

7)      Add 2 new group types

  1. ‘visible on all domains’ (for those with administer multiple organizations)
  2. ‘visible on child domains’ – for those with administer civicrm – note this won’t work on L1 if L1 multisite is disabled – but that doesn’t seem like a bad thing


  • Aucun