aaronjones8
commented
3 months ago @jacksojourn
Closed aaronjones8 closed 3 months ago
aaronjones8
commented
3 months ago @jacksojourn
chead4
commented
3 months ago @aaronjones8 For Group Types, the Group View Lava Template under Display Options is used by the Group Details block when viewing a group. Once you have set security for Group Attributes, update the Group View Lava Template to use the HasRightsTo filter. This filter will check the security of the model passed. (You can find more details on that filter here.
Update the Group View Lava Template to include the following (which can be seen in lines 51 to 59 of the screenshot), which will check security before displaying the Group Attributes on the Group Details block.
<dl>
{% for attribute in Group.AttributeValues %}
{% assign viewAuth = attribute.AttributeId | HasRightsTo:'View','Rock.Model.Attribute' %}
{% if attribute.ValueFormatted != '' and viewAuth %}
<dt>{{ attribute.AttributeName }}</dt>
<dd>{{ attribute.ValueFormatted }}</dd>
{% endif %}
{% endfor %}
</dl> Thank you for reporting this, I'll be closing this issue and we will be also be updating the Rock Your Groups documentation.
Description
When creating a group type attribute and setting the view security permissions to deny attribute is still visible on the Group Viewer. A church wanted to create an internal notes attribute for the group type that is only visible to Rock Admin and Staff Worker
Actual Behavior
Attribute is visible when logged in to an account that is not in the required role
Expected Behavior
Attribute should not be visible
Steps to Reproduce
Create Group Attribute on Group Type and set the view security
view group with user in RSR - Staff Like Worker role
Internal Notes attribute is visible
Issue Confirmation
Rock Version
v16.5
Client Culture Setting
en-US