Clarify initial permissions for anonymous users

[wmortada]

I'm trying to clarify the permissions that are set for anonymous users when someone initially installs CiviCRM as this list appears to be missing a permission view public CiviMail content. Also the profile permissions were unclear (profile listings and forms is not/no longer set by default).

I've based this list on the Drupal permissions set on install as set here: https://github.com/civicrm/civicrm-core/blob/master/install/index.php#L1844-L1854

However this seems to be a bit inconsistent - i.e. see the line just before this: https://github.com/civicrm/civicrm-core/blob/master/install/index.php#L1841

So I'd appreciate it if someone could double check this.

[wmortada]

Actually, view public CiviMail content doesn't seem to be set by Drupal but does appear to be set on a WordPress install.

Is it possible that the permissions differ depending upon the CMS?

[homotechsual]

@seamuslee001 is probably a good reviewer candidate for this :-)

[wmortada]

Hmm... I've checked the initial permissions for various CMSs spun up via buildkit and they do appear to have different permissions depending on the CMS. I'm not sure why this is inconsistent but I guess this should be addressed before we clarify the documentation.

Permission	Drupal 7	Drupal 8	WordPress	Backdrop
CiviCRM: access all custom data	Yes	Yes	Yes	Yes
CiviCRM: access uploaded files	Yes	Yes	Yes	Yes
CiviCRM: profile create	Yes	Yes	Yes	Yes
CiviCRM: profile edit	No	Yes	Yes	No
CiviCRM: profile view	Yes	Yes	Yes	Yes
CiviEvent: register for events	Yes	Yes	Yes	Yes
CiviEvent: view event info	No	Yes	Yes	No
CiviEvent: view event participants	No	Yes	No	No
CiviContribute: make online contributions	Yes	Yes	Yes	Yes
CiviMail: access CiviMail subscribe/unsubscribe pages	Yes	Yes	Yes	Yes
CiviMail: view public CiviMail content	No	No	Yes	No

[homotechsual]

@totten @seamuslee001

[wmortada]

I've raised an issue in GitLab about this inconsistency: https://lab.civicrm.org/dev/core/-/issues/1732

[homotechsual]

Can we just put your table into the docs?

[seamuslee001]

One point before devling too deep in this is 1) that the way CiviCRM Buildkit will install perms / configure perms may be quite different to that how the normal installer will for a standard general user install. Just fyi. e.g the civicrm_developer module won't be enabled for the standard install process but is by buildkit on d7, backdrop etc. WordPress buildkit install perms is closest to what would actually happen if someone was installing for the first time

[wmortada]

Thanks @seamuslee001 I was wondering if the permissions might be different if the site was installed by buildkit. Why is that?

[wmortada]

@MikeyMJCO I guess we could just put this table in the docs but that feels more confusing to new users. If I were reading it I would wonder why it was different in different CMSs? Also, I'd want to check that these are the actual permissions you'd get if you installed it normally (i.e. without buildkit).

[wmortada]

As mentioned above I've raised a ticket in GitLab to try to resolve the inconsistency but think this may take a while to come to a conclusion. In the meantime, I think it would be more helpful to new users if we just list all of the possible permissions that could be set as default with a note to say that the actual permissions may vary depending on how they have installed CiviCRM.

I've updated my PR accordingly. If you think that sounds okay we could make this change now and then come back later (if needed) to modify depending on the outcomes of the discussion in GitLab.

[wmortada]

@MikeyMJCO what do you think about my revised PR? I think this could be merged in now.

[homotechsual]

I'm good with this as it is. Merging!