Personalized Communication History does not respect System Phone Number View Access

[dataCollegechurch]

Description

Out of the box the Personalized Communication History is setup with view access for the following groups.

RSR - Rock Administration (Role) | Allow | Rock RMS (Site) RSR - Staff Workers (Role) | Allow | Rock RMS (Site) RSR - Staff Like Workers (Role)

When we secure SMS Number we typically secure view access for a subset of staff smaller than the all staff. SMS conversations are confidential, so it is important that only people with view access to the SMS number have access to view conversations.

With these settings in place anyone with view access to the Personalized Communication History can view all sms conversations tied to a specific person even when they do not have view access to the SMS number. 

Actual Behavior

Personalized Communication History does not restrict visibility to SMS conversations based on SMS view access.

Expected Behavior

Personalized Communication History restricts visibility to SMS conversations (especially the actual content of each message) only when the logged in user has view access to the number that sent the SMS.

Steps to Reproduce

1. Login into Alisha Admin's account on https://rock.rocksolidchurchdemo.com/
2. Setup a test SMS number
3. Restrict view access to this SMS so that only the Rock Administrator can view it
4. Send a SMS Message from Alisha to Ted Decker
5. Logout and login to another user's account who is not a Rock admin such as Pete Foster
6. Navigate back to Ted Decker's History tab and see that the message is still visible including the message contents

Issue Confirmation

• [X] Perform a search on the Github Issues to see if your bug or enhancement is already reported.
• [X] Try to reproduce the problem on a fresh install or on the demo site.

Rock Version

16.5

Client Culture Setting

en-us