Fix/remove b csv admin only setting (#7926)

DawoudIO · web-flow · commit edb79f20f3e1 · 2026-01-31T18:31:18.000-08:00
## Summary

Remove deprecated CSV export permission flags (`bCSVAdminOnly` and
`bExportCSV`) that provided no real security value since users could
already export data via DataTables buttons on every table.

## Why

These settings created a false sense of security:
- `bCSVAdminOnly` - Restricted CSV option in financial report forms, but
users could still export via DataTables
- `bExportCSV` - User permission that only hid some CSV buttons, while
DataTables export remained available

Both settings added UI complexity without actual data protection.
Removing them simplifies the codebase and user management.

## Changes

### System Configuration
- Removed `bCSVAdminOnly` from `SystemConfig.php`
- Removed conditional logic from all financial report forms

### User Permissions
- Removed `isCSVExport()` and `isCSVExportEnabled()` methods from
`User.php`
- Removed permission check from `CSVExport.php`
- Updated `Header.php` to always show DataTables export buttons
- Updated cart functions to always show CSV export button
- Removed `csvExport` from admin user API response
- Removed `CSVExport` from access-denied page role descriptions

### Database
- Created `src/mysql/upgrade/6.8.0.sql` to delete both settings from
existing installations

## Files Changed

| File | Change |
|------|--------|
| `src/ChurchCRM/dto/SystemConfig.php` | Remove bCSVAdminOnly config |
| `src/ChurchCRM/model/ChurchCRM/User.php` | Remove CSV export methods |
| `src/CSVExport.php` | Remove permission check |
| `src/Include/Header.php` | Always show DataTables buttons |
| `src/FinancialReports.php` | Simplify CSV option logic |
| `src/ReminderReport.php` | Remove bCSVAdminOnly check |
| `src/TaxReport.php` | Remove bCSVAdminOnly check |
| `src/Reports/*.php` (6 files) | Remove bCSVAdminOnly checks |
| `src/finance/views/reports.php` | Remove warning message |
| `src/admin/routes/api/user-admin.php` | Remove csvExport from response
|
| `src/v2/templates/cart/cartfunctions.php` | Always show CSV button |
| `src/v2/templates/common/access-denied.php` | Remove CSVExport role |
| `src/mysql/install/Install.sql` | Remove default setting |
| `src/mysql/upgrade/6.8.0.sql` | New upgrade script |

## Testing

- ✅ CSV reports test (6 passing)
- ✅ Finance reports test (10 passing)
- ✅ Cart tests (4 passing)
- ✅ Admin reports test (1 passing)
- ✅ Admin user test (3 passing)
- ✅ No PHP errors in logs
diff --git a/src/CSVExport.php b/src/CSVExport.php
@@ -3,14 +3,7 @@
 require_once __DIR__ . '/Include/Config.php';
 require_once __DIR__ . '/Include/Functions.php';
 
-use ChurchCRM\Authentication\AuthenticationManager;
 use ChurchCRM\dto\SystemURLs;
-use ChurchCRM\Utils\RedirectUtils;
-
-// If user does not have CSV Export permission, redirect to the menu.
-if (!AuthenticationManager::getCurrentUser()->isCSVExport()) {
-    RedirectUtils::securityRedirect("CSVExport");
-}
 
 // Get Classifications for the drop-down
 $sSQL = 'SELECT * FROM list_lst WHERE lst_ID = 1 ORDER BY lst_OptionSequence';
diff --git a/src/ChurchCRM/dto/SystemConfig.php b/src/ChurchCRM/dto/SystemConfig.php
@@ -101,7 +101,6 @@ private static function buildConfigs(): array
             'sDirRoleChild'                        => new ConfigItem(8, 'sDirRoleChild', 'choice', '3', gettext('These are the family role numbers designated as child'), '', json_encode(SystemConfig::getFamilyRoleChoices(), JSON_THROW_ON_ERROR)),
             'iSessionTimeout'                      => new ConfigItem(9, 'iSessionTimeout', 'number', '3600', gettext("Session timeout length in seconds\nSet to zero to disable session timeouts.")),
             'aFinanceQueries'                      => new ConfigItem(10, 'aFinanceQueries', 'text', '28,30', gettext('Queries for which user must have finance permissions to use') . ':'),
-            'bCSVAdminOnly'                        => new ConfigItem(11, 'bCSVAdminOnly', 'boolean', '1', gettext('Should only administrators have access to the CSV export system and directory report?')),
             'iMinPasswordLength'                   => new ConfigItem(13, 'iMinPasswordLength', 'number', '6', gettext('Minimum length a user may set their password to')),
             'iMinPasswordChange'                   => new ConfigItem(14, 'iMinPasswordChange', 'number', '4', gettext("Minimum amount that a new password must differ from the old one (# of characters changed)\nSet to zero to disable this feature")),
             'aDisallowedPasswords'                 => new ConfigItem(15, 'aDisallowedPasswords', 'text', 'password,god,jesus,church,christian', gettext('A comma-separated list of disallowed (too obvious) passwords.')),
@@ -274,7 +273,7 @@ private static function buildCategories(): array
             gettext('Church Services')    => ['iPersonConfessionFatherCustomField', 'iPersonConfessionDateCustomField'],
             gettext('Backup')             => ['sLastBackupTimeStamp', 'bEnableExternalBackupTarget', 'sExternalBackupType', 'sExternalBackupAutoInterval', 'sExternalBackupEndpoint', 'sExternalBackupUsername', 'sExternalBackupPassword'],
             gettext('Two-Factor Authentication') => ['bEnable2FA', 'bRequire2FA', 's2FAApplicationName', 'sTwoFASecretKey'],
-            gettext('System Settings')    => ['sLogLevel', 'bCSVAdminOnly', 'bEnforceCSP', 'bHSTSEnable', 'iDashboardServiceIntervalTime', 'bAllowPrereleaseUpgrade'],
+            gettext('System Settings')    => ['sLogLevel', 'bEnforceCSP', 'bHSTSEnable', 'iDashboardServiceIntervalTime', 'bAllowPrereleaseUpgrade'],
         ];
     }
 
diff --git a/src/ChurchCRM/model/ChurchCRM/User.php b/src/ChurchCRM/model/ChurchCRM/User.php
@@ -190,16 +190,6 @@ public function isAddEvent(): bool
         return $this->isAdmin() || $this->isEnabledSecurity('bAddEvent');
     }
 
-    public function isCSVExportEnabled(): bool
-    {
-        return $this->isCSVExport();
-    }
-
-    public function isCSVExport(): bool
-    {
-        return $this->isAdmin() || $this->isEnabledSecurity('bExportCSV');
-    }
-
     public function isEmailEnabled(): bool
     {
         return $this->isAdmin() || $this->isEnabledSecurity('bEmailMailto');
diff --git a/src/FinancialReports.php b/src/FinancialReports.php
@@ -326,10 +326,8 @@
         echo '<td class=TextColumnWithBottomBorder><input name=RequireDonationYears type=text value=0 size=5></td></tr>';
     }
 
-    if (
-        ((AuthenticationManager::getCurrentUser()->isAdmin() && $bCSVAdminOnly) || !$bCSVAdminOnly)
-        && (in_array($sReportType, ['Pledge Summary', 'Giving Report', 'Individual Deposit Report', 'Advanced Deposit Report', 'Zero Givers']))
-    ) {
+    // Show CSV output option for reports that support it
+    if (in_array($sReportType, ['Pledge Summary', 'Giving Report', 'Individual Deposit Report', 'Advanced Deposit Report', 'Zero Givers'])) {
         echo '<tr><td class=LabelColumn>' . gettext('Output Method:') . '</td>';
         echo "<td class=TextColumnWithBottomBorder><input name=output type=radio checked value='pdf'>PDF";
         echo " <input name=output type=radio value='csv'>" . gettext('CSV') . '</tr>';
diff --git a/src/ReminderReport.php b/src/ReminderReport.php
@@ -4,14 +4,11 @@
 require_once __DIR__ . '/Include/Functions.php';
 
 use ChurchCRM\Authentication\AuthenticationManager;
-use ChurchCRM\dto\SystemConfig;
 use ChurchCRM\Utils\InputUtils;
 use ChurchCRM\Utils\RedirectUtils;
 
-// If CSVAdminOnly option is enabled and user is not admin, redirect to the menu.
-if (!AuthenticationManager::getCurrentUser()->isAdmin() && SystemConfig::getValue('bCSVAdminOnly')) {
-    RedirectUtils::securityRedirect('Admin');
-}
+// Security
+AuthenticationManager::redirectHomeIfFalse(AuthenticationManager::getCurrentUser()->isFinanceEnabled(), 'Finance');
 
 $sPageTitle = gettext('Pledge Reminder Report');
 require_once __DIR__ . '/Include/Header.php';
diff --git a/src/Reports/AdvancedDeposit.php b/src/Reports/AdvancedDeposit.php
@@ -7,10 +7,9 @@
 
 use ChurchCRM\Authentication\AuthenticationManager;
 use ChurchCRM\dto\SystemConfig;
+use ChurchCRM\Service\FinancialService;
 use ChurchCRM\Utils\CsvExporter;
 use ChurchCRM\Utils\InputUtils;
-use ChurchCRM\Utils\RedirectUtils;
-use ChurchCRM\Service\FinancialService;
 
 // Security
 AuthenticationManager::redirectHomeIfFalse(AuthenticationManager::getCurrentUser()->isFinanceEnabled(), 'Finance');
@@ -62,11 +61,6 @@
     $output = 'pdf';
 }
 
-// If CSVAdminOnly option is enabled and user is not admin, redirect to the menu.
-if (!AuthenticationManager::getCurrentUser()->isAdmin() && SystemConfig::getValue('bCSVAdminOnly') && $output != 'pdf') {
-    RedirectUtils::securityRedirect('Admin');
-}
-
 // Normalize date range
 $today = date('Y-m-d');
 if (!$sDateEnd && $sDateStart) {
diff --git a/src/Reports/EnvelopeReport.php b/src/Reports/EnvelopeReport.php
@@ -9,12 +9,9 @@
 use ChurchCRM\dto\SystemConfig;
 use ChurchCRM\model\ChurchCRM\Family;
 use ChurchCRM\model\ChurchCRM\FamilyQuery;
-use ChurchCRM\Utils\RedirectUtils;
 
-// If CSVAdminOnly option is enabled and user is not admin, redirect to the menu
-if (!AuthenticationManager::getCurrentUser()->isAdmin() && SystemConfig::getValue('bCSVAdminOnly')) {
-    RedirectUtils::securityRedirect('Admin');
-}
+// Security
+AuthenticationManager::redirectHomeIfFalse(AuthenticationManager::getCurrentUser()->isFinanceEnabled(), 'Finance');
 
 class PdfEnvelopeReport extends ChurchInfoReport
 {
diff --git a/src/Reports/FamilyPledgeSummary.php b/src/Reports/FamilyPledgeSummary.php
@@ -9,7 +9,6 @@
 use ChurchCRM\dto\SystemConfig;
 use ChurchCRM\Utils\FiscalYearUtils;
 use ChurchCRM\Utils\InputUtils;
-use ChurchCRM\Utils\RedirectUtils;
 
 // Security
 AuthenticationManager::redirectHomeIfFalse(AuthenticationManager::getCurrentUser()->isFinanceEnabled(), 'Finance');
@@ -62,11 +61,6 @@
     $only_owe = InputUtils::legacyFilterInput($_POST['only_owe']);
 }
 
-// If CSVAdminOnly option is enabled and user is not admin, redirect to the menu.
-if (!AuthenticationManager::getCurrentUser()->isAdmin() && SystemConfig::getValue('bCSVAdminOnly')) {
-    RedirectUtils::securityRedirect('Admin');
-}
-
 // Get all the families
 $sSQL = 'SELECT DISTINCT fam_ID, fam_Name FROM family_fam';
 
diff --git a/src/Reports/PledgeSummary.php b/src/Reports/PledgeSummary.php
@@ -10,7 +10,6 @@
 use ChurchCRM\Utils\CsvExporter;
 use ChurchCRM\Utils\FiscalYearUtils;
 use ChurchCRM\Utils\InputUtils;
-use ChurchCRM\Utils\RedirectUtils;
 
 // Security
 AuthenticationManager::redirectHomeIfFalse(AuthenticationManager::getCurrentUser()->isFinanceEnabled(), 'Finance');
@@ -24,11 +23,6 @@
 // Remember the chosen Fiscal Year ID
 $_SESSION['idefaultFY'] = $iFYID;
 
-// If CSVAdminOnly option is enabled and user is not admin, redirect to the menu.
-if (!AuthenticationManager::getCurrentUser()->isAdmin() && SystemConfig::getValue('bCSVAdminOnly') && $output !== 'pdf') {
-    RedirectUtils::securityRedirect('Admin');
-}
-
 // Get the list of funds
 $sSQL = "SELECT fun_ID,fun_Name,fun_Description,fun_Active FROM donationfund_fun WHERE fun_Active = 'true' ORDER BY fun_Active, fun_Name";
 $rsFunds = RunQuery($sSQL);
diff --git a/src/Reports/PrintDeposit.php b/src/Reports/PrintDeposit.php
@@ -7,7 +7,6 @@
 use ChurchCRM\model\ChurchCRM\PledgeQuery;
 
 use ChurchCRM\Authentication\AuthenticationManager;
-use ChurchCRM\dto\SystemConfig;
 use ChurchCRM\dto\SystemURLs;
 use ChurchCRM\Utils\InputUtils;
 use ChurchCRM\Utils\RedirectUtils;
@@ -42,11 +41,6 @@
     RedirectUtils::redirect('v2/dashboard');
 }
 
-// If CSVAdminOnly option is enabled and user is not admin, redirect to access denied.
-if (!AuthenticationManager::getCurrentUser()->isAdmin() && SystemConfig::getValue('bCSVAdminOnly') && $output != 'pdf') {
-    RedirectUtils::securityRedirect('Admin');
-}
-
 if ($output === 'pdf') {
     // Server-side guard: if this deposit has no payments, show a friendly message instead of redirecting
     $paymentsCount = PledgeQuery::create()->filterByDepId($iDepositSlipID)->count();
diff --git a/src/Reports/ReminderReport.php b/src/Reports/ReminderReport.php
@@ -9,7 +9,6 @@
 use ChurchCRM\dto\SystemConfig;
 use ChurchCRM\Utils\FiscalYearUtils;
 use ChurchCRM\Utils\InputUtils;
-use ChurchCRM\Utils\RedirectUtils;
 
 // Security
 AuthenticationManager::redirectHomeIfFalse(AuthenticationManager::getCurrentUser()->isFinanceEnabled(), 'Finance');
@@ -25,11 +24,6 @@
 $pledge_filter = InputUtils::legacyFilterInput($_POST['pledge_filter']);
 $only_owe = InputUtils::legacyFilterInput($_POST['only_owe']);
 
-// If CSVAdminOnly option is enabled and user is not admin, redirect to the menu.
-if (!AuthenticationManager::getCurrentUser()->isAdmin() && SystemConfig::getValue('bCSVAdminOnly')) {
-    RedirectUtils::securityRedirect('Admin');
-}
-
 if (!empty($_POST['classList'])) {
     $classList = $_POST['classList'];
 
diff --git a/src/Reports/TaxReport.php b/src/Reports/TaxReport.php
@@ -7,10 +7,9 @@
 
 use ChurchCRM\Authentication\AuthenticationManager;
 use ChurchCRM\dto\SystemConfig;
+use ChurchCRM\Service\FinancialService;
 use ChurchCRM\Utils\CsvExporter;
 use ChurchCRM\Utils\InputUtils;
-use ChurchCRM\Utils\RedirectUtils;
-use ChurchCRM\Service\FinancialService;
 
 // Security
 AuthenticationManager::redirectHomeIfFalse(AuthenticationManager::getCurrentUser()->isFinanceEnabled(), 'Finance');
@@ -25,11 +24,6 @@
 $iDepID = InputUtils::legacyFilterInput($_POST['deposit'], 'int');
 $iMinimum = InputUtils::legacyFilterInput($_POST['minimum'], 'int');
 
-// If CSVAdminOnly option is enabled and user is not admin, redirect to the menu.
-if (!AuthenticationManager::getCurrentUser()->isAdmin() && SystemConfig::getValue('bCSVAdminOnly') && $output != 'pdf') {
-    RedirectUtils::securityRedirect('Admin');
-}
-
 // Prepare filter arrays
 $classList = [];
 $fundIds = [];
diff --git a/src/Reports/ZeroGivers.php b/src/Reports/ZeroGivers.php
@@ -7,10 +7,9 @@
 
 use ChurchCRM\Authentication\AuthenticationManager;
 use ChurchCRM\dto\SystemConfig;
+use ChurchCRM\Service\FinancialService;
 use ChurchCRM\Utils\CsvExporter;
 use ChurchCRM\Utils\InputUtils;
-use ChurchCRM\Utils\RedirectUtils;
-use ChurchCRM\Service\FinancialService;
 
 // Security
 AuthenticationManager::redirectHomeIfFalse(AuthenticationManager::getCurrentUser()->isFinanceEnabled(), 'Finance');
@@ -23,11 +22,6 @@
 $letterhead = InputUtils::legacyFilterInput($_POST['letterhead']);
 $remittance = InputUtils::legacyFilterInput($_POST['remittance']);
 
-// If CSVAdminOnly option is enabled and user is not admin, redirect to the menu.
-if (!AuthenticationManager::getCurrentUser()->isAdmin() && SystemConfig::getValue('bCSVAdminOnly') && $output != 'pdf') {
-    RedirectUtils::securityRedirect('Admin');
-}
-
 // Normalize date range
 $today = date('Y-m-d');
 if (!$sDateEnd && $sDateStart) {
diff --git a/src/TaxReport.php b/src/TaxReport.php
@@ -4,14 +4,11 @@
 require_once __DIR__ . '/Include/Functions.php';
 
 use ChurchCRM\Authentication\AuthenticationManager;
-use ChurchCRM\dto\SystemConfig;
 use ChurchCRM\Utils\InputUtils;
 use ChurchCRM\Utils\RedirectUtils;
 
-// If CSVAdminOnly option is enabled and user is not admin, redirect to the menu.
-if (!AuthenticationManager::getCurrentUser()->isAdmin() && SystemConfig::getValue('bCSVAdminOnly')) {
-    RedirectUtils::securityRedirect('Admin');
-}
+// Security
+AuthenticationManager::redirectHomeIfFalse(AuthenticationManager::getCurrentUser()->isFinanceEnabled(), 'Finance');
 
 $sPageTitle = gettext('Tax Report');
 require_once __DIR__ . '/Include/Header.php';
diff --git a/src/admin/routes/api/user-admin.php b/src/admin/routes/api/user-admin.php
@@ -71,6 +71,6 @@
         $userId = $args['userId'];
         $user = UserQuery::create()->findPk($userId);
 
-        return SlimUtils::renderJSON($response, ['user' => $user->getName(), 'userId' => $user->getId(), 'addEvent' => $user->isAddEvent(), 'csvExport' => $user->isCSVExport()]);
+        return SlimUtils::renderJSON($response, ['user' => $user->getName(), 'userId' => $user->getId(), 'addEvent' => $user->isAddEvent()]);
     });
 })->add(AdminRoleAuthMiddleware::class)->add(UserMiddleware::class);
diff --git a/src/finance/views/reports.php b/src/finance/views/reports.php
@@ -1,6 +1,5 @@
 <?php
 
-use ChurchCRM\Authentication\AuthenticationManager;
 use ChurchCRM\dto\SystemConfig;
 use ChurchCRM\dto\SystemURLs;
 
@@ -21,9 +20,6 @@
     }
 }
 
-$bCSVAdminOnly = SystemConfig::getBooleanValue('bCSVAdminOnly');
-$isAdmin = AuthenticationManager::getCurrentUser()->isAdmin();
-
 ?>
 
 <div class="container-fluid">
@@ -245,9 +241,6 @@
                             <h6><i class="fa-solid fa-download text-success"></i> <?= gettext('Export Options') ?></h6>
                             <p class="small text-muted">
                                 <?= gettext('Most reports can be exported as PDF for printing or CSV for spreadsheet analysis.') ?>
-                                <?php if ($bCSVAdminOnly && !$isAdmin): ?>
-                                <span class="text-warning"><?= gettext('CSV export is restricted to administrators.') ?></span>
-                                <?php endif; ?>
                             </p>
                         </div>
                         <div class="col-md-4">
diff --git a/src/mysql/install/Install.sql b/src/mysql/install/Install.sql
@@ -893,12 +893,10 @@ INSERT INTO `userconfig_ucfg` (`ucfg_per_id`, `ucfg_id`, `ucfg_name`, `ucfg_valu
   (0, 0, 'bEmailMailto', '1', 'boolean', 'User permission to send email via mailto: links', 'TRUE', ''),
   (0, 1, 'sMailtoDelimiter', ',', 'text', 'Delimiter to separate emails in mailto: links', 'TRUE', ''),
   (0, 5, 'bCreateDirectory', '0', 'boolean', 'User permission to create directories', 'FALSE', 'SECURITY'),
-  (0, 6, 'bExportCSV', '0', 'boolean', 'User permission to export CSV files', 'FALSE', 'SECURITY'),
   (0, 10, 'bAddEvent', '0', 'boolean', 'Allow user to add new event', 'FALSE', 'SECURITY'),
   (1, 0, 'bEmailMailto', '1', 'boolean', 'User permission to send email via mailto: links', 'TRUE', ''),
   (1, 1, 'sMailtoDelimiter', ',', 'text', 'user permission to send email via mailto: links', 'TRUE', ''),
-  (1, 5, 'bCreateDirectory', '1', 'boolean', 'User permission to create directories', 'TRUE', ''),
-  (1, 6, 'bExportCSV', '1', 'boolean', 'User permission to export CSV files', 'TRUE', '');
+  (1, 5, 'bCreateDirectory', '1', 'boolean', 'User permission to create directories', 'TRUE', '');
 
 -- --------------------------------------------------------
 
diff --git a/src/mysql/upgrade.json b/src/mysql/upgrade.json
@@ -477,7 +477,9 @@
             "6.7.2",
             "6.7.3"
         ],
-        "scripts": [],
+        "scripts": [
+            "/mysql/upgrade/6.8.0.sql"
+        ],
         "dbVersion": "6.8.0"
     }
 }
diff --git a/src/mysql/upgrade/6.8.0.sql b/src/mysql/upgrade/6.8.0.sql
@@ -0,0 +1,10 @@
+-- Remove deprecated bCSVAdminOnly config setting
+-- This setting provided no real security value as users with CSV export permission
+-- could already export data through DataTables buttons on any page.
+-- Finance permission alone is now sufficient to access CSV exports in financial reports.
+DELETE FROM config_cfg WHERE cfg_name = 'bCSVAdminOnly';
+
+-- Remove deprecated bExportCSV user permission setting
+-- CSV export is now available to all authenticated users.
+-- The permission provided no real security as data visible on screen could always be copied.
+DELETE FROM userconfig_ucfg WHERE ucfg_name = 'bExportCSV';
diff --git a/src/v2/templates/cart/cartfunctions.php b/src/v2/templates/cart/cartfunctions.php
@@ -24,12 +24,9 @@ class="fa-solid fa-people-roof fa-3x"></i><br><?= gettext('Empty Cart to Family'
     <a href="<?= SystemURLs::getRootPath() . "/CartToEvent.php"?>" class="btn btn-app bg-info"><i
         class="fa-solid fa-ticket-alt fa-3x"></i><br><?= gettext('Check In to Event') ?></a>
 
-    <?php if (AuthenticationManager::getCurrentUser()->isCSVExport()) {
-        ?>
-      <a href="<?= SystemURLs::getRootPath() . "/CSVExport.php?Source=cart" ?>" class="btn btn-app bg-warning"><i
-          class="fa-solid fa-file-csv fa-3x"></i><br><?= gettext('CSV Export') ?></a>
-    <?php }
-    ?>
+    <a href="<?= SystemURLs::getRootPath() . "/CSVExport.php?Source=cart" ?>" class="btn btn-app bg-warning"><i
+        class="fa-solid fa-file-csv fa-3x"></i><br><?= gettext('CSV Export') ?></a>
+
     <a href="<?= SystemURLs::getRootPath() . "/MapUsingGoogle.php?GroupID=0"?>" class="btn btn-app bg-purple"><i
         class="fa-solid fa-map-marker fa-3x"></i><br><?= gettext('Map Cart') ?></a>
     <a href="<?= SystemURLs::getRootPath() . "/Reports/NameTags.php?labeltype=74536&labelfont=times&labelfontsize=36"?>" class="btn btn-app bg-primary"><i
diff --git a/src/v2/templates/common/access-denied.php b/src/v2/templates/common/access-denied.php
@@ -17,7 +17,6 @@
     'Notes' => gettext('Notes access'),
     'CreateDirectory' => gettext('Create directory permission'),
     'AddEvent' => gettext('Add event permission'),
-    'CSVExport' => gettext('CSV export permission'),
     'Authentication' => gettext('User authentication'),
 ];
 
