}
$mask = CRM_Core_Action::mask($permissions);
+ $this->assign('canAddNotes', CRM_Core_Permission::check('add contact notes'));
+
$values = array();
$links = self::links();
$action = array_sum(array_keys($links)) & $mask;
if ($this->_action & CRM_Core_Action::VIEW) {
$this->view();
}
- elseif ($this->_action & (CRM_Core_Action::UPDATE | CRM_Core_Action::ADD)) {
+ elseif ($this->_action & CRM_Core_Action::ADD) {
+ if (
+ $this->_permission != CRM_Core_Permission::EDIT &&
+ !CRM_Core_Permission::check('add contact notes')
+ ) {
+ CRM_Core_Error::statusBounce(ts('You do not have access to add notes.'));
+ }
+
+ $this->edit();
+ }
+ elseif ($this->_action & CRM_Core_Action::UPDATE) {
+ if ($this->_permission != CRM_Core_Permission::EDIT) {
+ CRM_Core_Error::statusBounce(ts('You do not have access to edit this note.'));
+ }
+
$this->edit();
}
elseif ($this->_action & CRM_Core_Action::DELETE) {
+ if ($this->_permission != CRM_Core_Permission::EDIT) {
+ CRM_Core_Error::statusBounce(ts('You do not have access to delete this note.'));
+ }
// we use the edit screen the confirm the delete
$this->edit();
}