projects / civicrm-core.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #22496 from civicrm/5.46
[civicrm-core.git] / CRM / Custom / Page / AJAX.php
diff --git a/CRM/Custom/Page/AJAX.php b/CRM/Custom/Page/AJAX.php
index 3b56de1adba532c231219fb7f267d10eac3e79fa..5ddbb19ccd19426f7f86ceef8cdd57c72ddf884e 100644 (file)
--- a/CRM/Custom/Page/AJAX.php
+++ b/CRM/Custom/Page/AJAX.php
@@ -13,7 +13,6 @@
  *
  * @package CRM
  * @copyright CiviCRM LLC https://civicrm.org/licensing
- *
  */
 
 /**
@@ -93,7 +92,6 @@ class CRM_Custom_Page_AJAX {
 
   /**
    * Get list of Multi Record Fields.
-   *
    */
   public static function getMultiRecordFieldList() {
 
@@ -101,6 +99,12 @@ class CRM_Custom_Page_AJAX {
     $params['cid'] = CRM_Utils_Type::escape($_GET['cid'], 'Integer');
     $params['cgid'] = CRM_Utils_Type::escape($_GET['cgid'], 'Integer');
 
+    if (!CRM_Core_BAO_CustomGroup::checkGroupAccess($params['cgid'], CRM_Core_Permission::VIEW) ||
+      !CRM_Contact_BAO_Contact_Permission::allow($params['cid'], CRM_Core_Permission::VIEW)
+    ) {
+      CRM_Utils_System::permissionDenied();
+    }
+
     $contactType = CRM_Contact_BAO_Contact::getContactType($params['cid']);
 
     $obj = new CRM_Profile_Page_MultipleRecordFieldsListing();
@@ -119,7 +123,6 @@ class CRM_Custom_Page_AJAX {
     // format params and add class attributes
     $fieldList = [];
     foreach ($fields as $id => $value) {
-      $field = [];
       foreach ($value as $fieldId => &$fieldName) {
         if (!empty($attributes[$fieldId][$id]['class'])) {
           $fieldName = ['data' => $fieldName, 'cellClass' => $attributes[$fieldId][$id]['class']];
@@ -129,8 +132,7 @@ class CRM_Custom_Page_AJAX {
           CRM_Utils_Array::crmReplaceKey($value, $fieldId, $fName);
         }
       }
-      $field = $value;
-      array_push($fieldList, $field);
+      array_push($fieldList, $value);
     }
     $totalRecords = !empty($obj->_total) ? $obj->_total : 0;
 
@@ -139,10 +141,6 @@ class CRM_Custom_Page_AJAX {
     $multiRecordFields['recordsTotal'] = $totalRecords;
     $multiRecordFields['recordsFiltered'] = $totalRecords;
 
-    if (!empty($_GET['is_unit_test'])) {
-      return $multiRecordFields;
-    }
-
     CRM_Utils_JSON::output($multiRecordFields);
   }