projects / civicrm-core.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #2225 from lcdservices/CRM-13994
[civicrm-core.git] / CRM / Member / Page / DashBoard.php
diff --git a/CRM/Member/Page/DashBoard.php b/CRM/Member/Page/DashBoard.php
index 45dfa5abb03b2d71bce5b4824582369227436473..1b09f4982ea8717d4d57489e24fc6505d9aa7e61 100644 (file)
--- a/CRM/Member/Page/DashBoard.php
+++ b/CRM/Member/Page/DashBoard.php
@@ -47,6 +47,16 @@ class CRM_Member_Page_DashBoard extends CRM_Core_Page {
    *
    */
   function preProcess() {
+
+    //CRM-13901 don't show dashboard to contacts with limited view writes & it does not relect
+    //what they have access to
+    //@todo implement acls on dashboard querys (preferably via api to enhance that at the same time)
+    if(!CRM_Core_Permission::check(array('view all contacts', 'edit all contacts'))) {
+      $this->showMembershipSummary = FALSE;
+      $this->assign('membershipSummary', FALSE);
+      return;
+    }
+    $this->assign('membershipSummary', TRUE);
     CRM_Utils_System::setTitle(ts('CiviMember'));
     $membershipSummary = array();
     $preMonth = date("Y-m-d", mktime(0, 0, 0, date("m") - 1, 01, date("Y")));