Merge pull request #2225 from lcdservices/CRM-13994

[civicrm-core.git] / CRM / Member / Page / DashBoard.php

diff --git a/CRM/Member/Page/DashBoard.php b/CRM/Member/Page/DashBoard.php
index 7deb2b3f2fcebf28685a771ac693a871d8694442..1b09f4982ea8717d4d57489e24fc6505d9aa7e61 100644 (file)
--- a/CRM/Member/Page/DashBoard.php
+++ b/CRM/Member/Page/DashBoard.php
@@ -1,7 +1,7 @@
 <?php
 /*
  +--------------------------------------------------------------------+
- | CiviCRM version 4.3                                                |
+ | CiviCRM version 4.4                                                |
  +--------------------------------------------------------------------+
  | Copyright CiviCRM LLC (c) 2004-2013                                |
  +--------------------------------------------------------------------+
@@ -47,6 +47,16 @@ class CRM_Member_Page_DashBoard extends CRM_Core_Page {
    *
    */
   function preProcess() {
+
+    //CRM-13901 don't show dashboard to contacts with limited view writes & it does not relect
+    //what they have access to
+    //@todo implement acls on dashboard querys (preferably via api to enhance that at the same time)
+    if(!CRM_Core_Permission::check(array('view all contacts', 'edit all contacts'))) {
+      $this->showMembershipSummary = FALSE;
+      $this->assign('membershipSummary', FALSE);
+      return;
+    }
+    $this->assign('membershipSummary', TRUE);
     CRM_Utils_System::setTitle(ts('CiviMember'));
     $membershipSummary = array();
     $preMonth = date("Y-m-d", mktime(0, 0, 0, date("m") - 1, 01, date("Y")));