Merge remote-tracking branch 'upstream/4.4' into 4.4-master-2014-04-21-08-12-12

[civicrm-core.git] / CRM / Member / Page / DashBoard.php

diff --git a/CRM/Member/Page/DashBoard.php b/CRM/Member/Page/DashBoard.php
index 45dfa5abb03b2d71bce5b4824582369227436473..ab55f088a075422e51247c9cc21bf7a83bf0ed3a 100644 (file)
--- a/CRM/Member/Page/DashBoard.php
+++ b/CRM/Member/Page/DashBoard.php
@@ -1,9 +1,9 @@
 <?php
 /*
  +--------------------------------------------------------------------+
- | CiviCRM version 4.4                                                |
+ | CiviCRM version 4.5                                                |
  +--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2013                                |
+ | Copyright CiviCRM LLC (c) 2004-2014                                |
  +--------------------------------------------------------------------+
  | This file is a part of CiviCRM.                                    |
  |                                                                    |
@@ -28,7 +28,7 @@
 /**
  *
  * @package CRM
- * @copyright CiviCRM LLC (c) 2004-2013
+ * @copyright CiviCRM LLC (c) 2004-2014
  * $Id$
  *
  */
@@ -47,6 +47,16 @@ class CRM_Member_Page_DashBoard extends CRM_Core_Page {
    *
    */
   function preProcess() {
+
+    //CRM-13901 don't show dashboard to contacts with limited view writes & it does not relect
+    //what they have access to
+    //@todo implement acls on dashboard querys (preferably via api to enhance that at the same time)
+    if(!CRM_Core_Permission::check(array('view all contacts', 'edit all contacts'))) {
+      $this->showMembershipSummary = FALSE;
+      $this->assign('membershipSummary', FALSE);
+      return;
+    }
+    $this->assign('membershipSummary', TRUE);
     CRM_Utils_System::setTitle(ts('CiviMember'));
     $membershipSummary = array();
     $preMonth = date("Y-m-d", mktime(0, 0, 0, date("m") - 1, 01, date("Y")));