| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
-*/
+ */
/**
*
class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
/**
- * The contact id of the person we are viewing
+ * The contact id of the person we are viewing.
*
* @var int
*/
protected $_id;
/**
- * The profile group are are interested in
+ * The profile group are are interested in.
*
* @var int
*/
protected $_gid;
/**
- * The profile types we restrict this page to display
+ * The profile types we restrict this page to display.
*
* @var string
*/
protected $_restrict;
/**
- * Should we bypass permissions
+ * Should we bypass permissions.
*
* @var boolean
*/
protected $_isContactActivityProfile = FALSE;
/**
- * Activity Id connected to the profile
+ * Activity Id connected to the profile.
*
* @var string
*/
protected $_allFields = NULL;
/**
- * Class constructor
+ * Class constructor.
*
* @param int $id
* The contact id.
}
if ($this->_multiRecord & CRM_Core_Action::VIEW) {
- $this->_recordId = CRM_Utils_Request::retrieve('recordId', 'Positive', $this);
+ $this->_recordId = CRM_Utils_Request::retrieve('recordId', 'Positive', $this);
$this->_allFields = CRM_Utils_Request::retrieve('allFields', 'Integer', $this);
}
/**
* Get the action links for this page.
*
- * @return array $_actionLinks
- *
+ * @return array
*/
public function &actionLinks() {
return NULL;
* type of action and executes that action.
*
* @return void
- *
*/
public function run() {
$template = CRM_Core_Smarty::singleton();
if ($limitListingsGroupsID) {
if (!CRM_Contact_BAO_GroupContact::isContactInGroup($this->_id,
- $limitListingsGroupsID
- )) {
+ $limitListingsGroupsID
+ )
+ ) {
CRM_Utils_System::setTitle(ts('Profile View - Permission Denied'));
return CRM_Core_Session::setStatus(ts('You do not have permission to view this contact record. Contact the site administrator if you need assistance.'), ts('Permission Denied'), 'error');
}
$session = CRM_Core_Session::singleton();
$userID = $session->get('userID');
- $this->_isPermissionedChecksum = FALSE;
+ $this->_isPermissionedChecksum = $allowPermission = FALSE;
$permissionType = CRM_Core_Permission::VIEW;
+ if (CRM_Core_Permission::check('administer users') || CRM_Core_Permission::check('view all contacts') || CRM_Contact_BAO_Contact_Permission::allow($this->_id)) {
+ $allowPermission = TRUE;
+ }
if ($this->_id != $userID) {
// do not allow edit for anon users in joomla frontend, CRM-4668, unless u have checksum CRM-5228
if ($config->userFrameworkFrontend) {
$this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($this->_id, $this, FALSE);
+ if (!$this->_isPermissionedChecksum) {
+ $this->_isPermissionedChecksum = $allowPermission;
+ }
}
else {
$this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateChecksumContact($this->_id, $this, FALSE);
// make sure we dont expose all fields based on permission
$admin = FALSE;
- if ((!$config->userFrameworkFrontend &&
- (CRM_Core_Permission::check('administer users') ||
- CRM_Core_Permission::check('view all contacts') ||
- CRM_Contact_BAO_Contact_Permission::allow($this->_id)
- )
- ) ||
+ if ((!$config->userFrameworkFrontend && $allowPermission) ||
$this->_id == $userID ||
$this->_isPermissionedChecksum
) {
}
/**
- * Use the form name to create the tpl file name
+ * Use the form name to create the tpl file name.
*
* @return string
*/
$fileName = $this->checkTemplateFileExists('extra.');
return $fileName ? $fileName : parent::overrideExtraTemplateFileName();
}
+
}