X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=CRM%2FProfile%2FPage%2FDynamic.php;h=003e6c799da629f513ca13d3a8419740d1a55636;hb=c9109f52be8f3869ecbb691b07a8b60d82a68594;hp=844e8f14130efeb2d586f85ef95d8992a6dbdd95;hpb=771e2548641c460d0f7a244ad0aefb05c703b478;p=civicrm-core.git

diff --git a/CRM/Profile/Page/Dynamic.php b/CRM/Profile/Page/Dynamic.php
index 844e8f1413..003e6c799d 100644
--- a/CRM/Profile/Page/Dynamic.php
+++ b/CRM/Profile/Page/Dynamic.php
@@ -1,7 +1,7 @@
 <?php
 /*
  +--------------------------------------------------------------------+
- | CiviCRM version 4.5                                                |
+ | CiviCRM version 4.6                                                |
  +--------------------------------------------------------------------+
  | Copyright CiviCRM LLC (c) 2004-2014                                |
  +--------------------------------------------------------------------+
@@ -23,7 +23,7 @@
  | GNU Affero General Public License or the licensing of CiviCRM,     |
  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  +--------------------------------------------------------------------+
-*/
+ */
 
 /**
  *
@@ -44,34 +44,30 @@
 class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
 
   /**
-   * The contact id of the person we are viewing
+   * The contact id of the person we are viewing.
    *
    * @var int
-   * @access protected
    */
   protected $_id;
 
   /**
-   * The profile group are are interested in
+   * The profile group are are interested in.
    *
    * @var int
-   * @access protected
    */
   protected $_gid;
 
   /**
-   * The profile types we restrict this page to display
+   * The profile types we restrict this page to display.
    *
    * @var string
-   * @access protected
    */
   protected $_restrict;
 
   /**
-   * Should we bypass permissions
+   * Should we bypass permissions.
    *
    * @var boolean
-   * @access protected
    */
   protected $_skipPermission;
 
@@ -89,7 +85,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
   protected $_isContactActivityProfile = FALSE;
 
   /**
-   * Activity Id connected to the profile
+   * Activity Id connected to the profile.
    *
    * @var string
    */
@@ -105,19 +101,20 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
   protected $_allFields = NULL;
 
   /**
-   * Class constructor
+   * Class constructor.
    *
-   * @param int $id the contact id
-   * @param int $gid the group id
+   * @param int $id
+   *   The contact id.
+   * @param int $gid
+   *   The group id.
    *
    * @param $restrict
    * @param bool $skipPermission
    * @param null $profileIds
    *
    * @return \CRM_Profile_Page_Dynamic
-   * @access public
    */
-  function __construct($id, $gid, $restrict, $skipPermission = FALSE, $profileIds = NULL) {
+  public function __construct($id, $gid, $restrict, $skipPermission = FALSE, $profileIds = NULL) {
     parent::__construct();
 
     $this->_id = $id;
@@ -138,14 +135,13 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
     //specifies the action being done on a multi record field
     $multiRecordAction = CRM_Utils_Request::retrieve('multiRecord', 'String', $this);
 
-    $this->_multiRecord = (!is_numeric($multiRecordAction)) ?
-      CRM_Core_Action::resolve($multiRecordAction) : $multiRecordAction;
+    $this->_multiRecord = (!is_numeric($multiRecordAction)) ? CRM_Core_Action::resolve($multiRecordAction) : $multiRecordAction;
     if ($this->_multiRecord) {
       $this->set('multiRecord', $this->_multiRecord);
     }
 
     if ($this->_multiRecord & CRM_Core_Action::VIEW) {
-      $this->_recordId  = CRM_Utils_Request::retrieve('recordId', 'Positive', $this);
+      $this->_recordId = CRM_Utils_Request::retrieve('recordId', 'Positive', $this);
       $this->_allFields = CRM_Utils_Request::retrieve('allFields', 'Integer', $this);
     }
 
@@ -169,10 +165,9 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
   /**
    * Get the action links for this page.
    *
-   * @return array $_actionLinks
-   *
+   * @return array
    */
-  function &actionLinks() {
+  public function &actionLinks() {
     return NULL;
   }
 
@@ -183,10 +178,8 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
    * type of action and executes that action.
    *
    * @return void
-   * @access public
-   *
    */
-  function run() {
+  public function run() {
     $template = CRM_Core_Smarty::singleton();
     if ($this->_id && $this->_gid) {
 
@@ -199,8 +192,9 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
       if ($limitListingsGroupsID) {
 
         if (!CRM_Contact_BAO_GroupContact::isContactInGroup($this->_id,
-            $limitListingsGroupsID
-          )) {
+          $limitListingsGroupsID
+        )
+        ) {
           CRM_Utils_System::setTitle(ts('Profile View - Permission Denied'));
           return CRM_Core_Session::setStatus(ts('You do not have permission to view this contact record. Contact the site administrator if you need assistance.'), ts('Permission Denied'), 'error');
         }
@@ -209,12 +203,18 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
       $session = CRM_Core_Session::singleton();
       $userID = $session->get('userID');
 
-      $this->_isPermissionedChecksum = FALSE;
+      $this->_isPermissionedChecksum = $allowPermission = FALSE;
       $permissionType = CRM_Core_Permission::VIEW;
+      if (CRM_Core_Permission::check('administer users') || CRM_Core_Permission::check('view all contacts') || CRM_Contact_BAO_Contact_Permission::allow($this->_id)) {
+        $allowPermission =  TRUE;
+      }
       if ($this->_id != $userID) {
         // do not allow edit for anon users in joomla frontend, CRM-4668, unless u have checksum CRM-5228
         if ($config->userFrameworkFrontend) {
           $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($this->_id, $this, FALSE);
+          if (!$this->_isPermissionedChecksum) {
+            $this->_isPermissionedChecksum = $allowPermission;
+          }
         }
         else {
           $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateChecksumContact($this->_id, $this, FALSE);
@@ -232,12 +232,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
 
       // make sure we dont expose all fields based on permission
       $admin = FALSE;
-      if ((!$config->userFrameworkFrontend &&
-          (CRM_Core_Permission::check('administer users') ||
-            CRM_Core_Permission::check('view all contacts') ||
-            CRM_Contact_BAO_Contact_Permission::allow($this->_id)
-          )
-        ) ||
+      if ((!$config->userFrameworkFrontend && $allowPermission) ||
         $this->_id == $userID ||
         $this->_isPermissionedChecksum
       ) {
@@ -305,7 +300,8 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
             $copyFields = $fields;
             CRM_Core_BAO_UFGroup::shiftMultiRecordFields($copyFields, $multiRecordFields);
             $fieldKey = key($multiRecordFields);
-          } else {
+          }
+          else {
             $fieldKey = key($fields);
           }
           if ($fieldID = CRM_Core_BAO_CustomField::getKeyID($fieldKey)) {
@@ -325,9 +321,12 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
         //CRM-14338
         // Create a unique, non-empty index for each field.
         $index = $field['title'];
-        if ($index === '') $index = ' ';
-        while (array_key_exists($index, $labels))
+        if ($index === '') {
+          $index = ' ';
+        }
+        while (array_key_exists($index, $labels)) {
           $index .= ' ';
+        }
 
         $labels[$index] = preg_replace('/\s+|\W+/', '_', $name);
       }
@@ -356,7 +355,8 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
       $fieldId = CRM_Core_BAO_CustomField::getKeyID($fieldDetail['name']);
       $customGroupDetails = CRM_Core_BAO_CustomGroup::getGroupTitles(array($fieldId));
       $multiRecTitle = $customGroupDetails[$fieldId]['groupTitle'];
-    } else {
+    }
+    else {
       $title = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_UFGroup', $this->_gid, 'title');
     }
 
@@ -391,7 +391,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
    *
    * @return null|string
    */
-  function checkTemplateFileExists($suffix = '') {
+  public function checkTemplateFileExists($suffix = '') {
     if ($this->_gid) {
       $templateFile = "CRM/Profile/Page/{$this->_gid}/Dynamic.{$suffix}tpl";
       $template = CRM_Core_Page::getTemplate();
@@ -412,15 +412,14 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
   }
 
   /**
-   * Use the form name to create the tpl file name
+   * Use the form name to create the tpl file name.
    *
    * @return string
-   * @access public
    */
   /**
    * @return string
    */
-  function getTemplateFileName() {
+  public function getTemplateFileName() {
     $fileName = $this->checkTemplateFileExists();
     return $fileName ? $fileName : parent::getTemplateFileName();
   }
@@ -430,14 +429,13 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
    * i.e. we dont override
    *
    * @return string
-   * @access public
    */
   /**
    * @return string
    */
-  function overrideExtraTemplateFileName() {
+  public function overrideExtraTemplateFileName() {
     $fileName = $this->checkTemplateFileExists('extra.');
     return $fileName ? $fileName : parent::overrideExtraTemplateFileName();
   }
-}
 
+}