X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=CRM%2FProfile%2FPage%2FDynamic.php;h=003e6c799da629f513ca13d3a8419740d1a55636;hb=c9109f52be8f3869ecbb691b07a8b60d82a68594;hp=90d10a41e5d79b0338baa5c2c22893df6e05b0b7;hpb=6f2500ee7589360102875df4367568fe87485df6;p=civicrm-core.git

diff --git a/CRM/Profile/Page/Dynamic.php b/CRM/Profile/Page/Dynamic.php
index 90d10a41e5..003e6c799d 100644
--- a/CRM/Profile/Page/Dynamic.php
+++ b/CRM/Profile/Page/Dynamic.php
@@ -23,7 +23,7 @@
  | GNU Affero General Public License or the licensing of CiviCRM,     |
  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  +--------------------------------------------------------------------+
-*/
+ */
 
 /**
  *
@@ -44,28 +44,28 @@
 class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
 
   /**
-   * The contact id of the person we are viewing
+   * The contact id of the person we are viewing.
    *
    * @var int
    */
   protected $_id;
 
   /**
-   * The profile group are are interested in
+   * The profile group are are interested in.
    *
    * @var int
    */
   protected $_gid;
 
   /**
-   * The profile types we restrict this page to display
+   * The profile types we restrict this page to display.
    *
    * @var string
    */
   protected $_restrict;
 
   /**
-   * Should we bypass permissions
+   * Should we bypass permissions.
    *
    * @var boolean
    */
@@ -85,7 +85,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
   protected $_isContactActivityProfile = FALSE;
 
   /**
-   * Activity Id connected to the profile
+   * Activity Id connected to the profile.
    *
    * @var string
    */
@@ -101,7 +101,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
   protected $_allFields = NULL;
 
   /**
-   * Class constructor
+   * Class constructor.
    *
    * @param int $id
    *   The contact id.
@@ -141,7 +141,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
     }
 
     if ($this->_multiRecord & CRM_Core_Action::VIEW) {
-      $this->_recordId  = CRM_Utils_Request::retrieve('recordId', 'Positive', $this);
+      $this->_recordId = CRM_Utils_Request::retrieve('recordId', 'Positive', $this);
       $this->_allFields = CRM_Utils_Request::retrieve('allFields', 'Integer', $this);
     }
 
@@ -165,8 +165,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
   /**
    * Get the action links for this page.
    *
-   * @return array $_actionLinks
-   *
+   * @return array
    */
   public function &actionLinks() {
     return NULL;
@@ -179,7 +178,6 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
    * type of action and executes that action.
    *
    * @return void
-   *
    */
   public function run() {
     $template = CRM_Core_Smarty::singleton();
@@ -194,8 +192,9 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
       if ($limitListingsGroupsID) {
 
         if (!CRM_Contact_BAO_GroupContact::isContactInGroup($this->_id,
-            $limitListingsGroupsID
-          )) {
+          $limitListingsGroupsID
+        )
+        ) {
           CRM_Utils_System::setTitle(ts('Profile View - Permission Denied'));
           return CRM_Core_Session::setStatus(ts('You do not have permission to view this contact record. Contact the site administrator if you need assistance.'), ts('Permission Denied'), 'error');
         }
@@ -204,12 +203,18 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
       $session = CRM_Core_Session::singleton();
       $userID = $session->get('userID');
 
-      $this->_isPermissionedChecksum = FALSE;
+      $this->_isPermissionedChecksum = $allowPermission = FALSE;
       $permissionType = CRM_Core_Permission::VIEW;
+      if (CRM_Core_Permission::check('administer users') || CRM_Core_Permission::check('view all contacts') || CRM_Contact_BAO_Contact_Permission::allow($this->_id)) {
+        $allowPermission =  TRUE;
+      }
       if ($this->_id != $userID) {
         // do not allow edit for anon users in joomla frontend, CRM-4668, unless u have checksum CRM-5228
         if ($config->userFrameworkFrontend) {
           $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($this->_id, $this, FALSE);
+          if (!$this->_isPermissionedChecksum) {
+            $this->_isPermissionedChecksum = $allowPermission;
+          }
         }
         else {
           $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateChecksumContact($this->_id, $this, FALSE);
@@ -227,12 +232,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
 
       // make sure we dont expose all fields based on permission
       $admin = FALSE;
-      if ((!$config->userFrameworkFrontend &&
-          (CRM_Core_Permission::check('administer users') ||
-            CRM_Core_Permission::check('view all contacts') ||
-            CRM_Contact_BAO_Contact_Permission::allow($this->_id)
-          )
-        ) ||
+      if ((!$config->userFrameworkFrontend && $allowPermission) ||
         $this->_id == $userID ||
         $this->_isPermissionedChecksum
       ) {
@@ -412,7 +412,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
   }
 
   /**
-   * Use the form name to create the tpl file name
+   * Use the form name to create the tpl file name.
    *
    * @return string
    */
@@ -437,4 +437,5 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page {
     $fileName = $this->checkTemplateFileExists('extra.');
     return $fileName ? $fileName : parent::overrideExtraTemplateFileName();
   }
+
 }