X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FProfile%2FPage%2FDynamic.php;h=d73239db28498c3e52c002a896b44c9d4135179c;hb=b44e3f8468ceba3e1b321d31dd2e35a1aa1a5d9a;hp=95a16677eb50ae1b3c3ec9fdadbbe66e9b51d60d;hpb=d36b8b20ac964dc3c0a74f98f580dc7b0ad7383e;p=civicrm-core.git diff --git a/CRM/Profile/Page/Dynamic.php b/CRM/Profile/Page/Dynamic.php index 95a16677eb..d73239db28 100644 --- a/CRM/Profile/Page/Dynamic.php +++ b/CRM/Profile/Page/Dynamic.php @@ -3,7 +3,7 @@ +--------------------------------------------------------------------+ | CiviCRM version 4.6 | +--------------------------------------------------------------------+ - | Copyright CiviCRM LLC (c) 2004-2014 | + | Copyright CiviCRM LLC (c) 2004-2015 | +--------------------------------------------------------------------+ | This file is a part of CiviCRM. | | | @@ -23,12 +23,12 @@ | GNU Affero General Public License or the licensing of CiviCRM, | | see the CiviCRM license FAQ at http://civicrm.org/licensing | +--------------------------------------------------------------------+ -*/ + */ /** * * @package CRM - * @copyright CiviCRM LLC (c) 2004-2014 + * @copyright CiviCRM LLC (c) 2004-2015 * $Id$ * */ @@ -44,28 +44,28 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page { /** - * The contact id of the person we are viewing + * The contact id of the person we are viewing. * * @var int */ protected $_id; /** - * The profile group are are interested in + * The profile group are are interested in. * * @var int */ protected $_gid; /** - * The profile types we restrict this page to display + * The profile types we restrict this page to display. * * @var string */ protected $_restrict; /** - * Should we bypass permissions + * Should we bypass permissions. * * @var boolean */ @@ -85,7 +85,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page { protected $_isContactActivityProfile = FALSE; /** - * Activity Id connected to the profile + * Activity Id connected to the profile. * * @var string */ @@ -101,7 +101,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page { protected $_allFields = NULL; /** - * Class constructor + * Class constructor. * * @param int $id * The contact id. @@ -203,12 +203,18 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page { $session = CRM_Core_Session::singleton(); $userID = $session->get('userID'); - $this->_isPermissionedChecksum = FALSE; + $this->_isPermissionedChecksum = $allowPermission = FALSE; $permissionType = CRM_Core_Permission::VIEW; + if (CRM_Core_Permission::check('administer users') || CRM_Core_Permission::check('view all contacts') || CRM_Contact_BAO_Contact_Permission::allow($this->_id)) { + $allowPermission = TRUE; + } if ($this->_id != $userID) { // do not allow edit for anon users in joomla frontend, CRM-4668, unless u have checksum CRM-5228 if ($config->userFrameworkFrontend) { $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($this->_id, $this, FALSE); + if (!$this->_isPermissionedChecksum) { + $this->_isPermissionedChecksum = $allowPermission; + } } else { $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateChecksumContact($this->_id, $this, FALSE); @@ -226,12 +232,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page { // make sure we dont expose all fields based on permission $admin = FALSE; - if ((!$config->userFrameworkFrontend && - (CRM_Core_Permission::check('administer users') || - CRM_Core_Permission::check('view all contacts') || - CRM_Contact_BAO_Contact_Permission::allow($this->_id) - ) - ) || + if ((!$config->userFrameworkFrontend && $allowPermission) || $this->_id == $userID || $this->_isPermissionedChecksum ) { @@ -411,7 +412,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page { } /** - * Use the form name to create the tpl file name + * Use the form name to create the tpl file name. * * @return string */ @@ -436,4 +437,5 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page { $fileName = $this->checkTemplateFileExists('extra.'); return $fileName ? $fileName : parent::overrideExtraTemplateFileName(); } + }