X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FUtils%2FRecent.php;h=f09ce294bbbb795e667bb1f15f1d5d8731948ea1;hb=f8307138bf292130a628e68f346535b398ae9b63;hp=04e5801edb75f7a02f084c94ef7ea096a76386ff;hpb=d2256e5ca2efd55ce52372d299de6edc267b4b29;p=civicrm-core.git

diff --git a/CRM/Utils/Recent.php b/CRM/Utils/Recent.php
index 04e5801edb..f09ce294bb 100644
--- a/CRM/Utils/Recent.php
+++ b/CRM/Utils/Recent.php
@@ -80,8 +80,18 @@ class CRM_Utils_Recent {
    * Create function used by the API - supplies defaults
    *
    * @param array $params
+   * @param Civi\Api4\Generic\AbstractAction $action
    */
-  public static function create(array $params) {
+  public static function create(array $params, Civi\Api4\Generic\AbstractAction $action) {
+    if ($action->getCheckPermissions()) {
+      $allowed = civicrm_api4($params['entity_type'], 'checkAccess', [
+        'action' => 'get',
+        'values' => ['id' => $params['entity_id']],
+      ], 0);
+      if (empty($allowed['access'])) {
+        return [];
+      }
+    }
     $params['title'] = $params['title'] ?? self::getTitle($params['entity_type'], $params['entity_id']);
     $params['view_url'] = $params['view_url'] ?? self::getUrl($params['entity_type'], $params['entity_id'], 'view');
     $params['edit_url'] = $params['edit_url'] ?? self::getUrl($params['entity_type'], $params['entity_id'], 'update');
@@ -182,10 +192,11 @@ class CRM_Utils_Recent {
       $record = civicrm_api4($entityType, 'get', [
         'where' => [['id', '=', $entityId]],
         'select' => [$labelField],
+        'checkPermissions' => FALSE,
       ], 0);
       $title = $record[$labelField] ?? NULL;
     }
-    return $title ?? (CoreUtil::getInfoItem($entityType, 'label_field'));
+    return $title ?? (CoreUtil::getInfoItem($entityType, 'title'));
   }
 
   /**