X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=Civi%2FAPI%2FSelectQuery.php;h=d7c6d3f12733f18d2c0ec4b8823137896a8e2bfc;hb=5936dc2106ff15d5ec6573a61da755852fa999e3;hp=9e98602a0471553fe0dd7142562171f0f24b2e08;hpb=d1ae16d11c8eaf40d7489f4a2d4605ef2f7c607c;p=civicrm-core.git

diff --git a/Civi/API/SelectQuery.php b/Civi/API/SelectQuery.php
index 9e98602a04..d7c6d3f127 100644
--- a/Civi/API/SelectQuery.php
+++ b/Civi/API/SelectQuery.php
@@ -217,6 +217,12 @@ abstract class SelectQuery {
         // Join doesn't exist - might be another param with a dot in it for some reason, we'll just ignore it.
         return NULL;
       }
+
+      // Skip if we don't have permission to access this field
+      if ($this->checkPermissions && !empty($fieldInfo['permission']) && !\CRM_Core_Permission::check($fieldInfo['permission'])) {
+        return NULL;
+      }
+
       $fkTable = \CRM_Core_DAO_AllCoreTables::getTableForClass($fkField['FKClassName']);
       $tableAlias = implode('_to_', $subStack) . "_to_$fkTable";