CRM-21393: Event checkPermission should only check the specific event, if eventId...

author Mathieu Lutfy <mathieu@bidon.ca>

Sat, 4 Nov 2017 03:25:00 +0000 (23:25 -0400)

committer Mathieu Lutfy <mathieu@bidon.ca>

Sat, 4 Nov 2017 03:25:00 +0000 (23:25 -0400)
author Mathieu Lutfy <mathieu@bidon.ca>
Sat, 4 Nov 2017 03:25:00 +0000 (23:25 -0400)
committer Mathieu Lutfy <mathieu@bidon.ca>
Sat, 4 Nov 2017 03:25:00 +0000 (23:25 -0400)
diff --git a/CRM/Event/BAO/Event.php b/CRM/Event/BAO/Event.php

index d9a653736e2843e497b5f1c146b71765eb019b1c..bdcefed7e7ab41f047e3b38c1b876e8983bc2881 100644 (file)
--- a/CRM/Event/BAO/Event.php
+++ b/CRM/Event/BAO/Event.php
@@ -2066,23 +2066,24 @@ WHERE  ce.loc_block_id = $locBlockId";
      static $permissions = NULL;
  
      if (empty($permissions)) {
-      $result = civicrm_api3('Event', 'get', array(
+      $params = array(
          'check_permissions' => 1,
          'return' => 'title',
          'options' => array(
            'limit' => 0,
          ),
-      ));
+      );
+
+      if ($eventId) {
+        $params['id'] = $eventId;
+      }
+
+      $result = civicrm_api3('Event', 'get', $params);
        $allEvents = CRM_Utils_Array::collect('title', $result['values']);
  
-      $result = civicrm_api3('Event', 'get', array(
-        'check_permissions' => 1,
-        'return' => 'title',
-        'created_id' => 'user_contact_id',
-        'options' => array(
-          'limit' => 0,
-        ),
-      ));
+      // Search again, but only events created by the user.
+      $params['created_id'] = 'user_contact_id';
+      $result = civicrm_api3('Event', 'get', $params);
        $createdEvents = CRM_Utils_Array::collect('title', $result['values']);
  
        // Note: for a multisite setup, a user with edit all events, can edit all events
author	Mathieu Lutfy <mathieu@bidon.ca>
	Sat, 4 Nov 2017 03:25:00 +0000 (23:25 -0400)
committer	Mathieu Lutfy <mathieu@bidon.ca>
	Sat, 4 Nov 2017 03:25:00 +0000 (23:25 -0400)