}
$mask = CRM_Core_Action::mask($permissions);
+ $this->assign('canAddNotes', CRM_Core_Permission::check('add contact notes'));
+
$values = array();
$links = self::links();
$action = array_sum(array_keys($links)) & $mask;
if ($this->_action & CRM_Core_Action::VIEW) {
$this->view();
}
- elseif ($this->_action & (CRM_Core_Action::UPDATE | CRM_Core_Action::ADD)) {
+ elseif ($this->_action & CRM_Core_Action::ADD) {
+ if (
+ $this->_permission != CRM_Core_Permission::EDIT &&
+ !CRM_Core_Permission::check('add contact notes')
+ ) {
+ CRM_Core_Error::statusBounce(ts('You do not have access to add notes.'));
+ }
+
+ $this->edit();
+ }
+ elseif ($this->_action & CRM_Core_Action::UPDATE) {
+ if ($this->_permission != CRM_Core_Permission::EDIT) {
+ CRM_Core_Error::statusBounce(ts('You do not have access to edit this note.'));
+ }
+
$this->edit();
}
elseif ($this->_action & CRM_Core_Action::DELETE) {
+ if ($this->_permission != CRM_Core_Permission::EDIT) {
+ CRM_Core_Error::statusBounce(ts('You do not have access to delete this note.'));
+ }
// we use the edit screen the confirm the delete
$this->edit();
}
$prefix . ts('view all notes'),
ts("View notes (for visible contacts) even if they're marked admin only"),
),
+ 'add contact notes' => array(
+ $prefix . ts('add contact notes'),
+ ts("Create notes for contacts"),
+ ),
'access AJAX API' => array(
$prefix . ts('access AJAX API'),
ts('Allow API access even if Access CiviCRM is not granted'),
{/if}
-{if $permission EQ 'edit' AND ($action eq 16)}
+{if ($permission EQ 'edit' OR $canAddNotes) AND ($action eq 16)}
<div class="action-link">
<a accesskey="N" href="{crmURL p='civicrm/contact/view/note' q="cid=`$contactId`&action=add"}" class="button medium-popup"><span><i class="crm-i fa-comment"></i> {ts}Add Note{/ts}</span></a>
</div>
projects / civicrm-core.git / commitdiff