Including all users for case permission check

author Joseph Lacey <joseph@palantetech.coop>

Mon, 6 Jun 2016 17:00:49 +0000 (11:00 -0600)

committer Joseph Lacey <joseph@palantetech.coop>

Mon, 6 Jun 2016 17:00:49 +0000 (11:00 -0600)
author Joseph Lacey <joseph@palantetech.coop>
Mon, 6 Jun 2016 17:00:49 +0000 (11:00 -0600)
committer Joseph Lacey <joseph@palantetech.coop>
Mon, 6 Jun 2016 17:00:49 +0000 (11:00 -0600)
diff --git a/CRM/Case/Form/Activity.php b/CRM/Case/Form/Activity.php

index 4161112e247c364292084d9b7b05f430139cee29..bac8f22305f041d1a5e78a809eced54d7f787b83 100644 (file)
--- a/CRM/Case/Form/Activity.php
+++ b/CRM/Case/Form/Activity.php
@@ -102,7 +102,7 @@ class CRM_Case_Form_Activity extends CRM_Activity_Form_Activity {
      ) {
        $session = CRM_Core_Session::singleton();
        $allCases = CRM_Case_BAO_Case::getCases(TRUE, $session->get('userID'), 'any');
-      if (!array_key_exists($this->_caseId[0], $allCases)) {
+      if (count(array_intersect($this->_caseId, array_keys($allCases))) == 0) {
          CRM_Core_Error::fatal(ts('You are not authorized to access this page.'));
        }
      }
author	Joseph Lacey <joseph@palantetech.coop>
	Mon, 6 Jun 2016 17:00:49 +0000 (11:00 -0600)
committer	Joseph Lacey <joseph@palantetech.coop>
	Mon, 6 Jun 2016 17:00:49 +0000 (11:00 -0600)