projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8f8d534)
CRM-12646
authorDonald A. Lobo <lobo@civicrm.org>
Mon, 20 May 2013 21:02:35 +0000 (14:02 -0700)
committerDonald A. Lobo <lobo@civicrm.org>
Mon, 20 May 2013 21:02:35 +0000 (14:02 -0700)
----------------------------------------
* CRM-12646: Suppress the ability to edit custom data unless the user has edit rights on the contact.
  http://issues.civicrm.org/jira/browse/CRM-12646

CRM/Contact/Page/View/CustomData.php patch | blob | blame | history

diff --git a/CRM/Contact/Page/View/CustomData.php b/CRM/Contact/Page/View/CustomData.php
index 62ba165aac096853d1103b1c3daf5e5785679e09..50411420d86a9b465471952974ef3b8ed45abcbe 100644 (file)
--- a/CRM/Contact/Page/View/CustomData.php
+++ b/CRM/Contact/Page/View/CustomData.php
@@ -100,9 +100,9 @@ class CRM_Contact_Page_View_CustomData extends CRM_Core_Page {
     $session->pushUserContext(CRM_Utils_System::url($doneURL, 'action=browse&selectedChild=custom_' . $this->_groupId), FALSE);
 
     // get permission detail view or edit
-    $permUser = CRM_Core_Permission::getPermission();
-
-    $editCustomData = (CRM_Core_Permission::VIEW == $permUser) ? 0 : 1;
+    // use a comtact id specific function which gives us much better granularity
+    // CRM-12646
+    $editCustomData = CRM_Contact_BAO_Contact_Permission::allow($this->_contactId, CRM_Core_Permission::EDIT);
     $this->assign('editCustomData', $editCustomData);
 
     //allow to edit own customdata CRM-5518