Fix permission checks on contact create popups

author Coleman Watts <coleman@civicrm.org>

Fri, 25 Jan 2019 21:28:35 +0000 (16:28 -0500)

committer Coleman Watts <coleman@civicrm.org>

Wed, 30 Jan 2019 02:27:18 +0000 (21:27 -0500)
author Coleman Watts <coleman@civicrm.org>
Fri, 25 Jan 2019 21:28:35 +0000 (16:28 -0500)
committer Coleman Watts <coleman@civicrm.org>
Wed, 30 Jan 2019 02:27:18 +0000 (21:27 -0500)
diff --git a/CRM/Contact/BAO/Contact.php b/CRM/Contact/BAO/Contact.php

index 77761d4d18596508695bdbea789e1858a990d80e..da45da8e39c6714b92bb3e9dec1b327ef97f595b 100644 (file)
--- a/CRM/Contact/BAO/Contact.php
+++ b/CRM/Contact/BAO/Contact.php
@@ -3651,7 +3651,7 @@ LEFT JOIN civicrm_address ON ( civicrm_address.contact_id = civicrm_contact.id )
     * @return bool
     */
    public static function entityRefCreateLinks() {
-    return CRM_Core_Permission::check([['edit all contacts', 'add contacts']]);
+    return CRM_Core_Permission::check([['profile create', 'profile listings and forms']]);
    }
  
  }
diff --git a/CRM/Core/BAO/UFGroup.php b/CRM/Core/BAO/UFGroup.php

index 9fc2793259347a45af0fc40ac653c9310b64a391..952e70aedfefdfebb0b1b5e2951f96123bfa1054 100644 (file)
--- a/CRM/Core/BAO/UFGroup.php
+++ b/CRM/Core/BAO/UFGroup.php
@@ -3328,6 +3328,9 @@ AND    ( entity_id IS NULL OR entity_id <= 0 )
     * @return array
     */
    public static function getCreateLinks($profiles = '', $appendProfiles = array()) {
+    if (!CRM_Contact_BAO_Contact::entityRefCreateLinks()) {
+      return [];
+    }
      // Default to contact profiles
      if (!$profiles) {
        $profiles = array('new_individual', 'new_organization', 'new_household');
author	Coleman Watts <coleman@civicrm.org>
	Fri, 25 Jan 2019 21:28:35 +0000 (16:28 -0500)
committer	Coleman Watts <coleman@civicrm.org>
	Wed, 30 Jan 2019 02:27:18 +0000 (21:27 -0500)
CRM/Contact/BAO/Contact.php		patch \| blob \| blame \| history
CRM/Core/BAO/UFGroup.php		patch \| blob \| blame \| history