projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7ae0389)
CRM-10935 Fixing a number of pages and forms that were ignoring the edit my contact...
authorDave Greenberg <dave@civicrm.org>
Thu, 18 Jul 2013 01:15:46 +0000 (18:15 -0700)
committerDave Greenberg <dave@civicrm.org>
Thu, 18 Jul 2013 01:15:46 +0000 (18:15 -0700)
----------------------------------------
* CRM-10935: Create new Core Permission - CiviCRM: Access own Contact or both "CiviCRM: View own Contact"  and "CiviCRM: Edit own Contact"
  http://issues.civicrm.org/jira/browse/CRM-10935

CRM/Contact/BAO/Contact/Permission.php patch | blob | blame | history
CRM/Contact/Form/Contact.php patch | blob | blame | history
CRM/Contact/Page/View.php patch | blob | blame | history

diff --git a/CRM/Contact/BAO/Contact/Permission.php b/CRM/Contact/BAO/Contact/Permission.php
index 4b4cce81c32d071bd148ee40f130ffff8f458231..c7e74915c93e3935802719228b7f346b79d3be97 100644 (file)
--- a/CRM/Contact/BAO/Contact/Permission.php
+++ b/CRM/Contact/BAO/Contact/Permission.php
@@ -252,7 +252,7 @@ AND    $operationClause LIMIT 1";
         return FALSE;
       }
     }
-    if ($contactID == $selectedContactID) {
+    if ($contactID == $selectedContactID && CRM_Core_Permission::check('edit my contact')) {
       return TRUE;
     }
     else {
diff --git a/CRM/Contact/Form/Contact.php b/CRM/Contact/Form/Contact.php
index 184f63bfaab0f74a766879ca8490c3d7fb98c20c..2cb4b81511d29dff290bf43f33d4247504887b54 100644 (file)
--- a/CRM/Contact/Form/Contact.php
+++ b/CRM/Contact/Form/Contact.php
@@ -206,9 +206,7 @@ class CRM_Contact_Form_Contact extends CRM_Core_Form {
 
         // check for permissions
         $session = CRM_Core_Session::singleton();
-        if ($session->get('userID') != $this->_contactId &&
-          !CRM_Contact_BAO_Contact_Permission::allow($this->_contactId, CRM_Core_Permission::EDIT)
-        ) {
+        if (!CRM_Contact_BAO_Contact_Permission::allow($this->_contactId, CRM_Core_Permission::EDIT)) {
           CRM_Core_Error::statusBounce(ts('You do not have the necessary permission to edit this contact.'));
         }
 
diff --git a/CRM/Contact/Page/View.php b/CRM/Contact/Page/View.php
index 3b92dd4e958c78122d6d35079268668086291bfa..50c9f90f204ee521ba58b516b4f518e0436dee4b 100644 (file)
--- a/CRM/Contact/Page/View.php
+++ b/CRM/Contact/Page/View.php
@@ -203,7 +203,7 @@ class CRM_Contact_Page_View extends CRM_Core_Page {
       'isDeleted' => $isDeleted,
     );
 
-    if (($session->get('userID') == $this->_contactId) ||
+    if (
       CRM_Contact_BAO_Contact_Permission::allow($this->_contactId, CRM_Core_Permission::EDIT)
     ) {
       $recentOther['editUrl'] = CRM_Utils_System::url('civicrm/contact/add', "reset=1&action=update&cid={$this->_contactId}");
@@ -286,7 +286,7 @@ class CRM_Contact_Page_View extends CRM_Core_Page {
     // things easier in dashboard
     $session = CRM_Core_Session::singleton();
 
-    if ($session->get('userID') == $contactID) {
+    if ($session->get('userID') == $contactID && CRM_Core_Permission::check('edit my contact')) {
       $page->assign('permission', 'edit');
       $page->_permission = CRM_Core_Permission::EDIT;
       // deleted contacts’ stuff should be (at best) only viewable