From: systopia <endres@systopia.de>
Date: Tue, 11 Oct 2016 23:53:17 +0000 (+0100)
Subject: added check for 'view/edit my contact'
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=2b8d25f0e5e29c6b8931e24eafe855fedc4ad3bc;p=civicrm-core.git

added check for 'view/edit my contact'
---

diff --git a/CRM/Contact/BAO/Contact/Permission.php b/CRM/Contact/BAO/Contact/Permission.php
index dc2f1fcb63..a165a77048 100644
--- a/CRM/Contact/BAO/Contact/Permission.php
+++ b/CRM/Contact/BAO/Contact/Permission.php
@@ -121,6 +121,12 @@ WHERE contact_id IN ({$contact_id_list})
   public static function allow($id, $type = CRM_Core_Permission::VIEW) {
     $tables = array();
     $whereTables = array();
+    // first: check if contact is trying to view own contact
+    if (   $type == CRM_Core_Permission::VIEW && CRM_Core_Permission::check('view my contact')
+        || $type == CRM_Core_Permission::EDIT && CRM_Core_Permission::check('edit my contact')
+      ) {
+      return TRUE;
+    }
 
     # FIXME: push this somewhere below, to not give this permission so many rights
     $isDeleted = (bool) CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $id, 'is_deleted');