From: Web Access Date: Fri, 20 Feb 2015 15:20:57 +0000 (+0530) Subject: Fix for CRM-15860 X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=942d23745b139677d2c8d06e9db54281d577d171;p=civicrm-core.git Fix for CRM-15860 --- diff --git a/CRM/Profile/Page/Dynamic.php b/CRM/Profile/Page/Dynamic.php index 08b3bcb246..8a68a979c6 100644 --- a/CRM/Profile/Page/Dynamic.php +++ b/CRM/Profile/Page/Dynamic.php @@ -209,12 +209,18 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page { $session = CRM_Core_Session::singleton(); $userID = $session->get('userID'); - $this->_isPermissionedChecksum = FALSE; + $this->_isPermissionedChecksum = $allowPermission = FALSE; $permissionType = CRM_Core_Permission::VIEW; + if (CRM_Core_Permission::check('administer users') || CRM_Core_Permission::check('view all contacts') || CRM_Contact_BAO_Contact_Permission::allow($this->_id)) { + $allowPermission = TRUE; + } if ($this->_id != $userID) { // do not allow edit for anon users in joomla frontend, CRM-4668, unless u have checksum CRM-5228 if ($config->userFrameworkFrontend) { $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateOnlyChecksum($this->_id, $this, FALSE); + if (!$this->_isPermissionedChecksum) { + $this->_isPermissionedChecksum = $allowPermission; + } } else { $this->_isPermissionedChecksum = CRM_Contact_BAO_Contact_Permission::validateChecksumContact($this->_id, $this, FALSE); @@ -232,12 +238,7 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page { // make sure we dont expose all fields based on permission $admin = FALSE; - if ((!$config->userFrameworkFrontend && - (CRM_Core_Permission::check('administer users') || - CRM_Core_Permission::check('view all contacts') || - CRM_Contact_BAO_Contact_Permission::allow($this->_id) - ) - ) || + if ((!$config->userFrameworkFrontend && $allowPermission) || $this->_id == $userID || $this->_isPermissionedChecksum ) { @@ -440,4 +441,3 @@ class CRM_Profile_Page_Dynamic extends CRM_Core_Page { return $fileName ? $fileName : parent::overrideExtraTemplateFileName(); } } -