From 043d767f2d6ee325b089621373cb72d8576e6b09 Mon Sep 17 00:00:00 2001
From: Mathieu Lutfy <mathieu@bidon.ca>
Date: Fri, 3 Nov 2017 23:25:00 -0400
Subject: [PATCH] CRM-21393: Event checkPermission should only check the
 specific event, if eventId was passed (for performance).

---
 CRM/Event/BAO/Event.php | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/CRM/Event/BAO/Event.php b/CRM/Event/BAO/Event.php
index d9a653736e..bdcefed7e7 100644
--- a/CRM/Event/BAO/Event.php
+++ b/CRM/Event/BAO/Event.php
@@ -2066,23 +2066,24 @@ WHERE  ce.loc_block_id = $locBlockId";
     static $permissions = NULL;
 
     if (empty($permissions)) {
-      $result = civicrm_api3('Event', 'get', array(
+      $params = array(
         'check_permissions' => 1,
         'return' => 'title',
         'options' => array(
           'limit' => 0,
         ),
-      ));
+      );
+
+      if ($eventId) {
+        $params['id'] = $eventId;
+      }
+
+      $result = civicrm_api3('Event', 'get', $params);
       $allEvents = CRM_Utils_Array::collect('title', $result['values']);
 
-      $result = civicrm_api3('Event', 'get', array(
-        'check_permissions' => 1,
-        'return' => 'title',
-        'created_id' => 'user_contact_id',
-        'options' => array(
-          'limit' => 0,
-        ),
-      ));
+      // Search again, but only events created by the user.
+      $params['created_id'] = 'user_contact_id';
+      $result = civicrm_api3('Event', 'get', $params);
       $createdEvents = CRM_Utils_Array::collect('title', $result['values']);
 
       // Note: for a multisite setup, a user with edit all events, can edit all events
-- 
2.25.1