From 4479236368c48add58d7e8859fe90ee279437b05 Mon Sep 17 00:00:00 2001
From: jitendrapurohit <jitendra.purohit@webaccessglobal.com>
Date: Wed, 8 Jul 2015 14:39:49 +0530
Subject: [PATCH] check for manage event profile permission on preview

---
 CRM/Core/BAO/UFGroup.php           | 13 ++++++++++++-
 CRM/UF/Form/Inline/Preview.php     |  8 +++++++-
 CRM/UF/Form/Inline/PreviewById.php |  2 +-
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/CRM/Core/BAO/UFGroup.php b/CRM/Core/BAO/UFGroup.php
index d2ae65bcd7..137c57dfed 100644
--- a/CRM/Core/BAO/UFGroup.php
+++ b/CRM/Core/BAO/UFGroup.php
@@ -290,7 +290,8 @@ class CRM_Core_BAO_UFGroup extends CRM_Core_DAO_UFGroup {
     $ctype = NULL,
     $permissionType = CRM_Core_Permission::CREATE,
     $orderBy = 'field_name',
-    $orderProfiles = NULL
+    $orderProfiles = NULL,
+    $eventProfile = FALSE
   ) {
     if (!is_array($id)) {
       $id = CRM_Utils_Type::escape($id, 'Positive');
@@ -318,6 +319,16 @@ class CRM_Core_BAO_UFGroup extends CRM_Core_DAO_UFGroup {
       $query .= " AND g.is_active = 1";
     }
 
+    $checkPermission = array(
+      array(
+        'administer CiviCRM',
+        'manage event profiles',
+      ),
+    );
+    if ($eventProfile && CRM_Core_Permission::check($checkPermission)) {
+      $skipPermission = TRUE;
+    }
+
     // add permissioning for profiles only if not registration
     if (!$skipPermission) {
       $permissionClause = CRM_Core_Permission::ufGroupClause($permissionType, 'g.');
diff --git a/CRM/UF/Form/Inline/Preview.php b/CRM/UF/Form/Inline/Preview.php
index e90211f69a..41bff7b389 100644
--- a/CRM/UF/Form/Inline/Preview.php
+++ b/CRM/UF/Form/Inline/Preview.php
@@ -56,7 +56,13 @@ class CRM_UF_Form_Inline_Preview extends CRM_UF_Form_AbstractPreview {
       CRM_Core_Error::fatal(ts('Preview only supports HTTP POST'));
     }
     // Inline forms don't get menu-level permission checks
-    if (!CRM_Core_Permission::check('administer CiviCRM')) {
+    $checkPermission = array(
+      array(
+        'administer CiviCRM',
+        'manage event profiles',
+      ),
+    );
+    if (!CRM_Core_Permission::check($checkPermission)) {
       CRM_Core_Error::fatal(ts('Permission Denied'));
     }
     $content = json_decode($_REQUEST['ufData'], TRUE);
diff --git a/CRM/UF/Form/Inline/PreviewById.php b/CRM/UF/Form/Inline/PreviewById.php
index 4d62192eaf..40af28d698 100644
--- a/CRM/UF/Form/Inline/PreviewById.php
+++ b/CRM/UF/Form/Inline/PreviewById.php
@@ -55,7 +55,7 @@ class CRM_UF_Form_Inline_PreviewById extends CRM_UF_Form_AbstractPreview {
       CRM_Core_Error::fatal(ts('Permission Denied'));
     }
     $gid = CRM_Utils_Request::retrieve('id', 'Positive');
-    $fields = CRM_Core_BAO_UFGroup::getFields($gid);
+    $fields = CRM_Core_BAO_UFGroup::getFields($gid, FALSE, NULL, NULL, NULL, FALSE, NULL, FALSE, NULL, CRM_Core_Permission::CREATE, 'field_name', NULL, TRUE);
     $this->setProfile($fields);
   }
 
-- 
2.25.1