From 447c72b565eead40038cd3300b98146bdfd29c89 Mon Sep 17 00:00:00 2001 From: Paul Campbell Date: Wed, 1 Oct 2014 20:54:40 +0100 Subject: [PATCH] CRM-12920 - search exposes bulk actions user has no permission to accesss ---------------------------------------- * CRM-12920: Edit all contacts permission overrides CiviEvent/CiviContrib permissions in search https://issues.civicrm.org/jira/browse/CRM-12920 --- CRM/Contribute/Task.php | 4 ++++ CRM/Event/Task.php | 4 ++++ CRM/Member/Task.php | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/CRM/Contribute/Task.php b/CRM/Contribute/Task.php index 146daba42d..8bfc78ea83 100644 --- a/CRM/Contribute/Task.php +++ b/CRM/Contribute/Task.php @@ -120,6 +120,10 @@ class CRM_Contribute_Task { if (!CRM_Core_Permission::check('delete in CiviContribute')) { unset(self::$_tasks[1]); } + //CRM-12920 - check for edit permission + if( !CRM_Core_Permission::check('edit contributions') ){ + unset(self::$_tasks[4],self::$_tasks[6]); + } CRM_Utils_Hook::searchTasks('contribution', self::$_tasks); asort(self::$_tasks); diff --git a/CRM/Event/Task.php b/CRM/Event/Task.php index ad3f9caad0..6e51c3342b 100644 --- a/CRM/Event/Task.php +++ b/CRM/Event/Task.php @@ -133,6 +133,10 @@ class CRM_Event_Task { if (!CRM_Core_Permission::check('delete in CiviEvent')) { unset(self::$_tasks[1]); } + //CRM-12920 - check for edit permission + if( !CRM_Core_Permission::check('edit event participants') ){ + unset(self::$_tasks[4],self::$_tasks[5],self::$_tasks[15]); + } } CRM_Utils_Hook::searchTasks('event', self::$_tasks); diff --git a/CRM/Member/Task.php b/CRM/Member/Task.php index bcfb75a781..c5e15a252a 100644 --- a/CRM/Member/Task.php +++ b/CRM/Member/Task.php @@ -118,6 +118,10 @@ class CRM_Member_Task { if (!CRM_Core_Permission::check('delete in CiviMember')) { unset(self::$_tasks[1]); } + //CRM-12920 - check for edit permission + if( !CRM_Core_Permission::check('edit memberships') ){ + unset(self::$_tasks[5]); + } } CRM_Utils_Hook::searchTasks('membership', self::$_tasks); asort(self::$_tasks); -- 2.25.1