From a7d9f31a12f8783ed037e55c2cd975e2861caaa0 Mon Sep 17 00:00:00 2001
From: Coleman Watts <coleman@civicrm.org>
Date: Thu, 26 Jul 2018 15:20:48 -0400
Subject: [PATCH] Fix CRM_ACL_API::whereClause to respect $contactId param

---
 CRM/ACL/API.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/CRM/ACL/API.php b/CRM/ACL/API.php
index b3eacfc3f0..b317fde85f 100644
--- a/CRM/ACL/API.php
+++ b/CRM/ACL/API.php
@@ -113,18 +113,18 @@ class CRM_ACL_API {
       }
     }
 
-    // first see if the contact has edit / view all contacts
-    if (CRM_Core_Permission::check('edit all contacts') ||
-      ($type == self::VIEW && CRM_Core_Permission::check('view all contacts'))
-    ) {
-      return $deleteClause;
-    }
-
     if (!$contactID) {
       $contactID = CRM_Core_Session::getLoggedInContactID();
     }
     $contactID = (int) $contactID;
 
+    // first see if the contact has edit / view all permission
+    if (CRM_Core_Permission::check('edit all contacts', $contactID) ||
+      ($type == self::VIEW && CRM_Core_Permission::check('view all contacts', $contactID))
+    ) {
+      return $deleteClause;
+    }
+
     $where = implode(' AND ',
       array(
         CRM_ACL_BAO_ACL::whereClause($type,
-- 
2.25.1