From aafd773a8f0fd94a8cc831fe70d967268cc8b9a0 Mon Sep 17 00:00:00 2001
From: "Donald A. Lobo" <lobo@civicrm.org>
Date: Tue, 21 May 2013 15:45:49 -0700
Subject: [PATCH] CRM-10935

----------------------------------------
* CRM-10935: Create new Core Permission - CiviCRM: Access own Contact or both "CiviCRM: View own Contact"  and "CiviCRM: Edit own Contact"
  http://issues.civicrm.org/jira/browse/CRM-10935
---
 CRM/Contact/Page/View.php                   |  2 +-
 CRM/Core/BAO/Setting.php                    |  3 ++-
 CRM/Core/Permission.php                     |  2 ++
 CRM/Core/Permission/DrupalBase.php          | 24 ++++++++++++---------
 CRM/Core/xml/Menu/Contact.xml               |  7 +++---
 templates/CRM/Contact/Page/View/Summary.tpl | 14 +++++++-----
 6 files changed, 32 insertions(+), 20 deletions(-)

diff --git a/CRM/Contact/Page/View.php b/CRM/Contact/Page/View.php
index b8dde815fd..f2e43c68cd 100644
--- a/CRM/Contact/Page/View.php
+++ b/CRM/Contact/Page/View.php
@@ -228,7 +228,7 @@ class CRM_Contact_Page_View extends CRM_Core_Page {
     // set page title
     $title = self::setTitle($this->_contactId, $isDeleted);
     $this->assign('title', $title);
-    
+
     // Check if this is default domain contact CRM-10482
     if (CRM_Contact_BAO_Contact::checkDomainContact($this->_contactId)) {
       $this->assign('domainContact', TRUE);
diff --git a/CRM/Core/BAO/Setting.php b/CRM/Core/BAO/Setting.php
index 0161abe92e..8d325de6ce 100644
--- a/CRM/Core/BAO/Setting.php
+++ b/CRM/Core/BAO/Setting.php
@@ -178,7 +178,8 @@ class CRM_Core_BAO_Setting extends CRM_Core_DAO_Setting {
    * @static
    * @access public
    */
-  static function getItem($group,
+  static function getItem(
+    $group,
     $name         = NULL,
     $componentID  = NULL,
     $defaultValue = NULL,
diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php
index e27da5830f..066cc4c357 100644
--- a/CRM/Core/Permission.php
+++ b/CRM/Core/Permission.php
@@ -444,6 +444,8 @@ class CRM_Core_Permission {
       'add contacts' => $prefix . ts('add contacts'),
       'view all contacts' => $prefix . ts('view all contacts'),
       'edit all contacts' => $prefix . ts('edit all contacts'),
+      'view my contact' => $prefix . ts('view my contact'),
+      'edit my contact' => $prefix . ts('edit my contact'),
       'delete contacts' => $prefix . ts('delete contacts'),
       'access deleted contacts' => $prefix . ts('access deleted contacts'),
       'import contacts' => $prefix . ts('import contacts'),
diff --git a/CRM/Core/Permission/DrupalBase.php b/CRM/Core/Permission/DrupalBase.php
index 296915d0cb..66edb9a4e6 100644
--- a/CRM/Core/Permission/DrupalBase.php
+++ b/CRM/Core/Permission/DrupalBase.php
@@ -102,19 +102,23 @@ class CRM_Core_Permission_DrupalBase extends CRM_Core_Permission_Base {
 
 
       $ids = CRM_ACL_API::group(CRM_Core_Permission::VIEW, NULL, 'civicrm_saved_search', $groups);
-      foreach (array_values($ids) as $id) {
-        $title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
-        $this->_viewPermissionedGroups[$groupKey][$id] = $title;
-        $this->_viewPermission = TRUE;
+      if (!empty($ids)) {
+        foreach (array_values($ids) as $id) {
+          $title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
+          $this->_viewPermissionedGroups[$groupKey][$id] = $title;
+          $this->_viewPermission = TRUE;
+        }
       }
 
       $ids = CRM_ACL_API::group(CRM_Core_Permission::EDIT, NULL, 'civicrm_saved_search', $groups);
-      foreach (array_values($ids) as $id) {
-        $title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
-        $this->_editPermissionedGroups[$groupKey][$id] = $title;
-        $this->_viewPermissionedGroups[$groupKey][$id] = $title;
-        $this->_editPermission = TRUE;
-        $this->_viewPermission = TRUE;
+      if (!empty($ids)) {
+        foreach (array_values($ids) as $id) {
+          $title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
+          $this->_editPermissionedGroups[$groupKey][$id] = $title;
+          $this->_viewPermissionedGroups[$groupKey][$id] = $title;
+          $this->_editPermission = TRUE;
+          $this->_viewPermission = TRUE;
+        }
       }
     }
 
diff --git a/CRM/Core/xml/Menu/Contact.xml b/CRM/Core/xml/Menu/Contact.xml
index 628a9a764f..b5acc48ae9 100644
--- a/CRM/Core/xml/Menu/Contact.xml
+++ b/CRM/Core/xml/Menu/Contact.xml
@@ -6,6 +6,8 @@
      <title>CiviCRM</title>
      <access_callback>CRM_Core_Permission::checkMenu</access_callback>
      <access_arguments>access CiviCRM</access_arguments>
+     <access_arguments>edit my contact</access_arguments>
+     <access_arguments>view my contact</access_arguments>
      <page_callback>CRM_Contact_Page_DashBoard</page_callback>
      <page_arguments>null</page_arguments>
      <is_ssl>false</is_ssl>
@@ -36,7 +38,7 @@
      <weight>10</weight>
      <page_type>1</page_type>
   </item>
-  <item>
+p  <item>
     <path>civicrm/contact/image</path>
     <title>Process Uploaded Images</title>
     <page_callback>CRM_Contact_BAO_Contact::processImage</page_callback>
@@ -82,7 +84,6 @@
      <title>New Contact</title>
      <page_callback>CRM_Contact_Form_Contact</page_callback>
      <page_arguments>addSequence=1</page_arguments>
-     <access_arguments>access CiviCRM</access_arguments>
   </item>
   <item>
      <path>civicrm/contact/add/individual</path>
@@ -171,7 +172,7 @@
      <path_arguments>action=add</path_arguments>
      <title>Activities</title>
      <page_callback>CRM_Contact_Form_Task_PDF</page_callback>
-  </item> 
+  </item>
   <item>
      <path>civicrm/contact/view/rel</path>
      <path_arguments>cid=%%cid%%</path_arguments>
diff --git a/templates/CRM/Contact/Page/View/Summary.tpl b/templates/CRM/Contact/Page/View/Summary.tpl
index 4b2e15b6b0..8637835141 100644
--- a/templates/CRM/Contact/Page/View/Summary.tpl
+++ b/templates/CRM/Contact/Page/View/Summary.tpl
@@ -51,15 +51,19 @@
 
         {* Include the Actions and Edit buttons if user has 'edit' permission and contact is NOT in trash. *}
           {if $permission EQ 'edit' and !$isDeleted}
+	      {if call_user_func(array('CRM_Core_Permission','check'), 'access CiviCRM')}
               <li class="crm-contact-activity crm-summary-block">
                   {include file="CRM/Contact/Page/Inline/Actions.tpl"}
               </li>
+	      {/if}
+	      {if call_user_func(array('CRM_Core_Permission','check'), 'edit my contact')}
               <li>
                   {assign var='editParams' value=$urlParams|cat:"&action=update&cid=$contactId"}
                   <a href="{crmURL p='civicrm/contact/add' q=$editParams}" class="edit button" title="{ts}Edit{/ts}">
                   <span><div class="icon edit-icon"></div>{ts}Edit{/ts}</span>
                   </a>
               </li>
+	      {/if}
           {/if}
 
           {* Check for permissions to provide Restore and Delete Permanently buttons for contacts that are in the trash. *}
@@ -262,7 +266,7 @@
                       <div class="contactCardLeft">
                         <div class="crm-summary-comm-pref-block">
                         <div class="crm-summary-block" id="communication-pref-block" >
-                          {include file="CRM/Contact/Page/Inline/CommunicationPreferences.tpl"} 
+                          {include file="CRM/Contact/Page/Inline/CommunicationPreferences.tpl"}
                         </div>
                         </div>
                       </div> <!-- contactCardLeft -->
@@ -271,7 +275,7 @@
                         <div class="contactCardRight">
                           <div class="crm-summary-demographic-block">
                           <div class="crm-summary-block" id="demographic-block">
-                            {include file="CRM/Contact/Page/Inline/Demographics.tpl"} 
+                            {include file="CRM/Contact/Page/Inline/Demographics.tpl"}
                           </div>
                           </div>
                         </div> <!-- contactCardRight -->
@@ -280,7 +284,7 @@
                       <div class="separator"></div>
                     </div> <!-- contact panel -->
                 </div><!--contact_details-->
-       
+
                 {if $showCustomData}
                   <div id="customFields">
                     <div class="contact_panel">
@@ -295,8 +299,8 @@
                       <div class="clear"></div>
                     </div>
                   </div>
-                {/if}         
-       
+                {/if}
+
                 {if !empty($hookContent) and isset($hookContentPlacement) and $hookContentPlacement eq 1}
                   {include file="CRM/Contact/Page/View/SummaryHook.tpl"}
                 {/if}
-- 
2.25.1