From acf315d1d52a57d36673dd92a758689efb95a063 Mon Sep 17 00:00:00 2001
From: Coleman Watts <coleman@civicrm.org>
Date: Fri, 25 Jan 2019 16:28:35 -0500
Subject: [PATCH] Fix permission checks on contact create popups

---
 CRM/Contact/BAO/Contact.php | 2 +-
 CRM/Core/BAO/UFGroup.php    | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CRM/Contact/BAO/Contact.php b/CRM/Contact/BAO/Contact.php
index 77761d4d18..da45da8e39 100644
--- a/CRM/Contact/BAO/Contact.php
+++ b/CRM/Contact/BAO/Contact.php
@@ -3651,7 +3651,7 @@ LEFT JOIN civicrm_address ON ( civicrm_address.contact_id = civicrm_contact.id )
    * @return bool
    */
   public static function entityRefCreateLinks() {
-    return CRM_Core_Permission::check([['edit all contacts', 'add contacts']]);
+    return CRM_Core_Permission::check([['profile create', 'profile listings and forms']]);
   }
 
 }
diff --git a/CRM/Core/BAO/UFGroup.php b/CRM/Core/BAO/UFGroup.php
index 9fc2793259..952e70aedf 100644
--- a/CRM/Core/BAO/UFGroup.php
+++ b/CRM/Core/BAO/UFGroup.php
@@ -3328,6 +3328,9 @@ AND    ( entity_id IS NULL OR entity_id <= 0 )
    * @return array
    */
   public static function getCreateLinks($profiles = '', $appendProfiles = array()) {
+    if (!CRM_Contact_BAO_Contact::entityRefCreateLinks()) {
+      return [];
+    }
     // Default to contact profiles
     if (!$profiles) {
       $profiles = array('new_individual', 'new_organization', 'new_household');
-- 
2.25.1