From bc5585afe474dc24d7f78932b3b4386989a19d93 Mon Sep 17 00:00:00 2001
From: jitendrapurohit <jitendra.purohit@webaccessglobal.com>
Date: Fri, 3 Jul 2015 19:04:20 +0530
Subject: [PATCH] CRM-16796 - Add ACL support for profile related api's

---
 Civi/API/Subscriber/PermissionCheck.php | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/Civi/API/Subscriber/PermissionCheck.php b/Civi/API/Subscriber/PermissionCheck.php
index 49caac2ddc..b427fa0a05 100644
--- a/Civi/API/Subscriber/PermissionCheck.php
+++ b/Civi/API/Subscriber/PermissionCheck.php
@@ -73,7 +73,7 @@ class PermissionCheck implements EventSubscriberInterface {
         return;
       }
 
-      if (!\CRM_Core_Permission::check($permissions)) {
+      if (!\CRM_Core_Permission::check($permissions) and !self::checkACLPermission($apiRequest)) {
         if (is_array($permissions)) {
           $permissions = implode(' and ', $permissions);
         }
@@ -87,4 +87,26 @@ class PermissionCheck implements EventSubscriberInterface {
     }
   }
 
+  /**
+   * check API for ACL permission.
+   * @param $apiRequest
+   * @return boolean
+   */
+  public function checkACLPermission($apiRequest) {
+    switch($apiRequest['entity']) {
+      case 'UFGroup':
+      case 'UFField':
+        $ufGroups = \CRM_Core_PseudoConstant::get('CRM_Core_DAO_UFField', 'uf_group_id');
+        $aclCreate = \CRM_ACL_API::group(\CRM_Core_Permission::CREATE, NULL, 'civicrm_uf_group', $ufGroups);
+        $aclEdit = \CRM_ACL_API::group(\CRM_Core_Permission::EDIT, NULL, 'civicrm_uf_group', $ufGroups);
+        $ufGroupId = $apiRequest['entity'] == 'UFGroup' ? $apiRequest['params']['id'] : $apiRequest['params']['uf_group_id'];
+        if (in_array($ufGroupId, $aclEdit) or $aclCreate) {
+          return TRUE;
+        }
+        break;
+    }
+
+    return FALSE;
+  }
+
 }
-- 
2.25.1