From c85e32fc25614d75872d2ceb8727e006ba948aa3 Mon Sep 17 00:00:00 2001
From: eileen <eileen@fuzion.co.nz>
Date: Wed, 14 Aug 2013 18:13:13 +1200
Subject: [PATCH] CRM-13179 make profile get api respect contact & profile
 permissions

---
 CRM/Core/DAO/permissions.php | 6 +++++-
 api/v3/Profile.php           | 6 ++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CRM/Core/DAO/permissions.php b/CRM/Core/DAO/permissions.php
index 0c13739d1c..f334315480 100644
--- a/CRM/Core/DAO/permissions.php
+++ b/CRM/Core/DAO/permissions.php
@@ -83,7 +83,7 @@ function _civicrm_api3_permissions($entity, $action, &$params) {
       'edit all contacts',
     ),
     'getquick' => array(
-      'access CiviCRM',
+
     ),
   );
 
@@ -369,6 +369,10 @@ function _civicrm_api3_permissions($entity, $action, &$params) {
   );
 
   // Profile permissions
+  $permissions['profile'] = array(
+    'get' => array(), // the profile will take care of this
+  );
+
   $permissions['uf_group'] = array(
     'get' => array(
       'access CiviCRM',
diff --git a/api/v3/Profile.php b/api/v3/Profile.php
index dc3a71222e..d2a838dce0 100644
--- a/api/v3/Profile.php
+++ b/api/v3/Profile.php
@@ -55,7 +55,9 @@ require_once 'api/v3/utils.php';
  */
 function civicrm_api3_profile_get($params) {
   $nonStandardLegacyBehaviour = is_numeric($params['profile_id']) ?  TRUE : FALSE;
-
+  if(!empty($params['check_permissions']) && !1 === civicrm_api3('contact', 'getcount', array('contact_id' => 1, 'check_permissions' => 1))) {
+    throw new API_Exception('permission denied');
+  }
   $profiles = (array) $params['profile_id'];
   $values = array();
   foreach ($profiles as $profileID) {
@@ -81,7 +83,7 @@ function civicrm_api3_profile_get($params) {
       NULL,
       FALSE,
       NULL,
-      TRUE,
+      empty($params['check_permissions']) ? FALSE : TRUE,
       NULL,
       CRM_Core_Permission::EDIT
     );
-- 
2.25.1