From ccd74e76954f8abab8d60862ec52fd6a7bc5be50 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Sat, 25 May 2013 01:12:58 -0400
Subject: [PATCH] CRM-12499 - Allow users with 'access user profiles' access to
 userRecordUrl

----------------------------------------
* CRM-12499: Allow users with 'access user profiles' to access $userRecordUrl
  http://issues.civicrm.org/jira/browse/CRM-12499
---
 CRM/Contact/Page/View.php       | 6 +++---
 CRM/Core/Permission/Drupal.php  | 1 +
 CRM/Core/Permission/Drupal6.php | 1 +
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CRM/Contact/Page/View.php b/CRM/Contact/Page/View.php
index b8dde815fd..1577fe2c38 100644
--- a/CRM/Contact/Page/View.php
+++ b/CRM/Contact/Page/View.php
@@ -340,14 +340,14 @@ class CRM_Contact_Page_View extends CRM_Core_Page {
    * Add urls for display in the actions menu
    */
   static function addUrls(&$obj, $cid) {
+    // TODO rewrite without so many hard-coded CMS bits; use abstractions like CRM_Core_Permission::check('cms:...') and CRM_Utils_System
+
     $config = CRM_Core_Config::singleton();
     $session = CRM_Core_Session::singleton();
     $uid = CRM_Core_BAO_UFMatch::getUFId($cid);
     if ($uid) {
-      // To do: we should also allow drupal users with CRM_Core_Permission::check( 'view user profiles' ) true to access $userRecordUrl
-      // but this is currently returning false regardless of permission set for the role. dgg
       if ($config->userSystem->is_drupal == '1' &&
-        ($session->get('userID') == $cid || CRM_Core_Permission::check('administer users'))
+        ($session->get('userID') == $cid || CRM_Core_Permission::checkAnyPerm(array('cms:administer users', 'cms:view user account')))
       ) {
         $userRecordUrl = CRM_Utils_System::url('user/' . $uid);
       }
diff --git a/CRM/Core/Permission/Drupal.php b/CRM/Core/Permission/Drupal.php
index 7f82fccaa9..2979590640 100644
--- a/CRM/Core/Permission/Drupal.php
+++ b/CRM/Core/Permission/Drupal.php
@@ -73,6 +73,7 @@ class CRM_Core_Permission_Drupal extends CRM_Core_Permission_DrupalBase{
   function check($str, $contactID = NULL) {
     $str = $this->translatePermission($str, 'Drupal', array(
       'view user account' => 'access user profiles',
+      'administer users' => 'administer users',
     ));
     if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
       return FALSE;
diff --git a/CRM/Core/Permission/Drupal6.php b/CRM/Core/Permission/Drupal6.php
index 11690904f3..787f27e5dd 100644
--- a/CRM/Core/Permission/Drupal6.php
+++ b/CRM/Core/Permission/Drupal6.php
@@ -72,6 +72,7 @@ class CRM_Core_Permission_Drupal6 extends CRM_Core_Permission_DrupalBase {
   function check($str, $contactID = NULL) {
     $str = $this->translatePermission($str, 'Drupal6', array(
       'view user account' => 'access user profiles',
+      'administer users' => 'administer users',
     ));
     if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
       return FALSE;
-- 
2.25.1