From df124d3aae6b97e9b08d11740d82f8303040eddd Mon Sep 17 00:00:00 2001
From: monishdeb <monish.deb@webaccessglobal.com>
Date: Fri, 10 Jul 2015 02:08:09 +0530
Subject: [PATCH] CRM-16711 fix - Security breach of data: contact details
 accessible via relationships

https://issues.civicrm.org/jira/browse/CRM-16711
---
 CRM/Contact/BAO/Relationship.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CRM/Contact/BAO/Relationship.php b/CRM/Contact/BAO/Relationship.php
index 7c76f0ac68..d5f2f123b1 100644
--- a/CRM/Contact/BAO/Relationship.php
+++ b/CRM/Contact/BAO/Relationship.php
@@ -1225,8 +1225,10 @@ LEFT JOIN  civicrm_country ON (civicrm_address.country_id = civicrm_country.id)
       while ($relationship->fetch()) {
         $rid = $relationship->civicrm_relationship_id;
         $cid = $relationship->civicrm_contact_id;
-        if (($permissionedContact) &&
-          (!CRM_Contact_BAO_Contact_Permission::relationship($cid, $contactId))
+        if (($permissionedContact &&
+            (!CRM_Contact_BAO_Contact_Permission::relationship($cid, $contactId))
+          ) ||
+          (!CRM_Contact_BAO_Contact_Permission::allow($cid))
         ) {
           continue;
         }
-- 
2.25.1