Commit 24cfc3e2 authored by Christian Wach's avatar Christian Wach
Browse files

Parse activities against permission to view target contact

parent f9f63773
......@@ -148,7 +148,7 @@ class CRM_CallNextDashlet_Page_CallNextDashlet extends CRM_Core_Page {
*
* @return array|bool $contacts Array of contact data, or false on failure.
*/
public function get_contacts() {
public static function get_contacts() {
try {
......@@ -226,7 +226,10 @@ class CRM_CallNextDashlet_Page_CallNextDashlet extends CRM_Core_Page {
}
foreach($activities_none['values'] AS $activity) {
if (empty($activity['assignee_contact_id'])) {
$activities[] = $activity;
$contactID = array_shift($activity['target_contact_id']);
if (self::can_view_contact($contactID)) {
$activities[] = $activity;
}
}
}
......@@ -249,4 +252,45 @@ class CRM_CallNextDashlet_Page_CallNextDashlet extends CRM_Core_Page {
}
/**
* Check if a Contact can be viewed by the current User.
*
* @since 1.0
*
* @param int $contactID The numeric ID of the Contact.
* @return bool True if the current User can view the Contact.
*/
public static function can_view_contact( $contactID ) {
// automatically grant permissin for users on their own record. makes
// things easier in dashboard
$session = CRM_Core_Session::singleton();
// Allow if it's me and I have the permission.
if ($session->get('userID') == $contactID AND CRM_Core_Permission::check('edit my contact')) {
return TRUE;
}
// Allow if it's a deleted Contact and I have the permission.
elseif (CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $contactID, 'is_deleted') AND CRM_Core_Permission::check('access deleted contacts')) {
return TRUE;
}
// Allow if it's a Contact I can edit.
elseif (CRM_Contact_BAO_Contact_Permission::allow($contactID, CRM_Core_Permission::EDIT)) {
return TRUE;
}
// Allow if it's a Contact I can view.
elseif (CRM_Contact_BAO_Contact_Permission::allow($contactID, CRM_Core_Permission::VIEW)) {
return TRUE;
}
// Disallow in all other cases.
else {
return FALSE;
}
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment