CRM-13546 - Custom fields in CiviReport: 'access all custom data' permission not respected

4f8ec8be · Deepak Srivastava · 4441ae6c · 4f8ec8be
Commit 4f8ec8be authored 11 years ago by Deepak Srivastava
--- a/CRM/Report/Form.php
+++ b/CRM/Report/Form.php
@@ -279,14 +279,17 @@ class CRM_Report_Form extends CRM_Core_Form {
    // Get all custom groups
    $allGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_CustomField', 'custom_group_id');
-    // Get the custom groupIds for which the user have VIEW permission
+    // Get the custom groupIds for which the user has VIEW permission
-    require_once 'CRM/ACL/API.php';
+    // If the user has 'access all custom data' permission, we'll leave $permCustomGroupIds empty
-    $permCustomGroupIds = CRM_ACL_API::group(CRM_Core_Permission::VIEW, NULL, 'civicrm_custom_group', $allGroups, NULL);
+    // and addCustomDataToColumns() will allow access to all custom groups.
+    $permCustomGroupIds = array();
-    // do not allow custom data for reports if user don't have
+    if (!CRM_Core_Permission::check('access all custom data')) {
-    // permission to access custom data.
+      $permCustomGroupIds = CRM_ACL_API::group(CRM_Core_Permission::VIEW, NULL, 'civicrm_custom_group', $allGroups, NULL);
-    if (!empty($this->_customGroupExtends) && !CRM_Core_Permission::check('access all custom data') && empty($permCustomGroupIds)) {
+      // do not allow custom data for reports if user doesn't have
-      $this->_customGroupExtends = array();
+      // permission to access custom data.
+      if (!empty($this->_customGroupExtends) && empty($permCustomGroupIds)) {
+        $this->_customGroupExtends = array();
+      }
    }
    // merge custom data columns to _columns list, if any