5 years ago · 9ff7c05cea
--- a/core/users/user_edit.php
+++ b/core/users/user_edit.php
@@ -125,10 +125,10 @@
 
				 			$user_status = $_POST["user_status"];
			
 
				 			$user_language = $_POST["user_language"];
			
 
				 			$user_time_zone = $_POST["user_time_zone"];
			
 
				-			if (permission_exists('user_edit') && $action == 'edit') {
			
 
				+			if (permission_exists('contact_add') && $action == 'edit') {
			
 
				 				$contact_uuid = $_POST["contact_uuid"];
			
 
				 			}
			
 
				-			else if (permission_exists('user_add') && $action == 'add') {
			
 
				+			else if (permission_exists('contact_add') && $action == 'add') {
			
 
				 				$contact_organization = $_POST["contact_organization"];
			
 
				 				$contact_name_given = $_POST["contact_name_given"];
			
 
				 				$contact_name_family = $_POST["contact_name_family"];
			
@@ -485,7 +485,9 @@
 
				 			if (permission_exists('user_add') || permission_exists('user_edit')) {
			
 
				 				$array['users'][$x]['api_key'] = ($api_key != '') ? $api_key : null;
			
 
				 				$array['users'][$x]['user_enabled'] = $user_enabled;
			
 
				-				$array['users'][$x]['contact_uuid'] = ($contact_uuid != '') ? $contact_uuid : null;
			
 
				+				if (permission_exists('contact_add')) {
			
 
				+					$array['users'][$x]['contact_uuid'] = ($contact_uuid != '') ? $contact_uuid : null;
			
 
				+				}
			
 
				 				if ($action == 'add') {
			
 
				 					$array['users'][$x]['add_user'] = $_SESSION["user"]["username"];
			
 
				 					$array['users'][$x]['add_date'] = date("Y-m-d H:i:s.uO");
			
@@ -567,7 +569,9 @@
 
				 			$user_email = $row["user_email"];
			
 
				 			$api_key = $row["api_key"];
			
 
				 			$user_enabled = $row["user_enabled"];
			
 
				-			$contact_uuid = $row["contact_uuid"];
			
 
				+			if (permission_exists('contact_view')) {
			
 
				+				$contact_uuid = $row["contact_uuid"];
			
 
				+			}
			
 
				 			$user_status = $row["user_status"];
			
 
				 		}
			
 
				 		else {
			
@@ -813,7 +817,7 @@
 
				 		echo "	</tr>\n";
			
 
				 	}
			
 
				 
			
 
				-	if ($action == 'edit' && permission_exists("user_edit")) {
			
 
				+	if ($action == 'edit' && permission_exists("user_edit") && permission_exists('contact_edit')) {
			
 
				 		echo "	<tr>";
			
 
				 		echo "		<td class='vncell' valign='top'>".$text['label-contact']."</td>";
			
 
				 		echo "		<td class='vtable'>\n";
			
@@ -869,7 +873,7 @@
 
				 		echo "		</td>";
			
 
				 		echo "	</tr>";
			
 
				 	}
			
 
				-	else if ($action == 'add' && permission_exists("user_add")) {
			
 
				+	elseif ($action == 'add' && permission_exists("user_add") && permission_exists('contact_add')) {
			
 
				 		echo "	<tr>";
			
 
				 		echo "		<td class='vncell'>".$text['label-first_name']."</td>";
			
 
				 		echo "		<td class='vtable'><input type='text' class='formfld' name='contact_name_given' value='".escape($contact_name_given)."'></td>";
			
@@ -956,7 +960,6 @@
 
				 			echo "</select>";
			
 
				 			if ($action == 'edit') {
			
 
				 				echo button::create(['type'=>'submit','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add']]);
			
 
				-// 				echo "<input type='submit' class='btn' value=\"".$text['button-add']."\" >\n";
			
 
				 			}
			
 
				 		}
			
 
				 		unset($sql, $parameters, $groups, $field);
			
@@ -1067,4 +1070,4 @@
 
				 //include the footer
			
 
				 	require_once "resources/footer.php";
			
 
				 
			
 
				-?>
			
 
				+?>