redirect_browser('/');
}
// addition for the 'all customer contacts' permission
// if user doesn't' have this permission then we only show ourselves in this list.
// todo: this is a problem - think about how this new "All Contacts" permission affects staff members viewing contact details, not just user contacts.
if ($user_id && !module_user::can_i('view', 'All ' . $contact_type_permission . ' Contacts', $contact_type, $contact_module_name)) {
if ($user_id != module_security::get_loggedin_id()) {
set_error('No permissions to view this contact');
redirect_browser(_BASE_HREF);
}
}
if ($user_id && !module_user::can_i('edit', 'All ' . $contact_type_permission . ' Contacts', $contact_type, $contact_module_name)) {
if ($user_id != module_security::get_loggedin_id()) {
// dont let them edit this page
ob_start();
module_security::disallow_page_editing();
}
}
// permission check.
if (!$user_id) {
// check if can create.
module_security::check_page(array('category' => $contact_type, 'page_name' => 'Contacts', 'module' => 'user', 'feature' => 'create'));
} else {
// check if can view/edit.
module_security::check_page(array('category' => $contact_type, 'page_name' => 'Contacts', 'module' => 'user', 'feature' => 'edit'));
}
if ($user_id > 0 && $user['user_id'] == $user_id) {
$module->page_title = _l('Contact: %s', $user['name']);
} else {
$module->page_title = _l('Contact: %s', _l('New'));
}
