redirect_browser('/'); } // addition for the 'all customer contacts' permission // if user doesn't' have this permission then we only show ourselves in this list. // todo: this is a problem - think about how this new "All Contacts" permission affects staff members viewing contact details, not just user contacts. if ($user_id && !module_user::can_i('view', 'All ' . $contact_type_permission . ' Contacts', $contact_type, $contact_module_name)) { if ($user_id != module_security::get_loggedin_id()) { set_error('No permissions to view this contact'); redirect_browser(_BASE_HREF); } } if ($user_id && !module_user::can_i('edit', 'All ' . $contact_type_permission . ' Contacts', $contact_type, $contact_module_name)) { if ($user_id != module_security::get_loggedin_id()) { // dont let them edit this page ob_start(); module_security::disallow_page_editing(); } } // permission check. if (!$user_id) { // check if can create. module_security::check_page(array('category' => $contact_type, 'page_name' => 'Contacts', 'module' => 'user', 'feature' => 'create')); } else { // check if can view/edit. module_security::check_page(array('category' => $contact_type, 'page_name' => 'Contacts', 'module' => 'user', 'feature' => 'edit')); } if ($user_id > 0 && $user['user_id'] == $user_id) { $module->page_title = _l('Contact: %s', $user['name']); } else { $module->page_title = _l('Contact: %s', _l('New')); }