From c1ca1b4866aa5c21625c2e0b47820c8f59967932 Mon Sep 17 00:00:00 2001
From: Adrian Fretwell <adrian.fretwell@topgreen.co.uk>
Date: Tue, 25 Feb 2020 01:29:23 +0000
Subject: [PATCH] Allow user with only contact_view permission to click on
 contact record to view numbers etc. (#5153)

* Update contacts.php

Added contact_view permission to allow users with only contact view to open contact record to see numbers addresses etc.  See also update to contact_edit.php to remove save buttons if user only has contact view.

* Update contact_edit.php

Added permissions to only show save button if user has permissions contact_add or contact_edit.  This is in conjunction with the update to contacts.php
---
 app/contacts/contact_edit.php | 6 ++++--
 app/contacts/contacts.php     | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/app/contacts/contact_edit.php b/app/contacts/contact_edit.php
index fb60bf8977..266e99026c 100644
--- a/app/contacts/contact_edit.php
+++ b/app/contacts/contact_edit.php
@@ -495,7 +495,9 @@
 			}
 		}
 	}
-	echo button::create(['type'=>'button','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'style'=>($action != 'update' ?: 'margin-left: 15px;'),'collapse'=>'hide-sm-dn','onclick'=>"document.getElementById('frm').submit();"]);
+	if (permission_exists('contact_edit') || permission_exists('contact_add')) {
+		echo button::create(['type'=>'button','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'style'=>($action != 'update' ?: 'margin-left: 15px;'),'collapse'=>'hide-sm-dn','onclick'=>"document.getElementById('frm').submit();"]);
+	}
 	echo "	</div>\n";
 	echo "	<div style='clear: both;'></div>\n";
 	echo "</div>\n";
@@ -858,4 +860,4 @@
 //include the footer
 	require_once "resources/footer.php";
 
-?>
\ No newline at end of file
+?>
diff --git a/app/contacts/contacts.php b/app/contacts/contacts.php
index 6dd1015dd6..aecef56831 100644
--- a/app/contacts/contacts.php
+++ b/app/contacts/contacts.php
@@ -305,7 +305,7 @@
 	if (is_array($contacts) && @sizeof($contacts) != 0) {
 		$x = 0;
 		foreach($contacts as $row) {
-			if (permission_exists('contact_edit')) {
+			if (permission_exists('contact_edit') || permission_exists('contact_view')) {
 				$list_row_url = "contact_edit.php?id=".urlencode($row['contact_uuid'])."&query_string=".urlencode($_SERVER["QUERY_STRING"]);
 			}
 			echo "<tr class='list-row' href='".$list_row_url."'>\n";
@@ -370,4 +370,4 @@
 //include the footer
 	require_once "resources/footer.php";
 
-?>
\ No newline at end of file
+?>