From 30d5177b0a216a6718bd2965a11c01eb5f8ebead Mon Sep 17 00:00:00 2001
From: markjcrane <markjcrane@gmail.com>
Date: Mon, 18 Jan 2016 21:46:49 -0700
Subject: [PATCH] Work on the permissions for contacts.

---
 app/contacts/contacts.php | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/app/contacts/contacts.php b/app/contacts/contacts.php
index 82ebd227d9..f48d8f2ae3 100644
--- a/app/contacts/contacts.php
+++ b/app/contacts/contacts.php
@@ -72,7 +72,7 @@ else {
 	$sql .= "and contact_setting_name = 'array' ";
 	$sql .= "and contact_setting_value <> '' ";
 	$sql .= "and contact_setting_value is not null ";
-	if (sizeof($user_group_uuids) > 0) {
+	if (!(if_group("superadmin") || if_group("admin"))) {
 		$sql .= "and ( \n"; //only contacts assigned to current user's group(s) and those not assigned to any group
 		$sql .= "	contact_uuid in ( \n";
 		$sql .= "		select contact_uuid from v_contact_groups ";
@@ -82,7 +82,8 @@ else {
 		$sql .= "	or \n";
 		$sql .= "	contact_uuid not in ( \n";
 		$sql .= "		select contact_uuid from v_contact_groups ";
-		$sql .= "		where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+		$sql .= "		where user_uuid = '".$_SESSION['user_uuid']."' ";
+		$sql .= "		and domain_uuid = '".$_SESSION['domain_uuid']."' ";
 		$sql .= "	) \n";
 		$sql .= ") \n";
 	}
@@ -100,17 +101,18 @@ else {
 	$sql = "select count(*) as num_rows ";
 	$sql .= "from v_contacts as c ";
 	$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-	if (sizeof($user_group_uuids) > 0) {
+	if (!(if_group("superadmin") || if_group("admin"))) {
 		$sql .= "and ( \n"; //only contacts assigned to current user's group(s) and those not assigned to any group
 		$sql .= "	contact_uuid in ( \n";
 		$sql .= "		select contact_uuid from v_contact_groups ";
 		$sql .= "		where group_uuid in ('".implode("','", $user_group_uuids)."') ";
 		$sql .= "		and domain_uuid = '".$_SESSION['domain_uuid']."' ";
 		$sql .= "	) \n";
-		$sql .= "	or \n";
-		$sql .= "	contact_uuid not in ( \n";
-		$sql .= "		select contact_uuid from v_contact_groups ";
-		$sql .= "		where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+		$sql .= "	or contact_uuid in ( \n";
+		$sql .= "		select contact_uuid from v_contact_users ";
+		$sql .= "		where user_uuid = '".$_SESSION['user_uuid']."' ";
+		$sql .= "		and domain_uuid = '".$_SESSION['domain_uuid']."' ";
+		$sql .= "";
 		$sql .= "	) \n";
 		$sql .= ") \n";
 	}