From 3b8ae86771aa667328b5154e756d6c4e7520b3a7 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Tue, 18 Feb 2020 22:19:21 -0700
Subject: [PATCH] Update user_edit.php

---
 core/users/user_edit.php | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/core/users/user_edit.php b/core/users/user_edit.php
index 0f7270cacc..bc0937e5b9 100644
--- a/core/users/user_edit.php
+++ b/core/users/user_edit.php
@@ -125,10 +125,10 @@
 			$user_status = $_POST["user_status"];
 			$user_language = $_POST["user_language"];
 			$user_time_zone = $_POST["user_time_zone"];
-			if (permission_exists('user_edit') && $action == 'edit') {
+			if (permission_exists('contact_add') && $action == 'edit') {
 				$contact_uuid = $_POST["contact_uuid"];
 			}
-			else if (permission_exists('user_add') && $action == 'add') {
+			else if (permission_exists('contact_add') && $action == 'add') {
 				$contact_organization = $_POST["contact_organization"];
 				$contact_name_given = $_POST["contact_name_given"];
 				$contact_name_family = $_POST["contact_name_family"];
@@ -485,7 +485,9 @@
 			if (permission_exists('user_add') || permission_exists('user_edit')) {
 				$array['users'][$x]['api_key'] = ($api_key != '') ? $api_key : null;
 				$array['users'][$x]['user_enabled'] = $user_enabled;
-				$array['users'][$x]['contact_uuid'] = ($contact_uuid != '') ? $contact_uuid : null;
+				if (permission_exists('contact_add')) {
+					$array['users'][$x]['contact_uuid'] = ($contact_uuid != '') ? $contact_uuid : null;
+				}
 				if ($action == 'add') {
 					$array['users'][$x]['add_user'] = $_SESSION["user"]["username"];
 					$array['users'][$x]['add_date'] = date("Y-m-d H:i:s.uO");
@@ -567,7 +569,9 @@
 			$user_email = $row["user_email"];
 			$api_key = $row["api_key"];
 			$user_enabled = $row["user_enabled"];
-			$contact_uuid = $row["contact_uuid"];
+			if (permission_exists('contact_view')) {
+				$contact_uuid = $row["contact_uuid"];
+			}
 			$user_status = $row["user_status"];
 		}
 		else {
@@ -813,7 +817,7 @@
 		echo "	</tr>\n";
 	}
 
-	if ($action == 'edit' && permission_exists("user_edit")) {
+	if ($action == 'edit' && permission_exists("user_edit") && permission_exists('contact_edit')) {
 		echo "	<tr>";
 		echo "		<td class='vncell' valign='top'>".$text['label-contact']."</td>";
 		echo "		<td class='vtable'>\n";
@@ -869,7 +873,7 @@
 		echo "		</td>";
 		echo "	</tr>";
 	}
-	else if ($action == 'add' && permission_exists("user_add")) {
+	elseif ($action == 'add' && permission_exists("user_add") && permission_exists('contact_add')) {
 		echo "	<tr>";
 		echo "		<td class='vncell'>".$text['label-first_name']."</td>";
 		echo "		<td class='vtable'><input type='text' class='formfld' name='contact_name_given' value='".escape($contact_name_given)."'></td>";
@@ -956,7 +960,6 @@
 			echo "</select>";
 			if ($action == 'edit') {
 				echo button::create(['type'=>'submit','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add']]);
-// 				echo "<input type='submit' class='btn' value=\"".$text['button-add']."\" >\n";
 			}
 		}
 		unset($sql, $parameters, $groups, $field);
@@ -1067,4 +1070,4 @@
 //include the footer
 	require_once "resources/footer.php";
 
-?>
\ No newline at end of file
+?>