Details
Description
When viewing/editing an absence-request, the "Employee" name is displayed. This name should be a hyperlink – but only if the current user has to permission to view the employee's record.
As a couple examples of different use-cases:
- An employee may have permission to view his absence-requests but not to view his full contact record.
- A high-level manager may have permission to view all absence-requests and all contact records
- A mid-level manager may have permission to view absence-requests for people on his team. She may or may not have permission to view the full contact record (depending the org's policy and ACL configuration).
There may be a suitable helper in CRM_ACL_API, CRM_ACL_BAO_ACL, or CRM_Core_Permission.