Check ACL for customer link in order view (#2933)

luigifab · web-flow · commit 29dd4b145a10 · 2023-01-14T12:45:03.000+01:00
diff --git a/app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Info.php b/app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Info.php
@@ -74,6 +74,9 @@ public function getCustomerGroupName()
 
     public function getCustomerViewUrl()
     {
+        if (!Mage::getSingleton('admin/session')->isAllowed('customer/manage')) {
+            return false;
+        }
         if ($this->getOrder()->getCustomerIsGuest() || !$this->getOrder()->getCustomerId()) {
             return false;
         }

Original file line number	Diff line number	Diff line change
`@@ -74,6 +74,9 @@ public function getCustomerGroupName()`
`74`	`74`
`75`	`75`	`public function getCustomerViewUrl()`
`76`	`76`	`{`
	`77`	`+ if (!Mage::getSingleton('admin/session')->isAllowed('customer/manage')) {`
	`78`	`+ return false;`
	`79`	`+ }`
`77`	`80`	`if ($this->getOrder()->getCustomerIsGuest() \|\| !$this->getOrder()->getCustomerId()) {`
`78`	`81`	`return false;`
`79`	`82`	`}`