From 62aeccbb0f51e0c926cce940743e39fcdc251d28 Mon Sep 17 00:00:00 2001
From: nathan <nathangray.bsc+github@gmail.com>
Date: Fri, 15 Oct 2021 09:04:29 -0600
Subject: [PATCH] Infolog: Avoid changing contact or project links if user has
 no write permission

---
 infolog/inc/class.infolog_bo.inc.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/infolog/inc/class.infolog_bo.inc.php b/infolog/inc/class.infolog_bo.inc.php
index 5b74a943b2..9d8ece3d43 100644
--- a/infolog/inc/class.infolog_bo.inc.php
+++ b/infolog/inc/class.infolog_bo.inc.php
@@ -1094,10 +1094,14 @@ class infolog_bo
 	 * Checks for info_contact properly linked, project properly linked and
 	 * adds or removes to correct.
 	 *
-	 * @param Array $values
+	 * @param array $values
 	 */
-	protected function write_check_links(&$values)
+	protected function write_check_links(array &$values)
 	{
+		if(!$this->bo->check_access($values, Acl::EDIT))
+		{
+			return;
+		}
 		$old_link_id = (int)$values['info_link_id'];
 		$from = $values['info_from'];
 
@@ -1106,7 +1110,7 @@ class infolog_bo
 			) || (
 				is_array($values['info_contact']) && $values['info_contact']['id'] == 'none' &&
 				array_key_exists('search', $values['info_contact'])
-		))
+			))
 		{
 			if(is_array($values['info_contact']))
 			{
@@ -1115,7 +1119,7 @@ class infolog_bo
 				$id = (int)$values['info_contact']['id'];
 				$from = $values['info_contact']['search'];
 			}
-			else if ($values['info_contact'])
+			else if($values['info_contact'])
 			{
 				list($app, $id) = explode(':', $values['info_contact'], 2);
 			}