/** * Process the view. * * * @return void */ public function preProcess() { $contactID = CRM_Utils_Request::retrieve('cid', 'Integer', $this, TRUE); $activityID = CRM_Utils_Request::retrieve('aid', 'Integer', $this, TRUE); $revs = CRM_Utils_Request::retrieve('revs', 'Boolean', CRM_Core_DAO::$_nullObject); $caseID = CRM_Utils_Request::retrieve('caseID', 'Boolean', CRM_Core_DAO::$_nullObject); $activitySubject = CRM_Core_DAO::getFieldValue('CRM_Activity_DAO_Activity', $activityID, 'subject'); //check for required permissions, CRM-6264 if ($activityID && !CRM_Activity_BAO_Activity::checkPermission($activityID, CRM_Core_Action::VIEW)) { CRM_Core_Error::fatal(ts('You do not have permission to access this page.')); } $this->assign('contactID', $contactID); $this->assign('caseID', $caseID); // CRM-9145 $this->assign('activityID', $activityID); $xmlProcessor = new CRM_Case_XMLProcessor_Report(); $report = $xmlProcessor->getActivityInfo($contactID, $activityID, TRUE); $attachmentUrl = CRM_Core_BAO_File::attachmentInfo('civicrm_activity', $activityID); if ($attachmentUrl) { $report['fields'][] = array('label' => 'Attachment(s)', 'value' => $attachmentUrl, 'type' => 'Link'); } $tags = CRM_Core_BAO_EntityTag::getTag($activityID, 'civicrm_activity'); if (!empty($tags)) { $allTag = CRM_Core_PseudoConstant::get('CRM_Core_DAO_EntityTag', 'tag_id', array('onlyActive' => FALSE)); foreach ($tags as $tid) { $tags[$tid] = $allTag[$tid]; } $report['fields'][] = array('label' => 'Tags', 'value' => implode('<br />', $tags), 'type' => 'String'); } $this->assign('report', $report); $latestRevisionID = CRM_Activity_BAO_Activity::getLatestActivityId($activityID); $viewPriorActivities = array(); $priorActivities = CRM_Activity_BAO_Activity::getPriorAcitivities($activityID); foreach ($priorActivities as $activityId => $activityValues) { if (CRM_Case_BAO_Case::checkPermission($activityId, 'view', NULL, $contactID)) { $viewPriorActivities[$activityId] = $activityValues; } } if ($revs) { CRM_Utils_System::setTitle(ts('Activity Revision History')); $this->assign('revs', $revs); $this->assign('result', $viewPriorActivities); $this->assign('subject', $activitySubject); $this->assign('latestRevisionID', $latestRevisionID); } else { if (count($viewPriorActivities) > 1) { $this->assign('activityID', $activityID); } if ($latestRevisionID != $activityID) { $this->assign('latestRevisionID', $latestRevisionID); } } $parentID = CRM_Activity_BAO_Activity::getParentActivity($activityID); if ($parentID) { $this->assign('parentID', $parentID); } //viewing activity should get diplayed in recent list.CRM-4670 $activityTypeID = CRM_Core_DAO::getFieldValue('CRM_Activity_DAO_Activity', $activityID, 'activity_type_id'); $activityContacts = CRM_Core_OptionGroup::values('activity_contacts', FALSE, FALSE, FALSE, NULL, 'name'); $targetID = CRM_Utils_Array::key('Activity Targets', $activityContacts); $activityTargetContacts = CRM_Activity_BAO_ActivityContact::retrieveContactIdsByActivityId($activityID, $targetID); if (!empty($activityTargetContacts)) { $recentContactId = $activityTargetContacts[0]; } else { $recentContactId = $contactID; } if (!isset($caseID)) { $caseID = CRM_Core_DAO::getFieldValue('CRM_Case_DAO_CaseActivity', $activityID, 'case_id', 'activity_id'); } $url = CRM_Utils_System::url('civicrm/case/activity/view', "reset=1&aid={$activityID}&cid={$recentContactId}&caseID={$caseID}&context=home"); $recentContactDisplay = CRM_Contact_BAO_Contact::displayName($recentContactId); // add the recently created Activity $activityTypes = CRM_Core_PseudoConstant::activityType(TRUE, TRUE); $title = ""; if (isset($activitySubject)) { $title = $activitySubject . ' - '; } $title = $title . $recentContactDisplay . ' (' . $activityTypes[$activityTypeID] . ')'; $recentOther = array(); if (CRM_Case_BAO_Case::checkPermission($activityID, 'edit')) { $recentOther['editUrl'] = CRM_Utils_System::url('civicrm/case/activity', "reset=1&action=update&id={$activityID}&cid={$recentContactId}&caseid={$caseID}&context=home"); } if (CRM_Case_BAO_Case::checkPermission($activityID, 'delete')) { $recentOther['deleteUrl'] = CRM_Utils_System::url('civicrm/case/activity', "reset=1&action=delete&id={$activityID}&cid={$recentContactId}&caseid={$caseID}&context=home"); } CRM_Utils_Recent::add($title, $url, $activityID, 'Activity', $recentContactId, $recentContactDisplay, $recentOther); }
/** * Does user has sufficient permission for view/edit activity record. * * @param int $activityId * Activity record id. * @param int $action * Edit/view. * * @return bool */ public static function checkPermission($activityId, $action) { $allow = FALSE; if (!$activityId || !in_array($action, array(CRM_Core_Action::UPDATE, CRM_Core_Action::VIEW))) { return $allow; } $activity = new CRM_Activity_DAO_Activity(); $activity->id = $activityId; if (!$activity->find(TRUE)) { return $allow; } // Component related permissions. $compPermissions = array('CiviCase' => array('administer CiviCase', 'access my cases and activities', 'access all cases and activities'), 'CiviMail' => array('access CiviMail'), 'CiviEvent' => array('access CiviEvent'), 'CiviGrant' => array('access CiviGrant'), 'CiviPledge' => array('access CiviPledge'), 'CiviMember' => array('access CiviMember'), 'CiviReport' => array('access CiviReport'), 'CiviContribute' => array('access CiviContribute'), 'CiviCampaign' => array('administer CiviCampaign')); // Return early when it is case activity. $isCaseActivity = CRM_Case_BAO_Case::isCaseActivity($activityId); // Check for civicase related permission. if ($isCaseActivity) { $allow = FALSE; foreach ($compPermissions['CiviCase'] as $per) { if (CRM_Core_Permission::check($per)) { $allow = TRUE; break; } } // Check for case specific permissions. if ($allow) { $oper = 'view'; if ($action == CRM_Core_Action::UPDATE) { $oper = 'edit'; } $allow = CRM_Case_BAO_Case::checkPermission($activityId, $oper, $activity->activity_type_id); } return $allow; } // First check the component permission. $sql = "\n SELECT component_id\n FROM civicrm_option_value val\nINNER JOIN civicrm_option_group grp ON ( grp.id = val.option_group_id AND grp.name = %1 )\n WHERE val.value = %2"; $params = array(1 => array('activity_type', 'String'), 2 => array($activity->activity_type_id, 'Integer')); $componentId = CRM_Core_DAO::singleValueQuery($sql, $params); if ($componentId) { $componentName = CRM_Core_Component::getComponentName($componentId); $compPermission = CRM_Utils_Array::value($componentName, $compPermissions); // Here we are interesting in any single permission. if (is_array($compPermission)) { foreach ($compPermission as $per) { if (CRM_Core_Permission::check($per)) { $allow = TRUE; break; } } } } // Check for this permission related to contact. $permission = CRM_Core_Permission::VIEW; if ($action == CRM_Core_Action::UPDATE) { $permission = CRM_Core_Permission::EDIT; } $activityContacts = CRM_Core_OptionGroup::values('activity_contacts', FALSE, FALSE, FALSE, NULL, 'name'); $sourceID = CRM_Utils_Array::key('Activity Source', $activityContacts); $assigneeID = CRM_Utils_Array::key('Activity Assignees', $activityContacts); $targetID = CRM_Utils_Array::key('Activity Targets', $activityContacts); // Check for source contact. if (!$componentId || $allow) { $sourceContactId = self::getActivityContact($activity->id, $sourceID); // Account for possibility of activity not having a source contact (as it may have been deleted). if ($sourceContactId) { $allow = CRM_Contact_BAO_Contact_Permission::allow($sourceContactId, $permission); } } // Check for target and assignee contacts. if ($allow) { // First check for supper permission. $supPermission = 'view all contacts'; if ($action == CRM_Core_Action::UPDATE) { $supPermission = 'edit all contacts'; } $allow = CRM_Core_Permission::check($supPermission); // User might have sufficient permission, through acls. if (!$allow) { $allow = TRUE; // Get the target contacts. $targetContacts = CRM_Activity_BAO_ActivityContact::retrieveContactIdsByActivityId($activity->id, $targetID); foreach ($targetContacts as $cnt => $contactId) { if (!CRM_Contact_BAO_Contact_Permission::allow($contactId, $permission)) { $allow = FALSE; break; } } // Get the assignee contacts. if ($allow) { $assigneeContacts = CRM_Activity_BAO_ActivityContact::retrieveContactIdsByActivityId($activity->id, $assigneeID); foreach ($assigneeContacts as $cnt => $contactId) { if (!CRM_Contact_BAO_Contact_Permission::allow($contactId, $permission)) { $allow = FALSE; break; } } } } } return $allow; }