/** * Get the permissioned where clause for the user. * * @param int $type * The type of permission needed. * @param array $tables * (reference ) add the tables that are needed for the select clause. * @param array $whereTables * (reference ) add the tables that are needed for the where clause. * @param int $contactID * The contactID for whom the check is made. * @param bool $onlyDeleted * Whether to include only deleted contacts. * @param bool $skipDeleteClause * Don't add delete clause if this is true,. * this means it is handled by generating query * * @return string * the group where clause for this user */ public static function whereClause($type, &$tables, &$whereTables, $contactID = NULL, $onlyDeleted = FALSE, $skipDeleteClause = FALSE) { // the default value which is valid for the final AND $deleteClause = ' ( 1 ) '; if (!$skipDeleteClause) { if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) { $deleteClause = '(contact_a.is_deleted)'; } else { // CRM-6181 $deleteClause = '(contact_a.is_deleted = 0)'; } } // first see if the contact has edit / view all contacts if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) { return $deleteClause; } $user = CRM_Core_Session::getLoggedInContactID(); if ($contactID == NULL) { $contactID = $user ? $user : 0; } // Check if contact has permissions on self if ($user && $contactID == $user) { if (CRM_Core_Permission::check('edit my contact') || $type == self::VIEW && CRM_Core_Permission::check('view my contact')) { return ' ( 1 ) '; } } return implode(' AND ', array(CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID), $deleteClause)); }
/** * Get the permissioned where clause for the user * * @param int $type the type of permission needed * @param array $tables (reference ) add the tables that are needed for the select clause * @param array $whereTables (reference ) add the tables that are needed for the where clause * @param int $contactID the contactID for whom the check is made * @param bool $onlyDeleted whether to include only deleted contacts * @param bool $skipDeleteClause don't add delete clause if this is true, * this means it is handled by generating query * * @return string the group where clause for this user * @access public */ public static function whereClause($type, &$tables, &$whereTables, $contactID = null, $onlyDeleted = false, $skipDeleteClause = false) { // first see if the contact has edit / view all contacts if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) { $deleteClause = ' ( 1 ) '; if (!$skipDeleteClause) { if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) { $deleteClause = '(contact_a.is_deleted)'; } else { // CRM-6181 $deleteClause = '(contact_a.is_deleted = 0)'; } } return $deleteClause; } if ($contactID == null) { $session = CRM_Core_Session::singleton(); $contactID = $session->get('userID'); } if (!$contactID) { $contactID = 0; // anonymous user } require_once 'CRM/ACL/BAO/ACL.php'; return CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID); }
/** * Get the permissioned where clause for the user. * * @param int $type * The type of permission needed. * @param array $tables * (reference ) add the tables that are needed for the select clause. * @param array $whereTables * (reference ) add the tables that are needed for the where clause. * @param int $contactID * The contactID for whom the check is made. * @param bool $onlyDeleted * Whether to include only deleted contacts. * @param bool $skipDeleteClause * Don't add delete clause if this is true,. * this means it is handled by generating query * * @return string * the group where clause for this user */ public static function whereClause($type, &$tables, &$whereTables, $contactID = NULL, $onlyDeleted = FALSE, $skipDeleteClause = FALSE) { // the default value which is valid for rhe final AND $deleteClause = ' ( 1 ) '; if (!$skipDeleteClause) { if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) { $deleteClause = '(contact_a.is_deleted)'; } else { // CRM-6181 $deleteClause = '(contact_a.is_deleted = 0)'; } } // first see if the contact has edit / view all contacts if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) { return $skipDeleteClause ? ' ( 1 ) ' : $deleteClause; } if ($contactID == NULL) { $session = CRM_Core_Session::singleton(); $contactID = $session->get('userID'); } if (!$contactID) { // anonymous user $contactID = 0; } return implode(' AND ', array(CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID), $deleteClause)); }
/** * Get the permissioned where clause for the user * * @param int $type the type of permission needed * @param array $tables (reference ) add the tables that are needed for the select clause * @param array $whereTables (reference ) add the tables that are needed for the where clause * @param int $contactID the contactID for whom the check is made * * @return string the group where clause for this user * @access public */ public static function whereClause($type, &$tables, &$whereTables, $contactID = null) { // first see if the contact has edit / view all contacts if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) { return ' ( 1 ) '; } if ($contactID == null) { $session =& CRM_Core_Session::singleton(); $contactID = $session->get('userID'); } if (!$contactID) { $contactID = 0; // anonymous user } require_once 'CRM/ACL/BAO/ACL.php'; return CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID); }
/** * Get the permissioned where clause for the user. * * @param int $type * The type of permission needed. * @param array $tables * (reference ) add the tables that are needed for the select clause. * @param array $whereTables * (reference ) add the tables that are needed for the where clause. * @param int $contactID * The contactID for whom the check is made. * @param bool $onlyDeleted * Whether to include only deleted contacts. * @param bool $skipDeleteClause * Don't add delete clause if this is true,. * this means it is handled by generating query * * @return string * the group where clause for this user */ public static function whereClause($type, &$tables, &$whereTables, $contactID = NULL, $onlyDeleted = FALSE, $skipDeleteClause = FALSE) { // the default value which is valid for the final AND $deleteClause = ' ( 1 ) '; if (!$skipDeleteClause) { if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) { $deleteClause = '(contact_a.is_deleted)'; } else { // CRM-6181 $deleteClause = '(contact_a.is_deleted = 0)'; } } // first see if the contact has edit / view all contacts if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) { return $deleteClause; } if (!$contactID) { $contactID = CRM_Core_Session::getLoggedInContactID(); } $contactID = (int) $contactID; $where = implode(' AND ', array(CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID), $deleteClause)); // Add permission on self if ($contactID && (CRM_Core_Permission::check('edit my contact') || $type == self::VIEW && CRM_Core_Permission::check('view my contact'))) { $where = "(contact_a.id = {$contactID} OR ({$where}))"; } return $where; }
/** * Build a join and where part for a query * * @param int $contactId * @return array - the first key is join part of the query and the second key is the where part of the query */ public static function buildAcl($contactId) { // If there is no $contactId passed return empty ACL join and where clause if (empty($contactId)) { return array('', ''); } $tables = array(); $whereTables = array(); $whereClause = CRM_ACL_BAO_ACL::whereClause(CRM_Core_Permission::VIEW, $tables, $whereTables, $contactId, TRUE); if (strlen($whereClause)) { $whereClause = " AND (" . $whereClause . ")"; } $join = ""; foreach ($whereTables as $name => $value) { if (!$value) { continue; } if ($value != 1) { // if there is already a join statement in value, use value itself if (strpos($value, 'JOIN')) { $join .= " {$value} "; } continue; } } return array($join, $whereClause); }
/** * Get the permissioned where clause for the user. * * @param int $type * The type of permission needed. * @param array $tables * (reference ) add the tables that are needed for the select clause. * @param array $whereTables * (reference ) add the tables that are needed for the where clause. * @param int $contactID * The contactID for whom the check is made. * @param bool $onlyDeleted * Whether to include only deleted contacts. * @param bool $skipDeleteClause * Don't add delete clause if this is true,. * this means it is handled by generating query * * @return string * the group where clause for this user */ public static function whereClause($type, &$tables, &$whereTables, $contactID = NULL, $onlyDeleted = FALSE, $skipDeleteClause = FALSE) { // the default value which is valid for the final AND $deleteClause = ' ( 1 ) '; if (!$skipDeleteClause) { if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) { $deleteClause = '(contact_a.is_deleted)'; } else { // CRM-6181 $deleteClause = '(contact_a.is_deleted = 0)'; } } // first see if the contact has edit / view all contacts if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) { return $deleteClause; } $user = CRM_Core_Session::getLoggedInContactID(); if ($contactID == NULL) { $contactID = $user ? $user : 0; } //CRM-17014 hack - check if it's a REST request if ($contactID == 0) { $api_key = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST'); if (!empty($api_key)) { $valid_user = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key'); if (!empty($valid_user)) { $contactID = $valid_user; } } } // Check if contact has permissions on self if ($user && $contactID == $user) { if (CRM_Core_Permission::check('edit my contact') || $type == self::VIEW && CRM_Core_Permission::check('view my contact')) { return ' ( 1 ) '; } } return implode(' AND ', array(CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID), $deleteClause)); }