/**
* @inheritDoc
*/
public function addSelectWhereClause()
{
// We always return an array with these keys, even if they are empty,
// because this tells the query builder that we have considered these fields for acls
$clauses = array('id' => (array) CRM_Contact_BAO_Contact_Permission::cacheSubquery(), 'is_deleted' => CRM_Core_Permission::check('access deleted contacts') ? array() : array('!= 1'));
CRM_Utils_Hook::selectWhereClause($this, $clauses);
return $clauses;
}
/**
* Generates a clause suitable for adding to WHERE or ON when doing an api.get for this entity
*
* @param string $tableAlias
* @return null|string
*/
public function apiWhereClause($tableAlias)
{
$fields = $this->fields();
$cidField = CRM_Utils_Array::value('contact_id', $fields);
if (CRM_Utils_Array::value('FKClassName', $cidField) == 'CRM_Contact_DAO_Contact') {
return CRM_Contact_BAO_Contact_Permission::cacheSubquery("`{$tableAlias}`.contact_id");
}
return NULL;
}
/**
* @inheritDoc
*/
public function apiWhereClause($tableAlias)
{
// Generate an acl clause for both contacts in the relationship
$clauses = array();
foreach (array('a', 'b') as $a) {
$clause = CRM_Contact_BAO_Contact_Permission::cacheSubquery("`{$tableAlias}`.contact_id_{$a}");
if ($clause !== NULL) {
$clauses[] = $clause;
}
}
return $clauses ? implode(' AND ', $clauses) : NULL;
}
/**
* @inheritDoc
*/
public function apiWhereClause($tableAlias)
{
return CRM_Contact_BAO_Contact_Permission::cacheSubquery("`{$tableAlias}`.id");
}
/**
* @inheritDoc
*/
public function apiWhereClause($tableAlias)
{
$clauses = array();
// Only case admins can view deleted cases
if (!CRM_Core_Permission::check('administer CiviCase')) {
$clauses[] = "`{$tableAlias}`.is_deleted = 0";
}
// Ensure the user has permission to view the case client
$contactClause = CRM_Contact_BAO_Contact_Permission::cacheSubquery('contact_id');
if ($contactClause !== NULL) {
$clauses[] = "`{$tableAlias}`.id IN (SELECT case_id FROM civicrm_case_contact WHERE {$contactClause})";
}
// The api gatekeeper ensures the user has at least "access all cases and activities"
// so if they do not have permission to see all cases we'll assume they can only access their own
if (!CRM_Core_Permission::check('access all cases and activities')) {
$user = (int) CRM_Core_Session::getLoggedInContactID();
$clauses[] = "`{$tableAlias}`.id IN (\n SELECT r.case_id FROM civicrm_relationship r, civicrm_case_contact cc WHERE r.is_active = 1 AND cc.case_id = r.case_id AND (\n (contact_id_a = cc.contact_id AND contact_id_b = {$user}) OR (contact_id_b = cc.contact_id AND contact_id_a = {$user})\n )\n )";
}
return $clauses ? implode(' AND ', $clauses) : NULL;
}
