public static function whereClause($type, &$tables, &$whereTables, $contactID = NULL) { $acls = CRM_ACL_BAO_Cache::build($contactID); //CRM_Core_Error::debug( "a: $contactID", $acls ); $whereClause = NULL; $clauses = array(); if (!empty($acls)) { $aclKeys = array_keys($acls); $aclKeys = implode(',', $aclKeys); $query = "\nSELECT a.operation, a.object_id\n FROM civicrm_acl_cache c, civicrm_acl a\n WHERE c.acl_id = a.id\n AND a.is_active = 1\n AND a.object_table = 'civicrm_saved_search'\n AND a.id IN ( {$aclKeys} )\nORDER BY a.object_id\n"; $dao = CRM_Core_DAO::executeQuery($query); // do an or of all the where clauses u see $ids = array(); while ($dao->fetch()) { // make sure operation matches the type TODO if (self::matchType($type, $dao->operation)) { if (!$dao->object_id) { $ids = array(); $whereClause = ' ( 1 ) '; break; } $ids[] = $dao->object_id; } } if (!empty($ids)) { $ids = implode(',', $ids); $query = "\nSELECT g.*\n FROM civicrm_group g\n WHERE g.id IN ( {$ids} )\n AND g.is_active = 1\n"; $dao = CRM_Core_DAO::executeQuery($query); $staticGroupIDs = array(); $cachedGroupIDs = array(); while ($dao->fetch()) { // currently operation is restrcited to VIEW/EDIT if ($dao->where_clause) { if ($dao->select_tables) { $tmpTables = array(); foreach (unserialize($dao->select_tables) as $tmpName => $tmpInfo) { if ($tmpName == '`civicrm_group_contact-' . $dao->id . '`') { $tmpName = '`civicrm_group_contact-ACL`'; $tmpInfo = str_replace('civicrm_group_contact-' . $dao->id, 'civicrm_group_contact-ACL', $tmpInfo); } elseif ($tmpName == '`civicrm_group_contact_cache_' . $dao->id . '`') { $tmpName = '`civicrm_group_contact_cache-ACL`'; $tmpInfo = str_replace('civicrm_group_contact_cache_' . $dao->id, 'civicrm_group_contact_cache-ACL', $tmpInfo); } $tmpTables[$tmpName] = $tmpInfo; } $tables = array_merge($tables, $tmpTables); } if ($dao->where_tables) { $tmpTables = array(); foreach (unserialize($dao->where_tables) as $tmpName => $tmpInfo) { if ($tmpName == '`civicrm_group_contact-' . $dao->id . '`') { $tmpName = '`civicrm_group_contact-ACL`'; $tmpInfo = str_replace('civicrm_group_contact-' . $dao->id, 'civicrm_group_contact-ACL', $tmpInfo); $staticGroupIDs[] = $dao->id; } elseif ($tmpName == '`civicrm_group_contact_cache_' . $dao->id . '`') { $tmpName = '`civicrm_group_contact_cache-ACL`'; $tmpInfo = str_replace('civicrm_group_contact_cache_' . $dao->id, 'civicrm_group_contact_cache-ACL', $tmpInfo); $cachedGroupIDs[] = $dao->id; } $tmpTables[$tmpName] = $tmpInfo; } $whereTables = array_merge($whereTables, $tmpTables); } } if (($dao->saved_search_id || $dao->children || $dao->parents) && $dao->cache_date == NULL) { CRM_Contact_BAO_GroupContactCache::load($dao); } } if ($staticGroupIDs) { $clauses[] = '( `civicrm_group_contact-ACL`.group_id IN (' . join(', ', $staticGroupIDs) . ') AND `civicrm_group_contact-ACL`.status IN ("Added") )'; } if ($cachedGroupIDs) { $clauses[] = '`civicrm_group_contact_cache-ACL`.group_id IN (' . join(', ', $cachedGroupIDs) . ')'; } } } if (!empty($clauses)) { $whereClause = ' ( ' . implode(' OR ', $clauses) . ' ) '; } // call the hook to get additional whereClauses CRM_Utils_Hook::aclWhereClause($type, $tables, $whereTables, $contactID, $whereClause); if (empty($whereClause)) { $whereClause = ' ( 0 ) '; } return $whereClause; }
/** * Validate user permission across * edit or view or with supportable acls. * * return boolean true/false. **/ static function giveMeAllACLs() { if (CRM_Core_Permission::check('view all contacts') || CRM_Core_Permission::check('edit all contacts')) { return TRUE; } $session = CRM_Core_Session::singleton(); $contactID = $session->get('userID'); //check for acl. $aclPermission = self::getPermission(); if (in_array($aclPermission, array(CRM_Core_Permission::EDIT, CRM_Core_Permission::VIEW))) { return TRUE; } // run acl where hook and see if the user is supplying an ACL clause // that is not false $tables = $whereTables = array(); $where = NULL; CRM_Utils_Hook::aclWhereClause(CRM_Core_Permission::VIEW, $tables, $whereTables, $contactID, $where); return empty($whereTables) ? FALSE : TRUE; }
/** * Validate user permission across * edit or view or with supportable acls. * * return boolean true/false. **/ static function giveMeAllACLs() { if (CRM_Core_Permission::check('view all contacts') || CRM_Core_Permission::check('edit all contacts')) { return TRUE; } $session = CRM_Core_Session::singleton(); $contactID = $session->get('userID'); if (self::isMultisiteEnabled()) { // For multisite just check if there are contacts in acl_contact_cache table for now. // FixMe: so even if a user in multisite has very limited permission could still // see search / contact navigation options for example. return CRM_Contact_BAO_Contact_Permission::hasContactsInCache(CRM_Core_Permission::VIEW, $contactID); } //check for acl. $aclPermission = self::getPermission(); if (in_array($aclPermission, array(CRM_Core_Permission::EDIT, CRM_Core_Permission::VIEW))) { return TRUE; } // run acl where hook and see if the user is supplying an ACL clause // that is not false $tables = $whereTables = array(); $where = NULL; CRM_Utils_Hook::aclWhereClause(CRM_Core_Permission::VIEW, $tables, $whereTables, $contactID, $where); return empty($whereTables) ? FALSE : TRUE; }
public static function whereClause($type, &$tables, &$whereTables, $contactID = null) { require_once 'CRM/ACL/BAO/Cache.php'; $acls =& CRM_ACL_BAO_Cache::build($contactID); //CRM_Core_Error::debug( "a: $contactID", $acls ); $whereClause = null; $clauses = array(); if (!empty($acls)) { $aclKeys = array_keys($acls); $aclKeys = implode(',', $aclKeys); $query = "\nSELECT a.operation, a.object_id\n FROM civicrm_acl_cache c, civicrm_acl a\n WHERE c.acl_id = a.id\n AND a.is_active = 1\n AND a.object_table = 'civicrm_saved_search'\n AND a.id IN ( {$aclKeys} )\nORDER BY a.object_id\n"; $dao =& CRM_Core_DAO::executeQuery($query); // do an or of all the where clauses u see $ids = array(); while ($dao->fetch()) { // make sure operation matches the type TODO if (self::matchType($type, $dao->operation)) { if (!$dao->object_id) { $ids = array(); $whereClause = ' ( 1 ) '; break; } $ids[] = $dao->object_id; } } if (!empty($ids)) { $ids = implode(',', $ids); $query = "\nSELECT g.*\n FROM civicrm_group g\n WHERE g.id IN ( {$ids} )\n"; $dao =& CRM_Core_DAO::executeQuery($query); while ($dao->fetch()) { // currently operation is restrcited to VIEW/EDIT if ($dao->where_clause) { $clauses[] = $dao->where_clause; if ($dao->select_tables) { $tables = array_merge($tables, unserialize($dao->select_tables)); } if ($dao->where_tables) { $whereTables = array_merge($whereTables, unserialize($dao->where_tables)); } } if (($dao->saved_search_id || $dao->children || $dao->parents) && $dao->cache_date == null) { require_once 'CRM/Contact/BAO/GroupContactCache.php'; CRM_Contact_BAO_GroupContactCache::load($dao); } } } } if (!empty($clauses)) { $whereClause = ' ( ' . implode(' OR ', $clauses) . ' ) '; } // call the hook to get additional whereClauses require_once 'CRM/Utils/Hook.php'; CRM_Utils_Hook::aclWhereClause($type, $tables, $whereTables, $contactID, $whereClause); if (empty($whereClause)) { $whereClause = ' ( 0 ) '; } return $whereClause; }