/** * @inheritDoc */ public function addSelectWhereClause() { // We always return an array with these keys, even if they are empty, // because this tells the query builder that we have considered these fields for acls $clauses = array('id' => (array) CRM_Contact_BAO_Contact_Permission::cacheSubquery(), 'is_deleted' => CRM_Core_Permission::check('access deleted contacts') ? array() : array('!= 1')); CRM_Utils_Hook::selectWhereClause($this, $clauses); return $clauses; }
/** * Generates a clause suitable for adding to WHERE or ON when doing an api.get for this entity * * @param string $tableAlias * @return null|string */ public function apiWhereClause($tableAlias) { $fields = $this->fields(); $cidField = CRM_Utils_Array::value('contact_id', $fields); if (CRM_Utils_Array::value('FKClassName', $cidField) == 'CRM_Contact_DAO_Contact') { return CRM_Contact_BAO_Contact_Permission::cacheSubquery("`{$tableAlias}`.contact_id"); } return NULL; }
/** * @inheritDoc */ public function apiWhereClause($tableAlias) { // Generate an acl clause for both contacts in the relationship $clauses = array(); foreach (array('a', 'b') as $a) { $clause = CRM_Contact_BAO_Contact_Permission::cacheSubquery("`{$tableAlias}`.contact_id_{$a}"); if ($clause !== NULL) { $clauses[] = $clause; } } return $clauses ? implode(' AND ', $clauses) : NULL; }
/** * @inheritDoc */ public function apiWhereClause($tableAlias) { return CRM_Contact_BAO_Contact_Permission::cacheSubquery("`{$tableAlias}`.id"); }
/** * @inheritDoc */ public function apiWhereClause($tableAlias) { $clauses = array(); // Only case admins can view deleted cases if (!CRM_Core_Permission::check('administer CiviCase')) { $clauses[] = "`{$tableAlias}`.is_deleted = 0"; } // Ensure the user has permission to view the case client $contactClause = CRM_Contact_BAO_Contact_Permission::cacheSubquery('contact_id'); if ($contactClause !== NULL) { $clauses[] = "`{$tableAlias}`.id IN (SELECT case_id FROM civicrm_case_contact WHERE {$contactClause})"; } // The api gatekeeper ensures the user has at least "access all cases and activities" // so if they do not have permission to see all cases we'll assume they can only access their own if (!CRM_Core_Permission::check('access all cases and activities')) { $user = (int) CRM_Core_Session::getLoggedInContactID(); $clauses[] = "`{$tableAlias}`.id IN (\n SELECT r.case_id FROM civicrm_relationship r, civicrm_case_contact cc WHERE r.is_active = 1 AND cc.case_id = r.case_id AND (\n (contact_id_a = cc.contact_id AND contact_id_b = {$user}) OR (contact_id_b = cc.contact_id AND contact_id_a = {$user})\n )\n )"; } return $clauses ? implode(' AND ', $clauses) : NULL; }