/**
* Get the permissioned where clause for the user.
*
* @param int $type
* The type of permission needed.
* @param array $tables
* (reference ) add the tables that are needed for the select clause.
* @param array $whereTables
* (reference ) add the tables that are needed for the where clause.
* @param int $contactID
* The contactID for whom the check is made.
* @param bool $onlyDeleted
* Whether to include only deleted contacts.
* @param bool $skipDeleteClause
* Don't add delete clause if this is true,.
* this means it is handled by generating query
*
* @return string
* the group where clause for this user
*/
public static function whereClause($type, &$tables, &$whereTables, $contactID = NULL, $onlyDeleted = FALSE, $skipDeleteClause = FALSE)
{
// the default value which is valid for the final AND
$deleteClause = ' ( 1 ) ';
if (!$skipDeleteClause) {
if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) {
$deleteClause = '(contact_a.is_deleted)';
} else {
// CRM-6181
$deleteClause = '(contact_a.is_deleted = 0)';
}
}
// first see if the contact has edit / view all contacts
if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) {
return $deleteClause;
}
$user = CRM_Core_Session::getLoggedInContactID();
if ($contactID == NULL) {
$contactID = $user ? $user : 0;
}
// Check if contact has permissions on self
if ($user && $contactID == $user) {
if (CRM_Core_Permission::check('edit my contact') || $type == self::VIEW && CRM_Core_Permission::check('view my contact')) {
return ' ( 1 ) ';
}
}
return implode(' AND ', array(CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID), $deleteClause));
}
/**
* Get the permissioned where clause for the user
*
* @param int $type the type of permission needed
* @param array $tables (reference ) add the tables that are needed for the select clause
* @param array $whereTables (reference ) add the tables that are needed for the where clause
* @param int $contactID the contactID for whom the check is made
* @param bool $onlyDeleted whether to include only deleted contacts
* @param bool $skipDeleteClause don't add delete clause if this is true,
* this means it is handled by generating query
*
* @return string the group where clause for this user
* @access public
*/
public static function whereClause($type, &$tables, &$whereTables, $contactID = null, $onlyDeleted = false, $skipDeleteClause = false)
{
// first see if the contact has edit / view all contacts
if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) {
$deleteClause = ' ( 1 ) ';
if (!$skipDeleteClause) {
if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) {
$deleteClause = '(contact_a.is_deleted)';
} else {
// CRM-6181
$deleteClause = '(contact_a.is_deleted = 0)';
}
}
return $deleteClause;
}
if ($contactID == null) {
$session = CRM_Core_Session::singleton();
$contactID = $session->get('userID');
}
if (!$contactID) {
$contactID = 0;
// anonymous user
}
require_once 'CRM/ACL/BAO/ACL.php';
return CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID);
}
/**
* Get the permissioned where clause for the user.
*
* @param int $type
* The type of permission needed.
* @param array $tables
* (reference ) add the tables that are needed for the select clause.
* @param array $whereTables
* (reference ) add the tables that are needed for the where clause.
* @param int $contactID
* The contactID for whom the check is made.
* @param bool $onlyDeleted
* Whether to include only deleted contacts.
* @param bool $skipDeleteClause
* Don't add delete clause if this is true,.
* this means it is handled by generating query
*
* @return string
* the group where clause for this user
*/
public static function whereClause($type, &$tables, &$whereTables, $contactID = NULL, $onlyDeleted = FALSE, $skipDeleteClause = FALSE)
{
// the default value which is valid for rhe final AND
$deleteClause = ' ( 1 ) ';
if (!$skipDeleteClause) {
if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) {
$deleteClause = '(contact_a.is_deleted)';
} else {
// CRM-6181
$deleteClause = '(contact_a.is_deleted = 0)';
}
}
// first see if the contact has edit / view all contacts
if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) {
return $skipDeleteClause ? ' ( 1 ) ' : $deleteClause;
}
if ($contactID == NULL) {
$session = CRM_Core_Session::singleton();
$contactID = $session->get('userID');
}
if (!$contactID) {
// anonymous user
$contactID = 0;
}
return implode(' AND ', array(CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID), $deleteClause));
}
/**
* Get the permissioned where clause for the user
*
* @param int $type the type of permission needed
* @param array $tables (reference ) add the tables that are needed for the select clause
* @param array $whereTables (reference ) add the tables that are needed for the where clause
* @param int $contactID the contactID for whom the check is made
*
* @return string the group where clause for this user
* @access public
*/
public static function whereClause($type, &$tables, &$whereTables, $contactID = null)
{
// first see if the contact has edit / view all contacts
if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) {
return ' ( 1 ) ';
}
if ($contactID == null) {
$session =& CRM_Core_Session::singleton();
$contactID = $session->get('userID');
}
if (!$contactID) {
$contactID = 0;
// anonymous user
}
require_once 'CRM/ACL/BAO/ACL.php';
return CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID);
}
/**
* Get the permissioned where clause for the user.
*
* @param int $type
* The type of permission needed.
* @param array $tables
* (reference ) add the tables that are needed for the select clause.
* @param array $whereTables
* (reference ) add the tables that are needed for the where clause.
* @param int $contactID
* The contactID for whom the check is made.
* @param bool $onlyDeleted
* Whether to include only deleted contacts.
* @param bool $skipDeleteClause
* Don't add delete clause if this is true,.
* this means it is handled by generating query
*
* @return string
* the group where clause for this user
*/
public static function whereClause($type, &$tables, &$whereTables, $contactID = NULL, $onlyDeleted = FALSE, $skipDeleteClause = FALSE)
{
// the default value which is valid for the final AND
$deleteClause = ' ( 1 ) ';
if (!$skipDeleteClause) {
if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) {
$deleteClause = '(contact_a.is_deleted)';
} else {
// CRM-6181
$deleteClause = '(contact_a.is_deleted = 0)';
}
}
// first see if the contact has edit / view all contacts
if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) {
return $deleteClause;
}
if (!$contactID) {
$contactID = CRM_Core_Session::getLoggedInContactID();
}
$contactID = (int) $contactID;
$where = implode(' AND ', array(CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID), $deleteClause));
// Add permission on self
if ($contactID && (CRM_Core_Permission::check('edit my contact') || $type == self::VIEW && CRM_Core_Permission::check('view my contact'))) {
$where = "(contact_a.id = {$contactID} OR ({$where}))";
}
return $where;
}
/**
* Build a join and where part for a query
*
* @param int $contactId
* @return array - the first key is join part of the query and the second key is the where part of the query
*/
public static function buildAcl($contactId)
{
// If there is no $contactId passed return empty ACL join and where clause
if (empty($contactId)) {
return array('', '');
}
$tables = array();
$whereTables = array();
$whereClause = CRM_ACL_BAO_ACL::whereClause(CRM_Core_Permission::VIEW, $tables, $whereTables, $contactId, TRUE);
if (strlen($whereClause)) {
$whereClause = " AND (" . $whereClause . ")";
}
$join = "";
foreach ($whereTables as $name => $value) {
if (!$value) {
continue;
}
if ($value != 1) {
// if there is already a join statement in value, use value itself
if (strpos($value, 'JOIN')) {
$join .= " {$value} ";
}
continue;
}
}
return array($join, $whereClause);
}
/**
* Get the permissioned where clause for the user.
*
* @param int $type
* The type of permission needed.
* @param array $tables
* (reference ) add the tables that are needed for the select clause.
* @param array $whereTables
* (reference ) add the tables that are needed for the where clause.
* @param int $contactID
* The contactID for whom the check is made.
* @param bool $onlyDeleted
* Whether to include only deleted contacts.
* @param bool $skipDeleteClause
* Don't add delete clause if this is true,.
* this means it is handled by generating query
*
* @return string
* the group where clause for this user
*/
public static function whereClause($type, &$tables, &$whereTables, $contactID = NULL, $onlyDeleted = FALSE, $skipDeleteClause = FALSE)
{
// the default value which is valid for the final AND
$deleteClause = ' ( 1 ) ';
if (!$skipDeleteClause) {
if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) {
$deleteClause = '(contact_a.is_deleted)';
} else {
// CRM-6181
$deleteClause = '(contact_a.is_deleted = 0)';
}
}
// first see if the contact has edit / view all contacts
if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) {
return $deleteClause;
}
$user = CRM_Core_Session::getLoggedInContactID();
if ($contactID == NULL) {
$contactID = $user ? $user : 0;
}
//CRM-17014 hack - check if it's a REST request
if ($contactID == 0) {
$api_key = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST');
if (!empty($api_key)) {
$valid_user = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key');
if (!empty($valid_user)) {
$contactID = $valid_user;
}
}
}
// Check if contact has permissions on self
if ($user && $contactID == $user) {
if (CRM_Core_Permission::check('edit my contact') || $type == self::VIEW && CRM_Core_Permission::check('view my contact')) {
return ' ( 1 ) ';
}
}
return implode(' AND ', array(CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID), $deleteClause));
}
