function civicrm_api3_pcpteams_getTeamRequestInfo($params)
{
$result = CRM_Core_DAO::$_nullArray;
//check the hasPermission to view details
$permParams = array('team_pcp_id' => $params['team_pcp_id']);
if (!_civicrm_pcpteams_permission_check($permParams, CRM_Core_Permission::VIEW)) {
return civicrm_api3_create_error('insufficient permission to view this record');
}
$query = " \n SELECT crs.pcp_a_b, cc.display_name, cp.page_id, cr.id FROM civicrm_value_pcp_relationship_set crs\n INNER JOIN civicrm_relationship cr ON (cr.id = crs.entity_id AND cr.is_active = 0)\n INNER JOIN civicrm_pcp cp ON (cp.id = crs.pcp_a_b)\n INNER JOIN civicrm_contact cc ON (cr.contact_id_a = cc.id AND cc.is_deleted = 0)\n WHERE crs.pcp_b_a = %1";
$queryParams = array(1 => array($params['team_pcp_id'], 'Integer'));
$dao = CRM_Core_Dao::executeQuery($query, $queryParams);
while ($dao->fetch()) {
$memberPcpResult = civicrm_api('Pcpteams', 'get', array('version' => 3, 'sequential' => 1, 'pcp_id' => $dao->pcp_a_b, 'team_pcp_id' => $params['team_pcp_id']));
$getAllDonations = civicrm_api3_pcpteams_getAllDonations(array('page_id' => $dao->page_id, 'pcp_id' => $dao->pcp_a_b, 'team_pcp_id' => $params['team_pcp_id']));
$result[$dao->pcp_a_b] = array('display_name' => $dao->display_name, 'pcp_id' => $dao->pcp_a_b, 'amount_raised' => $memberPcpResult['values'][0]['amount_raised'], 'donations_count' => $getAllDonations['count'], 'image_url' => $memberPcpResult['values'][0]['image_url'] ? $memberPcpResult['values'][0]['image_url'] : CRM_Pcpteams_Constant::C_DEFAULT_PROFILE_PIC, 'image_id' => $memberPcpResult['values'][0]['image_id'], 'team_pcp_id' => $params['team_pcp_id'], 'relationship_id' => $dao->id);
}
return civicrm_api3_create_success($result, $params);
}
static function hasPermission($pcpId = NULL, $contactId = NULL, $action = CRM_Core_Permission::EDIT, $teamPcpId = NULL)
{
if (empty($pcpId)) {
if ($contactId) {
if ($action == CRM_Core_Permission::VIEW) {
// since get api is open now, we allow viewing member details
return TRUE;
} else {
return $contactId == CRM_Pcpteams_Utils::getloggedInUserId() ? true : CRM_Contact_BAO_Contact_Permission::allow($contactId, $action);
}
}
return FALSE;
}
$pcpOwnerContactId = CRM_Core_DAO::getFieldValue('CRM_PCP_DAO_PCP', $pcpId, 'contact_id');
$hasPermission = FALSE;
if (empty($contactId)) {
$contactId = CRM_Pcpteams_Utils::getloggedInUserId();
}
// Check the pcp page which he is looking is the owner of pcp, then allow 'edit' permission
if ($pcpOwnerContactId == $contactId) {
return TRUE;
} else {
if ($action == CRM_Core_Permission::VIEW) {
// Since PCP get api is opened, as long as pcpId is available then allow view permission
if ($pcpId) {
return TRUE;
}
//CASE 1: IF logged in user is trying to view team member's pcp page
//CASE 1A: get all team pcps for logged in user
$getUserTeamQuery = "\n SELECT cps.team_pcp_id FROM civicrm_value_pcp_custom_set cps \n INNER JOIN civicrm_pcp cp ON (cp.id = cps.entity_id)\n WHERE cp.contact_id = %1 AND cps.team_pcp_id IS NOT NULL\n ";
$getUserTeamPcpDAO = CRM_Core_DAO::executeQuery($getUserTeamQuery, array(1 => array($contactId, 'Integer')));
$userTeamPcps = array();
while ($getUserTeamPcpDAO->fetch()) {
//CASE 2: IF logged in user is admin OR member of pcp being viewed
if ($getUserTeamPcpDAO->team_pcp_id == $pcpId) {
return TRUE;
}
$userTeamPcps[] = $getUserTeamPcpDAO->team_pcp_id;
}
//CASE 1B: IF pcp being viewed is related to team-pcp via custom teamp-pcp-id OR under approval relationship
if (!empty($userTeamPcps)) {
$userTeamPcpIds = implode(', ', $userTeamPcps);
$memberQuery = "\n SELECT cp.id\n FROM civicrm_pcp cp\n LEFT JOIN civicrm_value_pcp_custom_set cpcs ON (cp.id = cpcs.entity_id)\n LEFT JOIN civicrm_value_pcp_relationship_set crcs ON (cp.id = crcs.pcp_a_b)\n WHERE (cpcs.entity_id = %1 AND cpcs.team_pcp_id IN ({$userTeamPcpIds})) OR ( crcs.pcp_a_b = %1 AND crcs.pcp_b_a IN ({$userTeamPcpIds}))\n ";
$memberPcp = CRM_Core_DAO::singleValueQuery($memberQuery, array(1 => array($pcpId, 'Integer')));
if ($memberPcp) {
return TRUE;
}
}
//CASE 3: IF pcp being viewed has been requested to be joined by logged in user (under approval)
$relQuery = "\n SELECT cr.id \n FROM civicrm_relationship cr\n INNER JOIN civicrm_value_pcp_relationship_set crcs ON (cr.id = crcs.entity_id) \n WHERE cr.contact_id_a = %1 AND cr.contact_id_b = %2 AND cr.relationship_type_id = %3 AND crcs.pcp_b_a = %4\n ";
$relTypeId = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_RelationshipType', CRM_Pcpteams_Constant::C_TEAM_RELATIONSHIP_TYPE, 'id', 'name_a_b');
$relQueryParams = array(1 => array($contactId, 'Integer'), 2 => array($pcpOwnerContactId, 'Integer'), 3 => array($relTypeId, 'Integer'), 4 => array($pcpId, 'Integer'));
if (CRM_Core_DAO::singleValueQuery($relQuery, $relQueryParams)) {
return TRUE;
}
//CASE 4: if admin is trying to view the pcp
if (CRM_Contact_BAO_Contact_Permission::allow($pcpOwnerContactId, CRM_Core_Permission::VIEW)) {
return TRUE;
}
} else {
if ($action == CRM_Pcpteams_Constant::C_PERMISSION_MEMBER) {
if ($pcpId && $teamPcpId) {
//check pcp custom set
$queryParams = array(1 => array($pcpId, 'Integer'), 2 => array($teamPcpId, 'Integer'));
$query = "\n SELECT id FROM civicrm_value_pcp_custom_set \n WHERE entity_id = %1 AND team_pcp_id = %2\n ";
$teamMemberExists = CRM_Core_Dao::singleValueQuery($query, $queryParams);
if ($teamMemberExists) {
return TRUE;
}
//check pcp relationship custom set
$query = "\n SELECT id FROM civicrm_value_pcp_relationship_set\n WHERE pcp_a_b = %1 AND pcp_b_a = %2\n ";
$teamMemberExists = CRM_Core_Dao::singleValueQuery($query, $queryParams);
if ($teamMemberExists) {
return TRUE;
}
} else {
if ($pcpId && $contactId) {
$query = "\n SELECT cs.id FROM civicrm_value_pcp_custom_set cs\n INNER JOIN civicrm_pcp cp ON cp.id = cs.entity_id \n INNER JOIN civicrm_contact cc ON cc.id = cp.contact_id\n WHERE cs.team_pcp_id = %1 AND cc.id = %2\n ";
$queryParams = array(1 => array($pcpId, 'Integer'), 2 => array($contactId, 'Integer'));
$teamMemberExists = CRM_Core_Dao::executeQuery($query, $queryParams);
if ($teamMemberExists->fetch()) {
return TRUE;
}
}
}
return FALSE;
} else {
if ($action == CRM_Pcpteams_Constant::C_PERMISSION_TEAM_ADMIN) {
if ($pcpId && $contactId) {
$query = "\n SELECT cs.id FROM civicrm_value_pcp_custom_set cs\n INNER JOIN civicrm_pcp mp ON mp.id = cs.entity_id\n INNER JOIN civicrm_pcp tp ON tp.id = cs.team_pcp_id\n INNER JOIN civicrm_contact tc ON tc.id = tp.contact_id\n INNER JOIN civicrm_relationship cr ON cr.contact_id_b = tc.id\n INNER JOIN civicrm_relationship_type crt on crt.id = cr.relationship_type_id\n WHERE cs.entity_id = %1 AND cr.contact_id_a = %2 AND crt.name_a_b = %3";
$queryParams = array(1 => array($pcpId, 'Integer'), 2 => array($contactId, 'Integer'), 3 => array(CRM_Pcpteams_Constant::C_TEAM_ADMIN_REL_TYPE, 'String'));
if (CRM_Core_DAO::singleValueQuery($query, $queryParams)) {
return TRUE;
}
if (CRM_Contact_BAO_Contact_Permission::allow($contactId, CRM_Core_Permission::EDIT)) {
return TRUE;
}
}
} else {
if ($action == CRM_Core_Permission::EDIT) {
// A. if logged in user ($contactId) is owner of pcp ($pcpId) it should have returned true in the beginning.
// B. at this point we checking if logged in user ($contactId) is admin for team-contact ($pcpOwnerContactId) of pcp ($pcpId)
$query = "\n SELECT cr.id FROM civicrm_relationship cr\n INNER JOIN civicrm_relationship_type crt ON (crt.id = cr.relationship_type_id)\n WHERE cr.contact_id_a = %1 AND cr.contact_id_b = %2 AND cr.is_active = %3 AND crt.name_a_b = %4";
$queryParams = array(1 => array($contactId, 'Integer'), 2 => array($pcpOwnerContactId, 'Integer'), 3 => array(1, 'Integer'), 4 => array(CRM_Pcpteams_Constant::C_TEAM_ADMIN_REL_TYPE, 'String'));
if (CRM_Core_DAO::singleValueQuery($query, $queryParams)) {
return TRUE;
}
if (CRM_Contact_BAO_Contact_Permission::allow($pcpOwnerContactId, CRM_Core_Permission::EDIT)) {
return TRUE;
}
}
}
}
}
}
return FALSE;
}
