function civicrm_api3_pcpteams_getTeamRequestInfo($params) { $result = CRM_Core_DAO::$_nullArray; //check the hasPermission to view details $permParams = array('team_pcp_id' => $params['team_pcp_id']); if (!_civicrm_pcpteams_permission_check($permParams, CRM_Core_Permission::VIEW)) { return civicrm_api3_create_error('insufficient permission to view this record'); } $query = " \n SELECT crs.pcp_a_b, cc.display_name, cp.page_id, cr.id FROM civicrm_value_pcp_relationship_set crs\n INNER JOIN civicrm_relationship cr ON (cr.id = crs.entity_id AND cr.is_active = 0)\n INNER JOIN civicrm_pcp cp ON (cp.id = crs.pcp_a_b)\n INNER JOIN civicrm_contact cc ON (cr.contact_id_a = cc.id AND cc.is_deleted = 0)\n WHERE crs.pcp_b_a = %1"; $queryParams = array(1 => array($params['team_pcp_id'], 'Integer')); $dao = CRM_Core_Dao::executeQuery($query, $queryParams); while ($dao->fetch()) { $memberPcpResult = civicrm_api('Pcpteams', 'get', array('version' => 3, 'sequential' => 1, 'pcp_id' => $dao->pcp_a_b, 'team_pcp_id' => $params['team_pcp_id'])); $getAllDonations = civicrm_api3_pcpteams_getAllDonations(array('page_id' => $dao->page_id, 'pcp_id' => $dao->pcp_a_b, 'team_pcp_id' => $params['team_pcp_id'])); $result[$dao->pcp_a_b] = array('display_name' => $dao->display_name, 'pcp_id' => $dao->pcp_a_b, 'amount_raised' => $memberPcpResult['values'][0]['amount_raised'], 'donations_count' => $getAllDonations['count'], 'image_url' => $memberPcpResult['values'][0]['image_url'] ? $memberPcpResult['values'][0]['image_url'] : CRM_Pcpteams_Constant::C_DEFAULT_PROFILE_PIC, 'image_id' => $memberPcpResult['values'][0]['image_id'], 'team_pcp_id' => $params['team_pcp_id'], 'relationship_id' => $dao->id); } return civicrm_api3_create_success($result, $params); }
static function hasPermission($pcpId = NULL, $contactId = NULL, $action = CRM_Core_Permission::EDIT, $teamPcpId = NULL) { if (empty($pcpId)) { if ($contactId) { if ($action == CRM_Core_Permission::VIEW) { // since get api is open now, we allow viewing member details return TRUE; } else { return $contactId == CRM_Pcpteams_Utils::getloggedInUserId() ? true : CRM_Contact_BAO_Contact_Permission::allow($contactId, $action); } } return FALSE; } $pcpOwnerContactId = CRM_Core_DAO::getFieldValue('CRM_PCP_DAO_PCP', $pcpId, 'contact_id'); $hasPermission = FALSE; if (empty($contactId)) { $contactId = CRM_Pcpteams_Utils::getloggedInUserId(); } // Check the pcp page which he is looking is the owner of pcp, then allow 'edit' permission if ($pcpOwnerContactId == $contactId) { return TRUE; } else { if ($action == CRM_Core_Permission::VIEW) { // Since PCP get api is opened, as long as pcpId is available then allow view permission if ($pcpId) { return TRUE; } //CASE 1: IF logged in user is trying to view team member's pcp page //CASE 1A: get all team pcps for logged in user $getUserTeamQuery = "\n SELECT cps.team_pcp_id FROM civicrm_value_pcp_custom_set cps \n INNER JOIN civicrm_pcp cp ON (cp.id = cps.entity_id)\n WHERE cp.contact_id = %1 AND cps.team_pcp_id IS NOT NULL\n "; $getUserTeamPcpDAO = CRM_Core_DAO::executeQuery($getUserTeamQuery, array(1 => array($contactId, 'Integer'))); $userTeamPcps = array(); while ($getUserTeamPcpDAO->fetch()) { //CASE 2: IF logged in user is admin OR member of pcp being viewed if ($getUserTeamPcpDAO->team_pcp_id == $pcpId) { return TRUE; } $userTeamPcps[] = $getUserTeamPcpDAO->team_pcp_id; } //CASE 1B: IF pcp being viewed is related to team-pcp via custom teamp-pcp-id OR under approval relationship if (!empty($userTeamPcps)) { $userTeamPcpIds = implode(', ', $userTeamPcps); $memberQuery = "\n SELECT cp.id\n FROM civicrm_pcp cp\n LEFT JOIN civicrm_value_pcp_custom_set cpcs ON (cp.id = cpcs.entity_id)\n LEFT JOIN civicrm_value_pcp_relationship_set crcs ON (cp.id = crcs.pcp_a_b)\n WHERE (cpcs.entity_id = %1 AND cpcs.team_pcp_id IN ({$userTeamPcpIds})) OR ( crcs.pcp_a_b = %1 AND crcs.pcp_b_a IN ({$userTeamPcpIds}))\n "; $memberPcp = CRM_Core_DAO::singleValueQuery($memberQuery, array(1 => array($pcpId, 'Integer'))); if ($memberPcp) { return TRUE; } } //CASE 3: IF pcp being viewed has been requested to be joined by logged in user (under approval) $relQuery = "\n SELECT cr.id \n FROM civicrm_relationship cr\n INNER JOIN civicrm_value_pcp_relationship_set crcs ON (cr.id = crcs.entity_id) \n WHERE cr.contact_id_a = %1 AND cr.contact_id_b = %2 AND cr.relationship_type_id = %3 AND crcs.pcp_b_a = %4\n "; $relTypeId = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_RelationshipType', CRM_Pcpteams_Constant::C_TEAM_RELATIONSHIP_TYPE, 'id', 'name_a_b'); $relQueryParams = array(1 => array($contactId, 'Integer'), 2 => array($pcpOwnerContactId, 'Integer'), 3 => array($relTypeId, 'Integer'), 4 => array($pcpId, 'Integer')); if (CRM_Core_DAO::singleValueQuery($relQuery, $relQueryParams)) { return TRUE; } //CASE 4: if admin is trying to view the pcp if (CRM_Contact_BAO_Contact_Permission::allow($pcpOwnerContactId, CRM_Core_Permission::VIEW)) { return TRUE; } } else { if ($action == CRM_Pcpteams_Constant::C_PERMISSION_MEMBER) { if ($pcpId && $teamPcpId) { //check pcp custom set $queryParams = array(1 => array($pcpId, 'Integer'), 2 => array($teamPcpId, 'Integer')); $query = "\n SELECT id FROM civicrm_value_pcp_custom_set \n WHERE entity_id = %1 AND team_pcp_id = %2\n "; $teamMemberExists = CRM_Core_Dao::singleValueQuery($query, $queryParams); if ($teamMemberExists) { return TRUE; } //check pcp relationship custom set $query = "\n SELECT id FROM civicrm_value_pcp_relationship_set\n WHERE pcp_a_b = %1 AND pcp_b_a = %2\n "; $teamMemberExists = CRM_Core_Dao::singleValueQuery($query, $queryParams); if ($teamMemberExists) { return TRUE; } } else { if ($pcpId && $contactId) { $query = "\n SELECT cs.id FROM civicrm_value_pcp_custom_set cs\n INNER JOIN civicrm_pcp cp ON cp.id = cs.entity_id \n INNER JOIN civicrm_contact cc ON cc.id = cp.contact_id\n WHERE cs.team_pcp_id = %1 AND cc.id = %2\n "; $queryParams = array(1 => array($pcpId, 'Integer'), 2 => array($contactId, 'Integer')); $teamMemberExists = CRM_Core_Dao::executeQuery($query, $queryParams); if ($teamMemberExists->fetch()) { return TRUE; } } } return FALSE; } else { if ($action == CRM_Pcpteams_Constant::C_PERMISSION_TEAM_ADMIN) { if ($pcpId && $contactId) { $query = "\n SELECT cs.id FROM civicrm_value_pcp_custom_set cs\n INNER JOIN civicrm_pcp mp ON mp.id = cs.entity_id\n INNER JOIN civicrm_pcp tp ON tp.id = cs.team_pcp_id\n INNER JOIN civicrm_contact tc ON tc.id = tp.contact_id\n INNER JOIN civicrm_relationship cr ON cr.contact_id_b = tc.id\n INNER JOIN civicrm_relationship_type crt on crt.id = cr.relationship_type_id\n WHERE cs.entity_id = %1 AND cr.contact_id_a = %2 AND crt.name_a_b = %3"; $queryParams = array(1 => array($pcpId, 'Integer'), 2 => array($contactId, 'Integer'), 3 => array(CRM_Pcpteams_Constant::C_TEAM_ADMIN_REL_TYPE, 'String')); if (CRM_Core_DAO::singleValueQuery($query, $queryParams)) { return TRUE; } if (CRM_Contact_BAO_Contact_Permission::allow($contactId, CRM_Core_Permission::EDIT)) { return TRUE; } } } else { if ($action == CRM_Core_Permission::EDIT) { // A. if logged in user ($contactId) is owner of pcp ($pcpId) it should have returned true in the beginning. // B. at this point we checking if logged in user ($contactId) is admin for team-contact ($pcpOwnerContactId) of pcp ($pcpId) $query = "\n SELECT cr.id FROM civicrm_relationship cr\n INNER JOIN civicrm_relationship_type crt ON (crt.id = cr.relationship_type_id)\n WHERE cr.contact_id_a = %1 AND cr.contact_id_b = %2 AND cr.is_active = %3 AND crt.name_a_b = %4"; $queryParams = array(1 => array($contactId, 'Integer'), 2 => array($pcpOwnerContactId, 'Integer'), 3 => array(1, 'Integer'), 4 => array(CRM_Pcpteams_Constant::C_TEAM_ADMIN_REL_TYPE, 'String')); if (CRM_Core_DAO::singleValueQuery($query, $queryParams)) { return TRUE; } if (CRM_Contact_BAO_Contact_Permission::allow($pcpOwnerContactId, CRM_Core_Permission::EDIT)) { return TRUE; } } } } } } return FALSE; }