public static function whereClause($type, &$tables, &$whereTables, $contactID = NULL)
{
$acls = CRM_ACL_BAO_Cache::build($contactID);
//CRM_Core_Error::debug( "a: $contactID", $acls );
$whereClause = NULL;
$clauses = array();
if (!empty($acls)) {
$aclKeys = array_keys($acls);
$aclKeys = implode(',', $aclKeys);
$query = "\nSELECT a.operation, a.object_id\n FROM civicrm_acl_cache c, civicrm_acl a\n WHERE c.acl_id = a.id\n AND a.is_active = 1\n AND a.object_table = 'civicrm_saved_search'\n AND a.id IN ( {$aclKeys} )\nORDER BY a.object_id\n";
$dao = CRM_Core_DAO::executeQuery($query);
// do an or of all the where clauses u see
$ids = array();
while ($dao->fetch()) {
// make sure operation matches the type TODO
if (self::matchType($type, $dao->operation)) {
if (!$dao->object_id) {
$ids = array();
$whereClause = ' ( 1 ) ';
break;
}
$ids[] = $dao->object_id;
}
}
if (!empty($ids)) {
$ids = implode(',', $ids);
$query = "\nSELECT g.*\n FROM civicrm_group g\n WHERE g.id IN ( {$ids} )\n AND g.is_active = 1\n";
$dao = CRM_Core_DAO::executeQuery($query);
$staticGroupIDs = array();
$cachedGroupIDs = array();
while ($dao->fetch()) {
// currently operation is restrcited to VIEW/EDIT
if ($dao->where_clause) {
if ($dao->select_tables) {
$tmpTables = array();
foreach (unserialize($dao->select_tables) as $tmpName => $tmpInfo) {
if ($tmpName == '`civicrm_group_contact-' . $dao->id . '`') {
$tmpName = '`civicrm_group_contact-ACL`';
$tmpInfo = str_replace('civicrm_group_contact-' . $dao->id, 'civicrm_group_contact-ACL', $tmpInfo);
} elseif ($tmpName == '`civicrm_group_contact_cache_' . $dao->id . '`') {
$tmpName = '`civicrm_group_contact_cache-ACL`';
$tmpInfo = str_replace('civicrm_group_contact_cache_' . $dao->id, 'civicrm_group_contact_cache-ACL', $tmpInfo);
}
$tmpTables[$tmpName] = $tmpInfo;
}
$tables = array_merge($tables, $tmpTables);
}
if ($dao->where_tables) {
$tmpTables = array();
foreach (unserialize($dao->where_tables) as $tmpName => $tmpInfo) {
if ($tmpName == '`civicrm_group_contact-' . $dao->id . '`') {
$tmpName = '`civicrm_group_contact-ACL`';
$tmpInfo = str_replace('civicrm_group_contact-' . $dao->id, 'civicrm_group_contact-ACL', $tmpInfo);
$staticGroupIDs[] = $dao->id;
} elseif ($tmpName == '`civicrm_group_contact_cache_' . $dao->id . '`') {
$tmpName = '`civicrm_group_contact_cache-ACL`';
$tmpInfo = str_replace('civicrm_group_contact_cache_' . $dao->id, 'civicrm_group_contact_cache-ACL', $tmpInfo);
$cachedGroupIDs[] = $dao->id;
}
$tmpTables[$tmpName] = $tmpInfo;
}
$whereTables = array_merge($whereTables, $tmpTables);
}
}
if (($dao->saved_search_id || $dao->children || $dao->parents) && $dao->cache_date == NULL) {
CRM_Contact_BAO_GroupContactCache::load($dao);
}
}
if ($staticGroupIDs) {
$clauses[] = '( `civicrm_group_contact-ACL`.group_id IN (' . join(', ', $staticGroupIDs) . ') AND `civicrm_group_contact-ACL`.status IN ("Added") )';
}
if ($cachedGroupIDs) {
$clauses[] = '`civicrm_group_contact_cache-ACL`.group_id IN (' . join(', ', $cachedGroupIDs) . ')';
}
}
}
if (!empty($clauses)) {
$whereClause = ' ( ' . implode(' OR ', $clauses) . ' ) ';
}
// call the hook to get additional whereClauses
CRM_Utils_Hook::aclWhereClause($type, $tables, $whereTables, $contactID, $whereClause);
if (empty($whereClause)) {
$whereClause = ' ( 0 ) ';
}
return $whereClause;
}
/**
* Validate user permission across
* edit or view or with supportable acls.
*
* return boolean true/false.
**/
static function giveMeAllACLs()
{
if (CRM_Core_Permission::check('view all contacts') || CRM_Core_Permission::check('edit all contacts')) {
return TRUE;
}
$session = CRM_Core_Session::singleton();
$contactID = $session->get('userID');
//check for acl.
$aclPermission = self::getPermission();
if (in_array($aclPermission, array(CRM_Core_Permission::EDIT, CRM_Core_Permission::VIEW))) {
return TRUE;
}
// run acl where hook and see if the user is supplying an ACL clause
// that is not false
$tables = $whereTables = array();
$where = NULL;
CRM_Utils_Hook::aclWhereClause(CRM_Core_Permission::VIEW, $tables, $whereTables, $contactID, $where);
return empty($whereTables) ? FALSE : TRUE;
}
/**
* Validate user permission across
* edit or view or with supportable acls.
*
* return boolean true/false.
**/
static function giveMeAllACLs()
{
if (CRM_Core_Permission::check('view all contacts') || CRM_Core_Permission::check('edit all contacts')) {
return TRUE;
}
$session = CRM_Core_Session::singleton();
$contactID = $session->get('userID');
if (self::isMultisiteEnabled()) {
// For multisite just check if there are contacts in acl_contact_cache table for now.
// FixMe: so even if a user in multisite has very limited permission could still
// see search / contact navigation options for example.
return CRM_Contact_BAO_Contact_Permission::hasContactsInCache(CRM_Core_Permission::VIEW, $contactID);
}
//check for acl.
$aclPermission = self::getPermission();
if (in_array($aclPermission, array(CRM_Core_Permission::EDIT, CRM_Core_Permission::VIEW))) {
return TRUE;
}
// run acl where hook and see if the user is supplying an ACL clause
// that is not false
$tables = $whereTables = array();
$where = NULL;
CRM_Utils_Hook::aclWhereClause(CRM_Core_Permission::VIEW, $tables, $whereTables, $contactID, $where);
return empty($whereTables) ? FALSE : TRUE;
}
public static function whereClause($type, &$tables, &$whereTables, $contactID = null)
{
require_once 'CRM/ACL/BAO/Cache.php';
$acls =& CRM_ACL_BAO_Cache::build($contactID);
//CRM_Core_Error::debug( "a: $contactID", $acls );
$whereClause = null;
$clauses = array();
if (!empty($acls)) {
$aclKeys = array_keys($acls);
$aclKeys = implode(',', $aclKeys);
$query = "\nSELECT a.operation, a.object_id\n FROM civicrm_acl_cache c, civicrm_acl a\n WHERE c.acl_id = a.id\n AND a.is_active = 1\n AND a.object_table = 'civicrm_saved_search'\n AND a.id IN ( {$aclKeys} )\nORDER BY a.object_id\n";
$dao =& CRM_Core_DAO::executeQuery($query);
// do an or of all the where clauses u see
$ids = array();
while ($dao->fetch()) {
// make sure operation matches the type TODO
if (self::matchType($type, $dao->operation)) {
if (!$dao->object_id) {
$ids = array();
$whereClause = ' ( 1 ) ';
break;
}
$ids[] = $dao->object_id;
}
}
if (!empty($ids)) {
$ids = implode(',', $ids);
$query = "\nSELECT g.*\n FROM civicrm_group g\n WHERE g.id IN ( {$ids} )\n";
$dao =& CRM_Core_DAO::executeQuery($query);
while ($dao->fetch()) {
// currently operation is restrcited to VIEW/EDIT
if ($dao->where_clause) {
$clauses[] = $dao->where_clause;
if ($dao->select_tables) {
$tables = array_merge($tables, unserialize($dao->select_tables));
}
if ($dao->where_tables) {
$whereTables = array_merge($whereTables, unserialize($dao->where_tables));
}
}
if (($dao->saved_search_id || $dao->children || $dao->parents) && $dao->cache_date == null) {
require_once 'CRM/Contact/BAO/GroupContactCache.php';
CRM_Contact_BAO_GroupContactCache::load($dao);
}
}
}
}
if (!empty($clauses)) {
$whereClause = ' ( ' . implode(' OR ', $clauses) . ' ) ';
}
// call the hook to get additional whereClauses
require_once 'CRM/Utils/Hook.php';
CRM_Utils_Hook::aclWhereClause($type, $tables, $whereTables, $contactID, $whereClause);
if (empty($whereClause)) {
$whereClause = ' ( 0 ) ';
}
return $whereClause;
}
