From 15e11313dc7b205f47f7c0a716fe566b86ee2e5c Mon Sep 17 00:00:00 2001 From: eileen Date: Thu, 18 Oct 2018 17:44:08 +1300 Subject: [PATCH] Extract function to get component permissions --- CRM/Activity/BAO/Activity.php | 98 +++++++++++++++++++---------------- 1 file changed, 54 insertions(+), 44 deletions(-) diff --git a/CRM/Activity/BAO/Activity.php b/CRM/Activity/BAO/Activity.php index 486426d0a1b2..af76376b7d6a 100644 --- a/CRM/Activity/BAO/Activity.php +++ b/CRM/Activity/BAO/Activity.php @@ -2715,50 +2715,8 @@ public static function checkPermission($activityId, $action) { return self::isContactPermittedAccessToCaseActivity($activityId, $action, $activity->activity_type_id); } - $allow = FALSE; // Component related permissions. - $compPermissions = array( - 'CiviCase' => array( - 'administer CiviCase', - 'access my cases and activities', - 'access all cases and activities', - ), - 'CiviMail' => array('access CiviMail'), - 'CiviEvent' => array('access CiviEvent'), - 'CiviGrant' => array('access CiviGrant'), - 'CiviPledge' => array('access CiviPledge'), - 'CiviMember' => array('access CiviMember'), - 'CiviReport' => array('access CiviReport'), - 'CiviContribute' => array('access CiviContribute'), - 'CiviCampaign' => array('administer CiviCampaign'), - ); - - // First check the component permission. - $sql = " - SELECT component_id - FROM civicrm_option_value val -INNER JOIN civicrm_option_group grp ON ( grp.id = val.option_group_id AND grp.name = %1 ) - WHERE val.value = %2"; - $params = array( - 1 => array('activity_type', 'String'), - 2 => array($activity->activity_type_id, 'Integer'), - ); - $componentId = CRM_Core_DAO::singleValueQuery($sql, $params); - - if ($componentId) { - $componentName = CRM_Core_Component::getComponentName($componentId); - $compPermission = CRM_Utils_Array::value($componentName, $compPermissions); - - // Here we are interesting in any single permission. - if (is_array($compPermission)) { - foreach ($compPermission as $per) { - if (CRM_Core_Permission::check($per)) { - $allow = TRUE; - break; - } - } - } - } + $allow = self::hasPermissionForActivityType($activity->activity_type_id); // Check for this permission related to contact. $permission = CRM_Core_Permission::VIEW; @@ -2772,7 +2730,7 @@ public static function checkPermission($activityId, $action) { $targetID = CRM_Utils_Array::key('Activity Targets', $activityContacts); // Check for source contact. - if (!$componentId || $allow) { + if ($allow) { $sourceContactId = self::getActivityContact($activity->id, $sourceID); // Account for possibility of activity not having a source contact (as it may have been deleted). $allow = $sourceContactId ? CRM_Contact_BAO_Contact_Permission::allow($sourceContactId, $permission) : TRUE; @@ -2848,6 +2806,58 @@ protected static function isContactPermittedAccessToCaseActivity($activityId, $a return $allow; } + /** + * @param int $activityTypeID + * @return bool + */ + protected static function hasPermissionForActivityType($activityTypeID) { + $compPermissions = [ + 'CiviCase' => [ + 'administer CiviCase', + 'access my cases and activities', + 'access all cases and activities', + ], + 'CiviMail' => ['access CiviMail'], + 'CiviEvent' => ['access CiviEvent'], + 'CiviGrant' => ['access CiviGrant'], + 'CiviPledge' => ['access CiviPledge'], + 'CiviMember' => ['access CiviMember'], + 'CiviReport' => ['access CiviReport'], + 'CiviContribute' => ['access CiviContribute'], + 'CiviCampaign' => ['administer CiviCampaign'], + ]; + + // First check the component permission. + $sql = " + SELECT component_id + FROM civicrm_option_value val +INNER JOIN civicrm_option_group grp ON ( grp.id = val.option_group_id AND grp.name = %1 ) + WHERE val.value = %2"; + $params = [ + 1 => ['activity_type', 'String'], + 2 => [$activityTypeID, 'Integer'], + ]; + $componentId = CRM_Core_DAO::singleValueQuery($sql, $params); + + if ($componentId) { + $componentName = CRM_Core_Component::getComponentName($componentId); + $compPermission = CRM_Utils_Array::value($componentName, $compPermissions); + + // Here we are interesting in any single permission. + if (is_array($compPermission)) { + foreach ($compPermission as $per) { + if (CRM_Core_Permission::check($per)) { + return TRUE; + } + } + } + } + else { + return TRUE; + } + return FALSE; + } + /** * Checks if user has permissions to edit inbound e-mails, either bsic info * or both basic information and content.