Implement _getAccess for EntityTags and Notes

civicrm · May 8, 2021 · 8c39d4a · 8c39d4a
1 parent f976685
commit 8c39d4a
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 4 deletions.
diff --git a/CRM/Contact/AccessTrait.php b/CRM/Contact/AccessTrait.php
@@ -35,7 +35,7 @@ public static function _checkAccess(string $action, array $record, $userID) {
       return in_array(__CLASS__, ['CRM_Core_BAO_Phone', 'CRM_Core_BAO_Email', 'CRM_Core_BAO_Address']) &&
         CRM_Core_Permission::check('edit all events', $userID);
     }
-    return CRM_Contact_BAO_Contact::checkAccess($action, ['id' => $cid], $userID);
+    return CRM_Contact_BAO_Contact::checkAccess(CRM_Core_Permission::EDIT, ['id' => $cid], $userID);
   }
 
 }
diff --git a/CRM/Core/BAO/EntityTag.php b/CRM/Core/BAO/EntityTag.php
@@ -16,6 +16,7 @@
  * @copyright CiviCRM LLC https://civicrm.org/licensing
  */
 class CRM_Core_BAO_EntityTag extends CRM_Core_DAO_EntityTag {
+  use CRM_Core_DynamicFKAccessTrait;
 
   /**
    * Given a contact id, it returns an array of tag id's the contact belongs to.

diff --git a/CRM/Core/BAO/Note.php b/CRM/Core/BAO/Note.php
@@ -19,6 +19,7 @@
  * BAO object for crm_note table.
  */
 class CRM_Core_BAO_Note extends CRM_Core_DAO_Note {
+  use CRM_Core_DynamicFKAccessTrait;
 
   /**
    * Const the max number of notes we display at any given time.

diff --git a/CRM/Core/DynamicFKAccessTrait.php b/CRM/Core/DynamicFKAccessTrait.php
@@ -0,0 +1,43 @@
+<?php
+/*
+ +--------------------------------------------------------------------+
+ | Copyright CiviCRM LLC. All rights reserved.                        |
+ |                                                                    |
+ | This work is published under the GNU AGPLv3 license with some      |
+ | permitted exceptions and without any warranty. For full license    |
+ | and copyright information, see https://civicrm.org/licensing       |
+ +--------------------------------------------------------------------+
+ */
+
+/**
+ *
+ * @package CRM
+ * @copyright CiviCRM LLC https://civicrm.org/licensing
+ */
+
+/**
+ * Trait for with entities with an entity_table + entity_id dynamic FK.
+ */
+trait CRM_Core_DynamicFKAccessTrait {
+
+  /**
+   * @param string $action
+   * @param array $record
+   * @param $userID
+   */
+  public static function _checkAccess(string $action, array $record, $userID) {
+    $eid = $record['entity_id'] ?? NULL;
+    $table = $record['entity_table'] ?? NULL;
+    if (!$eid && !empty($record['id'])) {
+      $eid = CRM_Core_DAO::getFieldValue(__CLASS__, $record['id'], 'entity_id');
+    }
+    if ($eid && !$table && !empty($record['id'])) {
+      $table = CRM_Core_DAO::getFieldValue(__CLASS__, $record['id'], 'entity_table');
+    }
+    if ($eid && $table) {
+      $bao = CRM_Core_DAO_AllCoreTables::getBAOClassName(CRM_Core_DAO_AllCoreTables::getClassForTable($table));
+      return $bao::checkAccess(CRM_Core_Permission::EDIT, ['id' => $eid], $userID);
+    }
+  }
+
+}
diff --git a/tests/phpunit/api/v3/ACLPermissionTest.php b/tests/phpunit/api/v3/ACLPermissionTest.php
@@ -228,9 +228,6 @@ public function testRelatedEntityPermissions($version) {
       ]);
       $this->assertGreaterThan(0, $results['count']);
     }
-    if ($version == 4) {
-      $this->markTestIncomplete('Skipping entity_id related perms in api4 for now.');
-    }
     $newTag = civicrm_api3('Tag', 'create', [
       'name' => 'Foo123',
     ]);