Expose the deny field on the ACL form and fix current test failures

civicrm · Apr 19, 2023 · 973f422 · 973f422
1 parent 8b6dbea
commit 973f422
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 4 deletions.
diff --git a/CRM/ACL/BAO/ACL.php b/CRM/ACL/BAO/ACL.php
@@ -522,7 +522,7 @@ protected static function loadPermittedIDs(int $contactID, string $tableName, in
    *
    * @return array
    */
-  private function loadDenyIDs(int $contactID, string $tableName, int $type, $allGroups): array {
+  private static function loadDenyIDs(int $contactID, string $tableName, int $type, $allGroups): array {
     $ids = [];
     $acls = CRM_ACL_BAO_Cache::build($contactID);
     $aclKeys = array_keys($acls);

diff --git a/CRM/ACL/Form/ACL.php b/CRM/ACL/Form/ACL.php
@@ -160,7 +160,7 @@ public function buildQuickForm() {
     $this->add('select', 'event_id', ts('Event'), $event);
 
     $this->add('checkbox', 'is_active', ts('Enabled?'));
-    $this->add('advcheckbox', 'deny', ts('Negate access');
+    $this->add('advcheckbox', 'deny', ts('Negate access'));
 
     $this->addFormRule(['CRM_ACL_Form_ACL', 'formRule']);
   }
@@ -254,7 +254,6 @@ public function postProcess() {
     else {
       $params = $this->controller->exportValues($this->_name);
       $params['is_active'] = CRM_Utils_Array::value('is_active', $params, FALSE);
-      $params['deny'] = 0;
       $params['entity_table'] = 'civicrm_acl_role';
 
       // Figure out which type of object we're permissioning on and set object_table and object_id.

diff --git a/CRM/ACL/Page/ACL.php b/CRM/ACL/Page/ACL.php
@@ -133,6 +133,7 @@ public function browse() {
       $acl[$dao->id]['object_table'] = $dao->object_table;
       $acl[$dao->id]['object_id'] = $dao->object_id;
       $acl[$dao->id]['is_active'] = $dao->is_active;
+      $acl[$dao->id]['deny'] = $dao->deny;
 
       if ($acl[$dao->id]['entity_id']) {
         $acl[$dao->id]['entity'] = $roles[$acl[$dao->id]['entity_id']] ?? NULL;

diff --git a/templates/CRM/ACL/Form/ACL.tpl b/templates/CRM/ACL/Form/ACL.tpl
@@ -32,7 +32,7 @@
      <tr class="crm-acl-form-block-operation">
          <td class="label">{$form.operation.label}</td>
          <td>{$form.operation.html}<br />
-            <span class="description">{ts}What type of operation (action) is being permitted?{/ts}</span>
+            <span class="description">{ts}What type of operation (action) is being referenced?{/ts}</span>
          </td>
      </tr>
      <tr class="crm-acl-form-block-object_type">
@@ -45,6 +45,10 @@
            <div class="status description">{ts}IMPORTANT: The Drupal permissions for 'access all custom data' and 'profile listings and forms' override and disable specific ACL settings for custom field groups and profiles respectively. Do not enable those Drupal permissions for a Drupal role if you want to use CiviCRM ACL's to control access.{/ts}</div></td>
         {/if}
      </tr>
+     <tr class="crm-acl-form-block-deny">
+       <td class="label">{$form.deny.label}</td>
+       <td>{$form.deny.html}</td>
+     </tr>
   </table>
   <div id="id-group-acl">
    <table  class="form-layout-compressed">

diff --git a/templates/CRM/ACL/Page/ACL.tpl b/templates/CRM/ACL/Page/ACL.tpl
@@ -30,6 +30,7 @@
               <th>{ts}Which Data{/ts}</th>
               <th>{ts}Description{/ts}</th>
               <th>{ts}Enabled?{/ts}</th>
+              <th>{ts}Negate?{/ts}</th>
               <th></th>
             </tr>
             </thead>
@@ -42,6 +43,7 @@
                 <td class="crm-acl-object" >{$row.object}</td>
                 <td class="crm-acl-name crm-editable" data-field="name">{$row.name}</td>
                 <td class="crm-acl-is_active" id="row_{$aclID}_status">{if $row.is_active eq 1} {ts}Yes{/ts} {else} {ts}No{/ts} {/if}</td>
+                <td class="crm-acl-deny" id="row_{$aclID}_deny">{if $row.deny eq 1} {ts}Yes{/ts} {else} {ts}No{/ts} {/if}</td>
                 <td>{$row.action|replace:'xx':$aclID}</td>
               </tr>
             {/foreach}