Attachments patches

Included in CiviCRM version: N/A Core PRs: - civicrm#9875 - civicrm#10010
compucorp · Apr 4, 2019 · 449b82a · 449b82a
1 parent aa50fca
commit 449b82a
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 26 deletions.
diff --git a/Civi/API/Subscriber/DynamicFKAuthorization.php b/Civi/API/Subscriber/DynamicFKAuthorization.php
@@ -221,33 +221,27 @@ public function authorizeDelegate($action, $entityTable, $entityId, $apiRequest)
       throw new \Civi\API\Exception\UnauthorizedException("Authorization failed on ($entity): Missing entity_id");
     }
 
-    /**
-     * @var \Exception $exception
-     */
-    $exception = NULL;
-    $self = $this;
-    \CRM_Core_Transaction::create(TRUE)->run(function($tx) use ($entity, $action, $entityId, &$exception, $self) {
-      $tx->rollback(); // Just to be safe.
-
-      $params = array(
-        'version' => 3,
-        'check_permissions' => 1,
-        'id' => $entityId,
-      );
-
-      $result = $self->kernel->run($entity, $self->getDelegatedAction($action), $params);
-      if ($result['is_error'] || empty($result['values'])) {
-        $exception = new \Civi\API\Exception\UnauthorizedException("Authorization failed on ($entity,$entityId)", array(
-          'cause' => $result,
-        ));
-      }
-    });
-
-    if ($exception) {
-      throw $exception;
+    if (!$this->isAuthorized($entity, $action, $entityId)) {
+      throw new \Civi\API\Exception\UnauthorizedException("Authorization failed on ($entity,$entityId)");
     }
   }
 
+  /**
+   * @param string $entity
+   * @param string $action
+   * @param int $entityId
+   *
+   * @return bool
+   */
+  private function isAuthorized($entity, $action, $entityId) {
+    $params = array(
+      'version' => 3,
+      'check_permissions' => 1,
+      'id' => $entityId,
+    );
+    return $this->kernel->runAuthorize($entity, $this->getDelegatedAction($action), $params);
+  }
+
   /**
    * If the request attempts to change the entity_table/entity_id of an
    * existing record, then generate an error.

diff --git a/Civi/Core/Container.php b/Civi/Core/Container.php
@@ -411,8 +411,7 @@ public function createApiKernel($dispatcher, $magicFunctionProvider) {
        FROM civicrm_custom_field fld
        INNER JOIN civicrm_custom_group grp ON fld.custom_group_id = grp.id
        WHERE fld.data_type = "File"
-      ',
-      array('civicrm_activity', 'civicrm_mailing', 'civicrm_contact', 'civicrm_grant')
+      '
     ));
 
     $kernel->setApiProviders(array(