Fixed issue with permission to view contact. Also works now without a user record.

b5e45ccc · jaapjansma · 27c408d9 · b5e45ccc
Commit b5e45ccc authored 1 year ago by jaapjansma
--- a/Civi/DataProcessor/FilterHandler/PermissionToViewContactFilter.php
+++ b/Civi/DataProcessor/FilterHandler/PermissionToViewContactFilter.php
@@ -8,6 +8,11 @@ namespace Civi\DataProcessor\FilterHandler;

 use Civi\DataProcessor\DataFlow\SqlDataFlow;
 use Civi\DataProcessor\Exception\InvalidConfigurationException;
+use CRM_ACL_API;
+use CRM_ACL_BAO_ACL;
+use CRM_Core_BAO_UFMatch;
+use CRM_Core_Permission;
+use CRM_Core_Session;
 use CRM_Dataprocessor_ExtensionUtil as E;

 class PermissionToViewContactFilter extends AbstractFieldFilterHandler {
@@ -56,10 +61,26 @@ class PermissionToViewContactFilter extends AbstractFieldFilterHandler {
    }
  }

-  protected function getAclWhereClause($contactId = null) {
+  protected function getAclWhereClause($contactID = null) {
    $tables = array();
    $whereTables = array();
-    $where = \CRM_ACL_API::whereClause(\CRM_ACL_API::VIEW, $tables, $whereTables, $contactId, FALSE, TRUE, FALSE);
+    if (!$contactID) {
+      $contactID = CRM_Core_Session::getLoggedInContactID();
+    }
+    $contactID = (int) $contactID;
+    $userId = CRM_Core_BAO_UFMatch::getUFId($contactID);
+    // first see if the contact has edit / view all permission
+    if ($userId && (CRM_Core_Permission::check('edit all contacts', $userId) || CRM_Core_Permission::check('view all contacts', $userId))) {
+      return ' ( 1 ) ';
+    }
+
+    $whereClause = CRM_ACL_BAO_ACL::whereClause(CRM_ACL_API::VIEW, $tables, $whereTables, $contactID);
+    $where = implode(' AND ', [$whereClause]);
+
+    // Add permission on self if we really hate our server or have hardly any contacts.
+    if ($userId && (CRM_Core_Permission::check('edit my contact', $userId) || CRM_Core_Permission::check('view my contact', $userId))) {
+      $where = "(contact_a.id = $contactID OR ($where))";
+    }
    return $where;
  }

@@ -115,7 +136,7 @@ class PermissionToViewContactFilter extends AbstractFieldFilterHandler {
   * @return array
   */
  public function processConfiguration($submittedValues): array {
-    list($datasource, $field) = explode('::', $submittedValues['contact_id_field'], 2);
+    [$datasource, $field] = explode('::', $submittedValues['contact_id_field'], 2);
    $configuration['field'] = $field;
    $configuration['datasource'] = $datasource;
    return $configuration;