Commit | Line | Data |
---|---|---|
dcf56200 | 1 | <?php |
353ffa53 TO |
2 | /* |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
353ffa53 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
353ffa53 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
dcf56200 | 11 | |
353ffa53 TO |
12 | /** |
13 | * @package CRM | |
ca5cec67 | 14 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
353ffa53 | 15 | */ |
dcf56200 | 16 | class CRM_Contact_BAO_DashboardContact extends CRM_Contact_DAO_DashboardContact { |
dfcf5ba2 CW |
17 | |
18 | /** | |
19 | * @param array $record | |
4cdd873a | 20 | * |
dfcf5ba2 | 21 | * @return CRM_Contact_DAO_DashboardContact |
4cdd873a | 22 | * @throws \CRM_Core_Exception |
dfcf5ba2 | 23 | */ |
4cdd873a | 24 | public static function writeRecord(array $record): CRM_Core_DAO { |
dfcf5ba2 CW |
25 | self::checkEditPermission($record); |
26 | return parent::writeRecord($record); | |
27 | } | |
28 | ||
29 | /** | |
30 | * @param array $record | |
31 | * @return CRM_Contact_DAO_DashboardContact | |
32 | * @throws CRM_Core_Exception | |
33 | */ | |
34 | public static function deleteRecord(array $record) { | |
35 | self::checkEditPermission($record); | |
36 | return parent::deleteRecord($record); | |
37 | } | |
38 | ||
39 | /** | |
40 | * Ensure that the current user has permission to create/edit/delete a DashboardContact record | |
41 | * | |
42 | * @param array $record | |
43 | * @throws CRM_Core_Exception | |
44 | * @throws \Civi\API\Exception\UnauthorizedException | |
45 | */ | |
46 | public static function checkEditPermission(array $record) { | |
47 | if (!empty($record['check_permissions']) && !CRM_Core_Permission::check('administer CiviCRM')) { | |
48 | $cid = !empty($record['id']) ? self::getFieldValue(parent::class, $record['id'], 'contact_id') : $record['contact_id']; | |
49 | if ($cid != CRM_Core_Session::getLoggedInContactID()) { | |
50 | throw new \Civi\API\Exception\UnauthorizedException('You do not have permission to edit the dashboard for this contact.'); | |
51 | } | |
52 | } | |
53 | } | |
54 | ||
ef10e0b5 | 55 | } |