[civicrm-core.git] / CRM / Contact / BAO / DashboardContact.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

/**
 * @package CRM
 * @copyright CiviCRM LLC https://civicrm.org/licensing
 */
class CRM_Contact_BAO_DashboardContact extends CRM_Contact_DAO_DashboardContact {

  /**
   * @param array $record
   *
   * @return CRM_Contact_DAO_DashboardContact
   * @throws \CRM_Core_Exception
   */
  public static function writeRecord(array $record): CRM_Core_DAO {
    self::checkEditPermission($record);
    return parent::writeRecord($record);
  }

  /**
   * @param array $record
   * @return CRM_Contact_DAO_DashboardContact
   * @throws CRM_Core_Exception
   */
  public static function deleteRecord(array $record) {
    self::checkEditPermission($record);
    return parent::deleteRecord($record);
  }

  /**
   * Ensure that the current user has permission to create/edit/delete a DashboardContact record
   *
   * @param array $record
   * @throws CRM_Core_Exception
   * @throws \Civi\API\Exception\UnauthorizedException
   */
  public static function checkEditPermission(array $record) {
    if (!empty($record['check_permissions']) && !CRM_Core_Permission::check('administer CiviCRM')) {
      $cid = !empty($record['id']) ? self::getFieldValue(parent::class, $record['id'], 'contact_id') : $record['contact_id'];
      if ($cid != CRM_Core_Session::getLoggedInContactID()) {
        throw new \Civi\API\Exception\UnauthorizedException('You do not have permission to edit the dashboard for this contact.');
      }
    }
  }

}
Commit	Line	Data
dcf56200	1	<?php
353ffa53 TO	2	/*
353ffa53 TO	3	+--------------------------------------------------------------------+
bc77d7c0	4	\| Copyright CiviCRM LLC. All rights reserved. \|
353ffa53	5	\| \|
bc77d7c0 TO	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
353ffa53	9	+--------------------------------------------------------------------+
d25dd0ee	10	*/
dcf56200	11
353ffa53 TO	12	/**
353ffa53 TO	13	* @package CRM
ca5cec67	14	* @copyright CiviCRM LLC https://civicrm.org/licensing
353ffa53	15	*/
dcf56200	16	class CRM_Contact_BAO_DashboardContact extends CRM_Contact_DAO_DashboardContact {
dfcf5ba2 CW	17
	18	/**
	19	* @param array $record
4cdd873a	20	*
dfcf5ba2	21	* @return CRM_Contact_DAO_DashboardContact
4cdd873a	22	* @throws \CRM_Core_Exception
dfcf5ba2	23	*/
4cdd873a	24	public static function writeRecord(array $record): CRM_Core_DAO {
dfcf5ba2 CW	25	self::checkEditPermission($record);
	26	return parent::writeRecord($record);
	27	}
	28
	29	/**
	30	* @param array $record
	31	* @return CRM_Contact_DAO_DashboardContact
	32	* @throws CRM_Core_Exception
	33	*/
	34	public static function deleteRecord(array $record) {
	35	self::checkEditPermission($record);
	36	return parent::deleteRecord($record);
	37	}
	38
	39	/**
	40	* Ensure that the current user has permission to create/edit/delete a DashboardContact record
	41	*
	42	* @param array $record
	43	* @throws CRM_Core_Exception
	44	* @throws \Civi\API\Exception\UnauthorizedException
	45	*/
	46	public static function checkEditPermission(array $record) {
	47	if (!empty($record['check_permissions']) && !CRM_Core_Permission::check('administer CiviCRM')) {
	48	$cid = !empty($record['id']) ? self::getFieldValue(parent::class, $record['id'], 'contact_id') : $record['contact_id'];
	49	if ($cid != CRM_Core_Session::getLoggedInContactID()) {
	50	throw new \Civi\API\Exception\UnauthorizedException('You do not have permission to edit the dashboard for this contact.');
	51	}
	52	}
	53	}
	54
ef10e0b5	55	}