| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | Copyright CiviCRM LLC. All rights reserved. | |
| 5 | | | |
| 6 | | This work is published under the GNU AGPLv3 license with some | |
| 7 | | permitted exceptions and without any warranty. For full license | |
| 8 | | and copyright information, see https://civicrm.org/licensing | |
| 9 | +--------------------------------------------------------------------+ |
| 10 | */ |
| 11 | |
| 12 | /** |
| 13 | * |
| 14 | * @package CRM |
| 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
| 16 | */ |
| 17 | |
| 18 | /** |
| 19 | * Trait shared with entities attached to the contact record. |
| 20 | */ |
| 21 | trait CRM_Contact_AccessTrait { |
| 22 | |
| 23 | /** |
| 24 | * @param string $entityName |
| 25 | * @param string $action |
| 26 | * @param array $record |
| 27 | * @param int $userID |
| 28 | * @return bool |
| 29 | * @see CRM_Core_DAO::checkAccess |
| 30 | */ |
| 31 | public static function _checkAccess(string $entityName, string $action, array $record, int $userID) { |
| 32 | $cid = $record['contact_id'] ?? NULL; |
| 33 | if (!$cid && !empty($record['id'])) { |
| 34 | $cid = CRM_Core_DAO::getFieldValue(__CLASS__, $record['id'], 'contact_id'); |
| 35 | } |
| 36 | if (!$cid) { |
| 37 | // With no contact id this must be part of an event locblock |
| 38 | return in_array(__CLASS__, ['CRM_Core_BAO_Phone', 'CRM_Core_BAO_Email', 'CRM_Core_BAO_Address']) && |
| 39 | CRM_Core_Permission::check('edit all events', $userID); |
| 40 | } |
| 41 | return \Civi\Api4\Utils\CoreUtil::checkAccessDelegated('Contact', 'update', ['id' => $cid], $userID); |
| 42 | } |
| 43 | |
| 44 | } |