3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
14 * @copyright CiviCRM LLC https://civicrm.org/licensing
16 class CRM_Contact_BAO_DashboardContact
extends CRM_Contact_DAO_DashboardContact
{
19 * @param array $record
21 * @return CRM_Contact_DAO_DashboardContact
22 * @throws \CRM_Core_Exception
24 public static function writeRecord(array $record): CRM_Core_DAO
{
25 self
::checkEditPermission($record);
26 return parent
::writeRecord($record);
30 * @param array $record
31 * @return CRM_Contact_DAO_DashboardContact
32 * @throws CRM_Core_Exception
34 public static function deleteRecord(array $record) {
35 self
::checkEditPermission($record);
36 return parent
::deleteRecord($record);
40 * Ensure that the current user has permission to create/edit/delete a DashboardContact record
42 * @param array $record
43 * @throws CRM_Core_Exception
44 * @throws \Civi\API\Exception\UnauthorizedException
46 public static function checkEditPermission(array $record) {
47 if (!empty($record['check_permissions']) && !CRM_Core_Permission
::check('administer CiviCRM')) {
48 $cid = !empty($record['id']) ? self
::getFieldValue(parent
::class, $record['id'], 'contact_id') : $record['contact_id'];
49 if ($cid != CRM_Core_Session
::getLoggedInContactID()) {
50 throw new \Civi\API\Exception\
UnauthorizedException('You do not have permission to edit the dashboard for this contact.');