3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
14 * @copyright CiviCRM LLC https://civicrm.org/licensing
16 class CRM_Contact_BAO_DashboardContact
extends CRM_Contact_DAO_DashboardContact
{
19 * @param array $record
20 * @return CRM_Contact_DAO_DashboardContact
21 * @throws CRM_Core_Exception
23 public static function writeRecord(array $record) {
24 self
::checkEditPermission($record);
25 return parent
::writeRecord($record);
29 * @param array $record
30 * @return CRM_Contact_DAO_DashboardContact
31 * @throws CRM_Core_Exception
33 public static function deleteRecord(array $record) {
34 self
::checkEditPermission($record);
35 return parent
::deleteRecord($record);
39 * Ensure that the current user has permission to create/edit/delete a DashboardContact record
41 * @param array $record
42 * @throws CRM_Core_Exception
43 * @throws \Civi\API\Exception\UnauthorizedException
45 public static function checkEditPermission(array $record) {
46 if (!empty($record['check_permissions']) && !CRM_Core_Permission
::check('administer CiviCRM')) {
47 $cid = !empty($record['id']) ? self
::getFieldValue(parent
::class, $record['id'], 'contact_id') : $record['contact_id'];
48 if ($cid != CRM_Core_Session
::getLoggedInContactID()) {
49 throw new \Civi\API\Exception\
UnauthorizedException('You do not have permission to edit the dashboard for this contact.');
projects / civicrm-core.git / blob