+--------------------------------------------------------------------+
| CiviCRM version 4.7 |
+--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2016 |
+ | Copyright CiviCRM LLC (c) 2004-2017 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
/**
*
* @package CRM
- * @copyright CiviCRM LLC (c) 2004-2016
+ * @copyright CiviCRM LLC (c) 2004-2017
*/
class CRM_ACL_API {
*/
public static function check($str, $contactID = NULL) {
if ($contactID == NULL) {
- $session = CRM_Core_Session::singleton();
- $contactID = $session->get('userID');
+ $contactID = CRM_Core_Session::getLoggedInContactID();
}
if (!$contactID) {
* @param bool $skipDeleteClause
* Don't add delete clause if this is true,.
* this means it is handled by generating query
+ * @param bool $skipOwnContactClause
+ * Do not add 'OR contact_id = $userID' to the where clause.
+ * This is a hideously inefficient query and should be avoided
+ * wherever possible.
*
* @return string
* the group where clause for this user
&$whereTables,
$contactID = NULL,
$onlyDeleted = FALSE,
- $skipDeleteClause = FALSE
+ $skipDeleteClause = FALSE,
+ $skipOwnContactClause = FALSE
) {
// the default value which is valid for the final AND
$deleteClause = ' ( 1 ) ';
)
);
- // Add permission on self
- if ($contactID && (CRM_Core_Permission::check('edit my contact') ||
- $type == self::VIEW && CRM_Core_Permission::check('view my contact'))
+ // Add permission on self if we really hate our server or have hardly any contacts.
+ if (!$skipOwnContactClause && $contactID && (CRM_Core_Permission::check('edit my contact') ||
+ $type == self::VIEW && CRM_Core_Permission::check('view my contact'))
) {
$where = "(contact_a.id = $contactID OR ($where))";
}
$includedGroups = NULL
) {
if ($contactID == NULL) {
- $session = CRM_Core_Session::singleton();
- $contactID = $session->get('userID');
+ $contactID = CRM_Core_Session::getLoggedInContactID();
}
if (!$contactID) {