return $values;
}
+ /**
+ * @inheritDoc
+ */
+ public function addSelectWhereClause() {
+ $clauses = parent::addSelectWhereClause();
+ if (!CRM_Core_Permission::check('view all activities')) {
+ $permittedActivityTypeIDs = self::getPermittedActivityTypes();
+ if (empty($permittedActivityTypeIDs)) {
+ // This just prevents a mysql fail if they have no access - should be extremely edge case.
+ $permittedActivityTypeIDs = [0];
+ }
+ $clauses['activity_type_id'] = ('IN (' . implode(', ', $permittedActivityTypeIDs) . ')');
+ }
+ return $clauses;
+ }
+
/**
* Get an array of components that are accessible by the currenct user.
*
$followupParams['target_contact_id'] = $params['target_contact_id'];
}
- $followupParams['activity_date_time'] = CRM_Utils_Date::processDate($params['followup_date'],
- $params['followup_date_time']
- );
+ $followupParams['activity_date_time'] = $params['followup_date'];
$followupActivity = self::create($followupParams);
return $followupActivity;
}
if (!self::hasPermissionForActivityType($activity->activity_type_id)) {
+ // this check is redundant for api access / anything that calls the selectWhereClause
+ // to determine ACLs.
return FALSE;
}
// Return early when it is case activity.
*
* @return array
*/
- public static function getPermittedActivityTypes() {
+ protected static function getPermittedActivityTypes() {
$userID = (int) CRM_Core_Session::getLoggedInContactID();
if (!isset(Civi::$statics[__CLASS__]['permitted_activity_types'][$userID])) {
$permittedActivityTypes = [];
INNER JOIN civicrm_option_group grp ON (grp.id = option_group_id AND grp.name = 'activity_type')
WHERE component_id IS NULL $componentClause")->fetchAll();
foreach ($types as $type) {
- $permittedActivityTypes[$type['activity_type_id']] = $type['activity_type_id'];
+ $permittedActivityTypes[$type['activity_type_id']] = (int) $type['activity_type_id'];
}
Civi::$statics[__CLASS__]['permitted_activity_types'][$userID] = $permittedActivityTypes;
}
$fileValues = CRM_Core_BAO_File::path($value, $params['activityID']);
$customParams["custom_{$key}_-1"] = array(
'name' => $fileValues[0],
- 'path' => $fileValues[1],
+ 'type' => $fileValues[1],
);
}
else {