<?php
/*
+--------------------------------------------------------------------+
- | CiviCRM version 4.3 |
+ | CiviCRM version 4.4 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2013 |
+--------------------------------------------------------------------+
$rowCount = NULL
) {
$dao = new CRM_Contact_DAO_Group();
- $dao->is_active = 1;
+ if (!isset($params['is_active'])) {
+ $dao->is_active = 1;
+ }
if ($params) {
foreach ($params as $k => $v) {
if ($k == 'name' || $k == 'title') {
$dao->whereAdd($k . ' LIKE "' . CRM_Core_DAO::escapeString($v) . '"');
}
+ elseif ($k == 'group_type') {
+ foreach ((array) $v as $type) {
+ $dao->whereAdd($k . " LIKE '%" . CRM_Core_DAO::VALUE_SEPARATOR . (int) $type . CRM_Core_DAO::VALUE_SEPARATOR . "%'");
+ }
+ }
elseif (is_array($v)) {
+ foreach ($v as &$num) {
+ $num = (int) $num;
+ }
$dao->whereAdd($k . ' IN (' . implode(',', $v) . ')');
}
else {
}
$orderBy = ' ORDER BY groups.title asc';
- if (CRM_Utils_Array::value('sort', $params)) {
- $orderBy = ' ORDER BY ' . CRM_Utils_Array::value('sort', $params);
+ if (!empty($params['sort'])) {
+ $orderBy = ' ORDER BY ' . CRM_Utils_Type::escape($params['sort'], 'String');
}
$select = $from = $where = "";
while ($object->fetch()) {
$permission = CRM_Contact_BAO_Group::checkPermission($object->id, $object->title);
+ //@todo CRM-12209 introduced an ACL check in the whereClause function
+ // it may be that this checking is now obsolete - or that what remains
+ // should be removed to the whereClause (which is also accessed by getCount)
+
if ($permission) {
$newLinks = $links;
$values[$object->id] = array();
if ($excludeHidden) {
$clauses[] = 'groups.is_hidden = 0';
}
+ //CRM-12209
+ if (!CRM_Core_Permission::check('view all contacts')) {
+ //get the allowed groups for the current user
+ $groups = CRM_ACL_API::group(CRM_ACL_API::VIEW);
+ if (!empty( $groups)) {
+ $groupList = implode( ', ', array_values( $groups ) );
+ $clauses[] = "groups.id IN ( $groupList ) ";
+ }
+ }
return implode(' AND ', $clauses);
}