Merge pull request #23939 from civicrm/5.51

[civicrm-core.git] / CRM / Core / BAO / CustomValue.php

diff --git a/CRM/Core/BAO/CustomValue.php b/CRM/Core/BAO/CustomValue.php
index ca4d0ea388d6a33ccf5986c3f80a6dbe2450fab3..c88c62bfebd78922f3335cc67ff9d3ce8f073856 100644 (file)
--- a/CRM/Core/BAO/CustomValue.php
+++ b/CRM/Core/BAO/CustomValue.php
@@ -248,11 +248,8 @@ class CRM_Core_BAO_CustomValue extends CRM_Core_DAO {
       throw new CRM_Core_Exception('Received invalid group-name in CustomValue::checkAccess');
     }
 
-    $customGroups = [$id => $id];
-    $defaultGroups = CRM_Core_Permission::customGroupAdmin() ? [$id] : [];
-    // FIXME: Per current onscreen help (Admin=>ACLs=>Add ACLs), CustomGroup ACLs treat VIEW and EDIT as the same. Skimming code, it appears that existing checks use VIEW.
-    $accessList = CRM_ACL_API::group(CRM_Core_Permission::VIEW, $userID, 'civicrm_custom_group', $customGroups, $defaultGroups);
-    if (empty($accessList)) {
+    $actionType = $action === 'get' ? CRM_Core_Permission::VIEW : CRM_Core_Permission::EDIT;
+    if (!\CRM_Core_BAO_CustomGroup::checkGroupAccess($id, $actionType, $userID)) {
       return FALSE;
     }
 
@@ -263,7 +260,7 @@ class CRM_Core_BAO_CustomValue extends CRM_Core_DAO {
     }
 
     // Do we have access to the target record?
-    if (in_array($extends, ['Contact', 'Individual', 'Organization', 'Household'])) {
+    if ($extends === 'Contact' || in_array($extends, CRM_Contact_BAO_ContactType::basicTypes(TRUE), TRUE)) {
       return \Civi\Api4\Utils\CoreUtil::checkAccessDelegated('Contact', 'update', ['id' => $eid], $userID);
     }
     elseif (\Civi\Api4\Utils\CoreUtil::getApiClass($extends)) {