throw new CRM_Core_Exception('Received invalid group-name in CustomValue::checkAccess');
}
- $customGroups = [$id => $id];
- $defaultGroups = CRM_Core_Permission::customGroupAdmin() ? [$id] : [];
- // FIXME: Per current onscreen help (Admin=>ACLs=>Add ACLs), CustomGroup ACLs treat VIEW and EDIT as the same. Skimming code, it appears that existing checks use VIEW.
- $accessList = CRM_ACL_API::group(CRM_Core_Permission::VIEW, $userID, 'civicrm_custom_group', $customGroups, $defaultGroups);
- if (empty($accessList)) {
+ $actionType = $action === 'get' ? CRM_Core_Permission::VIEW : CRM_Core_Permission::EDIT;
+ if (!\CRM_Core_BAO_CustomGroup::checkGroupAccess($id, $actionType, $userID)) {
return FALSE;
}
}
// Do we have access to the target record?
- if (in_array($extends, ['Contact', 'Individual', 'Organization', 'Household'])) {
+ if ($extends === 'Contact' || in_array($extends, CRM_Contact_BAO_ContactType::basicTypes(TRUE), TRUE)) {
return \Civi\Api4\Utils\CoreUtil::checkAccessDelegated('Contact', 'update', ['id' => $eid], $userID);
}
elseif (\Civi\Api4\Utils\CoreUtil::getApiClass($extends)) {