}
}
}
+
+/**
+ * Get contact if for a form object. Prioritise
+ * - cid in URL if 0 (on behalf on someoneelse)
+ * (@todo consider setting a variable if onbehalf for clarity of downstream 'if's
+ * - logged in user id if it matches the one in the cid in the URL
+ * - contact id validated from a checksum from a checksum
+ * - cid from the url if the caller has ACL permission to view
+ * - fallback is logged in user (or ? NULL if no logged in user) (@todo wouldn't 0 be more intuitive?)
+ *
+ * @return Ambigous <mixed, NULL, value, unknown, array, number>|unknown
+ */
+ function getContactID() {
+ $tempID = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
+
+ // force to ignore the authenticated user
+ if ($tempID === '0') {
+ return $tempID;
+ }
+
+ // check if the user is logged in and has a contact ID
+ $session = CRM_Core_Session::singleton();
+ $userID = $session->get('userID');
+
+ if ($tempID == $userID) {
+ return $userID;
+ }
+
+ //check if this is a checksum authentication
+ $userChecksum = CRM_Utils_Request::retrieve('cs', 'String', $this);
+ if ($userChecksum) {
+ //check for anonymous user.
+ $validUser = CRM_Contact_BAO_Contact_Utils::validChecksum($tempID, $userChecksum);
+ if ($validUser) {
+ return $tempID;
+ }
+ }
+ // check if user has permission, CRM-12062
+ else if ($tempID && CRM_Contact_BAO_Contact_Permission::allow($tempID)) {
+ return $tempID;
+ }
+
+ return $userID;
+ }
}
projects / civicrm-core.git / blobdiff