);
}
- /**
- * Check whether the given contact has access to perform the given action.
- *
- * If the contact cannot perform the action the
- *
- * @param string $entity
- * APIv4 entity name.
- * Ex: 'Contact', 'Email', 'Event'
- * @param string $action
- * APIv4 action name.
- * Ex: 'create', 'get', 'delete'
- * @param array $record
- * All (known/loaded) values of individual record being accessed.
- * The record should provide an 'id' but may otherwise be incomplete; guard accordingly.
- * @param int|null $contactID
- * Contact ID of the active user (whose access we must check).
- * @param bool $granted
- */
- public static function checkAccess(string $entity, string $action, array $record, ?int $contactID, bool &$granted) {
- self::singleton()->invoke(['entity', 'action', 'record', 'contactID', 'granted'], $entity, $action, $record,
- $contactID, $granted, self::$_nullObject,
- 'civicrm_checkAccess'
- );
- }
-
/**
* Rotate the cryptographic key used in the database.
*
);
}
+ /**
+ * Allows an extension to override the checksum validation.
+ * For example you may want to invalidate checksums that were sent out/forwarded by mistake. You could also
+ * intercept and redirect to a different page in this case - eg. to say "sorry, you tried to use a compromised
+ * checksum".
+ *
+ * @param int $contactID
+ * @param string $checksum
+ * @param bool $invalid
+ * Leave this at FALSE to allow the core code to perform validation. Set to TRUE to invalidate
+ */
+ public static function invalidateChecksum($contactID, $checksum, &$invalid) {
+ return self::singleton()->invoke(
+ ['contactID', 'checksum', 'invalid'],
+ $contactID, $checksum, $invalid, self::$_nullObject, self::$_nullObject,
+ self::$_nullObject, 'civicrm_invalidateChecksum'
+ );
+ }
+
}
projects / civicrm-core.git / blobdiff