Ian province abbreviation patch - issue 724

[civicrm-core.git] / Civi / API / Subscriber / PermissionCheck.php

diff --git a/Civi/API/Subscriber/PermissionCheck.php b/Civi/API/Subscriber/PermissionCheck.php
index 91d6ac9f6ce661585d49041efaf58ea7e9308147..2c806114bcbd7b3a4f005d87149b9ef67615d009 100644 (file)
--- a/Civi/API/Subscriber/PermissionCheck.php
+++ b/Civi/API/Subscriber/PermissionCheck.php
@@ -1,9 +1,9 @@
 <?php
 /*
  +--------------------------------------------------------------------+
- | CiviCRM version 4.6                                                |
+ | CiviCRM version 4.7                                                |
  +--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2014                                |
+ | Copyright CiviCRM LLC (c) 2004-2015                                |
  +--------------------------------------------------------------------+
  | This file is a part of CiviCRM.                                    |
  |                                                                    |
@@ -73,7 +73,7 @@ class PermissionCheck implements EventSubscriberInterface {
         return;
       }
 
-      if (!\CRM_Core_Permission::check($permissions)) {
+      if (!\CRM_Core_Permission::check($permissions) and !self::checkACLPermission($apiRequest)) {
         if (is_array($permissions)) {
           $permissions = implode(' and ', $permissions);
         }
@@ -87,4 +87,39 @@ class PermissionCheck implements EventSubscriberInterface {
     }
   }
 
+  /**
+   * Check API for ACL permission.
+   *
+   * @param array $apiRequest
+   *
+   * @return bool
+   */
+  public function checkACLPermission($apiRequest) {
+    switch ($apiRequest['entity']) {
+      case 'UFGroup':
+      case 'UFField':
+        $ufGroups = \CRM_Core_PseudoConstant::get('CRM_Core_DAO_UFField', 'uf_group_id');
+        $aclCreate = \CRM_ACL_API::group(\CRM_Core_Permission::CREATE, NULL, 'civicrm_uf_group', $ufGroups);
+        $aclEdit = \CRM_ACL_API::group(\CRM_Core_Permission::EDIT, NULL, 'civicrm_uf_group', $ufGroups);
+        $ufGroupId = $apiRequest['entity'] == 'UFGroup' ? $apiRequest['params']['id'] : $apiRequest['params']['uf_group_id'];
+        if (in_array($ufGroupId, $aclEdit) or $aclCreate) {
+          return TRUE;
+        }
+        break;
+
+      //CRM-16777: Disable schedule reminder with ACLs.
+      case 'ActionSchedule':
+        $events = \CRM_Event_BAO_Event::getEvents();
+        $aclEdit = \CRM_ACL_API::group(\CRM_Core_Permission::EDIT, NULL, 'civicrm_event', $events);
+        $param = array('id' => $apiRequest['params']['id']);
+        $eventId = \CRM_Core_BAO_ActionSchedule::retrieve($param, $value = array());
+        if (in_array($eventId->entity_value, $aclEdit)) {
+          return TRUE;
+        }
+        break;
+    }
+
+    return FALSE;
+  }
+
 }