+--------------------------------------------------------------------+
| CiviCRM version 4.6 |
+--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2014 |
+ | Copyright CiviCRM LLC (c) 2004-2015 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
return;
}
- if (!\CRM_Core_Permission::check($permissions)) {
+ if (!\CRM_Core_Permission::check($permissions) and !self::checkACLPermission($apiRequest)) {
if (is_array($permissions)) {
$permissions = implode(' and ', $permissions);
}
}
}
+ /**
+ * Check API for ACL permission.
+ *
+ * @param array $apiRequest
+ *
+ * @return bool
+ */
+ public function checkACLPermission($apiRequest) {
+ switch ($apiRequest['entity']) {
+ case 'UFGroup':
+ case 'UFField':
+ $ufGroups = \CRM_Core_PseudoConstant::get('CRM_Core_DAO_UFField', 'uf_group_id');
+ $aclCreate = \CRM_ACL_API::group(\CRM_Core_Permission::CREATE, NULL, 'civicrm_uf_group', $ufGroups);
+ $aclEdit = \CRM_ACL_API::group(\CRM_Core_Permission::EDIT, NULL, 'civicrm_uf_group', $ufGroups);
+ $ufGroupId = $apiRequest['entity'] == 'UFGroup' ? $apiRequest['params']['id'] : $apiRequest['params']['uf_group_id'];
+ if (in_array($ufGroupId, $aclEdit) or $aclCreate) {
+ return TRUE;
+ }
+ break;
+ }
+
+ return FALSE;
+ }
+
}