+--------------------------------------------------------------------+
*/
-/**
- *
- * @package CRM
- * @copyright CiviCRM LLC https://civicrm.org/licensing
- */
-
-
namespace Civi\Api4\Generic;
+use Civi\API\Exception\UnauthorizedException;
+use Civi\Api4\Utils\CoreUtil;
+use Civi\Api4\Utils\ReflectionUtils;
+
/**
* Delete one or more $ENTITIES.
*
}
$items = $this->getBatchRecords();
+
+ if ($this->getCheckPermissions()) {
+ foreach ($items as $key => $item) {
+ if (!CoreUtil::checkAccessRecord($this, $item, \CRM_Core_Session::getLoggedInContactID() ?: 0)) {
+ throw new UnauthorizedException("ACL check failed");
+ }
+ $items[$key]['check_permissions'] = TRUE;
+ }
+ }
if ($items) {
$result->exchangeArray($this->deleteObjects($items));
}
$ids = [];
$baoName = $this->getBaoName();
- if ($this->getCheckPermissions()) {
- foreach (array_keys($items) as $key) {
- $items[$key]['check_permissions'] = TRUE;
- $this->checkContactPermissions($baoName, $items[$key]);
- }
- }
-
- if ($this->getEntityName() !== 'EntityTag' && method_exists($baoName, 'del')) {
+ // Use BAO::del() method if it is not deprecated
+ if (method_exists($baoName, 'del') && !ReflectionUtils::isMethodDeprecated($baoName, 'del')) {
foreach ($items as $item) {
$args = [$item['id']];
$bao = call_user_func_array([$baoName, 'del'], $args);