}
}
else {
- if (!array_key_exists($key, $params) || empty($params[$key])) {
+ // Disallow empty values except for the number zero.
+ // TODO: create a utility for this since it's needed in many places
+ if (!array_key_exists($key, $params) || (empty($params[$key]) && $params[$key] !== 0 && $params[$key] !== '0')) {
$unmatched[] = $key;
}
}
*/
function _civicrm_api3_get_BAO($name) {
$dao = _civicrm_api3_get_DAO($name);
- $dao = str_replace("DAO", "BAO", $dao);
- return $dao;
+ if (!$dao) {
+ return NULL;
+ }
+ $bao = str_replace("DAO", "BAO", $dao);
+ $file = strtr($bao, '_', '/') . '.php';
+ // Check if this entity actually has a BAO. Fall back on the DAO if not.
+ return stream_resolve_include_path($file) ? $bao : $dao;
}
/**
* @param $entity string API entity being accessed
* @param $action string API action being performed
* @param $params array params of the API call
- * @param $throw bool whether to throw exception instead of returning false
+ * @param $throw deprecated bool whether to throw exception instead of returning false
*
* @throws Exception
* @return bool whether the current API user has the permission to make the call
return TRUE;
}
- foreach ($permissions as $perm) {
- if (!CRM_Core_Permission::check($perm)) {
- if ($throw) {
- throw new Exception("API permission check failed for $entity/$action call; missing permission: $perm.");
- }
- else {
- return FALSE;
+ if (!CRM_Core_Permission::check($permissions)) {
+ if ($throw) {
+ if(is_array($permissions)) {
+ $permissions = implode(' and ', $permissions);
}
+ throw new Exception("API permission check failed for $entity/$action call; insufficient permission: require $permissions");
+ }
+ else {
+ //@todo remove this - this is an internal api function called with $throw set to TRUE. It is only called with false
+ // in tests & that should be tidied up
+ return FALSE;
}
}
+
return TRUE;
}