X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FUtils%2FRecent.php;h=f09ce294bbbb795e667bb1f15f1d5d8731948ea1;hb=f8307138bf292130a628e68f346535b398ae9b63;hp=a2a22ebb4127b75d3a1185cfa466b962d372439f;hpb=8ee40033d15089808451f828d3301fc36ecb2c79;p=civicrm-core.git diff --git a/CRM/Utils/Recent.php b/CRM/Utils/Recent.php index a2a22ebb41..f09ce294bb 100644 --- a/CRM/Utils/Recent.php +++ b/CRM/Utils/Recent.php @@ -80,8 +80,18 @@ class CRM_Utils_Recent { * Create function used by the API - supplies defaults * * @param array $params + * @param Civi\Api4\Generic\AbstractAction $action */ - public static function create(array $params) { + public static function create(array $params, Civi\Api4\Generic\AbstractAction $action) { + if ($action->getCheckPermissions()) { + $allowed = civicrm_api4($params['entity_type'], 'checkAccess', [ + 'action' => 'get', + 'values' => ['id' => $params['entity_id']], + ], 0); + if (empty($allowed['access'])) { + return []; + } + } $params['title'] = $params['title'] ?? self::getTitle($params['entity_type'], $params['entity_id']); $params['view_url'] = $params['view_url'] ?? self::getUrl($params['entity_type'], $params['entity_id'], 'view'); $params['edit_url'] = $params['edit_url'] ?? self::getUrl($params['entity_type'], $params['entity_id'], 'update'); @@ -182,10 +192,11 @@ class CRM_Utils_Recent { $record = civicrm_api4($entityType, 'get', [ 'where' => [['id', '=', $entityId]], 'select' => [$labelField], + 'checkPermissions' => FALSE, ], 0); $title = $record[$labelField] ?? NULL; } - return $title ?? (CoreUtil::getInfoItem($entityType, 'label_field')); + return $title ?? (CoreUtil::getInfoItem($entityType, 'title')); } /** @@ -244,7 +255,7 @@ class CRM_Utils_Recent { } elseif ($event->action === 'edit') { if (isset($event->object->is_deleted)) { - \Civi\Api4\RecentItem::update() + \Civi\Api4\RecentItem::update(FALSE) ->addWhere('entity_type', '=', $entityType) ->addWhere('entity_id', '=', $event->id) ->addValue('is_deleted', (bool) $event->object->is_deleted)