return $deleteClause;
}
- if ($contactID == NULL) {
- $user = CRM_Core_Session::getLoggedInContactID();
- $contactID = $user ? $user : 0;
+ if (!$contactID) {
+ $contactID = CRM_Core_Session::getLoggedInContactID();
}
+ $contactID = (int) $contactID;
- return implode(' AND ',
+ $where = implode(' AND ',
array(
CRM_ACL_BAO_ACL::whereClause($type,
$tables,
$deleteClause,
)
);
+
+ // Add permission on self
+ if ($contactID && (CRM_Core_Permission::check('edit my contact') ||
+ $type == self::VIEW && CRM_Core_Permission::check('view my contact'))
+ ) {
+ $where = "contact_a.id = $contactID OR ($where)";
+ }
+ return $where;
}
/**
}
/**
- * Function tests that an empty where hook returns no results with edit my contact.
+ * Function tests that an empty where hook returns exactly 1 result with "view my contact".
*
* CRM-16512 caused contacts with Edit my contact to be able to view all records.
*/
- public function testContactGetNoResultsHookWithEditMyContact() {
+ public function testContactGetOneResultHookWithViewMyContact() {
$this->createLoggedInUser();
$this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'view my contact');
'check_permissions' => 1,
'return' => 'display_name',
));
- $this->assertEquals(0, $result['count']);
+ $this->assertEquals(1, $result['count']);
+ }
+
+ /**
+ * Function tests that a user with "edit my contact" can edit themselves.
+ */
+ public function testContactEditHookWithEditMyContact() {
+ $this->markTestIncomplete('api acls only work with contact get so far');
+ $cid = $this->createLoggedInUser();
+ $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults'));
+ CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM', 'edit my contact');
+ $this->callAPISuccess('contact', 'create', array(
+ 'check_permissions' => 1,
+ 'id' => $cid,
+ ));
}
/**
projects / civicrm-core.git / commitdiff