return FALSE;
}
- // This permission always has access
- if (CRM_Core_Permission::check('access all cases and activities')) {
- return TRUE;
- }
-
- // This permission is required at minimum
- if (!CRM_Core_Permission::check('access my cases and activities')) {
- return FALSE;
- }
-
- $session = CRM_Core_Session::singleton();
- $userID = CRM_Utils_Type::validate($session->get('userID'), 'Positive');
- $caseId = CRM_Utils_Type::validate($caseId, 'Positive');
-
- $condition = " AND civicrm_case.is_deleted = 0 ";
- $condition .= " AND case_relationship.contact_id_b = {$userID} ";
- $condition .= " AND civicrm_case.id = {$caseId}";
-
- if ($denyClosed) {
- $closedId = CRM_Core_OptionGroup::getValue('case_status', 'Closed', 'name');
- $condition .= " AND civicrm_case.status_id != $closedId";
+ $params = array('id' => $caseId, 'check_permissions' => TRUE);
+ if ($denyClosed && !CRM_Core_Permission::check('access all cases and activities')) {
+ $params['status_id'] = array('!=' => 'Closed');
}
-
- // We don't actually care about activities in the case, but the underlying
- // query is verbose, and this allows us to share the basic query with
- // getCases(). $type=='any' means that activities will be left-joined.
- $query = self::getCaseActivityQuery('any', $userID, $condition);
- $queryParams = array();
- $dao = CRM_Core_DAO::executeQuery($query,
- $queryParams
- );
-
- return (bool) $dao->fetch();
+ $result = civicrm_api3('Case', 'getcount', $params);
+ return (bool) $result['result'];
}
/**
*/
/**
- * This class contains all case related functions that are called using AJAX (jQuery)
+ * This class contains all case related functions that are called using AJAX
*/
class CRM_Case_Page_AJAX {
CRM_Utils_JSON::output($results);
}
+ /**
+ * @throws \CRM_Core_Exception
+ */
public function processCaseTags() {
$caseId = CRM_Utils_Type::escape($_POST['case_id'], 'Positive');
CRM_Utils_System::civiExit();
}
+ /**
+ * @throws \CiviCRM_API3_Exception
+ */
public function caseDetails() {
$caseId = CRM_Utils_Type::escape($_GET['caseId'], 'Positive');
- if (!CRM_Case_BAO_Case::accessCase($caseId, FALSE)) {
- CRM_Utils_System::permissionDenied();
- }
+ $case = civicrm_api3('Case', 'getsingle',
+ array('id' => $caseId, 'return' => array('subject', 'case_type_id', 'status_id', 'start_date', 'end_date')));
- $sql = "SELECT civicrm_case.*, civicrm_case_type.title as case_type
- FROM civicrm_case
- INNER JOIN civicrm_case_type ON civicrm_case.case_type_id = civicrm_case_type.id
- WHERE civicrm_case.id = %1";
- $dao = CRM_Core_DAO::executeQuery($sql, array(1 => array($caseId, 'Integer')));
-
- if ($dao->fetch()) {
- $caseStatuses = CRM_Case_PseudoConstant::caseStatus();
- $cs = $caseStatuses[$dao->status_id];
- $caseDetails = "<table><tr><td>" . ts('Case Subject') . "</td><td>{$dao->subject}</td></tr>
- <tr><td>" . ts('Case Type') . "</td><td>{$dao->case_type}</td></tr>
- <tr><td>" . ts('Case Status') . "</td><td>{$cs}</td></tr>
- <tr><td>" . ts('Case Start Date') . "</td><td>" . CRM_Utils_Date::customFormat($dao->start_date) . "</td></tr>
- <tr><td>" . ts('Case End Date') . "</td><td></td></tr>" . CRM_Utils_Date::customFormat($dao->end_date) . "</table>";
- if (CRM_Utils_Array::value('snippet', $_GET) == 'json') {
- CRM_Core_Page_AJAX::returnJsonResponse($caseDetails);
- }
- else {
- echo $caseDetails;
- }
- }
- else {
- CRM_Core_Error::fatal('Could not find valid Case.');
+ $caseStatuses = CRM_Case_PseudoConstant::caseStatus();
+ $caseTypes = CRM_Case_PseudoConstant::caseType('title', FALSE);
+ $caseDetails = "<table><tr><td>" . ts('Case Subject') . "</td><td>{$case['subject']}</td></tr>
+ <tr><td>" . ts('Case Type') . "</td><td>{$caseTypes[$case['case_type_id']]}</td></tr>
+ <tr><td>" . ts('Case Status') . "</td><td>{$caseStatuses[$case['status_id']]}</td></tr>
+ <tr><td>" . ts('Case Start Date') . "</td><td>" . CRM_Utils_Date::customFormat($case['start_date']) . "</td></tr>
+ <tr><td>" . ts('Case End Date') . "</td><td></td></tr>" . CRM_Utils_Date::customFormat($case['end_date']) . "</table>";
+
+ if (CRM_Utils_Array::value('snippet', $_GET) == 'json') {
+ CRM_Core_Page_AJAX::returnJsonResponse($caseDetails);
}
+
+ echo $caseDetails;
CRM_Utils_System::civiExit();
}
+ /**
+ * @throws \CRM_Core_Exception
+ */
public function addClient() {
$caseId = CRM_Utils_Type::escape($_POST['caseID'], 'Positive');
$contactId = CRM_Utils_Type::escape($_POST['contactID'], 'Positive');
}
// More than 4 joins deep seems excessive - DOS attack?
if ($depth > self::MAX_JOINS) {
- throw new UnauthorizedException("Maximum number of joins exceeded for api.{$this->entity}.get in parameter $fkFieldName");
+ throw new UnauthorizedException("Maximum number of joins exceeded in parameter $fkFieldName");
}
if (!isset($fkField['FKApiName']) && !isset($fkField['FKClassName'])) {
// Join doesn't exist - might be another param with a dot in it for some reason, we'll just ignore it.
* Get acl clause for an entity
*
* @param string $tableAlias
- * @param \CRM_Core_DAO $daoName
+ * @param string $daoName
* @return null|string
*/
private function getAclClause($tableAlias, $daoName = NULL) {
projects / civicrm-core.git / commitdiff