Allow access to user permissions using the REST API in Joomla. #CRM-16292

diff --git a/CRM/Core/Permission/Joomla.php b/CRM/Core/Permission/Joomla.php
index 61e1ccf737bb5e63f66377a57a800f536eaaed88..583527b31c9716aef4ae08923a667874cc8181b5 100644 (file)
--- a/CRM/Core/Permission/Joomla.php
+++ b/CRM/Core/Permission/Joomla.php
@@ -61,12 +61,36 @@ class CRM_Core_Permission_Joomla extends CRM_Core_Permission_Base {
     // we've not yet figured out how to bootstrap joomla, so we should
     // not execute hooks if joomla is not loaded
     if (defined('_JEXEC')) {
-      $permission = JFactory::getUser()->authorise($translated[0], $translated[1]);
-      return $permission;
+        $user = JFactory::getUser();
+
+       // If we are coming from REST we don't have a user but we do have the api_key for a user.
+      if ($user->id === 0) {
+         // This is a codeblock copied from /Civicrm/Utils/REST
+         $uid = NULL;
+         if (!$uid) {
+             $store      = NULL;
+             $api_key    = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST');
+
+             if (empty($api_key)) {
+                 return CRM_Utils_Rest::error("FATAL: mandatory param 'api_key' (user key) missing");
+              }
+
+            $contact_id = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key');
+
+            if ($contact_id) {
+                $uid = CRM_Core_BAO_UFMatch::getUFId($contact_id);
+            }
+           $user = JFactory::getUser($uid);
+
+        }
+      }
+
+    return $user->authorise($translated[0], $translated[1]);;
+
     }
     else {
-      // This function is supposed to return a boolean. What does '(1)' mean?
-      return '(1)';
+
+      return false;
     }
   }