Ensure force merge permission for force merging (not at the api layer as api v4 won't use that
$permissions['exception'] = [
'default' => ['merge duplicate contacts'],
];
+ $permissions['job'] = [
+ 'process_batch_merge' => ['merge duplicate contacts'],
+ ];
// Loc block is only used for events
$permissions['loc_block'] = $permissions['event'];
* per comments on isSelected above.
*
* @return array|bool
+ *
+ * @throws \CRM_Core_Exception
+ * @throws \CiviCRM_API3_Exception
*/
public static function batchMerge($rgid, $gid = NULL, $mode = 'safe', $batchLimit = 1, $isSelected = 2, $criteria = [], $checkPermissions = TRUE, $reloadCacheIfEmpty = NULL) {
$redirectForPerformance = ($batchLimit > 1) ? TRUE : FALSE;
-
+ if ($mode === 'aggressive' && $checkPermissions && !CRM_Core_Permission::check('force merge duplicate contacts')) {
+ throw new CRM_Core_Exception(ts('Insufficient permissions for aggressive mode batch merge'));
+ }
if (!isset($reloadCacheIfEmpty)) {
$reloadCacheIfEmpty = (!$redirectForPerformance && $isSelected == 2);
}
* @param $dataSet
*/
public function testBatchMergeWorksCheckPermissionsTrue($dataSet) {
- CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'administer CiviCRM'];
+ CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'administer CiviCRM', 'merge duplicate contacts', 'force merge duplicate contacts'];
foreach ($dataSet['contacts'] as $params) {
$this->callAPISuccess('Contact', 'create', $params);
}