$components = CRM_Core_Component::getNames();
$componentClause = array();
foreach ($components as $componentID => $componentName) {
- // CRM-19201: Add support for searching CiviCampaign and CiviCase
- // activities.
- // "access all cases and activities" is used here rather than
- // "access my cases and activities" to prevent those with only the later
- // permission to see a list of all cases which might present a privacy
- // issue.
- switch ($componentName) {
- case 'CiviCase':
- $perm = "access all cases and activities";
- break;
-
- case 'CiviCampaign':
- $perm = "administer $componentName";
- break;
-
- default:
- $perm = "access $componentName";
- break;
- }
- if (!CRM_Core_Permission::check($perm)) {
+ // CRM-19201: Add support for reporting CiviCampaign activities
+ // For CiviCase, "access all cases and activities" is required here
+ // rather than "access my cases and activities" to prevent those with
+ // only the later permission from seeing a list of all cases which might
+ // present a privacy issue.
+ if (!CRM_Core_Permission::access($componentName, TRUE, TRUE)) {
$componentClause[] = " (activity_type.component_id IS NULL OR activity_type.component_id <> {$componentID}) ";
}
}
}
/**
- * @param $module
+ * Checks that component is enabled and optionally that user has basic perm.
+ *
+ * @param string $module
+ * Specifies the name of the CiviCRM component.
* @param bool $checkPermission
+ * Check not only that module is enabled, but that user has necessary
+ * permission.
+ * @param bool $requireAllCasesPermOnCiviCase
+ * Significant only if $module == CiviCase
+ * Require "access all cases and activities", not just
+ * "access my cases and activities".
*
* @return bool
+ * Access to specified $module is granted.
*/
- public static function access($module, $checkPermission = TRUE) {
+ public static function access($module, $checkPermission = TRUE, $requireAllCasesPermOnCiviCase = FALSE) {
$config = CRM_Core_Config::singleton();
if (!in_array($module, $config->enableComponents)) {
}
if ($checkPermission) {
- if ($module == 'CiviCase') {
- return CRM_Case_BAO_Case::accessCiviCase();
- }
- else {
- return CRM_Core_Permission::check("access $module");
+ switch ($module) {
+ case 'CiviCase':
+ $access_all_cases = CRM_Core_Permission::check("access all cases and activities");
+ $access_my_cases = CRM_Core_Permission::check("access my cases and activities");
+ return $access_all_cases || (!$requireAllCasesPermOnCiviCase && $access_my_cases);
+
+ case 'CiviCampaign':
+ return CRM_Core_Permission::check("administer $module");
+
+ default:
+ return CRM_Core_Permission::check("access $module");
}
}
$components = CRM_Core_Component::getEnabledComponents();
foreach ($components as $componentName => $componentInfo) {
// CRM-19201: Add support for reporting CiviCampaign activities
- // "access all cases and activities" is used here rather than "access my
- // cases and activities" to prevent those with only the later permission
- // from seeing a list of all cases which might present a privacy issue.
- switch ($componentName) {
- case 'CiviCase':
- $perm = "access all cases and activities";
- break;
-
- case 'CiviCampaign':
- $perm = "administer $componentName";
- break;
-
- default:
- $perm = "access $componentName";
- break;
- }
- if (CRM_Core_Permission::check($perm)) {
+ // For CiviCase, "access all cases and activities" is required here
+ // rather than "access my cases and activities" to prevent those with
+ // only the later permission from seeing a list of all cases which might
+ // present a privacy issue.
+ if (CRM_Core_Permission::access($componentName, TRUE, TRUE)) {
$accessAllowed[] = $componentInfo->componentID;
}
}
projects / civicrm-core.git / commitdiff