APIv4 - Improve joins test coverage

diff --git a/Civi/API/SelectQuery.php b/Civi/API/SelectQuery.php
index 22577b92c3c0dd05a4a91b07a2626b8b5613a6c7..8e91d0f68b98330bb7f2df160de05c4728ac3e45 100644 (file)
--- a/Civi/API/SelectQuery.php
+++ b/Civi/API/SelectQuery.php
@@ -365,7 +365,7 @@ abstract class SelectQuery {
    * @param array $stack
    * @return array
    */
-  protected function getAclClause($tableAlias, $baoName, $stack = []) {
+  public function getAclClause($tableAlias, $baoName, $stack = []) {
     if (!$this->checkPermissions) {
       return [];
     }

diff --git a/Civi/Api4/Service/Schema/Joiner.php b/Civi/Api4/Service/Schema/Joiner.php
index 8442da91129ab5ef9ac24eca13a5340bcd67db15..6b66c57f986ba482581d6ab997ec69905005782e 100644 (file)
--- a/Civi/Api4/Service/Schema/Joiner.php
+++ b/Civi/Api4/Service/Schema/Joiner.php
@@ -60,7 +60,11 @@ class Joiner {
     foreach ($fullPath as $link) {
       $target = $link->getTargetTable();
       $alias = $link->getAlias();
-      $conditions = $link->getConditionsForJoin($baseTable);
+      $bao = \CRM_Core_DAO_AllCoreTables::getBAOClassName(\CRM_Core_DAO_AllCoreTables::getClassForTable($target));
+      $conditions = array_merge(
+        $link->getConditionsForJoin($baseTable),
+        $query->getAclClause($alias, $bao, explode('.', $joinPath))
+      );
 
       $query->join($side, $target, $alias, $conditions);
 

diff --git a/tests/phpunit/api/v3/ACLPermissionTest.php b/tests/phpunit/api/v3/ACLPermissionTest.php
index 6d87e625b5c93cf412f987c3cfd457dbf4dfdabc..c5db7e2ecd1709affa845637b12be0bf656f2393 100644 (file)
--- a/tests/phpunit/api/v3/ACLPermissionTest.php
+++ b/tests/phpunit/api/v3/ACLPermissionTest.php
@@ -967,4 +967,38 @@ class api_v3_ACLPermissionTest extends CiviUnitTestCase {
 
   }
 
+  /**
+   * @param int $version
+   * @dataProvider versionThreeAndFour
+   */
+  public function testContactGetViaJoin($version) {
+    $this->_apiversion = $version;
+    $this->createLoggedInUser();
+    $main = $this->individualCreate(['first_name' => 'Main']);
+    $other = $this->individualCreate(['first_name' => 'Other'], 1);
+    $tag1 = $this->tagCreate(['name' => uniqid('created'), 'created_id' => $main])['id'];
+    $tag2 = $this->tagCreate(['name' => uniqid('other'), 'created_id' => $other])['id'];
+    $this->setPermissions(['access CiviCRM']);
+    $this->hookClass->setHook('civicrm_aclWhereClause', [$this, 'aclWhereHookAllResults']);
+    $createdFirstName = $version == 4 ? 'created.first_name' : 'created_id.first_name';
+    $result = $this->callAPISuccess('Tag', 'get', [
+      'check_permissions' => 1,
+      'return' => ['id', $createdFirstName],
+      'id' => ['IN' => [$tag1, $tag2]],
+    ]);
+    $this->assertEquals('Main', $result['values'][$tag1][$createdFirstName]);
+    $this->assertEquals('Other', $result['values'][$tag2][$createdFirstName]);
+    $this->allowedContactId = $main;
+    $this->hookClass->setHook('civicrm_aclWhereClause', [$this, 'aclWhereOnlyOne']);
+    $this->cleanupCachedPermissions();
+    $result = $this->callAPISuccess('Tag', 'get', [
+      'check_permissions' => 1,
+      'return' => ['id', $createdFirstName],
+      'id' => ['IN' => [$tag1, $tag2]],
+    ]);
+    $this->assertEquals('Main', $result['values'][$tag1][$createdFirstName]);
+    $this->assertEquals($tag2, $result['values'][$tag2]['id']);
+    $this->assertFalse(isset($result['values'][$tag2][$createdFirstName]));
+  }
+
 }