Correctly add 'or' permissions to the UnauthorizedException.

author Mattias Michaux <mattias.michaux@gmail.com>

Mon, 16 May 2016 20:06:50 +0000 (22:06 +0200)

committer Mattias Michaux <mattias.michaux@gmail.com>

Mon, 16 May 2016 20:11:08 +0000 (22:11 +0200)
author Mattias Michaux <mattias.michaux@gmail.com>
Mon, 16 May 2016 20:06:50 +0000 (22:06 +0200)
committer Mattias Michaux <mattias.michaux@gmail.com>
Mon, 16 May 2016 20:11:08 +0000 (22:11 +0200)
diff --git a/Civi/API/Subscriber/PermissionCheck.php b/Civi/API/Subscriber/PermissionCheck.php

index e36e9a6107c5e1b2eeeeb2a6664ed05c1cfce61e..b2c7900d4e5d376bbb0985cb64c88a5f98b70c8f 100644 (file)
--- a/Civi/API/Subscriber/PermissionCheck.php
+++ b/Civi/API/Subscriber/PermissionCheck.php
@@ -75,6 +75,11 @@ class PermissionCheck implements EventSubscriberInterface {
  
        if (!\CRM_Core_Permission::check($permissions) and !self::checkACLPermission($apiRequest)) {
          if (is_array($permissions)) {
+          foreach ($permissions as &$permission) {
+            if (is_array($permission)) {
+              $permission = '( ' . implode(' or ', $permission) . ' )';
+            }
+          }
            $permissions = implode(' and ', $permissions);
          }
          // FIXME: Generating the exception ourselves allows for detailed error
author	Mattias Michaux <mattias.michaux@gmail.com>
	Mon, 16 May 2016 20:06:50 +0000 (22:06 +0200)
committer	Mattias Michaux <mattias.michaux@gmail.com>
	Mon, 16 May 2016 20:11:08 +0000 (22:11 +0200)