Pass 'check permissions' flag through to merge function

The inner function will only delete the merged contact if checkPermissions is false or
the logged in user has permission to delete. Our api model expects check_permissions to be
respected at the BAO level

diff --git a/api/v3/Contact.php b/api/v3/Contact.php
index 8f82b41259e140d534dec78ec1b2e03639b60cd9..54ce858580f710a24838ed78d082315c34af2017 100644 (file)
--- a/api/v3/Contact.php
+++ b/api/v3/Contact.php
@@ -1195,12 +1195,14 @@ function _civicrm_api3_contact_deprecation() {
  * @throws API_Exception
  */
 function civicrm_api3_contact_merge($params) {
-  if (($result = CRM_Dedupe_Merger::merge([
-      [
-        'srcID' => $params['to_remove_id'],
-        'dstID' => $params['to_keep_id'],
-      ],
-    ], [], $params['mode'])) != FALSE) {
+  if (($result = CRM_Dedupe_Merger::merge(
+    [['srcID' => $params['to_remove_id'], 'dstID' => $params['to_keep_id']]],
+    [],
+    $params['mode'],
+    FALSE,
+    CRM_Utils_Array::value('check_permissions', $params)
+    )) != FALSE) {
+
     return civicrm_api3_create_success($result, $params);
   }
   throw new API_Exception('Merge failed');