* @inheritDoc
*/
public function addSelectWhereClause() {
- // We always return an array with these keys, even if they are empty,
- // because this tells the query builder that we have considered these fields for acls
+ // TODO: This seemded like a good idea... piggybacking off the ACL clause of EntityFile
+ // however that's too restrictive because entityFile ACLs are limited to just attachments,
+ // so this would prevent access to other file fields (e.g. custom fields)
+ // Disabling this function for now by calling the parent instead.
+ return parent::addSelectWhereClause();
$clauses = [
'id' => [],
];
use api\v4\Api4TestBase;
use Civi\Api4\Activity;
use Civi\Api4\EntityFile;
-use Civi\Api4\File;
use Civi\Api4\Note;
use Civi\Core\HookInterface;
use Civi\Test\TransactionalInterface;
// Results should have been filtered by allowed contacts
$this->assertCount(2, $allowedEntityFiles);
- $allowedFiles = File::get()
- ->addWhere('id', 'IN', $file)
- ->setDebug(TRUE)
- ->execute();
- // ACL clause should have been inserted
- $this->assertStringContainsString('civicrm_acl_contact_cache', $allowedFiles->debug['sql'][0]);
- // Results should have been filtered by allowed contacts
- $this->assertCount(2, $allowedFiles);
+ // Disabling - see comment in CRM_Core_BAO_File::addSelectWhereClause()
+ // $allowedFiles = File::get()
+ // ->addWhere('id', 'IN', $file)
+ // ->setDebug(TRUE)
+ // ->execute();
+ // // ACL clause should have been inserted
+ // $this->assertStringContainsString('civicrm_acl_contact_cache', $allowedFiles->debug['sql'][0]);
+ // // Results should have been filtered by allowed contacts
+ // $this->assertCount(2, $allowedFiles);
$allowedNotes = Note::get()
->addJoin('File AS file', 'LEFT', 'EntityFile', ['file.entity_id', '=', 'id'], ['file.entity_table', '=', '"civicrm_note"'])
projects / civicrm-core.git / commitdiff