From: kurund Date: Sat, 5 Jul 2014 13:28:32 +0000 (+0530) Subject: ACL's not working correctly for select all options in export, CRM-14877 X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=4c51948d892cf9237fb8e09680824f25c775a8e8;p=civicrm-core.git ACL's not working correctly for select all options in export, CRM-14877 ---------------------------------------- * CRM-14877: users bypass ACLs when exporting https://issues.civicrm.org/jira/browse/CRM-14877 --- diff --git a/CRM/Contact/BAO/Query.php b/CRM/Contact/BAO/Query.php index f86c25ef94..546d1ceb56 100644 --- a/CRM/Contact/BAO/Query.php +++ b/CRM/Contact/BAO/Query.php @@ -1244,12 +1244,16 @@ class CRM_Contact_BAO_Query { * @param boolean $count * @param boolean $sortByChar * @param boolean $groupContacts + * @param boolean $onlyDeleted * * @return the sql string for that query (this will most likely * change soon) * @access public */ - function query($count = FALSE, $sortByChar = FALSE, $groupContacts = FALSE) { + function query($count = FALSE, $sortByChar = FALSE, $groupContacts = FALSE, $onlyDeleted = FALSE) { + // build permission clause + $this->generatePermissionClause($onlyDeleted, $count); + if ($count) { if (isset($this->_distinctComponentClause)) { // we add distinct to get the right count for components @@ -1324,6 +1328,15 @@ class CRM_Contact_BAO_Query { $where = "WHERE {$this->_whereClause}"; } + if (!empty($this->_permissionWhereClause)) { + if (empty($where)) { + $where = "WHERE $this->_permissionWhereClause"; + } + else { + $where = "$where AND $this->_permissionWhereClause"; + } + } + $having = ''; if (!empty($this->_having)) { foreach ($this->_having as $havingsets) { @@ -4267,7 +4280,6 @@ civicrm_relationship.is_permission_a_b = 0 break; } } - $this->generatePermissionClause($onlyDeleted, $count); // building the query string $groupBy = NULL; @@ -4366,16 +4378,7 @@ civicrm_relationship.is_permission_a_b = 0 // note : this modifies _fromClause and _simpleFromClause $this->includePseudoFieldsJoin($sort); - list($select, $from, $where, $having) = $this->query($count, $sortByChar, $groupContacts); - - if(!empty($this->_permissionWhereClause)){ - if (empty($where)) { - $where = "WHERE $this->_permissionWhereClause"; - } - else { - $where = "$where AND $this->_permissionWhereClause"; - } - } + list($select, $from, $where, $having) = $this->query($count, $sortByChar, $groupContacts, $onlyDeleted); if ($additionalWhereClause) { $where = $where . ' AND ' . $additionalWhereClause;