From: Coleman Watts <coleman@civicrm.org>
Date: Fri, 8 May 2020 13:49:10 +0000 (-0400)
Subject: APIv4 - Improve joins test coverage
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=77fdabbf64db7fc9342faf1f8c527dec4b461dfd;hp=18d22274e7cfa076940afc35eb2e53a74cabd00a;p=civicrm-core.git

APIv4 - Improve joins test coverage
---

diff --git a/Civi/API/SelectQuery.php b/Civi/API/SelectQuery.php
index 22577b92c3..8e91d0f68b 100644
--- a/Civi/API/SelectQuery.php
+++ b/Civi/API/SelectQuery.php
@@ -365,7 +365,7 @@ abstract class SelectQuery {
    * @param array $stack
    * @return array
    */
-  protected function getAclClause($tableAlias, $baoName, $stack = []) {
+  public function getAclClause($tableAlias, $baoName, $stack = []) {
     if (!$this->checkPermissions) {
       return [];
     }
diff --git a/Civi/Api4/Service/Schema/Joiner.php b/Civi/Api4/Service/Schema/Joiner.php
index 8442da9112..6b66c57f98 100644
--- a/Civi/Api4/Service/Schema/Joiner.php
+++ b/Civi/Api4/Service/Schema/Joiner.php
@@ -60,7 +60,11 @@ class Joiner {
     foreach ($fullPath as $link) {
       $target = $link->getTargetTable();
       $alias = $link->getAlias();
-      $conditions = $link->getConditionsForJoin($baseTable);
+      $bao = \CRM_Core_DAO_AllCoreTables::getBAOClassName(\CRM_Core_DAO_AllCoreTables::getClassForTable($target));
+      $conditions = array_merge(
+        $link->getConditionsForJoin($baseTable),
+        $query->getAclClause($alias, $bao, explode('.', $joinPath))
+      );
 
       $query->join($side, $target, $alias, $conditions);
 
diff --git a/tests/phpunit/api/v3/ACLPermissionTest.php b/tests/phpunit/api/v3/ACLPermissionTest.php
index 6d87e625b5..c5db7e2ecd 100644
--- a/tests/phpunit/api/v3/ACLPermissionTest.php
+++ b/tests/phpunit/api/v3/ACLPermissionTest.php
@@ -967,4 +967,38 @@ class api_v3_ACLPermissionTest extends CiviUnitTestCase {
 
   }
 
+  /**
+   * @param int $version
+   * @dataProvider versionThreeAndFour
+   */
+  public function testContactGetViaJoin($version) {
+    $this->_apiversion = $version;
+    $this->createLoggedInUser();
+    $main = $this->individualCreate(['first_name' => 'Main']);
+    $other = $this->individualCreate(['first_name' => 'Other'], 1);
+    $tag1 = $this->tagCreate(['name' => uniqid('created'), 'created_id' => $main])['id'];
+    $tag2 = $this->tagCreate(['name' => uniqid('other'), 'created_id' => $other])['id'];
+    $this->setPermissions(['access CiviCRM']);
+    $this->hookClass->setHook('civicrm_aclWhereClause', [$this, 'aclWhereHookAllResults']);
+    $createdFirstName = $version == 4 ? 'created.first_name' : 'created_id.first_name';
+    $result = $this->callAPISuccess('Tag', 'get', [
+      'check_permissions' => 1,
+      'return' => ['id', $createdFirstName],
+      'id' => ['IN' => [$tag1, $tag2]],
+    ]);
+    $this->assertEquals('Main', $result['values'][$tag1][$createdFirstName]);
+    $this->assertEquals('Other', $result['values'][$tag2][$createdFirstName]);
+    $this->allowedContactId = $main;
+    $this->hookClass->setHook('civicrm_aclWhereClause', [$this, 'aclWhereOnlyOne']);
+    $this->cleanupCachedPermissions();
+    $result = $this->callAPISuccess('Tag', 'get', [
+      'check_permissions' => 1,
+      'return' => ['id', $createdFirstName],
+      'id' => ['IN' => [$tag1, $tag2]],
+    ]);
+    $this->assertEquals('Main', $result['values'][$tag1][$createdFirstName]);
+    $this->assertEquals($tag2, $result['values'][$tag2]['id']);
+    $this->assertFalse(isset($result['values'][$tag2][$createdFirstName]));
+  }
+
 }