From: Coleman Watts Date: Thu, 10 Mar 2016 19:03:19 +0000 (-0500) Subject: CRM-17867 - Set checkPermission before running getAclClause X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=8e8bf58455ec14a3450b3cc718725806e74e765b;p=civicrm-core.git CRM-17867 - Set checkPermission before running getAclClause --- diff --git a/Civi/API/SelectQuery.php b/Civi/API/SelectQuery.php index 3764992baa..44c347c64b 100644 --- a/Civi/API/SelectQuery.php +++ b/Civi/API/SelectQuery.php @@ -86,14 +86,15 @@ abstract class SelectQuery { /** * @var string|bool */ - public $checkPermissions; + protected $checkPermissions; protected $apiVersion; /** * @param string $entity + * @param bool $checkPermissions */ - public function __construct($entity) { + public function __construct($entity, $checkPermissions) { $this->entity = $entity; require_once 'api/v3/utils.php'; $baoName = _civicrm_api3_get_BAO($entity); @@ -106,6 +107,7 @@ abstract class SelectQuery { $bao->free(); // Add ACLs first to avoid redundant subclauses + $this->checkPermissions = $checkPermissions; $this->query->where($this->getAclClause(self::MAIN_TABLE_ALIAS, $baoName)); } diff --git a/Civi/Test/HeadlessInterface.php b/Civi/Test/HeadlessInterface.php index 85de268943..95227f7685 100644 --- a/Civi/Test/HeadlessInterface.php +++ b/Civi/Test/HeadlessInterface.php @@ -7,7 +7,7 @@ namespace Civi\Test; * @package Civi\Test * * To run your test against a fake, headless database, flag it with the - * HeadlessInterface. CiviTestListener will automatically boot + * HeadlessInterface. CiviTestListener will automatically boot Civi. * * Alternatively, if you wish to run a test in a live (CMS-enabled) environment, * flag it with EndToEndInterface. @@ -23,7 +23,7 @@ namespace Civi\Test; interface HeadlessInterface { /** - * The setupHeadless functions runs at the start of each test case, right before + * The setupHeadless function runs at the start of each test case, right before * the headless environment reboots. * * It should perform any necessary steps required for putting the database diff --git a/api/v3/utils.php b/api/v3/utils.php index 42f9f0383b..53f3206ed5 100644 --- a/api/v3/utils.php +++ b/api/v3/utils.php @@ -1339,7 +1339,7 @@ function _civicrm_api3_basic_get($bao_name, $params, $returnAsSuccess = TRUE, $e $entity = CRM_Core_DAO_AllCoreTables::getBriefName(str_replace('_BAO_', '_DAO_', $bao_name)); $options = _civicrm_api3_get_options_from_params($params); - $query = new \Civi\API\Api3SelectQuery($entity); + $query = new \Civi\API\Api3SelectQuery($entity, CRM_Utils_Array::value('check_permissions', $params, FALSE)); $query->where = $params; if ($options['is_count']) { $query->select = array('count'); @@ -1351,7 +1351,6 @@ function _civicrm_api3_basic_get($bao_name, $params, $returnAsSuccess = TRUE, $e } $query->limit = $options['limit']; $query->offset = $options['offset']; - $query->checkPermissions = CRM_Utils_Array::value('check_permissions', $params, FALSE); $query->merge($sql); $result = $query->run();