From: Seamus Lee Date: Thu, 14 May 2015 21:35:37 +0000 (+0000) Subject: CRM-9764 Backport possible ACL Fixes to 4.6 X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=d14ccbdc28df567cbbb9f4cbf14d4629012ce72e;p=civicrm-core.git CRM-9764 Backport possible ACL Fixes to 4.6 --- diff --git a/CRM/Contact/Form/Search/Custom/ActivitySearch.php b/CRM/Contact/Form/Search/Custom/ActivitySearch.php index d0a54080e4..9590cb644f 100644 --- a/CRM/Contact/Form/Search/Custom/ActivitySearch.php +++ b/CRM/Contact/Form/Search/Custom/ActivitySearch.php @@ -35,6 +35,8 @@ class CRM_Contact_Form_Search_Custom_ActivitySearch extends CRM_Contact_Form_Search_Custom_Base implements CRM_Contact_Form_Search_Interface { protected $_formValues; + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; /** * @param $formValues @@ -259,7 +261,7 @@ ORDER BY contact_a.sort_name'; $targetID = CRM_Utils_Array::key('Activity Targets', $activityContacts); $sourceID = CRM_Utils_Array::key('Activity Source', $activityContacts); - return " + $from = " civicrm_activity activity LEFT JOIN civicrm_activity_contact target ON activity.id = target.activity_id AND target.record_type_id = {$targetID} @@ -278,7 +280,13 @@ ORDER BY contact_a.sort_name'; LEFT JOIN civicrm_activity_contact assignment ON activity.id = assignment.activity_id AND assignment.record_type_id = {$assigneeID} LEFT JOIN civicrm_contact contact_c - ON assignment.contact_id = contact_c.id "; + ON assignment.contact_id = contact_c.id {$this->_aclFrom}"; + + if ($this->_aclWhere) { + $this->_where .= " {$this->_aclWhere} "; + } + + return $from; } /** @@ -378,7 +386,7 @@ ORDER BY contact_a.sort_name'; * @param int $offset * @param int $rowcount * @param null $sort - * @param boolean $returnSQL Not used; included for consistency with parent; SQL is always returned + * @param bool $returnSQL Not used; included for consistency with parent; SQL is always returned * * @return string */ @@ -412,4 +420,11 @@ ORDER BY contact_a.sort_name'; return NULL; } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/Basic.php b/CRM/Contact/Form/Search/Custom/Basic.php index a563e616e5..f4256b02f1 100644 --- a/CRM/Contact/Form/Search/Custom/Basic.php +++ b/CRM/Contact/Form/Search/Custom/Basic.php @@ -35,6 +35,8 @@ class CRM_Contact_Form_Search_Custom_Basic extends CRM_Contact_Form_Search_Custom_Base implements CRM_Contact_Form_Search_Interface { protected $_query; + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; /** * @param $formValues @@ -178,7 +180,13 @@ class CRM_Contact_Form_Search_Custom_Basic extends CRM_Contact_Form_Search_Custo * @return string */ public function from() { - return $this->_query->_fromClause; + $this->buildACLClause('contact_a'); + $from = $this->_query->_fromClause; + $from .= "{$this->_aclFrom}"; + if ($this->_aclWhere) { + $this->_where .= " AND {$this->_aclWhere} "; + } + return $from; } /** @@ -207,4 +215,11 @@ class CRM_Contact_Form_Search_Custom_Basic extends CRM_Contact_Form_Search_Custo return $this->_query; } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/ContribSYBNT.php b/CRM/Contact/Form/Search/Custom/ContribSYBNT.php index 2d431fd912..dac043e9e1 100644 --- a/CRM/Contact/Form/Search/Custom/ContribSYBNT.php +++ b/CRM/Contact/Form/Search/Custom/ContribSYBNT.php @@ -35,6 +35,8 @@ class CRM_Contact_Form_Search_Custom_ContribSYBNT extends CRM_Contact_Form_Search_Custom_Base implements CRM_Contact_Form_Search_Interface { protected $_formValues; + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; public $_permissionedComponent; /** @@ -128,7 +130,7 @@ class CRM_Contact_Form_Search_Custom_ContribSYBNT extends CRM_Contact_Form_Searc * @param int $offset * @param int $rowcount * @param null $sort - * @param boolean $returnSQL Not used; included for consistency with parent; SQL is always returned + * @param bool $returnSQL Not used; included for consistency with parent; SQL is always returned * * @return string */ @@ -178,10 +180,13 @@ class CRM_Contact_Form_Search_Custom_ContribSYBNT extends CRM_Contact_Form_Searc "; } - + $this->buildACLClause('contact_a'); + if ($this->_aclWhere) { + $where .= " AND {$this->_aclWhere} "; + } $sql = " SELECT $select -FROM civicrm_contact AS contact_a +FROM civicrm_contact AS contact_a {$this->_aclFrom} LEFT JOIN civicrm_contribution contrib_1 ON contrib_1.contact_id = contact_a.id $from WHERE contrib_1.contact_id = contact_a.id @@ -337,7 +342,7 @@ AND c.receive_date < {$this->start_date_1} $clauses[] = " xg.contact_id IS NULL "; } - return implode(' AND ', $clauses); + return "{$this->_where} AND " . implode(' AND ', $clauses); } /** @@ -393,4 +398,11 @@ AND c.receive_date < {$this->start_date_1} } } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/ContributionAggregate.php b/CRM/Contact/Form/Search/Custom/ContributionAggregate.php index a537622581..c85a5e1624 100644 --- a/CRM/Contact/Form/Search/Custom/ContributionAggregate.php +++ b/CRM/Contact/Form/Search/Custom/ContributionAggregate.php @@ -35,6 +35,8 @@ class CRM_Contact_Form_Search_Custom_ContributionAggregate extends CRM_Contact_Form_Search_Custom_Base implements CRM_Contact_Form_Search_Interface { protected $_formValues; + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; public $_permissionedComponent; /** @@ -177,10 +179,15 @@ $having * @return string */ public function from() { - return " + $this->buildACLClause('contact_a'); + $from = " civicrm_contribution AS contrib, -civicrm_contact AS contact_a +civicrm_contact AS contact_a {$this->aclFrom} "; + if ($this->_aclWhere) { + $this->_where .= " {$this->_aclWhere} "; + } + return $from; } /** @@ -227,7 +234,7 @@ civicrm_contact AS contact_a $clauses[] = "contrib.financial_type_id IN ($financial_type_ids)"; } - return implode(' AND ', $clauses); + return "{$this->_where} AND " . implode(' AND ', $clauses); } /** @@ -272,7 +279,7 @@ civicrm_contact AS contact_a * @param int $offset * @param int $rowcount * @param null $sort - * @param boolean $returnSQL Not used; included for consistency with parent; SQL is always returned + * @param bool $returnSQL Not used; included for consistency with parent; SQL is always returned * * @return string */ @@ -306,4 +313,11 @@ civicrm_contact AS contact_a return NULL; } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/DateAdded.php b/CRM/Contact/Form/Search/Custom/DateAdded.php index bb37198bca..43baeb5d34 100644 --- a/CRM/Contact/Form/Search/Custom/DateAdded.php +++ b/CRM/Contact/Form/Search/Custom/DateAdded.php @@ -35,6 +35,8 @@ class CRM_Contact_Form_Search_Custom_DateAdded extends CRM_Contact_Form_Search_Custom_Base implements CRM_Contact_Form_Search_Interface { protected $_debug = 0; + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; /** * @param $formValues @@ -373,12 +375,12 @@ class CRM_Contact_Form_Search_Custom_DateAdded extends CRM_Contact_Form_Search_C } } // end if( $this->_groups ) condition - + $this->buildACLClause('contact_a'); $from = "FROM civicrm_contact contact_a"; /* We need to join to this again to get the date_added value */ - $from .= " INNER JOIN dates_{$this->_tableName} d ON (contact_a.id = d.id)"; + $from .= " INNER JOIN dates_{$this->_tableName} d ON (contact_a.id = d.id) {$this->_aclFrom}"; // Only include groups in the search query of one or more Include OR Exclude groups has been selected. // CRM-6356 @@ -386,6 +388,10 @@ class CRM_Contact_Form_Search_Custom_DateAdded extends CRM_Contact_Form_Search_C $from .= " INNER JOIN Ig_{$this->_tableName} temptable1 ON (contact_a.id = temptable1.contact_id)"; } + if ($this->_aclWhere) { + $this->_where .= " AND {$this->_aclWhere} "; + } + return $from; } @@ -442,4 +448,11 @@ class CRM_Contact_Form_Search_Custom_DateAdded extends CRM_Contact_Form_Search_C } } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/EventAggregate.php b/CRM/Contact/Form/Search/Custom/EventAggregate.php index dd61ffd0b2..970d110a1a 100644 --- a/CRM/Contact/Form/Search/Custom/EventAggregate.php +++ b/CRM/Contact/Form/Search/Custom/EventAggregate.php @@ -35,6 +35,8 @@ class CRM_Contact_Form_Search_Custom_EventAggregate extends CRM_Contact_Form_Search_Custom_Base implements CRM_Contact_Form_Search_Interface { protected $_formValues; + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; public $_permissionedComponent; /** @@ -186,7 +188,8 @@ class CRM_Contact_Form_Search_Custom_EventAggregate extends CRM_Contact_Form_Sea * @return string */ public function from() { - return " + $this->buildACLClause('contact_a'); + $from = " civicrm_participant_payment left join civicrm_participant on civicrm_participant_payment.participant_id=civicrm_participant.id @@ -198,7 +201,12 @@ class CRM_Contact_Form_Search_Custom_EventAggregate extends CRM_Contact_Form_Sea on civicrm_contribution.id = civicrm_participant_payment.contribution_id left join civicrm_option_value on - ( civicrm_option_value.value = civicrm_event.event_type_id AND civicrm_option_value.option_group_id = 14)"; + ( civicrm_option_value.value = civicrm_event.event_type_id AND civicrm_option_value.option_group_id = 14) {$this->_aclFrom}"; + if ($this->_aclWhere) { + $this->_where .= "{$this->_aclWhere} "; + } + + return $from; } /** @@ -320,7 +328,7 @@ class CRM_Contact_Form_Search_Custom_EventAggregate extends CRM_Contact_Form_Sea * @param int $offset * @param int $rowcount * @param null $sort - * @param boolean $returnSQL Not used; included for consistency with parent; SQL is always returned + * @param bool $returnSQL Not used; included for consistency with parent; SQL is always returned * * @return string */ @@ -347,4 +355,11 @@ class CRM_Contact_Form_Search_Custom_EventAggregate extends CRM_Contact_Form_Sea } } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/MultipleValues.php b/CRM/Contact/Form/Search/Custom/MultipleValues.php index b82c002097..701545516f 100644 --- a/CRM/Contact/Form/Search/Custom/MultipleValues.php +++ b/CRM/Contact/Form/Search/Custom/MultipleValues.php @@ -37,6 +37,8 @@ class CRM_Contact_Form_Search_Custom_MultipleValues extends CRM_Contact_Form_Sea protected $_groupTree; protected $_tables; protected $_options; + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; /** * @param $formValues @@ -205,7 +207,8 @@ contact_a.sort_name as sort_name, * @return string */ public function from() { - $from = "FROM civicrm_contact contact_a"; + $this->buildACLClause('contact_a'); + $from = "FROM civicrm_contact contact_a {$this->_aclFrom}"; $customFrom = array(); // lets do an INNER JOIN so we get only relevant values rather than all values if (!empty($this->_tables)) { @@ -226,6 +229,10 @@ contact_a.sort_name as sort_name, AND cgc.status = 'Added')"; } + if ($this->_aclWhere) { + $this->_where .= " AND {$this->_aclWhere} "; + } + return $from; } @@ -276,6 +283,8 @@ contact_a.sort_name as sort_name, $where .= ' AND ' . implode(' AND ', $clause); } + $where .= "{$this->_where} "; + return $this->whereClause($where, $params); } @@ -354,4 +363,11 @@ contact_a.sort_name as sort_name, CRM_Utils_System::setTitle($title); } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/PostalMailing.php b/CRM/Contact/Form/Search/Custom/PostalMailing.php index 40ea4d0d09..027b909593 100644 --- a/CRM/Contact/Form/Search/Custom/PostalMailing.php +++ b/CRM/Contact/Form/Search/Custom/PostalMailing.php @@ -33,6 +33,8 @@ * */ class CRM_Contact_Form_Search_Custom_PostalMailing extends CRM_Contact_Form_Search_Custom_Base implements CRM_Contact_Form_Search_Interface { + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; /** * @param $formValues */ @@ -111,13 +113,18 @@ state_province.name as state_province * @return string */ public function from() { - return " + $this->buildACLClause('contact_a'); + $from = " FROM civicrm_group_contact as cgc, civicrm_contact as contact_a LEFT JOIN civicrm_address address ON (address.contact_id = contact_a.id AND address.is_primary = 1 ) -LEFT JOIN civicrm_state_province state_province ON state_province.id = address.state_province_id +LEFT JOIN civicrm_state_province state_province ON state_province.id = address.state_province_id {$this->_aclFrom} "; + if ($this->_aclWhere) { + $this->_where .= " {$this->_aclWhere} "; + } + return $from; } /** @@ -145,7 +152,7 @@ LEFT JOIN civicrm_state_province state_province ON state_province.id = address. $clause[] = "contact_a.contact_type IN ('Individual','Household')"; if (!empty($clause)) { - $where = implode(' AND ', $clause); + $where = "{$this->_where} AND " . implode(' AND ', $clause); } return $this->whereClause($where, $params); @@ -158,4 +165,11 @@ LEFT JOIN civicrm_state_province state_province ON state_province.id = address. return 'CRM/Contact/Form/Search/Custom.tpl'; } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/PriceSet.php b/CRM/Contact/Form/Search/Custom/PriceSet.php index 31acff399c..4793e00a11 100644 --- a/CRM/Contact/Form/Search/Custom/PriceSet.php +++ b/CRM/Contact/Form/Search/Custom/PriceSet.php @@ -35,7 +35,8 @@ class CRM_Contact_Form_Search_Custom_PriceSet extends CRM_Contact_Form_Search_Custom_Base implements CRM_Contact_Form_Search_Interface { protected $_eventID = NULL; - + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; protected $_tableName = NULL; public $_permissionedComponent; @@ -309,10 +310,16 @@ contact_a.display_name as display_name"; * @return string */ public function from() { - return " + $this->buildACLClause('contact_a'); + $from = " FROM civicrm_contact contact_a -INNER JOIN {$this->_tableName} tempTable ON ( tempTable.contact_id = contact_a.id ) +INNER JOIN {$this->_tableName} tempTable ON ( tempTable.contact_id = contact_a.id ) {$this->_aclFrom} "; + if ($this->_aclWhere) { + $this->_where .= " AND {$this->_aclWhere} "; + } + + return $from; } /** @@ -356,4 +363,11 @@ INNER JOIN {$this->_tableName} tempTable ON ( tempTable.contact_id = contact_a.i } } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/Proximity.php b/CRM/Contact/Form/Search/Custom/Proximity.php index 181478437b..3f9e8c632a 100644 --- a/CRM/Contact/Form/Search/Custom/Proximity.php +++ b/CRM/Contact/Form/Search/Custom/Proximity.php @@ -37,6 +37,8 @@ class CRM_Contact_Form_Search_Custom_Proximity extends CRM_Contact_Form_Search_C protected $_latitude = NULL; protected $_longitude = NULL; protected $_distance = NULL; + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; /** * @param $formValues @@ -199,12 +201,13 @@ country.name as country * @return string */ public function from() { + $this->buildACLClause('contact_a'); $f = " FROM civicrm_contact contact_a LEFT JOIN civicrm_address address ON ( address.contact_id = contact_a.id AND address.is_primary = 1 ) LEFT JOIN civicrm_state_province state_province ON state_province.id = address.state_province_id -LEFT JOIN civicrm_country country ON country.id = address.country_id +LEFT JOIN civicrm_country country ON country.id = address.country_id {$this->_aclFrom} "; // This prevents duplicate rows when contacts have more than one tag any you select "any tag" @@ -219,6 +222,10 @@ LEFT JOIN civicrm_group_contact cgc ON ( cgc.contact_id = contact_a.id AND cgc.s "; } + if ($this->_aclWhere) { + $this->_where .= " AND {$this->_aclWhere} "; + } + return $f; } @@ -249,6 +256,7 @@ AND cgc.group_id = {$this->_group} } $where .= " AND contact_a.is_deleted != 1 "; + $where .= "{$this->_where}"; return $this->whereClause($where, $params); } @@ -303,4 +311,11 @@ AND cgc.group_id = {$this->_group} } } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/RandomSegment.php b/CRM/Contact/Form/Search/Custom/RandomSegment.php index c53eaced48..d590a34834 100644 --- a/CRM/Contact/Form/Search/Custom/RandomSegment.php +++ b/CRM/Contact/Form/Search/Custom/RandomSegment.php @@ -35,6 +35,8 @@ class CRM_Contact_Form_Search_Custom_RandomSegment extends CRM_Contact_Form_Search_Custom_Base implements CRM_Contact_Form_Search_Interface { protected $_debug = 0; + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; /** * @param $formValues @@ -292,6 +294,7 @@ class CRM_Contact_Form_Search_Custom_RandomSegment extends CRM_Contact_Form_Sear CRM_Core_DAO::executeQuery($insertGroupNameQuery); } } + $this->buildACLClause('contact_a'); $from = "FROM civicrm_contact contact_a"; @@ -324,11 +327,16 @@ class CRM_Contact_Form_Search_Custom_RandomSegment extends CRM_Contact_Form_Sear $from = "FROM random_{$this->_tableName} random"; - $from .= " INNER JOIN civicrm_contact contact_a ON random.id = contact_a.id"; + $from .= " INNER JOIN civicrm_contact contact_a ON random.id = contact_a.id {$this->_aclFrom}"; $from .= " $fromTail"; + if ($this->_aclWhere) { + $this->_where .= " AND {$this->_aclWhere} "; + } + return $from; + } /** @@ -382,4 +390,11 @@ class CRM_Contact_Form_Search_Custom_RandomSegment extends CRM_Contact_Form_Sear return NULL; } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/Sample.php b/CRM/Contact/Form/Search/Custom/Sample.php index 8ec46684ba..99929e5345 100644 --- a/CRM/Contact/Form/Search/Custom/Sample.php +++ b/CRM/Contact/Form/Search/Custom/Sample.php @@ -33,6 +33,8 @@ * */ class CRM_Contact_Form_Search_Custom_Sample extends CRM_Contact_Form_Search_Custom_Base implements CRM_Contact_Form_Search_Interface { + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; /** * @param $formValues */ @@ -138,14 +140,19 @@ state_province.name as state_province * @return string */ public function from() { - return " + $this->buildACLClause('contact_a'); + $from = " FROM civicrm_contact contact_a LEFT JOIN civicrm_address address ON ( address.contact_id = contact_a.id AND address.is_primary = 1 ) LEFT JOIN civicrm_email ON ( civicrm_email.contact_id = contact_a.id AND civicrm_email.is_primary = 1 ) -LEFT JOIN civicrm_state_province state_province ON state_province.id = address.state_province_id +LEFT JOIN civicrm_state_province state_province ON state_province.id = address.state_province_id {$this->_aclFrom} "; + if ($this->_aclWhere) { + $this->_where .= " AND {$this->_aclWhere} "; + } + return $from; } /** @@ -156,6 +163,7 @@ LEFT JOIN civicrm_state_province state_province ON state_province.id = address.s public function where($includeContactIDs = FALSE) { $params = array(); $where = "contact_a.contact_type = 'Household'"; + $where .= "{$this->_where}"; $count = 1; $clause = array(); @@ -227,4 +235,11 @@ LEFT JOIN civicrm_state_province state_province ON state_province.id = address.s } } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/TagContributions.php b/CRM/Contact/Form/Search/Custom/TagContributions.php index fe83105ce3..c57cbbea1b 100644 --- a/CRM/Contact/Form/Search/Custom/TagContributions.php +++ b/CRM/Contact/Form/Search/Custom/TagContributions.php @@ -35,6 +35,8 @@ class CRM_Contact_Form_Search_Custom_TagContributions extends CRM_Contact_Form_Search_Custom_Base implements CRM_Contact_Form_Search_Interface { protected $_formValues; + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; public $_permissionedComponent; /** @@ -144,13 +146,18 @@ WHERE $where * @return string */ public function from() { - return " + $this->buildACLClause('contact_a'); + $from = " civicrm_contribution, civicrm_contact contact_a LEFT JOIN civicrm_entity_tag ON ( civicrm_entity_tag.entity_table = 'civicrm_contact' AND civicrm_entity_tag.entity_id = contact_a.id ) - LEFT JOIN civicrm_tag ON civicrm_tag.id = civicrm_entity_tag.tag_id -"; + LEFT JOIN civicrm_tag ON civicrm_tag.id = civicrm_entity_tag.tag_id {$this->_aclFrom} + "; + if ($this->_aclWhere) { + $this->_where .= " {$this->_aclWhere} "; + } + return $from; } /* @@ -226,7 +233,7 @@ WHERE $where * @param int $offset * @param int $rowcount * @param null $sort - * @param boolean $returnSQL Not used; included for consistency with parent; SQL is always returned + * @param bool $returnSQL Not used; included for consistency with parent; SQL is always returned * * @return string */ @@ -260,4 +267,11 @@ WHERE $where return NULL; } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + } diff --git a/CRM/Contact/Form/Search/Custom/ZipCodeRange.php b/CRM/Contact/Form/Search/Custom/ZipCodeRange.php index 344ad3521e..a25a22e127 100644 --- a/CRM/Contact/Form/Search/Custom/ZipCodeRange.php +++ b/CRM/Contact/Form/Search/Custom/ZipCodeRange.php @@ -33,6 +33,8 @@ * */ class CRM_Contact_Form_Search_Custom_ZipCodeRange extends CRM_Contact_Form_Search_Custom_Base implements CRM_Contact_Form_Search_Interface { + protected $_aclFrom = NULL; + protected $_aclWhere = NULL; /** * @param $formValues */ @@ -130,13 +132,18 @@ address.postal_code as postal_code * @return string */ public function from() { - return " + $this->buildACLClause('contact_a'); + $from = " FROM civicrm_contact contact_a LEFT JOIN civicrm_address address ON ( address.contact_id = contact_a.id AND address.is_primary = 1 ) LEFT JOIN civicrm_email email ON ( email.contact_id = contact_a.id AND - email.is_primary = 1 ) + email.is_primary = 1 ) {$this->_aclFrom} "; + if ($this->_aclWhere) { + $this->_where .= " {$this->_aclWhere} "; + } + return $from; } /** @@ -168,6 +175,8 @@ LEFT JOIN civicrm_email email ON ( email.contact_id = contact_a.id AND 2 => array(trim($high), 'Integer'), ); + $where .= "{$this->_where} "; + return $this->whereClause($where, $params); } @@ -197,4 +206,11 @@ LEFT JOIN civicrm_email email ON ( email.contact_id = contact_a.id AND } } + /** + * @param string $tableAlias + */ + public function buildACLClause($tableAlias = 'contact') { + list($this->_aclFrom, $this->_aclWhere) = CRM_Contact_BAO_Contact_Permission::cacheClause($tableAlias); + } + }