Eileen McNaughton [Fri, 18 Jun 2021 23:57:17 +0000 (11:57 +1200)]
Merge pull request #20661 from seamuslee001/dev_core_2604
dev/core#2604 Apply upstream patch to allow single quotes in return p…
Seamus Lee [Fri, 18 Jun 2021 21:45:17 +0000 (21:45 +0000)]
dev/core#2604 Apply upstream patch to allow single quotes in return patch emails
Seamus Lee [Thu, 17 Jun 2021 20:35:15 +0000 (06:35 +1000)]
Merge pull request #20645 from agh1/5.39.0-releasenotes-initial
5.39.0 release notes initial run
Andrew Hunt [Thu, 17 Jun 2021 16:33:18 +0000 (12:33 -0400)]
5.39.0 release notes: added boilerplate
Andrew Hunt [Thu, 17 Jun 2021 16:30:57 +0000 (12:30 -0400)]
5.39.0 release notes: raw from script
Seamus Lee [Wed, 16 Jun 2021 23:08:19 +0000 (09:08 +1000)]
Merge pull request #20610 from colemanw/fixApiOrder
dev/report#68 Fix smart group crash when ordering by aggregated column
Coleman Watts [Tue, 15 Jun 2021 19:44:12 +0000 (15:44 -0400)]
SearchKit - Fix smart group crash when ordering by aggregated column
Fixes dev/report#68
Seamus Lee [Tue, 15 Jun 2021 23:36:26 +0000 (09:36 +1000)]
Merge pull request #20609 from colemanw/readOnlyApis
APIv4 - Make LineItem, EntityFinancialTrxn and FinancialTrxn read-only
Seamus Lee [Tue, 15 Jun 2021 23:35:47 +0000 (09:35 +1000)]
Merge pull request #20611 from eileenmcnaughton/539_o
Fix unreleased api change to more logical variant
Monish Deb [Wed, 9 Jun 2021 03:35:20 +0000 (09:05 +0530)]
test failure fix
Eileen McNaughton [Tue, 15 Jun 2021 21:40:57 +0000 (09:40 +1200)]
Fix unreleased api change
An unreleased change adds the entity ids for membership to the return values.
However, on digging into further cleanup I realised that the entity ids are in
the line item array, along with other values which may or may not be useful,
and it's cleaner, more complete and more maintainable to return the line_items.
It requires an extra foreach loop in the calling code but
I don't see that as a downside.
We should change this in the rc so what is released is consistent
Test cover in testSubmitRecur & other tests in CRM_Member_Form_MembershipTest
Coleman Watts [Tue, 15 Jun 2021 19:04:06 +0000 (15:04 -0400)]
APIv4 - Make LineItem, EntityFinancialTrxn and FinancialTrxn read-only
Adds a new ReadOnly trait which annotates write methods as @internal
and sets write permissions to ALWAYS_DENY.
This effectively hides the write actions from the API Explorer,
and restricts use of the write methods to when `checkPermissions = FALSE`.
Seamus Lee [Sat, 12 Jun 2021 00:11:27 +0000 (10:11 +1000)]
Merge pull request #20580 from demeritcowboy/upgrade-table
dev/core#2649 - Make 5.39 upgrade more robust
demeritcowboy [Fri, 11 Jun 2021 15:18:45 +0000 (11:18 -0400)]
be re-runnable and don't force utf8mb4
Eileen McNaughton [Fri, 11 Jun 2021 02:36:23 +0000 (14:36 +1200)]
Merge pull request #20571 from demeritcowboy/regen-539
Update civicrm_generated (5.39 version)
demeritcowboy [Fri, 11 Jun 2021 00:50:12 +0000 (20:50 -0400)]
update civicrm_generated
Seamus Lee [Thu, 10 Jun 2021 22:34:31 +0000 (08:34 +1000)]
Merge pull request #20567 from seamuslee001/fix_unittest_warning
[NFC] Fix phpunit9 deprecation issues on using assertType instead of …
Seamus Lee [Thu, 10 Jun 2021 21:05:45 +0000 (07:05 +1000)]
[NFC] Fix phpunit9 deprecation issues on using assertType instead of more explicit assertIsArray or AssertIsInt
CiviCRM [Thu, 10 Jun 2021 05:46:43 +0000 (05:46 +0000)]
ext/*/info.xml - Update version
CiviCRM [Thu, 10 Jun 2021 04:53:32 +0000 (04:53 +0000)]
Set version to 5.39.beta1
Seamus Lee [Thu, 10 Jun 2021 00:00:47 +0000 (10:00 +1000)]
Merge pull request #20532 from eileenmcnaughton/f_add
Fix Financial item test to validate Financials
Seamus Lee [Wed, 9 Jun 2021 23:59:51 +0000 (09:59 +1000)]
Merge pull request #20552 from eileenmcnaughton/fin
Mark DetailTest as having invalid financials
Eileen McNaughton [Wed, 9 Jun 2021 23:46:06 +0000 (11:46 +1200)]
Merge pull request #20533 from totten/master-api4-omnivent
Introduce civi.api4.authorizeRecord and civi.api4.validate
Eileen McNaughton [Wed, 9 Jun 2021 21:14:41 +0000 (09:14 +1200)]
Merge pull request #20564 from eileenmcnaughton/report
dev/core#2646 juice up the error a little
Eileen McNaughton [Wed, 9 Jun 2021 19:39:04 +0000 (07:39 +1200)]
Merge pull request #20493 from jaapjansma/dev_membership_37
Fix for dev/membership#37
demeritcowboy [Wed, 9 Jun 2021 19:34:42 +0000 (15:34 -0400)]
Merge pull request #20563 from colemanw/array_key
REF - Cleanup array key checking to use array_key_exists
Eileen McNaughton [Wed, 9 Jun 2021 19:34:06 +0000 (07:34 +1200)]
dev/core#2646 juice up the error a little
On explaining the issue in https://lab.civicrm.org/dev/core/-/issues/2646 not
having the name of the failed entity in the error message seemed like a pain point
Tim Otten [Wed, 9 Jun 2021 10:24:21 +0000 (03:24 -0700)]
Expand CustomValue::_checkAccess()
Before: Reports that access is available based one delegated-check for `Contact.update`
After: Reports that access is available based on multiple checks:
1. The user must have access to the relevant CustomGroup (by way of ACL or perms)
2. The user must have acces to the underlying entity (by way of checkAccessDelgated)
Comments: I did a bit of testing with `Custom_*.get`, and it does seem to
give access to single-value CustomGroups. So I removed a comment about
multi-value CustomGroups and expanded to a larger list of entities.
demeritcowboy [Wed, 9 Jun 2021 14:22:52 +0000 (10:22 -0400)]
Merge pull request #20562 from colemanw/shortArrayContactTask
[REF] CRM_Contact_Task - Use short array syntax
colemanw [Wed, 9 Jun 2021 13:56:21 +0000 (09:56 -0400)]
Merge pull request #20059 from samuelsov/dev/core#2479
dev/core#2479 Adjust generic copy for localizable fields
Coleman Watts [Wed, 9 Jun 2021 13:41:52 +0000 (09:41 -0400)]
REF - Cleanup array key checking to use array_key_exists
Before: in_array($foo, array_keys($bar))
After: array_key_exists($foo, $bar)
Coleman Watts [Wed, 9 Jun 2021 12:45:26 +0000 (08:45 -0400)]
CRM_Contact_Task - Use short array syntax
Tim Otten [Wed, 9 Jun 2021 02:46:17 +0000 (19:46 -0700)]
Partially rollback changes to `$userID`. Merely lay groundwork for future update.
Context: AuthorizeEvent did not allow tracking userID. AuthorizeRecordEvent
is spec'd to track userID. This is a step toward supporting checks when the
target user is non-present (ie not the user in the browser/session).
However, this step is not *sufficient* - additional work is also needed to
support non-present users.
Original: AuthorizeEvent and AbstractAction::isAuthorized did not report
current userID. However, the wiring for AuthorizeRecordEvent is spec'd
to allow userID.
Previous: Made a breaking change in the signature of
AuthorizeEvent/AbstractAction::isAuthorized() to report userID. However,
even with the break, it's not clear if this is the best approach.
Revised:
* Both AuthorizeEvent and AuthorizeRecordEvent report `userID`. This allows consumers to start using
this information -- laying the groundwork for future changes.
* If an existing event-consumer ignores the `userID`, it will still work as correctly as before. This is
because we guarantee that the userID matches the session-user.
* The signature of `AbstractAction::isAuthorized()` matches its original. No BC break. However, the method
is flagged `@internal` to warn about the prospect of future changes.
* In the future, after we do more legwork on to ensure that the overall
system makes sense, we may flip this and start doing non-present users.
Eileen McNaughton [Wed, 9 Jun 2021 03:18:05 +0000 (15:18 +1200)]
Merge pull request #20560 from colemanw/searchable
APIv4 - Make the @searchable flag explicit for OptionList type entities.
demeritcowboy [Wed, 9 Jun 2021 02:18:53 +0000 (22:18 -0400)]
Merge pull request #20545 from seamuslee001/hook_test_fix_part1
[php8-compat] Partial Fix of hook tests for php8
Seamus Lee [Wed, 9 Jun 2021 01:09:10 +0000 (11:09 +1000)]
Merge pull request #20548 from eileenmcnaughton/group
Fix the populateTempTable to be more direct
Coleman Watts [Tue, 8 Jun 2021 23:18:30 +0000 (19:18 -0400)]
APIv4 - Make the @searchable flag explicit for OptionList type entities.
The OptionList trait may or may not be useful in future, maybe we'll just get rid of it if not.
But I think it's better not to couple it with the @searchable flag, as that's not exactly the same thing.
Seamus Lee [Wed, 9 Jun 2021 00:29:05 +0000 (10:29 +1000)]
Merge pull request #20557 from demeritcowboy/test-turkish
[NFC/Unit Test] Failing test for civicrm-packages PR 324
Seamus Lee [Tue, 8 Jun 2021 00:54:20 +0000 (00:54 +0000)]
[php8-compat] Partial Fix of hook tests for php8
colemanw [Wed, 9 Jun 2021 00:07:24 +0000 (20:07 -0400)]
Merge pull request #20542 from seamuslee001/hook_test_fixes_2
[php8-compact] Add in guards into various templates to fix hook tests…
Eileen McNaughton [Tue, 8 Jun 2021 07:25:04 +0000 (19:25 +1200)]
Mark DetailTest as having invalid financials
This class sets up in a weird way it will never pass financial checks
Eileen McNaughton [Tue, 8 Jun 2021 22:23:11 +0000 (10:23 +1200)]
Merge pull request #20549 from seamuslee001/php8_report
[php8-compact] Fix Report tests failing on php8
Seamus Lee [Tue, 8 Jun 2021 22:16:39 +0000 (08:16 +1000)]
Merge pull request #20540 from seamuslee001/tcpdf_upgrade
[php8-compat] Upgrade TCPDF version to support php8
Eileen McNaughton [Tue, 8 Jun 2021 22:16:17 +0000 (10:16 +1200)]
Merge pull request #20558 from colemanw/searchKitRelationships
SearchKit - allow searches based on relationships
Eileen McNaughton [Tue, 8 Jun 2021 21:44:49 +0000 (09:44 +1200)]
Merge pull request #20559 from colemanw/wordReplacement
dev/core#2486 - Add WordReplacement APIv4 entity
demeritcowboy [Tue, 8 Jun 2021 16:00:53 +0000 (12:00 -0400)]
unit test for db insert in TR locale
Coleman Watts [Tue, 8 Jun 2021 19:08:15 +0000 (15:08 -0400)]
dev/core#2486 - Add WordReplacement APIv4 entity
Eileen McNaughton [Tue, 8 Jun 2021 19:04:55 +0000 (07:04 +1200)]
Merge pull request #20555 from ahed-compucorp/dev/core#1744-afform
(REF) dev/core#1744 - Simplify Afform event naming
Coleman Watts [Tue, 8 Jun 2021 16:33:00 +0000 (12:33 -0400)]
SearchKit - Enable search for relationships as base entity
This makes it possible to use a bridge entity for the base of a search
(only if it is annotated @searchable primary|secondary)
It also ensures that fields needed for links are available in search displays
(previously it ensured ID was returned but some links require other fields as well)
Coleman Watts [Tue, 8 Jun 2021 16:22:51 +0000 (12:22 -0400)]
SearchKit - Fix error when trying to update operator in ON clause
Ahed [Tue, 8 Jun 2021 12:48:57 +0000 (15:48 +0300)]
dev/core#1744 - Simplify afform event naming
Monish Deb [Tue, 8 Jun 2021 07:34:21 +0000 (13:04 +0530)]
Merge pull request #20530 from eileenmcnaughton/val
Fix v3 api payment test to validate on postAssert
Eileen McNaughton [Tue, 8 Jun 2021 01:57:52 +0000 (13:57 +1200)]
Fix the populateTempTable to be more direct
It's currently using a round-about method to populate the table which goes through
apiv3 and the query object before winding up at the load function
which makes the same 3 calls now being called directly
Note the tests api_v3_ReportTemplateTest as well as the apiv4 tests
cover this function
Seamus Lee [Tue, 8 Jun 2021 04:34:47 +0000 (04:34 +0000)]
[php8-compact] Fix Report tests failing on php8
Tim Otten [Fri, 4 Jun 2021 18:57:55 +0000 (11:57 -0700)]
Convert hook_civicrm_checkAccess to civi.api4.authorizeRecord
Tim Otten [Mon, 7 Jun 2021 10:12:10 +0000 (03:12 -0700)]
(REF) Consolidate calls to `Hook::checkAccess()`. Define initial value `$granted=NULL`.
Regarding invocations:
* Before: There are three different ways `Hook::checkAccess()` may be invoked, e.g.
* `CRM_Core_DAO::checkAccess()`, which sprinkles in a call to `static::_checkAccess()` before `Hook::checkAccess()`
* `CRM_Core_BAO_CustomValue::checkAccess()`, which sprinkles in a call to `checkAccessDelegated()` after `Hook::checkAccess()`
* `CoreUtil::checkAccessRecord()`, which delegates to one of the above (if appropriate) or else calls `Hook::checkAccess()`
* `CoreUtil::checkAccessRecord()` is the most general entry-point
* After: There is one way to invoke `Hook::checkAccess()`, and it incorporates some qausi/unofficial listeners.
* `CoreUtil::checkAccessRecord()` is still the most general entry-point.
* `CoreUtil::checkAccessRecord()` fires `Hook::checkAccess()` unconditionally
* `CoreUtil::checkAccessRecord()` calls `CRM_Core_DAO::checkAccess()` and/or `CRM_Core_BAO_CustomValue::_checkAccess()`,
which are now quasi/unofficial listeners for the hook
Regarding initialization and passing of `$granted`:
* Before: The value of `$granted` defaults to `TRUE`. Listeners may flip between `TRUE`/`FALSE`. The value of `$granted` is passed to each listener.
* After: The value of `$granted` defaults to `NULL`. Listeners may flip to `TRUE`/`FALSE`. If it remains `NULL` until the end, then it's treated as `TRUE`.
The value of `$granted` is not passed to each listener.
* Comment: IMHO, this is an overall simplification. If you pass in `$granted`, then each listener has to decide
whether/how to mix the inputted value with its own decision. (Ex: Should it be `return $grantedInput &&
$myGrantedDecision` or `return $grantedInput || $myGrantedDecision` or `return $myGrantedDecision`? That choice appears to be
carefully informed by the context of what steps ran before.) In the updated protocol, each `_checkAccess()` a smaller scope.
Tim Otten [Mon, 7 Jun 2021 06:28:43 +0000 (23:28 -0700)]
(REF) Change CoreUtil::checkAccess() to CoreUtil::checkAccessRecord()
This change invovles a few things:
1. Pass the `AbstractAction $apiRequest` instead of the tuple `string $entity, string $action`.
2. There are a couple cases where we don't actually want to re-use the current `$apiRequest`.
Switch these using `checkAccessDelegated()`.
3. Always resolve the userID before calling `checkAccessRecord()`. `$userID===null` can mean
two different things (ie "active user" vs "anonymous user"). By
resolving this once before we do any work with `checkAccess()`, we ensure that it will
consistently mean "anonymous user" (even if there are multiple rounds of delegation).
3. Change the name from `checkAccess()` to `checkAccessRecord`. There are a few flavors of
`...checkAccess...`, and this makes it easier to differentiate when skimming.
Tim Otten [Mon, 7 Jun 2021 06:05:40 +0000 (23:05 -0700)]
(REF) Consistently pass `string $entity` to all flavors of checkAccess
1. This removes the special-case where `CustomValue::checkAccess()` needs an extra parameter
to identify the target entity.
2. This lines things up to do the swap from `_checkAccess()` to a hook/event listener
Tim Otten [Mon, 7 Jun 2021 03:13:12 +0000 (20:13 -0700)]
(REF) Isolate calls to $bao::checkAccess. Prefer CoreUtil::checkAccessDelegate.
Code paths:
* Before: There are many callers to `$bao::checkAccess()`.
* After: There is only one caller to `$bao::checkAccess()` (ie `CoreUtil`).
Delegation mechanics:
* Before: When delegating access-control to another entity, various things invoke `$bao::checkAccess()`.
* After: When delegating access-control to another entity, various things invoke `CoreUtil::checkAccessDelegated()`
Tim Otten [Fri, 4 Jun 2021 23:42:29 +0000 (16:42 -0700)]
CoreUtil::checkAccess() - Accept optional argument $userID
Technically, there is an inheritable contract-change here - modifying
`isAuthorized()` to accept the current user ID. However, I grepped
universe for references:
```
[bknix-min:~/bknix/build/universe] grep -ri isAuthorized $( find -name Civi )
```
And all references were internal to `civicrm-core.git`. This makes some
sense, given the available alternative extension-points
(`Civi\Api4\$ENTITY::permissions()` and `civi.api.authorize`).
Seamus Lee [Tue, 8 Jun 2021 02:24:36 +0000 (12:24 +1000)]
Merge pull request #20541 from eileenmcnaughton/alpha_trigg
Sort trigger data before processing
Seamus Lee [Tue, 8 Jun 2021 00:55:50 +0000 (00:55 +0000)]
[php8-compact] Add in guards into various templates to fix hook tests in php8
Eileen McNaughton [Tue, 8 Jun 2021 00:06:57 +0000 (12:06 +1200)]
Sort trigger data before processing
At some point these stopped being consistently alpha sorted - which doesn't matter
if you are just letting Civi run the trigger updates but if you output it
and diff it this inconsistency is a problem
Subset of https://github.com/civicrm/civicrm-core/pull/20472
in the hope of getting this merged
https://github.com/civicrm/civicrm-core/pull/20471 also grooms this output for diffing
albeit only in an edge case
Eileen McNaughton [Mon, 7 Jun 2021 23:55:27 +0000 (11:55 +1200)]
Merge pull request #20539 from seamuslee001/group_custom_search_fix
[php8-compat] Fix Include/Exclude Group Custom Search Tests by better…
Eileen McNaughton [Mon, 7 Jun 2021 23:48:21 +0000 (11:48 +1200)]
Merge pull request #20537 from colemanw/searchKitLinkFix
SearchKit - Fix link target selection
Seamus Lee [Mon, 7 Jun 2021 23:08:39 +0000 (23:08 +0000)]
[php8-compat] Upgrade TCPDF version to support php8
Seamus Lee [Mon, 7 Jun 2021 23:02:24 +0000 (09:02 +1000)]
Merge pull request #20538 from seamuslee001/fix_resource_test
[php8-compat] Fix Resources Test issue due to undefined array key add…
Seamus Lee [Mon, 7 Jun 2021 22:13:25 +0000 (22:13 +0000)]
[php8-compat] Fix Include/Exclude Group Custom Search Tests by better handling empty arrays on exclusions in the custom search
Seamus Lee [Mon, 7 Jun 2021 20:55:47 +0000 (20:55 +0000)]
[php8-compat] Fix Resources Test issue due to undefined array key addCacheCode
demeritcowboy [Mon, 7 Jun 2021 20:05:33 +0000 (16:05 -0400)]
Merge pull request #20535 from MikeyMJCO/patch-12
Switch table mapping to square bracket array syntax.
Coleman Watts [Mon, 7 Jun 2021 19:53:36 +0000 (15:53 -0400)]
SearchKit - Fix link target selection and move link templating out of controller
Eileen McNaughton [Mon, 7 Jun 2021 19:37:41 +0000 (07:37 +1200)]
Merge pull request #20534 from demeritcowboy/dupedao
Dedupe DAO is out of date
Mikey O'Toole [Mon, 7 Jun 2021 15:50:34 +0000 (16:50 +0100)]
Switch table mapping to square bracket array syntax.
demeritcowboy [Mon, 7 Jun 2021 15:21:54 +0000 (11:21 -0400)]
Merge pull request #20525 from seamuslee001/fix_date_tests
[php8-compat][REF] Fix Date unit tests in php8 by passing in 00 inste…
demeritcowboy [Mon, 7 Jun 2021 14:55:54 +0000 (10:55 -0400)]
fix hash
Tim Otten [Mon, 7 Jun 2021 00:53:49 +0000 (17:53 -0700)]
(REF) AuthorizeEvent - Extract AuthorizedTrait
The primary purpose of this is to provide a trait (`AuthorizedTrait`) to
describe the common semantics of of coarse-grained authorization check and
the upcoming fine-grained authorization check.
The extracted trait makes a few small changes:
* Change the default value from `FALSE` to `NULL`. In grepping universe for
consumers of `isAuthorized(0`, I could only find consumers that used
bool-ish values. So this should be the same for them. However, for
future cases, it will allow some distinction between NULL/FALSE.
* Use more type-hints. The type should be nullable-boolean.
* Mutators should be amenable to fluent style (e.g. `$event->authorize()->stopPropagation()`).
Tim Otten [Mon, 7 Jun 2021 11:40:44 +0000 (04:40 -0700)]
ConformanceTest - Add support for read-only entities
Seamus Lee [Mon, 7 Jun 2021 06:49:53 +0000 (16:49 +1000)]
Merge pull request #20528 from colemanw/exportFix2
dev/report#67 Fix standalone export classes
Eileen McNaughton [Mon, 7 Jun 2021 06:49:38 +0000 (18:49 +1200)]
Fix Financial item test to validate Financials
The only material change here is to mark /**
protected $isValidateFinancialsOnPostAssert = FALSE
As I don't think this test is creating valid financial data 'on purpose'
Seamus Lee [Mon, 7 Jun 2021 06:34:08 +0000 (16:34 +1000)]
Merge pull request #20526 from seamuslee001/required_after_optional_more2
[php8-compact][REF] Fix another couple of places where by there are r…
Seamus Lee [Mon, 7 Jun 2021 06:33:59 +0000 (16:33 +1000)]
Merge pull request #20527 from seamuslee001/payment_token_fix
[php8-compact][REF] Fix api_v3_PaymentTokenTest to work on php8
Seamus Lee [Mon, 7 Jun 2021 06:33:15 +0000 (16:33 +1000)]
Merge pull request #20524 from seamuslee001/fix_case_custom_tests
[php8-compat][REF] Fix Case and Custom data tests by adding guards in…
Eileen McNaughton [Mon, 7 Jun 2021 06:09:10 +0000 (18:09 +1200)]
Fix v3 api payment test to validate on postAssert
This fixes the test that was failing validation & moves the validation to class level
Coleman Watts [Mon, 7 Jun 2021 05:06:31 +0000 (01:06 -0400)]
Fix standalone export classes
This fixes an 'access denied' error on standalone export forms,
caused by renaming the php classes.
Fixes dev/report#67
Seamus Lee [Mon, 7 Jun 2021 04:48:49 +0000 (04:48 +0000)]
[php8-compact][REF] Fix api_v3_PaymentTokenTest to work on php8
Seamus Lee [Mon, 7 Jun 2021 04:42:55 +0000 (04:42 +0000)]
[php8-compact][REF] Fix another couple of places where by there are required variables in php function declaration after optional ones
Seamus Lee [Mon, 7 Jun 2021 04:38:51 +0000 (04:38 +0000)]
[php8-compat][REF] Fix Date unit tests in php8 by passing in 00 instead of null for hours,minutes and seconds
Seamus Lee [Mon, 7 Jun 2021 04:35:52 +0000 (04:35 +0000)]
[php8-compat][REF] Fix Case and Custom data tests by adding guards into templates
Monish Deb [Mon, 7 Jun 2021 04:34:28 +0000 (10:04 +0530)]
Merge pull request #20357 from eileenmcnaughton/tax_add
Fix for tax rates being mangled on contribution update
Seamus Lee [Mon, 7 Jun 2021 04:34:01 +0000 (14:34 +1000)]
Merge pull request #20495 from eileenmcnaughton/lines
Use line items to look up memberships
Seamus Lee [Mon, 7 Jun 2021 04:32:52 +0000 (14:32 +1000)]
Merge pull request #20521 from eileenmcnaughton/validate
Test fix up for AdditionalPaymentTest
Tim Otten [Fri, 4 Jun 2021 05:59:48 +0000 (22:59 -0700)]
ConformanceTest - Add coverage for checkAccess
Coleman Watts [Sat, 8 May 2021 00:20:43 +0000 (20:20 -0400)]
Implement checkAccess for EntityTags and Notes
Coleman Watts [Thu, 6 May 2021 17:39:21 +0000 (13:39 -0400)]
Implement checkAccess for custom entities
Coleman Watts [Wed, 5 May 2021 19:30:03 +0000 (15:30 -0400)]
Implement _checkAccess for Contact BAO and related entities (email, phone, etc.)
Implements the _checkAccess BAO callback for contacts and the related entities
listed in _civicrm_api3_check_edit_permissions.
Switch APIv4 to stop using _civicrm_api3_check_edit_permissions
now that the checks are implemented in the BAO.
Also fixes a couple permission check functions to respect $userID variable.
Coleman Watts [Tue, 27 Apr 2021 18:51:02 +0000 (14:51 -0400)]
APIv4 - Add checkAccess action
Call checkAccess action before creating, updating or deleting
eileen [Sun, 11 Apr 2021 20:22:52 +0000 (08:22 +1200)]
Add BAO function and hook for checkAccess
This adds a static ::checkAccess function to all BAOs, which dispatches to
a protected _checkAccess function in that BAO, as well as a new hook:
hook_civicrm_checkAccess($entity, $action, $record, $contactID, &$granted)
Coleman Watts [Fri, 4 Jun 2021 06:12:23 +0000 (23:12 -0700)]
UFJoin - Update addSelectWhereClause
Tim Otten [Fri, 4 Jun 2021 06:05:19 +0000 (23:05 -0700)]
DAOCreateAction - Fill defaults before validating write
Tim Otten [Fri, 4 Jun 2021 03:13:48 +0000 (20:13 -0700)]
FinancialItem - Provide defaults so that stricter ConformanceTest will pas
Context: There were three separate, concurrent PRs - two added more tests
and events to APIv4, and the third added a new entity (FinancialItem).
FinancialItem got merged first. I'm working reconciling the other two...
and discovered that `FinancialItem` isn't passing.
Problem: When the `ConformanceTest` creates a `FinancialItem`, it doesn't
fill in valid values for `entity_table,entity_id`. These values are
important to the access-control criteria used in reading-back data.