From 1bcdee33945a16b25ff8e902947da946a171c28b Mon Sep 17 00:00:00 2001 From: eileen Date: Mon, 14 Jan 2019 23:39:03 +1300 Subject: [PATCH] Fix unreleased regression whereby acls are skipped for groups --- CRM/ACL/BAO/ACL.php | 55 +++++----------------- tests/phpunit/api/v3/ACLPermissionTest.php | 9 +++- 2 files changed, 18 insertions(+), 46 deletions(-) diff --git a/CRM/ACL/BAO/ACL.php b/CRM/ACL/BAO/ACL.php index a2ac22df25..4c00357020 100644 --- a/CRM/ACL/BAO/ACL.php +++ b/CRM/ACL/BAO/ACL.php @@ -774,60 +774,27 @@ SELECT g.* AND g.is_active = 1 "; $dao = CRM_Core_DAO::executeQuery($query); - $staticGroupIDs = array(); - $cachedGroupIDs = array(); + $groupIDs = []; + $groupContactCacheClause = FALSE; while ($dao->fetch()) { - // currently operation is restricted to VIEW/EDIT - if ($dao->where_clause) { - if ($dao->select_tables) { - $tmpTables = array(); - foreach (unserialize($dao->select_tables) as $tmpName => $tmpInfo) { - if ($tmpName == '`civicrm_group_contact-' . $dao->id . '`') { - $tmpName = '`civicrm_group_contact-ACL`'; - $tmpInfo = str_replace('civicrm_group_contact-' . $dao->id, 'civicrm_group_contact-ACL', $tmpInfo); - } - elseif ($tmpName == '`civicrm_group_contact_cache_' . $dao->id . '`') { - $tmpName = '`civicrm_group_contact_cache-ACL`'; - $tmpInfo = str_replace('civicrm_group_contact_cache_' . $dao->id, 'civicrm_group_contact_cache-ACL', $tmpInfo); - } - $tmpTables[$tmpName] = $tmpInfo; - } - $tables = array_merge($tables, - $tmpTables - ); - } - if ($dao->where_tables) { - $tmpTables = array(); - foreach (unserialize($dao->where_tables) as $tmpName => $tmpInfo) { - if ($tmpName == '`civicrm_group_contact-' . $dao->id . '`') { - $tmpName = '`civicrm_group_contact-ACL`'; - $tmpInfo = str_replace('civicrm_group_contact-' . $dao->id, 'civicrm_group_contact-ACL', $tmpInfo); - $staticGroupIDs[] = $dao->id; - } - elseif ($tmpName == '`civicrm_group_contact_cache_' . $dao->id . '`') { - $tmpName = '`civicrm_group_contact_cache-ACL`'; - $tmpInfo = str_replace('civicrm_group_contact_cache_' . $dao->id, 'civicrm_group_contact_cache-ACL', $tmpInfo); - $cachedGroupIDs[] = $dao->id; - } - $tmpTables[$tmpName] = $tmpInfo; - } - $whereTables = array_merge($whereTables, $tmpTables); - } - } + $groupIDs[] = $dao->id; if (($dao->saved_search_id || $dao->children || $dao->parents) && $dao->cache_date == NULL ) { CRM_Contact_BAO_GroupContactCache::load($dao); + $groupContactCacheClause = " UNION SELECT contact_id FROM civicrm_group_contact_cache WHERE group_id IN (" . implode(', ', $groupIDs) . ")"; } - } - if ($staticGroupIDs) { - $clauses[] = '( `civicrm_group_contact-ACL`.group_id IN (' . implode(', ', $staticGroupIDs) . ') AND `civicrm_group_contact-ACL`.status IN ("Added") )'; } - if ($cachedGroupIDs) { - $clauses[] = '`civicrm_group_contact_cache-ACL`.group_id IN (' . implode(', ', $cachedGroupIDs) . ')'; + if ($groupIDs) { + $clauses[] = "( + `contact_a`.id IN ( + SELECT contact_id FROM civicrm_group_contact WHERE group_id IN (" . implode(', ', $groupIDs) . ") AND status = 'Added' + $groupContactCacheClause + ) + )"; } } } diff --git a/tests/phpunit/api/v3/ACLPermissionTest.php b/tests/phpunit/api/v3/ACLPermissionTest.php index 3501d4d2f1..da3c1ce092 100644 --- a/tests/phpunit/api/v3/ACLPermissionTest.php +++ b/tests/phpunit/api/v3/ACLPermissionTest.php @@ -669,10 +669,15 @@ class api_v3_ACLPermissionTest extends CiviUnitTestCase { */ public function testGetACLEveryonePermittedEntity() { $this->setupScenarioCoreACLEveryonePermittedToGroup(); - $this->callAPISuccess('Contact', 'getsingle', [ + $this->callAPISuccessGetCount('Contact', [ 'id' => $this->scenarioIDs['Contact']['permitted_contact'], 'check_permissions' => 1, - ]); + ], 1); + + $this->callAPISuccessGetCount('Contact', [ + 'id' => $this->scenarioIDs['Contact']['non_permitted_contact'], + 'check_permissions' => 1, + ], 0); } } -- 2.25.1