From 3e5a806c04ed0c11f1f7aed16203d4b8cc966cdc Mon Sep 17 00:00:00 2001 From: Elin Waring Date: Thu, 23 Apr 2015 17:36:27 -0400 Subject: [PATCH] Allow access to user permissions using the REST API in Joomla. #CRM-16292 --- CRM/Core/Permission/Joomla.php | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/CRM/Core/Permission/Joomla.php b/CRM/Core/Permission/Joomla.php index 61e1ccf737..583527b31c 100644 --- a/CRM/Core/Permission/Joomla.php +++ b/CRM/Core/Permission/Joomla.php @@ -61,12 +61,36 @@ class CRM_Core_Permission_Joomla extends CRM_Core_Permission_Base { // we've not yet figured out how to bootstrap joomla, so we should // not execute hooks if joomla is not loaded if (defined('_JEXEC')) { - $permission = JFactory::getUser()->authorise($translated[0], $translated[1]); - return $permission; + $user = JFactory::getUser(); + + // If we are coming from REST we don't have a user but we do have the api_key for a user. + if ($user->id === 0) { + // This is a codeblock copied from /Civicrm/Utils/REST + $uid = NULL; + if (!$uid) { + $store = NULL; + $api_key = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST'); + + if (empty($api_key)) { + return CRM_Utils_Rest::error("FATAL: mandatory param 'api_key' (user key) missing"); + } + + $contact_id = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key'); + + if ($contact_id) { + $uid = CRM_Core_BAO_UFMatch::getUFId($contact_id); + } + $user = JFactory::getUser($uid); + + } + } + + return $user->authorise($translated[0], $translated[1]);; + } else { - // This function is supposed to return a boolean. What does '(1)' mean? - return '(1)'; + + return false; } } -- 2.25.1