From 8b5445c8b8c07618497c075559d7c68d2cb0fe5d Mon Sep 17 00:00:00 2001
From: eileen <emcnaughton@wikimedia.org>
Date: Wed, 13 Mar 2019 15:00:35 +1300
Subject: [PATCH] Pass 'check permissions' flag through to merge function

The inner function will only delete the merged contact if checkPermissions is false or
the logged in user has permission to delete. Our api model expects check_permissions to be
respected at the BAO level
---
 api/v3/Contact.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/api/v3/Contact.php b/api/v3/Contact.php
index 8f82b41259..54ce858580 100644
--- a/api/v3/Contact.php
+++ b/api/v3/Contact.php
@@ -1195,12 +1195,14 @@ function _civicrm_api3_contact_deprecation() {
  * @throws API_Exception
  */
 function civicrm_api3_contact_merge($params) {
-  if (($result = CRM_Dedupe_Merger::merge([
-      [
-        'srcID' => $params['to_remove_id'],
-        'dstID' => $params['to_keep_id'],
-      ],
-    ], [], $params['mode'])) != FALSE) {
+  if (($result = CRM_Dedupe_Merger::merge(
+    [['srcID' => $params['to_remove_id'], 'dstID' => $params['to_keep_id']]],
+    [],
+    $params['mode'],
+    FALSE,
+    CRM_Utils_Array::value('check_permissions', $params)
+    )) != FALSE) {
+
     return civicrm_api3_create_success($result, $params);
   }
   throw new API_Exception('Merge failed');
-- 
2.25.1