From 9808e2055e35bae4d3d694fda9f20bd6e5d14d6f Mon Sep 17 00:00:00 2001
From: Coleman Watts <coleman@civicrm.org>
Date: Mon, 6 Mar 2017 16:12:19 -0500
Subject: [PATCH] CRM-20102 - Better filters for case contact_id field

---
 api/v3/Case.php | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/api/v3/Case.php b/api/v3/Case.php
index efddd0904b..a8bc1d832c 100644
--- a/api/v3/Case.php
+++ b/api/v3/Case.php
@@ -218,16 +218,18 @@ function civicrm_api3_case_get($params) {
 
   // Add clause to search by client
   if (!empty($params['contact_id'])) {
-    $contacts = array();
-    foreach ((array) $params['contact_id'] as $c) {
-      if (!CRM_Utils_Rule::positiveInteger($c)) {
-        throw new API_Exception('Invalid parameter: contact_id. Must provide numeric value(s).');
+    // Legacy support - this field historically supports a nonstandard format of array(1,2,3) as a synonym for array('IN' => array(1,2,3))
+    if (is_array($params['contact_id'])) {
+      $operator = CRM_Utils_Array::first(array_keys($params['contact_id']));
+      if (!in_array($operator, \CRM_Core_DAO::acceptedSQLOperators(), TRUE)) {
+        $params['contact_id'] = array('IN' => $params['contact_id']);
       }
-      $contacts[] = $c;
     }
-    $sql
-      ->join('civicrm_case_contact', 'INNER JOIN civicrm_case_contact ON civicrm_case_contact.case_id = a.id')
-      ->where('civicrm_case_contact.contact_id IN (' . implode(',', $contacts) . ')');
+    else {
+      $params['contact_id'] = array('=' => $params['contact_id']);
+    }
+    $clause = CRM_Core_DAO::createSQLFilter('contact_id', $params['contact_id']);
+    $sql->where("a.id IN (SELECT case_id FROM civicrm_case_contact WHERE $clause)");
   }
 
   // Add clause to search by activity
-- 
2.25.1