Merge pull request #13451 from eileenmcnaughton/everyone_510

(dev/core#660) Address regression whereby Anonymous users can no longer register for an event if they have ACLs to see a contact
civicrm · Jan 16, 2019 · 970511b · 970511b
2 parents 2e4c392 + dbb4e4f
commit 970511b
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 16 deletions.
diff --git a/CRM/Contact/DAO/ACLContactCache.php b/CRM/Contact/DAO/ACLContactCache.php
@@ -6,7 +6,7 @@
  *
  * Generated from xml/schema/CRM/Contact/ACLContactCache.xml
  * DO NOT EDIT.  Generated by CRM_Core_CodeGen
- * (GenCodeChecksum:4bb9eaae5704bfc98c258aa2f2130f5c)
+ * (GenCodeChecksum:ab40fa26e037ef4897359d3c288d42b8)
  */
 
 /**
@@ -73,7 +73,6 @@ public function __construct() {
   public static function getReferenceColumns() {
     if (!isset(Civi::$statics[__CLASS__]['links'])) {
       Civi::$statics[__CLASS__]['links'] = static ::createReferenceColumns(__CLASS__);
-      Civi::$statics[__CLASS__]['links'][] = new CRM_Core_Reference_Basic(self::getTableName(), 'user_id', 'civicrm_contact', 'id');
       Civi::$statics[__CLASS__]['links'][] = new CRM_Core_Reference_Basic(self::getTableName(), 'contact_id', 'civicrm_contact', 'id');
       CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'links_callback', Civi::$statics[__CLASS__]['links']);
     }
@@ -108,7 +107,6 @@ public static function &fields() {
           'entity' => 'ACLContactCache',
           'bao' => 'CRM_Contact_DAO_ACLContactCache',
           'localizable' => 0,
-          'FKClassName' => 'CRM_Contact_DAO_Contact',
         ],
         'contact_id' => [
           'name' => 'contact_id',

diff --git a/CRM/Dedupe/Finder.php b/CRM/Dedupe/Finder.php
@@ -125,6 +125,7 @@ public static function dupesByParams(
     if (!$params) {
       return array();
     }
+    $checkPermission = CRM_Utils_Array::value('check_permission', $params, TRUE);
     // This may no longer be required - see https://github.com/civicrm/civicrm-core/pull/13176
     $params = array_filter($params);
 
@@ -146,7 +147,6 @@ public static function dupesByParams(
         CRM_Core_Error::fatal("$used rule for $ctype does not exist");
       }
     }
-    $params['check_permission'] = CRM_Utils_Array::value('check_permission', $params, TRUE);
 
     if (isset($params['civicrm_phone']['phone_numeric'])) {
       $orig = $params['civicrm_phone']['phone_numeric'];
@@ -155,7 +155,7 @@ public static function dupesByParams(
     $rgBao->params = $params;
     $rgBao->fillTable();
     $dao = new CRM_Core_DAO();
-    $dao->query($rgBao->thresholdQuery($params['check_permission']));
+    $dao->query($rgBao->thresholdQuery($checkPermission));
     $dupes = array();
     while ($dao->fetch()) {
       if (isset($dao->id) && $dao->id) {

diff --git a/tests/phpunit/CRM/Dedupe/MergerTest.php b/tests/phpunit/CRM/Dedupe/MergerTest.php
@@ -795,8 +795,7 @@ public function getStaticCIDRefs() {
         0 => 'contact_id',
       ),
       'civicrm_acl_contact_cache' => array(
-        0 => 'user_id',
-        1 => 'contact_id',
+        0 => 'contact_id',
       ),
       'civicrm_action_log' => array(
         0 => 'contact_id',
@@ -1002,8 +1001,7 @@ public function getCalculatedCIDRefs() {
     // There might be cleverer ways to do this but it shouldn't change much.
     $cidRefs['civicrm_contact'][0] = 'primary_contact_id';
     $cidRefs['civicrm_contact'][1] = 'employer_id';
-    $cidRefs['civicrm_acl_contact_cache'][0] = 'user_id';
-    $cidRefs['civicrm_acl_contact_cache'][1] = 'contact_id';
+    $cidRefs['civicrm_acl_contact_cache'][0] = 'contact_id';
     $cidRefs['civicrm_mailing'][0] = 'created_id';
     $cidRefs['civicrm_mailing'][1] = 'scheduled_id';
     $cidRefs['civicrm_mailing'][2] = 'approver_id';

diff --git a/tests/phpunit/api/v3/ACLPermissionTest.php b/tests/phpunit/api/v3/ACLPermissionTest.php
@@ -678,6 +678,34 @@ public function testGetACLEveryonePermittedEntity() {
       'id' => $this->scenarioIDs['Contact']['non_permitted_contact'],
       'check_permissions' => 1,
     ], 0);
+
+    // Also check that we can access ACLs through a path that uses the acl_contact_cache table.
+    // historically this has caused errors due to the key_constraint on that table.
+    // This is a bit of an artificial check as we have to amp up permissions to access this api.
+    // However, the lower level function is more directly accessed through the Contribution & Event & Profile
+    $dupes = $this->callAPISuccess('Contact', 'duplicatecheck', [
+      'match' => [
+        'first_name' => 'Anthony',
+        'last_name' => 'Anderson',
+        'contact_type' => 'Individual',
+        'email' => 'anthony_anderson@civicrm.org',
+      ],
+      'check_permissions' => 0,
+    ]);
+    $this->assertEquals(2, $dupes['count']);
+    CRM_Core_Config::singleton()->userPermissionClass->permissions = ['administer CiviCRM'];
+
+    $dupes = $this->callAPISuccess('Contact', 'duplicatecheck', [
+      'match' => [
+        'first_name' => 'Anthony',
+        'last_name' => 'Anderson',
+        'contact_type' => 'Individual',
+        'email' => 'anthony_anderson@civicrm.org',
+      ],
+      'check_permissions' => 1,
+    ]);
+    $this->assertEquals(1, $dupes['count']);
+
   }
 
 }
diff --git a/xml/schema/Contact/ACLContactCache.xml b/xml/schema/Contact/ACLContactCache.xml
@@ -25,13 +25,6 @@
     <comment>FK to civicrm_contact (could be null for anon user)</comment>
     <add>3.1</add>
   </field>
-  <foreignKey>
-    <name>user_id</name>
-    <table>civicrm_contact</table>
-    <key>id</key>
-    <add>3.1</add>
-    <onDelete>CASCADE</onDelete>
-  </foreignKey>
   <field>
     <name>contact_id</name>
     <title>Contact ID</title>