From ac4b9bc366647f1c1577d9786162a1db4ffe4f2e Mon Sep 17 00:00:00 2001
From: eileen <emcnaughton@wikimedia.org>
Date: Thu, 18 Oct 2018 17:06:05 +1300
Subject: [PATCH] Extract case activity permission check.

This is part of refactoring to address duplicate queries for permission checks - no change
in this commit other than an extraction
---
 CRM/Activity/BAO/Activity.php | 67 +++++++++++++++++++++--------------
 1 file changed, 40 insertions(+), 27 deletions(-)

diff --git a/CRM/Activity/BAO/Activity.php b/CRM/Activity/BAO/Activity.php
index cfa988f28b71..486426d0a1b2 100644
--- a/CRM/Activity/BAO/Activity.php
+++ b/CRM/Activity/BAO/Activity.php
@@ -2708,6 +2708,13 @@ public static function checkPermission($activityId, $action) {
     if (!$activity->find(TRUE)) {
       return FALSE;
     }
+
+    // Return early when it is case activity.
+    // Check for CiviCase related permission.
+    if (CRM_Case_BAO_Case::isCaseActivity($activityId)) {
+      return self::isContactPermittedAccessToCaseActivity($activityId, $action, $activity->activity_type_id);
+    }
+
     $allow = FALSE;
     // Component related permissions.
     $compPermissions = array(
@@ -2726,33 +2733,6 @@ public static function checkPermission($activityId, $action) {
       'CiviCampaign' => array('administer CiviCampaign'),
     );
 
-    // Return early when it is case activity.
-    $isCaseActivity = CRM_Case_BAO_Case::isCaseActivity($activityId);
-    // Check for civicase related permission.
-    if ($isCaseActivity) {
-      $allow = FALSE;
-      foreach ($compPermissions['CiviCase'] as $per) {
-        if (CRM_Core_Permission::check($per)) {
-          $allow = TRUE;
-          break;
-        }
-      }
-
-      // Check for case specific permissions.
-      if ($allow) {
-        $oper = 'view';
-        if ($action == CRM_Core_Action::UPDATE) {
-          $oper = 'edit';
-        }
-        $allow = CRM_Case_BAO_Case::checkPermission($activityId,
-          $oper,
-          $activity->activity_type_id
-        );
-      }
-
-      return $allow;
-    }
-
     // First check the component permission.
     $sql = "
     SELECT  component_id
@@ -2835,6 +2815,39 @@ public static function checkPermission($activityId, $action) {
     return $allow;
   }
 
+  /**
+   * Check if the logged in user has permission for the given case activity.
+   *
+   * @param int $activityId
+   * @param int $action
+   * @param int $activityTypeID
+   *
+   * @return bool
+   */
+  protected static function isContactPermittedAccessToCaseActivity($activityId, $action, $activityTypeID) {
+    $allow = FALSE;
+    foreach (['administer CiviCase', 'access my cases and activities', 'access all cases and activities'] as $per) {
+      if (CRM_Core_Permission::check($per)) {
+        $allow = TRUE;
+        break;
+      }
+    }
+
+    // Check for case specific permissions.
+    if ($allow) {
+      $oper = 'view';
+      if ($action == CRM_Core_Action::UPDATE) {
+        $oper = 'edit';
+      }
+      $allow = CRM_Case_BAO_Case::checkPermission($activityId,
+        $oper,
+        $activityTypeID
+      );
+    }
+
+    return $allow;
+  }
+
   /**
    * Checks if user has permissions to edit inbound e-mails, either bsic info
    * or both basic information and content.