Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NFC] Extract case activity permission check. #12949

Merged
merged 1 commit into from
Oct 23, 2018
Merged

[NFC] Extract case activity permission check. #12949

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 40 additions & 27 deletions CRM/Activity/BAO/Activity.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2708,6 +2708,13 @@ public static function checkPermission($activityId, $action) {
if (!$activity->find(TRUE)) {
return FALSE;
}

// Return early when it is case activity.
// Check for CiviCase related permission.
if (CRM_Case_BAO_Case::isCaseActivity($activityId)) {
return self::isContactPermittedAccessToCaseActivity($activityId, $action, $activity->activity_type_id);
}

$allow = FALSE;
// Component related permissions.
$compPermissions = array(
Expand All @@ -2726,33 +2733,6 @@ public static function checkPermission($activityId, $action) {
'CiviCampaign' => array('administer CiviCampaign'),
);

// Return early when it is case activity.
$isCaseActivity = CRM_Case_BAO_Case::isCaseActivity($activityId);
// Check for civicase related permission.
if ($isCaseActivity) {
$allow = FALSE;
foreach ($compPermissions['CiviCase'] as $per) {
if (CRM_Core_Permission::check($per)) {
$allow = TRUE;
break;
}
}

// Check for case specific permissions.
if ($allow) {
$oper = 'view';
if ($action == CRM_Core_Action::UPDATE) {
$oper = 'edit';
}
$allow = CRM_Case_BAO_Case::checkPermission($activityId,
$oper,
$activity->activity_type_id
);
}

return $allow;
}

// First check the component permission.
$sql = "
SELECT component_id
Expand Down Expand Up @@ -2835,6 +2815,39 @@ public static function checkPermission($activityId, $action) {
return $allow;
}

/**
* Check if the logged in user has permission for the given case activity.
*
* @param int $activityId
* @param int $action
* @param int $activityTypeID
*
* @return bool
*/
protected static function isContactPermittedAccessToCaseActivity($activityId, $action, $activityTypeID) {
$allow = FALSE;
foreach (['administer CiviCase', 'access my cases and activities', 'access all cases and activities'] as $per) {
if (CRM_Core_Permission::check($per)) {
$allow = TRUE;
break;
}
}

// Check for case specific permissions.
if ($allow) {
$oper = 'view';
if ($action == CRM_Core_Action::UPDATE) {
$oper = 'edit';
}
$allow = CRM_Case_BAO_Case::checkPermission($activityId,
$oper,
$activityTypeID
);
}

return $allow;
}

/**
* Checks if user has permissions to edit inbound e-mails, either bsic info
* or both basic information and content.
Expand Down