compatibility with 5.67 and up

AlainBenbassat · Dec 3, 2023 · d9c1dad · d9c1dad
1 parent 074fff0
commit d9c1dad
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 13 deletions.
diff --git a/info.xml b/info.xml
@@ -14,10 +14,10 @@
     <url desc="Licensing">https://www.gnu.org/licenses/agpl-3.0.html</url>
   </urls>
   <releaseDate>2023-12-03</releaseDate>
-  <version>1.2.2</version>
+  <version>2.0</version>
   <develStage>stable</develStage>
   <compatibility>
-    <ver>5.0</ver>
+    <ver>5.67</ver>
   </compatibility>
   <comments>A more fine-grained permission system for contact notes.</comments>
   <classloader>

diff --git a/notepermissions.php b/notepermissions.php
@@ -3,17 +3,33 @@
 require_once 'notepermissions.civix.php';
 use CRM_Notepermissions_ExtensionUtil as E;
 
-function notepermissions_civicrm_notePrivacy(&$noteValues) {
-  // check if the user is allowed to see this note
-  // (we skip this ckeck for privacy 0 (none) and 1 (author only)
-  if ($noteValues['privacy'] >= 2) {
-    // get the corresponding permission key
-    list($permissionKey, $permissionName, $permissionDescription) = notepermissions_civicrm_getPermissionNameAndDescription($noteValues['privacy'], '');
-
-    // check if the current user is allowed to see the note
-    if (CRM_Core_Permission::check($permissionKey)) {
-      // OK, unhide the note
-      $noteValues['notePrivacy_hidden'] = FALSE;
+/**
+ * Implements hook_civicrm_selectWhereClause().
+ */
+function notepermissions_civicrm_selectWhereClause($entityName, &$clauses, $userId = NULL, $conditions = []) {
+  if ($userId === NULL) {
+    $userId = CRM_Core_Session::getLoggedInContactID();
+  }
+
+  // Amend note privacy clause (only relevant if user lacks 'view all notes' permission)
+  if ($entityName === 'Note' && !CRM_Core_Permission::check('view all notes', $userId)) {
+    $options = \Civi\Api4\OptionValue::get(FALSE)
+      ->addSelect('value')
+      ->addWhere('option_group_id:name', '=', 'note_privacy')
+      ->addWhere('value', '>', 1)
+      ->execute()
+      ->column('value');
+
+    foreach ($options as $optionValue) {
+      if (CRM_Core_Permission::check("access_privacy_type_$optionValue", $userId)) {
+        // What's going on here is that `$clauses['privacy']` already contains an array of arrays
+        // (which means OR).
+        // @see CRM_Core_BAO_Note::addSelectWhereClause()
+        // The existing values are `"= 0" OR "= 1 AND {contact_id} = $currentUser"`
+        // So here we are adding a condition to the OR group IF the above permission check passes,
+        // to allow privileged users to see this privacy type.
+        $clauses['privacy'][0][] = "= $optionValue";
+      }
     }
   }
 }