issue 3004 fix #2 skip check on protect if coming from webform

CiviCooP · Apr 4, 2016 · df850fe · df850fe
1 parent a756df1
commit df850fe
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 5 deletions.
diff --git a/CRM/Groupprotect/BAO/GroupProtect.php b/CRM/Groupprotect/BAO/GroupProtect.php
@@ -33,10 +33,23 @@ public static function buildForm($formName, $form) {
    */
   public static function pre($op, $objectName, $objectId, $params) {
     if ($objectName == 'GroupContact' && self::groupIsProtected($objectId) == TRUE) {
-      if (!CRM_Core_Permission::check('manage protected groups')) {
-        CRM_Core_Session::setStatus(ts("You are not allowed to add or remove contacts to this group"), ts("Not allowed"), "error");
-        $session = CRM_Core_Session::singleton();
-        CRM_Utils_System::redirect($session->readUserContext());
+      // check if request is from webform, and allow groupcontact action if from webform
+      $webFormRequest = FALSE;
+      $request = CRM_Utils_Request::exportValues();
+      if (isset($request['form_id'])) {
+        $requestParts = explode('_', $request['form_id']);
+        if (isset($requestParts[2])) {
+          if ($requestParts[0] == 'webform' && $requestParts[1] == 'client' && $requestParts[2] = 'form') {
+            $webFormRequest = TRUE;
+          }
+        }
+      }
+      if (!$webFormRequest) {
+        if (!CRM_Core_Permission::check('manage protected groups')) {
+          CRM_Core_Session::setStatus(ts("You are not allowed to add or remove contacts to this group"), ts("Not allowed"), "error");
+          $session = CRM_Core_Session::singleton();
+          CRM_Utils_System::redirect($session->readUserContext());
+        }
       }
     }
   }

diff --git a/README.md b/README.md
@@ -5,3 +5,5 @@ This extension adds a custom data set to groups and adds a permission (CiviCRM G
 
 The custom group adds a field for the Group: protected Yes or No. This settings can only be edited by users with the permission CiviCRM Group Protect.
 Only users with the permission CiviCRM Group Protect can add or remove contacts from a protected group.
+
+The check on if a group is allowed is skipped if the request originates from a Drupal Webform
diff --git a/info.xml b/info.xml
@@ -15,7 +15,7 @@
     <url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
   </urls>
   <releaseDate>2016-01-12</releaseDate>
-  <version>0.3</version>
+  <version>1.0</version>
   <develStage>beta</develStage>
   <compatibility>
     <ver>4.4</ver>