Merge pull request #8199 from colemanw/CRM-18456

CRM-18456 - Catch api case permission exceptions
civicrm · Apr 21, 2016 · 3b44f21 · 3b44f21
2 parents 3a131ff + eeb45e4
commit 3b44f21
Showing 1 changed file with 27 additions and 9 deletions.
diff --git a/CRM/Case/BAO/Case.php b/CRM/Case/BAO/Case.php
@@ -1901,7 +1901,7 @@ public static function getCaseManagerContact($caseType, $caseId) {
    * @param int $contactId
    * @param bool $excludeDeleted
    *
-   * @return null|string
+   * @return int
    */
   public static function caseCount($contactId = NULL, $excludeDeleted = TRUE) {
     $params = array('check_permissions' => TRUE);
@@ -1911,7 +1911,13 @@ public static function caseCount($contactId = NULL, $excludeDeleted = TRUE) {
     if ($contactId) {
       $params['contact_id'] = $contactId;
     }
-    return civicrm_api3('Case', 'getcount', $params);
+    try {
+      return civicrm_api3('Case', 'getcount', $params);
+    }
+    catch (CiviCRM_API3_Exception $e) {
+      // Lack of permissions will throw an exception
+      return 0;
+    }
   }
 
   /**
@@ -2542,12 +2548,18 @@ public static function checkPermission($activityId, $operation, $actTypeId = NUL
     if (in_array($operation, $caseActOperations)) {
       static $caseCount;
       if (!isset($caseCount)) {
-        $caseCount = civicrm_api3('Case', 'getcount', array(
-          'check_permissions' => TRUE,
-          'status_id' => array('!=' => 'Closed'),
-          'is_deleted' => 0,
-          'end_date' => array('IS NULL' => 1),
-        ));
+        try {
+          $caseCount = civicrm_api3('Case', 'getcount', array(
+            'check_permissions' => TRUE,
+            'status_id' => array('!=' => 'Closed'),
+            'is_deleted' => 0,
+            'end_date' => array('IS NULL' => 1),
+          ));
+        }
+        catch (CiviCRM_API3_Exception $e) {
+          // Lack of permissions will throw an exception
+          $caseCount = 0;
+        }
       }
       if ($operation == 'File On Case') {
         $allow = !empty($caseCount);
@@ -2793,7 +2805,13 @@ public static function accessCase($caseId, $denyClosed = TRUE) {
     if ($denyClosed && !CRM_Core_Permission::check('access all cases and activities')) {
       $params['status_id'] = array('!=' => 'Closed');
     }
-    return (bool) civicrm_api3('Case', 'getcount', $params);
+    try {
+      return (bool) civicrm_api3('Case', 'getcount', $params);
+    }
+    catch (CiviCRM_API3_Exception $e) {
+      // Lack of permissions will throw an exception
+      return FALSE;
+    }
   }
 
   /**