CRM-15713 - Case ajax fixes #4719
Conversation
|
test this please |
| return FALSE; | ||
| } | ||
|
|
||
| $filterCases = CRM_Case_BAO_Case::getCases(FALSE); |
There was a problem hiding this comment.
I didn't fully get this at first, but it seems smart -- getCases(TRUE) initially seemed more correct (because https://github.com/civicrm/civicrm-core/blob/master/CRM/Case/BAO/Case.php#L736 will ignore $allCases if the user lacks permission). However, combining L3073 and L3082 should produce the same results with better performance -- because there's no need to execute getCases(...) when we know that the user has permission 'access all cases and activities'.
I'm not sure sure it's proper to use getCases(...$type=='upcoming' [default-value]...); this seems to be saying that one only has permission to access cases with upcoming activities. As the general rule, I don't see how dates on activities would affect access-control to the overall case. $type=='any' seems more appropriate to me.
There was a problem hiding this comment.
Also: getCases() includes a filter on case_status (which excludes closed cases). It seems OK to block write access on closed cases, but I don't think we'd want to block read access on closed cases.
|
Tim - can you PR your extra change against 4.4 too as I ported Coleman's fix since time was running out. Or let me know if you think the pre-change version is fine for the LTS (not as elegant but does the trick is fine by me :-) |
|
@eileenmcnaughton , 4.4 PR: #4730 |
No description provided.