Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Minor
-
Resolution: Fixed/Completed
-
Affects Version/s: 3.4.5, 4.0.5
-
Fix Version/s: None
-
Component/s: Core CiviCRM
-
Labels:None
Description
I'm not sure if there are pitfalls with the proposed patch (below).
Basically the 'is_deleted' part of the search query is being lost for contacts whose permissions are managed through ACLs
The reason is that CRM_ACL_API::whereClause returns the appropriate 'is_deleted' clause if the contact has edit / view all contacts but not otherwise. Perhaps the idea is that a hook would set it? but the hook has insuffient info to do so.
Actually the patch does seem to make sense - will commit & you can QA.
Index: CRM/ACL/API.php
===================================================================
— CRM/ACL/API.php (revision 36044)
+++ CRM/ACL/API.php (working copy)
@@ -90,13 +90,8 @@
- @access public
*/
public static function whereClause( $type, &$tables, &$whereTables, $contactID = null, $onlyDeleted = false, $skipDeleteClause = false ) {
- // first see if the contact has edit / view all contacts
- if ( CRM_Core_Permission::check( 'edit all contacts' ) ||
- ( $type == self::VIEW &&
- CRM_Core_Permission::check( 'view all contacts' ) ) ) {
- $deleteClause = ' ( 1 ) ';
- if ( !$skipDeleteClause ) {
+ if ( !$skipDeleteClause )Unknown macro: { if (CRM_Core_Permission}+ // first see if the contact has edit / view all contacts
{ + $deleteClause = ' ( 1 ) '; + + return $deleteClause; }
+ if ( CRM_Core_Permission::check( 'edit all contacts' ) ||
+ ( $type == self::VIEW &&
+ CRM_Core_Permission::check( 'view all contacts' ) ) )
@@ -117,7 +119,7 @@
}
require_once 'CRM/ACL/BAO/ACL.php';
- return CRM_ACL_BAO_ACL::whereClause( $type, $tables, $whereTables, $contactID );
+ return CRM_ACL_BAO_ACL::whereClause( $type, $tables, $whereTables, $contactID ) . $deleteClause ;
}
/**