Search doesn't apply permissions

EFForg / org.eff.optimizedautocomplete

CiviCRM extension: Optimize the autocomplete search box mysql queries so they're more efficient on large databases

4 stars 9 forks source link

Search doesn't apply permissions #2

Open eileenmcnaughton opened 11 years ago

eileenmcnaughton commented 11 years ago

Hi Micah,

I've just discovered that aclHook permissions aren't applied when using this - so people can see people in the quick search that they can't view.

Any input on this would be appreciated - but my suspicion is that we'll have to not use it on sites with aclHook permissions as I don't expect it will be a funded fix

micahflee commented 11 years ago

Hmm. So I'm just looking up CiviCRM ACL hooks: http://wiki.civicrm.org/confluence/display/CRMDOC40/CiviCRM+hook+specification#CiviCRMhookspecification-Permissionrelatedhooks

hook_civicrm_aclWhereClause is a hook that lets you define your own permissions for accessing contacts? Could I trigger that hook in the optimizedautocomplete_civicrm_contactListQuery function to get the where query? And then re-arrange the queries that I'm making to respect the ACLs?

eileenmcnaughton commented 11 years ago

I think what you want to call is

CRM_ACL_BAO_ACL::whereClause which will call the hooks.

You could potentially call the ACL hooks directly

CRM_Utils_Hook::aclWhereClause($type, $tables, $whereTables, $contactID, $whereClause);

But really if there is a problem with the first option it would be better to fix that.