[MediaWiki-commits] [Gerrit] CRM-18112 - Additional permission for editing "api_key" - change (wikimedia...civicrm)

Ejegg (Code Review) Fri, 11 Mar 2016 12:51:42 -0800

Ejegg has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/276828


Change subject: CRM-18112 - Additional permission for editing "api_key"
......................................................................

CRM-18112 - Additional permission for editing "api_key"

Change-Id: I96e376d0209d98942586a7da3c50e31afe11d9cd
---
M CRM/Core/Permission.php
M api/v3/Contact.php
2 files changed, 20 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/wikimedia/fundraising/crm/civicrm 
refs/changes/28/276828/1

diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php
index 7de7fd3..b621bd6 100644
--- a/CRM/Core/Permission.php
+++ b/CRM/Core/Permission.php
@@ -839,6 +839,14 @@
         $prefix . ts('view my invoices'),
         ts('Allow users to view/ download their own invoices'),
       ),
+      'edit api keys' => array(
+        $prefix . ts('edit api keys'),
+        ts('Edit API keys'),
+      ),
+      'edit own api keys' => array(
+        $prefix . ts('edit own api keys'),
+        ts('Edit user\'s own API keys'),
+      ),
     );
 
     return $permissions;
diff --git a/api/v3/Contact.php b/api/v3/Contact.php
index cf683b6..87d9a1c 100644
--- a/api/v3/Contact.php
+++ b/api/v3/Contact.php
@@ -57,6 +57,18 @@
     return $values;
   }
 
+  if (array_key_exists('api_key', $params) && 
!empty($params['check_permissions'])) {
+    if (CRM_Core_Permission::check('edit api keys') || 
CRM_Core_Permission::check('administer CiviCRM')) {
+      // OK
+    }
+    elseif ($contactID && CRM_Core_Permission::check('edit own api keys') && 
CRM_Core_Session::singleton()->get('userID') == $contactID) {
+      // OK
+    }
+    else {
+      throw new \Civi\API\Exception\UnauthorizedException('Permission denied 
to modify api key');
+    }
+  }
+
   if (!$contactID) {
     // If we get here, we're ready to create a new contact
     if (($email = CRM_Utils_Array::value('email', $params)) && 
!is_array($params['email'])) {

-- 
To view, visit https://gerrit.wikimedia.org/r/276828
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I96e376d0209d98942586a7da3c50e31afe11d9cd
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/crm/civicrm
Gerrit-Branch: master
Gerrit-Owner: Ejegg <[email protected]>
Gerrit-Reviewer: Totten <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] CRM-18112 - Additional permission for editing "api_key" - change (wikimedia...civicrm)

Reply via email to