function ContactComponent::wf_crm_contact_access in Webform CiviCRM Integration 8.5
Load contact name if user has permission. Else return FALSE.
Parameters
$component: Webform component of type 'civicrm_contact'
$filters: Contact get params
$cid: Contact id
Return value
bool|string
Overrides ContactComponentInterface::wf_crm_contact_access
File
- src/
ContactComponent.php, line 176
Class
- ContactComponent
- Class ContactComponent
Namespace
Drupal\webform_civicrmCode
function wf_crm_contact_access($component, $filters, $cid) {
$utils = \Drupal::service('webform_civicrm.utils');
// Create new contact doesn't require lookup
$cid = (string) $cid;
$component['#form_key'] = $component['#form_key'] ?? $component['#webform_key'];
list(, $c, ) = explode('_', $component['#form_key'], 3);
if (!empty($component['#none_prompt']) && !empty($component['#allow_create']) && $cid && strpos($cid, '-') === 0) {
return Html::escape($component['#none_prompt']);
}
if (!is_numeric($cid)) {
return FALSE;
}
$filters['id'] = $cid;
$filters['is_deleted'] = 0;
// A contact always has permission to view self
if ($cid == $utils
->wf_crm_user_cid()) {
$filters['check_permissions'] = FALSE;
}
if (!empty($filters['check_permissions'])) {
// If we have a valid checksum for this contact, bypass other permission checks
// For legacy reasons we support "cid" param as an alias of "cid1"
// ToDo use: \Drupal::request()->query->all();
if (wf_crm_aval($_GET, "cid{$c}") == $cid || $c == 1 && wf_crm_aval($_GET, "cid") == $cid) {
// For legacy reasons we support "cs" param as an alias of "cs1"
if (!empty($_GET['cs']) && $c == 1 && \CRM_Contact_BAO_Contact_Utils::validChecksum($cid, $_GET['cs'])) {
$filters['check_permissions'] = FALSE;
}
elseif (!empty($_GET["cs{$c}"]) && \CRM_Contact_BAO_Contact_Utils::validChecksum($cid, $_GET["cs{$c}"])) {
$filters['check_permissions'] = FALSE;
}
}
}
// Fetch contact name with filters applied
$result = $utils
->wf_civicrm_api('contact', 'get', $filters);
return $this
->wf_crm_format_contact(wf_crm_aval($result, "values:{$cid}"), [
'display_name',
]);
}