CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion »
  • APIs and Hooks (Moderator: Donald Lobo) »
  • Suggestion for the Contact API
Pages: [1]

Author Topic: Suggestion for the Contact API  (Read 680 times)

SarahG (FountainTribe)

  • Ask me questions
  • ****
  • Posts: 782
  • Karma: 29
  • CiviCRM version: 4.4.7
  • CMS version: Drupal 6, Drupal 7
  • MySQL version: 5.5
  • PHP version: 5.3
Suggestion for the Contact API
April 23, 2011, 10:35:25 am
As part of working out how to allow one person to pay someone else's pledge, I created a small utility function that returns an array of all the contact ids a contact has permission to.   It checks the relationship table permissions, not ACLs.    Seemed like this would be a good addition to the Contact APIs.

Details are at:
http://issues.civicrm.org/jira/browse/CRM-7460

Thoughts? Is there a better place to put this?
Did I help you? Please donate to the Civi-Make-It-Happen campaign  CiviCRM for mobile devices! 

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Suggestion for the Contact API
April 23, 2011, 04:23:00 pm

I would say the steps to have something in the api include:

1. Make sure it follows the api v3 conventions: Check

http://wiki.civicrm.org/confluence/display/CRMDOC40/CiviCRM+Public+APIs

Ask the API team on IRC with questions / clarifications

2. Include a set of unit tests that test the current functionality

3. For the first few "new" apis might help to chat with the API team as you are doing the work.

Once the above is done, please create a new issue and attach the patch

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: Suggestion for the Contact API
April 24, 2011, 02:40:25 am
Hi sarah,

Not sure yet if it should be a new api action (for contact or relationship entity) or a filter on the Get.

IMO, Putting that in api.Contact is confusing, as you can have access to other contacts than the one granted access to from relationships, I think it should go on relationships, either as civicrm_api ('Relationship', 'Get', array ("contact_id" => 42, "filter.is_permissioned" => true)) or civicrm_api ("Relationship", "GetPermissioned", array ("contact_id").

Have you checked if api.relationship.get handles filter on permission (no sure at all it does, but worthwhile checking) ?

 X+

P.S. Relationship in an api that needs some care and love, if you find an unexpected behaviour please document and/or patch.

-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result

Eileen

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4195
  • Karma: 218
    • Fuzion
Re: Suggestion for the Contact API
April 24, 2011, 01:16:09 pm
Hi,

I think that if you use  $params['check_permissions'] = true;

 on the contact api you should get only those contacts you have permission to (either via relationship or via ACLS.)

You should then be able to change drupal user b4 & after the api call to run as a different user

global $user;
$user->uid = x;
api call
$user->uid = whatever it was before hand.

NB - we should write unit tests for this behaviour & test it does return contacts that people have access to via a relationship.

In general the api is only as good as the tests that test it as the main difference between the api & direct SQL calls / BAO calls is that when the api tests fail the api should be 'fixed' to make sure that even though the underlying codebase / database has changed the api doesn't change. So, if you rely on some piece of functionality from the api then writing a test to demonstrate it is a good way to future proof your code
« Last Edit: April 24, 2011, 01:19:50 pm by Eileen »
Make today the day you step up to support CiviCRM and all the amazing organisations that are using it to improve our world - http://civicrm.org/contribute
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion »
  • APIs and Hooks (Moderator: Donald Lobo) »
  • Suggestion for the Contact API

This forum was archived on 2017-11-26.