Regard funding case access permissions in aggregate row of SearchKit

Additionally the services for the related actions are replaced with
simple object creation #376.

Civi/Api4/FundingApplicationProcess.php

@@ -76,7 +76,7 @@ public static function delete($checkPermissions = TRUE) {
    * @return \Civi\Funding\Api4\Action\FundingApplicationProcess\GetAction
    */
   public static function get($checkPermissions = TRUE) {
-    return \Civi::service(GetAction::class)->setCheckPermissions($checkPermissions);
+    return (new GetAction())->setCheckPermissions($checkPermissions);
   }
 
   public static function getFields($checkPermissions = TRUE) {

Civi/Api4/FundingCase.php

@@ -58,7 +58,7 @@ public static function finishClearing(bool $checkPermissions = TRUE): FinishClea
    * @return \Civi\Funding\Api4\Action\FundingCase\GetAction
    */
   public static function get($checkPermissions = TRUE) {
-    return \Civi::service(GetAction::class)->setCheckPermissions($checkPermissions);
+    return (new GetAction())->setCheckPermissions($checkPermissions);
   }
 
   /**

Civi/Api4/FundingClearingCostItem.php

@@ -19,7 +19,7 @@ final class FundingClearingCostItem extends Generic\DAOEntity {
   use AccessROPermissionsTrait;
 
   public static function get($checkPermissions = TRUE) {
-    return \Civi::service(GetAction::class)->setCheckPermissions($checkPermissions);
+    return (new GetAction())->setCheckPermissions($checkPermissions);
   }
 
   public static function getFields($checkPermissions = TRUE) {

Civi/Api4/FundingClearingProcess.php

@@ -26,7 +26,7 @@ final class FundingClearingProcess extends Generic\DAOEntity {
   }
 
   public static function get($checkPermissions = TRUE) {
-    return \Civi::service(GetAction::class)->setCheckPermissions($checkPermissions);
+    return (new GetAction())->setCheckPermissions($checkPermissions);
   }
 
   public static function getFields($checkPermissions = TRUE) {

Civi/Api4/FundingClearingResourcesItem.php

@@ -19,7 +19,7 @@ final class FundingClearingResourcesItem extends Generic\DAOEntity {
   use AccessROPermissionsTrait;
 
   public static function get($checkPermissions = TRUE) {
-    return \Civi::service(GetAction::class)->setCheckPermissions($checkPermissions);
+    return (new GetAction())->setCheckPermissions($checkPermissions);
   }
 
   public static function getFields($checkPermissions = TRUE) {

Civi/Api4/FundingDrawdown.php

@@ -35,7 +35,7 @@ public static function create($checkPermissions = TRUE) {
   }
 
   public static function get($checkPermissions = TRUE) {
-    return \Civi::service(GetAction::class)->setCheckPermissions($checkPermissions);
+    return (new GetAction())->setCheckPermissions($checkPermissions);
   }
 
   public static function getFields($checkPermissions = TRUE) {

Civi/Api4/FundingPayoutProcess.php

@@ -19,7 +19,7 @@ class FundingPayoutProcess extends Generic\DAOEntity {
   use AccessPermissionsTrait;
 
   public static function get($checkPermissions = TRUE) {
-    return \Civi::service(GetAction::class)->setCheckPermissions($checkPermissions);
+    return (new GetAction())->setCheckPermissions($checkPermissions);
   }
 
   public static function getFields($checkPermissions = TRUE) {

Civi/Funding/Api4/Action/FundingApplicationProcess/GetAction.php

@@ -33,9 +33,9 @@
 final class GetAction extends AbstractReferencingDAOGetAction {
 
   public function __construct(
-    Api4Interface $api4,
-    FundingCaseManager $fundingCaseManager,
-    RequestContextInterface $requestContext
+    ?Api4Interface $api4 = NULL,
+    ?FundingCaseManager $fundingCaseManager = NULL,
+    ?RequestContextInterface $requestContext = NULL
   ) {
     parent::__construct(
       FundingApplicationProcess::getEntityName(),
@@ -68,7 +68,7 @@ public function _run(Result $result): void {
     if ([] !== $clearingProcessFields) {
       /** @phpstan-var array<string, mixed> $record */
       foreach ($result as &$record) {
-        $clearingProcessAmounts = $this->_api4->execute(FundingClearingProcess::getEntityName(), 'get', [
+        $clearingProcessAmounts = $this->getApi4()->execute(FundingClearingProcess::getEntityName(), 'get', [
           'select' => array_map(fn (string $field) => 'SUM(' . $field . ') AS SUM_' . $field, $clearingProcessFields),
           'where' => [
             ['application_process_id', '=', $record['id']],
@@ -91,7 +91,7 @@ private function canOpenClearing(array $record): bool {
       return FALSE;
     }
 
-    if (0 !== $this->_api4->countEntities(
+    if (0 !== $this->getApi4()->countEntities(
         FundingClearingProcess::getEntityName(),
         Comparison::new(
           'application_process_id',
@@ -102,7 +102,7 @@ private function canOpenClearing(array $record): bool {
       return TRUE;
     }
 
-    $fundingCase = $this->_fundingCaseManager->get($record['funding_case_id']);
+    $fundingCase = $this->getFundingCaseManager()->get($record['funding_case_id']);
     Assert::notNull($fundingCase);
 
     return $fundingCase->hasPermission(ClearingProcessPermissions::CLEARING_MODIFY) || $fundingCase->hasPermission(

Civi/Funding/Api4/Action/FundingCase/AbstractReferencingDAOGetAction.php

@@ -44,13 +44,13 @@ abstract class AbstractReferencingDAOGetAction extends DAOGetAction {
 
   protected bool $ignoreCasePermissions = FALSE;
 
-  protected Api4Interface $_api4;
+  protected string $_fundingCaseIdFieldName = 'funding_case_id';
 
-  protected FundingCaseManager $_fundingCaseManager;
+  private ?Api4Interface $api4;
 
-  protected RequestContextInterface $_requestContext;
+  private ?FundingCaseManager $fundingCaseManager;
 
-  protected string $_fundingCaseIdFieldName = 'funding_case_id';
+  private ?RequestContextInterface $requestContext;
 
   /**
    * @phpstan-var array<string, bool>
@@ -64,14 +64,14 @@ abstract class AbstractReferencingDAOGetAction extends DAOGetAction {
 
   public function __construct(
     string $entityName,
-    Api4Interface $api4,
-    FundingCaseManager $fundingCaseManager,
-    RequestContextInterface $requestContext
+    ?Api4Interface $api4 = NULL,
+    ?FundingCaseManager $fundingCaseManager = NULL,
+    ?RequestContextInterface $requestContext = NULL
   ) {
     parent::__construct($entityName, 'get');
-    $this->_api4 = $api4;
-    $this->_fundingCaseManager = $fundingCaseManager;
-    $this->_requestContext = $requestContext;
+    $this->api4 = $api4;
+    $this->fundingCaseManager = $fundingCaseManager;
+    $this->requestContext = $requestContext;
   }
 
   public function _run(Result $result): void {
@@ -88,14 +88,6 @@ public function _run(Result $result): void {
       $this->ensureFundingCasePermissions();
     }
 
-    FundingCasePermissionsUtil::addPermissionsCacheJoin(
-      $this,
-      $this->_fundingCaseIdFieldName,
-      $this->_requestContext->getContactId(),
-      $this->_requestContext->isRemote()
-    );
-    FundingCasePermissionsUtil::addPermissionsRestriction($this);
-
     if (!$this->isFieldSelected($this->_fundingCaseIdFieldName)) {
       if ([] === $this->getSelect()) {
         $this->setSelect(['*']);
@@ -128,6 +120,26 @@ public function _run(Result $result): void {
     }
   }
 
+  public function setDefaultWhereClause(): void {
+    if (!$this->ignoreCasePermissions) {
+      if (NULL === $this->originalSelect) {
+        // _run() was not called, e.g. aggregation line in SearchKit.
+        // See \Civi\Api4\Action\SearchDisplay\Run::processResult()
+        $this->ensureFundingCasePermissions();
+      }
+
+      FundingCasePermissionsUtil::addPermissionsCacheJoin(
+        $this,
+        $this->_fundingCaseIdFieldName,
+        $this->getRequestContext()->getContactId(),
+        $this->getRequestContext()->isRemote()
+      );
+      FundingCasePermissionsUtil::addPermissionsRestriction($this);
+    }
+
+    parent::setDefaultWhereClause();
+  }
+
   /**
    * Ensures that at least the funding cases which are relevant have permissions
    * cached.
@@ -143,7 +155,7 @@ protected function ensureFundingCasePermissions(): void {
       $action->addWhere('id', '=', $fundingCaseId);
     }
 
-    $this->_api4->executeAction($action);
+    $this->getApi4()->executeAction($action);
   }
 
   /**
@@ -156,8 +168,8 @@ protected function ensureFundingCasePermissions(): void {
    * @throws \CRM_Core_Exception
    */
   protected function handleRecord(array &$record): bool {
-    // @phpstan-ignore-next-line
-    return $this->_fundingCaseManager->hasAccess($record[$this->_fundingCaseIdFieldName]);
+    // @phpstan-ignore argument.type
+    return $this->getFundingCaseManager()->hasAccess($record[$this->_fundingCaseIdFieldName]);
   }
 
   protected function initOriginalSelect(): void {
@@ -171,6 +183,21 @@ protected function getOriginalSelect(): array {
     return $this->originalSelect ?? $this->getSelect();
   }
 
+  protected function getApi4(): Api4Interface {
+    // @phpstan-ignore return.type, assign.propertyType
+    return $this->api4 ??= \Civi::service(Api4Interface::class);
+  }
+
+  protected function getFundingCaseManager(): FundingCaseManager {
+    // @phpstan-ignore return.type, assign.propertyType
+    return $this->fundingCaseManager ??= \Civi::service(FundingCaseManager::class);
+  }
+
+  protected function getRequestContext(): RequestContextInterface {
+    // @phpstan-ignore return.type, assign.propertyType
+    return $this->requestContext ??= \Civi::service(RequestContextInterface::class);
+  }
+
   /**
    * For DAO entities isFieldExplicitlySelected() has to be used for fields of
    * type "Extra". Those fields are not part of the result if "*" is selected.