Skip to content



Deprecation Notice

This hook is deprecated. It will be removed in a future version.

This hook is called after one or more notes is loaded from the database. It is called once per note, to allow the note to be programmatically hidden.

It is now deprecated in favor of hook_civicrm_selectWhereClause.


  • Added CiviCRM 3.3+ to affect smarty-based pages and forms (not called by APIv3 or APIv4).
  • As of 5.67 it is called by APIv4/SearchKit, and also deprecated. This provides a transition period to allow migration.
  • It will be removed in a future version.


This hook is deprecated because it is not efficient to call a hook for every row after running a query, and also because this hook only affects one type of entity (Notes).

By contrast, hook_civicrm_selectWhereClause is called once, before running a query, and can be used for all entity types.

Existing hook implementations will need to be refactored from a post-query to a pre-query paradigm.


 * Implements hook_civicrm_notePrivacy
 * This is called once per note after a note is fetched from the DB
 * It adds the magic `notePrivacy_hidden` value which overrides privacy settings.
function example_civicrm_notePrivacy(&$noteRecord) {
  // Our site added a new option '2' to the note_privacy option group,
  // which we enforce here so only users with x permission can see the note.
  if ($noteValues['privacy'] == 2) {
    $noteValues['notePrivacy_hidden'] = CRM_Core_Permission::check('x');
 * Implements hook_civicrm_selectWhereClause
function example_civicrm_selectWhereClause($entityName, &$clauses, $userId) {
  // Amend note privacy clause (only relevant if user lacks 'view all notes' permission)
  if ($entityName === 'Note' && !CRM_Core_Permission::check('view all notes', $userId)) {
    if (CRM_Core_Permission::check('view note type two', $userId)) { 
      // What's going on here is that `$clauses['privacy']` already contains an array of arrays
      // (which means OR).
      // @see CRM_Core_BAO_Note::addSelectWhereClause()
      // The existing values are `"= 0" OR "= 1 AND {contact_id} = $currentUser"`
      // So here we are adding a 3rd condition IF the above permission check passes, to allow
      // our privileged users to see our special privacy type 2.
      $clauses['privacy'][0][] = '= 2';




  • array $noteValues - The values from an object of type CRM_Core_DAO_Note, converted to an array.


  • void