Commit | Line | Data |
---|---|---|
355881ac SL |
1 | <?php |
2 | ||
3 | /* | |
4 | +--------------------------------------------------------------------+ | |
5 | | Copyright CiviCRM LLC. All rights reserved. | | |
6 | | | | |
7 | | This work is published under the GNU AGPLv3 license with some | | |
8 | | permitted exceptions and without any warranty. For full license | | |
9 | | and copyright information, see https://civicrm.org/licensing | | |
10 | +--------------------------------------------------------------------+ | |
11 | */ | |
12 | ||
13 | /** | |
14 | * | |
15 | * @package CRM | |
16 | * @copyright CiviCRM LLC https://civicrm.org/licensing | |
17 | */ | |
18 | ||
19 | /** | |
20 | * Class to handle the permission on the api4 AJAX route | |
21 | */ | |
22 | class CRM_Api4_Permission { | |
23 | ||
24 | public static function check() { | |
25 | $config = CRM_Core_Config::singleton(); | |
26 | $urlPath = explode('/', $_GET[$config->userFrameworkURLVar]); | |
27 | $permissions = [ | |
b6e769ac | 28 | ['access CiviCRM', 'access AJAX API'], |
355881ac SL |
29 | ]; |
30 | if (!empty($urlPath[3])) { | |
31 | $entity = $urlPath[3]; | |
32 | $action = $urlPath[4]; | |
33 | CRM_Utils_Hook::alterApiRoutePermissions($permissions, $entity, $action); | |
34 | } | |
35 | return CRM_Core_Permission::check($permissions); | |
36 | } | |
37 | ||
38 | } |