[civicrm-core.git] / CRM / Core / DAO / .permissions.php

<?php

/*
 +--------------------------------------------------------------------+
 | CiviCRM version 4.3                                                |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2013                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License and the CiviCRM Licensing Exception along                  |
 | with this program; if not, contact CiviCRM LLC                     |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
*/

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC (c) 2004-2013
 * $Id$
 *
 */

function _civicrm_api3_permissions($entity, $action, &$params) {
  $entity = strtolower($entity);
  $action = strtolower($action);
  $permissions = array(
    'activity' => array(
      'delete' => array(
        'access CiviCRM',
        'delete activities',
      ),
      'get'    => array(
        'access CiviCRM',
        'view all activities',
      ),
    ),
    'address' => array(
      'create' => array(
        'access CiviCRM',
        'add contacts',
      ),
      'delete' => array(
        'access CiviCRM',
        'delete contacts',
      ),
      'get'    => array(
        'access CiviCRM',
        'view all contacts',
      ),
      'update' => array(
        'access CiviCRM',
        'edit all contacts',
      ),
    ),
    'contact' => array(
      'create' => array(
        'access CiviCRM',
        'add contacts',
      ),
      'delete' => array(
        'access CiviCRM',
        'delete contacts',
      ),
      'get'    => array(),// managed by query object
      'update' => array(
        'access CiviCRM',
        'edit all contacts',
      ),
      'getquick' => array('access CiviCRM'),
    ),
    'contribution' => array(
      'create' => array(
        'access CiviCRM',
        'access CiviContribute',
        'edit contributions',
      ),
      'delete' => array(
        'access CiviCRM',
        'access CiviContribute',
        'delete in CiviContribute',
      ),
      'get'    => array(
        'access CiviCRM',
        'access CiviContribute',
      ),
      'update' => array(
        'access CiviCRM',
        'access CiviContribute',
        'edit contributions',
      ),
    ),
    'custom_field' => array(
      'create' => array(
        'administer CiviCRM',
        'access CiviCRM',
        'access all custom data',
      ),
      'delete' => array(
        'administer CiviCRM',
        'access CiviCRM',
        'access all custom data',
      ),
      'get'    => array(
        'administer CiviCRM',
        'access CiviCRM',
        'access all custom data',
      ),
      'update' => array(
        'administer CiviCRM',
        'access CiviCRM',
        'access all custom data',
      ),
    ),
    'custom_group' => array(
      'create' => array(
        'administer CiviCRM',
        'access CiviCRM',
        'access all custom data',
      ),
      'delete' => array(
        'administer CiviCRM',
        'access CiviCRM',
        'access all custom data',
      ),
      'get'    => array(
        'administer CiviCRM',
        'access CiviCRM',
        'access all custom data',
      ),
      'update' => array(
        'administer CiviCRM',
        'access CiviCRM',
        'access all custom data',
      ),
    ),
    'email' => array(
      'create' => array(
        'access CiviCRM',
        'add contacts',
      ),
      'delete' => array(
        'access CiviCRM',
        'delete contacts',
      ),
      'get'    => array(
        'access CiviCRM',
        'view all contacts',
      ),
      'update' => array(
        'access CiviCRM',
        'edit all contacts',
      ),
    ),
    'event' => array(
      'create' => array(
        'access CiviCRM',
        'access CiviEvent',
        'edit all events',
      ),
      'delete' => array(
        'access CiviCRM',
        'access CiviEvent',
        'delete in CiviEvent',
      ),
      'get'    => array(
        'access CiviCRM',
        'access CiviEvent',
        'view event info',
      ),
      'update' => array(
        'access CiviCRM',
        'access CiviEvent',
        'edit all events',
      ),
    ),
    'file' => array(
      'create' => array(
        'access CiviCRM',
        'access uploaded files',
      ),
      'delete' => array(
        'access CiviCRM',
        'access uploaded files',
      ),
      'get'    => array(
        'access CiviCRM',
        'access uploaded files',
      ),
      'update' => array(
        'access CiviCRM',
        'access uploaded files',
      ),
    ),
    'files_by_entity' => array(
      'create' => array(
        'access CiviCRM',
        'access uploaded files',
      ),
      'delete' => array(
        'access CiviCRM',
        'access uploaded files',
      ),
      'get'    => array(
        'access CiviCRM',
        'access uploaded files',
      ),
      'update' => array(
        'access CiviCRM',
        'access uploaded files',
      ),
    ),
    'group' => array(
      'create' => array(
        'access CiviCRM',
        'edit groups',
      ),
      'delete' => array(
        'access CiviCRM',
        'edit groups',
      ),
      'update' => array(
        'access CiviCRM',
        'edit groups',
      ),
    ),
    'group_contact' => array(
      'create' => array(
        'access CiviCRM',
        'edit groups',
      ),
      'delete' => array(
        'access CiviCRM',
        'edit groups',
      ),
      'update' => array(
        'access CiviCRM',
        'edit groups',
      ),
    ),
    'group_nesting' => array(
      'create' => array(
        'access CiviCRM',
        'edit groups',
      ),
      'delete' => array(
        'access CiviCRM',
        'edit groups',
      ),
      'update' => array(
        'access CiviCRM',
        'edit groups',
      ),
    ),
    'group_organization' => array(
      'create' => array(
        'access CiviCRM',
        'edit groups',
      ),
      'delete' => array(
        'access CiviCRM',
        'edit groups',
      ),
      'update' => array(
        'access CiviCRM',
        'edit groups',
      ),
    ),
    'location' => array(
      'create' => array(
        'access CiviCRM',
        'add contacts',
      ),
      'delete' => array(
        'access CiviCRM',
        'delete contacts',
      ),
      'get'    => array(
        'access CiviCRM',
        'view all contacts',
      ),
      'update' => array(
        'access CiviCRM',
        'edit all contacts',
      ),
    ),
    'membership' => array(
      'create' => array(
        'access CiviCRM',
        'access CiviMember',
        'edit memberships',
      ),
      'delete' => array(
        'access CiviCRM',
        'access CiviMember',
        'delete in CiviMember',
      ),
      'get'    => array(
        'access CiviCRM',
        'access CiviMember',
      ),
      'update' => array(
        'access CiviCRM',
        'access CiviMember',
        'edit memberships',
      ),
    ),
    'membership_payment' => array(
      'create' => array(
        'access CiviCRM',
        'access CiviMember',
        'edit memberships',
        'access CiviContribute',
        'edit contributions',
      ),
      'delete' => array(
        'access CiviCRM',
        'access CiviMember',
        'delete in CiviMember',
        'access CiviContribute',
        'delete in CiviContribute',
      ),
      'get'    => array(
        'access CiviCRM',
        'access CiviMember',
        'access CiviContribute',
      ),
      'update' => array(
        'access CiviCRM',
        'access CiviMember',
        'edit memberships',
        'access CiviContribute',
        'edit contributions',
      ),
    ),
    'membership_status' => array(
      'create' => array(
        'access CiviCRM',
        'access CiviMember',
        'edit memberships',
      ),
      'delete' => array(
        'access CiviCRM',
        'access CiviMember',
        'delete in CiviMember',
      ),
      'get'    => array(
        'access CiviCRM',
        'access CiviMember',
      ),
      'update' => array(
        'access CiviCRM',
        'access CiviMember',
        'edit memberships',
      ),
    ),
    'membership_type' => array(
      'create' => array(
        'access CiviCRM',
        'access CiviMember',
        'edit memberships'
      ),
      'delete' => array(
        'access CiviCRM',
        'access CiviMember',
        'delete in CiviMember',
      ),
      'get'    => array(
        'access CiviCRM',
        'access CiviMember',
      ),
      'update' => array(
        'access CiviCRM',
        'access CiviMember',
        'edit memberships',
      ),
    ),
    'note' => array(
      'create' => array(
        'access CiviCRM',
        'add contacts'
      ),
      'delete' => array(
        'access CiviCRM',
        'delete contacts',
      ),
      'get'    => array(
        'access CiviCRM',
        'view all contacts',
      ),
      'update' => array(
        'access CiviCRM',
        'edit all contacts',
      ),
    ),
    'participant' => array(
      'create' => array(
        'access CiviCRM',
        'access CiviEvent',
        'register for events',
      ),
      'delete' => array(
        'access CiviCRM',
        'access CiviEvent',
        'edit event participants',
      ),
      'get'    => array(
        'access CiviCRM',
        'access CiviEvent',
        'view event participants',
      ),
      'update' => array(
        'access CiviCRM',
        'access CiviEvent',
        'edit event participants',
      ),
    ),
    'participant_payment' => array(
      'create' => array(
        'access CiviCRM',
        'access CiviEvent',
        'register for events',
        'access CiviContribute',
        'edit contributions',
      ),
      'delete' => array(
        'access CiviCRM',
        'access CiviEvent',
        'edit event participants',
        'access CiviContribute',
        'delete in CiviContribute',
      ),
      'get'    => array(
        'access CiviCRM',
        'access CiviEvent',
        'view event participants',
        'access CiviContribute',
      ),
      'update' => array(
        'access CiviCRM',
        'access CiviEvent',
        'edit event participants',
        'access CiviContribute',
        'edit contributions',
      ),
    ),
    'phone' => array(
      'create' => array(
        'access CiviCRM',
        'add contacts',
      ),
      'delete' => array(
        'access CiviCRM',
        'delete contacts',
      ),
      'get'    => array(
        'access CiviCRM',
        'view all contacts',
      ),
      'update' => array(
        'access CiviCRM',
        'edit all contacts',
      ),
    ),
    'pledge' => array(
      'create' => array(
        'access CiviCRM',
        'access CiviPledge',
        'edit pledges',
      ),
      'delete' => array(
        'access CiviCRM',
        'access CiviPledge',
        'delete in CiviPledge',
      ),
      'get'    => array(
        'access CiviCRM',
        'access CiviPledge',
      ),
      'update' => array(
        'access CiviCRM',
        'access CiviPledge',
        'edit pledges',
      ),
    ),
    'pledge_payment' => array(
      'create' => array(
        'access CiviCRM',
        'access CiviPledge',
        'edit pledges',
        'access CiviContribute',
        'edit contributions',
      ),
      'delete' => array(
        'access CiviCRM',
        'access CiviPledge',
        'delete in CiviPledge',
        'access CiviContribute',
        'delete in CiviContribute',
      ),
      'get'    => array(
        'access CiviCRM',
        'access CiviPledge',
        'access CiviContribute',
      ),
      'update' => array(
        'access CiviCRM',
        'access CiviPledge',
        'edit pledges',
        'access CiviContribute',
        'edit contributions',
      ),
    ),
    'system' => array(
      'flush'  => array('administer CiviCRM'),
    ),
    'website' => array(
      'create' => array(
        'access CiviCRM',
        'add contacts',
      ),
      'delete' => array(
        'access CiviCRM',
        'delete contacts',
      ),
      'get'    => array(
        'access CiviCRM',
        'view all contacts',
      ),
      'update' => array(
        'access CiviCRM',
        'edit all contacts',
      ),
    ),
  );

  // let third parties modify the permissions
  CRM_Utils_Hook::alterAPIPermissions($entity, $action, $params, $permissions);

  return isset($permissions[$entity][$action]) ? $permissions[$entity][$action] : array('administer CiviCRM');
}

# FIXME: not sure how to permission the following API 3 calls:
# contribution_transact (make online contributions)
# entity_tag_display
# group_contact_pending
# group_contact_update_status
# mailing_event_bounce
# mailing_event_click
# mailing_event_confirm
# mailing_event_forward
# mailing_event_open
# mailing_event_reply
# mailing_group_event_domain_unsubscribe
# mailing_group_event_resubscribe
# mailing_group_event_subscribe
# mailing_group_event_unsubscribe
# membership_status_calc
# survey_respondant_count
Commit	Line	Data
6a488035 TO	1	<?php
	2
	3	/*
	4	+--------------------------------------------------------------------+
	5	\| CiviCRM version 4.3 \|
	6	+--------------------------------------------------------------------+
	7	\| Copyright CiviCRM LLC (c) 2004-2013 \|
	8	+--------------------------------------------------------------------+
	9	\| This file is a part of CiviCRM. \|
	10	\| \|
	11	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	12	\| under the terms of the GNU Affero General Public License \|
	13	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	14	\| \|
	15	\| CiviCRM is distributed in the hope that it will be useful, but \|
	16	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	17	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	18	\| See the GNU Affero General Public License for more details. \|
	19	\| \|
	20	\| You should have received a copy of the GNU Affero General Public \|
	21	\| License and the CiviCRM Licensing Exception along \|
	22	\| with this program; if not, contact CiviCRM LLC \|
	23	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	24	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	25	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	26	+--------------------------------------------------------------------+
	27	*/
	28
	29	/**
	30	*
	31	* @package CRM
	32	* @copyright CiviCRM LLC (c) 2004-2013
	33	* $Id$
	34	*
	35	*/
	36
	37	function _civicrm_api3_permissions($entity, $action, &$params) {
	38	$entity = strtolower($entity);
	39	$action = strtolower($action);
	40	$permissions = array(
	41	'activity' => array(
	42	'delete' => array(
	43	'access CiviCRM',
	44	'delete activities',
	45	),
	46	'get' => array(
	47	'access CiviCRM',
	48	'view all activities',
	49	),
	50	),
	51	'address' => array(
	52	'create' => array(
	53	'access CiviCRM',
	54	'add contacts',
	55	),
	56	'delete' => array(
	57	'access CiviCRM',
	58	'delete contacts',
	59	),
	60	'get' => array(
	61	'access CiviCRM',
	62	'view all contacts',
	63	),
	64	'update' => array(
65	'access CiviCRM',
66	'edit all contacts',
67	),
68	),
69	'contact' => array(
70	'create' => array(
71	'access CiviCRM',
72	'add contacts',
73	),
74	'delete' => array(
75	'access CiviCRM',
76	'delete contacts',
77	),
78	'get' => array(),// managed by query object
79	'update' => array(
80	'access CiviCRM',
81	'edit all contacts',
82	),
83	'getquick' => array('access CiviCRM'),
84	),
85	'contribution' => array(
86	'create' => array(
87	'access CiviCRM',
88	'access CiviContribute',
89	'edit contributions',
90	),
91	'delete' => array(
92	'access CiviCRM',
93	'access CiviContribute',
94	'delete in CiviContribute',
95	),
96	'get' => array(
97	'access CiviCRM',
98	'access CiviContribute',
99	),
100	'update' => array(
101	'access CiviCRM',
102	'access CiviContribute',
103	'edit contributions',
104	),
105	),
106	'custom_field' => array(
107	'create' => array(
108	'administer CiviCRM',
109	'access CiviCRM',
110	'access all custom data',
111	),
112	'delete' => array(
113	'administer CiviCRM',
114	'access CiviCRM',
115	'access all custom data',
116	),
117	'get' => array(
118	'administer CiviCRM',
119	'access CiviCRM',
120	'access all custom data',
121	),
122	'update' => array(
123	'administer CiviCRM',
124	'access CiviCRM',
125	'access all custom data',
126	),
127	),
128	'custom_group' => array(
129	'create' => array(
130	'administer CiviCRM',
131	'access CiviCRM',
132	'access all custom data',
133	),
134	'delete' => array(
135	'administer CiviCRM',
136	'access CiviCRM',
137	'access all custom data',
138	),
139	'get' => array(
140	'administer CiviCRM',
141	'access CiviCRM',
142	'access all custom data',
143	),
144	'update' => array(
145	'administer CiviCRM',
146	'access CiviCRM',
147	'access all custom data',
148	),
149	),
150	'email' => array(
151	'create' => array(
152	'access CiviCRM',
153	'add contacts',
154	),
155	'delete' => array(
156	'access CiviCRM',
157	'delete contacts',
158	),
159	'get' => array(
160	'access CiviCRM',
161	'view all contacts',
162	),
163	'update' => array(
164	'access CiviCRM',
165	'edit all contacts',
166	),
167	),
168	'event' => array(
169	'create' => array(
170	'access CiviCRM',
171	'access CiviEvent',
172	'edit all events',
173	),
174	'delete' => array(
175	'access CiviCRM',
176	'access CiviEvent',
177	'delete in CiviEvent',
178	),
179	'get' => array(
180	'access CiviCRM',
181	'access CiviEvent',
182	'view event info',
183	),
184	'update' => array(
185	'access CiviCRM',
186	'access CiviEvent',
187	'edit all events',
188	),
189	),
190	'file' => array(
191	'create' => array(
192	'access CiviCRM',
193	'access uploaded files',
194	),
195	'delete' => array(
196	'access CiviCRM',
197	'access uploaded files',
198	),
199	'get' => array(
200	'access CiviCRM',
201	'access uploaded files',
202	),
203	'update' => array(
204	'access CiviCRM',
205	'access uploaded files',
206	),
207	),
208	'files_by_entity' => array(
209	'create' => array(
210	'access CiviCRM',
211	'access uploaded files',
212	),
213	'delete' => array(
214	'access CiviCRM',
215	'access uploaded files',
216	),
217	'get' => array(
218	'access CiviCRM',
219	'access uploaded files',
220	),
221	'update' => array(
222	'access CiviCRM',
223	'access uploaded files',
224	),
225	),
226	'group' => array(
227	'create' => array(
228	'access CiviCRM',
229	'edit groups',
230	),
231	'delete' => array(
232	'access CiviCRM',
233	'edit groups',
234	),
235	'update' => array(
236	'access CiviCRM',
237	'edit groups',
238	),
239	),
240	'group_contact' => array(
241	'create' => array(
242	'access CiviCRM',
243	'edit groups',
244	),
245	'delete' => array(
246	'access CiviCRM',
247	'edit groups',
248	),
249	'update' => array(
250	'access CiviCRM',
251	'edit groups',
252	),
253	),
254	'group_nesting' => array(
255	'create' => array(
256	'access CiviCRM',
257	'edit groups',
258	),
259	'delete' => array(
260	'access CiviCRM',
261	'edit groups',
262	),
263	'update' => array(
264	'access CiviCRM',
265	'edit groups',
266	),
267	),
268	'group_organization' => array(
269	'create' => array(
270	'access CiviCRM',
271	'edit groups',
272	),
273	'delete' => array(
274	'access CiviCRM',
275	'edit groups',
276	),
277	'update' => array(
278	'access CiviCRM',
279	'edit groups',
280	),
281	),
282	'location' => array(
283	'create' => array(
284	'access CiviCRM',
285	'add contacts',
286	),
287	'delete' => array(
288	'access CiviCRM',
289	'delete contacts',
290	),
291	'get' => array(
292	'access CiviCRM',
293	'view all contacts',
294	),
295	'update' => array(
296	'access CiviCRM',
297	'edit all contacts',
298	),
299	),
300	'membership' => array(
301	'create' => array(
302	'access CiviCRM',
303	'access CiviMember',
304	'edit memberships',
305	),
306	'delete' => array(
307	'access CiviCRM',
308	'access CiviMember',
309	'delete in CiviMember',
310	),
311	'get' => array(
312	'access CiviCRM',
313	'access CiviMember',
314	),
315	'update' => array(
316	'access CiviCRM',
317	'access CiviMember',
318	'edit memberships',
319	),
320	),
321	'membership_payment' => array(
322	'create' => array(
323	'access CiviCRM',
324	'access CiviMember',
325	'edit memberships',
326	'access CiviContribute',
327	'edit contributions',
328	),
329	'delete' => array(
330	'access CiviCRM',
331	'access CiviMember',
332	'delete in CiviMember',
333	'access CiviContribute',
334	'delete in CiviContribute',
335	),
336	'get' => array(
337	'access CiviCRM',
338	'access CiviMember',
339	'access CiviContribute',
340	),
341	'update' => array(
342	'access CiviCRM',
343	'access CiviMember',
344	'edit memberships',
345	'access CiviContribute',
346	'edit contributions',
347	),
348	),
349	'membership_status' => array(
350	'create' => array(
351	'access CiviCRM',
352	'access CiviMember',
353	'edit memberships',
354	),
355	'delete' => array(
356	'access CiviCRM',
357	'access CiviMember',
358	'delete in CiviMember',
359	),
360	'get' => array(
361	'access CiviCRM',
362	'access CiviMember',
363	),
364	'update' => array(
365	'access CiviCRM',
366	'access CiviMember',
367	'edit memberships',
368	),
369	),
370	'membership_type' => array(
371	'create' => array(
372	'access CiviCRM',
373	'access CiviMember',
374	'edit memberships'
375	),
376	'delete' => array(
377	'access CiviCRM',
378	'access CiviMember',
379	'delete in CiviMember',
380	),
381	'get' => array(
382	'access CiviCRM',
383	'access CiviMember',
384	),
385	'update' => array(
386	'access CiviCRM',
387	'access CiviMember',
388	'edit memberships',
389	),
390	),
391	'note' => array(
392	'create' => array(
393	'access CiviCRM',
394	'add contacts'
395	),
396	'delete' => array(
397	'access CiviCRM',
398	'delete contacts',
399	),
400	'get' => array(
401	'access CiviCRM',
402	'view all contacts',
403	),
404	'update' => array(
405	'access CiviCRM',
406	'edit all contacts',
407	),
408	),
409	'participant' => array(
410	'create' => array(
411	'access CiviCRM',
412	'access CiviEvent',
413	'register for events',
414	),
415	'delete' => array(
416	'access CiviCRM',
417	'access CiviEvent',
418	'edit event participants',
419	),
420	'get' => array(
421	'access CiviCRM',
422	'access CiviEvent',
423	'view event participants',
424	),
425	'update' => array(
426	'access CiviCRM',
427	'access CiviEvent',
428	'edit event participants',
429	),
430	),
431	'participant_payment' => array(
432	'create' => array(
433	'access CiviCRM',
434	'access CiviEvent',
435	'register for events',
436	'access CiviContribute',
437	'edit contributions',
438	),
439	'delete' => array(
440	'access CiviCRM',
441	'access CiviEvent',
442	'edit event participants',
443	'access CiviContribute',
444	'delete in CiviContribute',
445	),
446	'get' => array(
447	'access CiviCRM',
448	'access CiviEvent',
449	'view event participants',
450	'access CiviContribute',
451	),
452	'update' => array(
453	'access CiviCRM',
454	'access CiviEvent',
455	'edit event participants',
456	'access CiviContribute',
457	'edit contributions',
458	),
459	),
460	'phone' => array(
461	'create' => array(
462	'access CiviCRM',
463	'add contacts',
464	),
465	'delete' => array(
466	'access CiviCRM',
467	'delete contacts',
468	),
469	'get' => array(
470	'access CiviCRM',
471	'view all contacts',
472	),
473	'update' => array(
474	'access CiviCRM',
475	'edit all contacts',
476	),
477	),
478	'pledge' => array(
479	'create' => array(
480	'access CiviCRM',
481	'access CiviPledge',
482	'edit pledges',
483	),
484	'delete' => array(
485	'access CiviCRM',
486	'access CiviPledge',
487	'delete in CiviPledge',
488	),
489	'get' => array(
490	'access CiviCRM',
491	'access CiviPledge',
492	),
493	'update' => array(
494	'access CiviCRM',
495	'access CiviPledge',
496	'edit pledges',
497	),
498	),
499	'pledge_payment' => array(
500	'create' => array(
501	'access CiviCRM',
502	'access CiviPledge',
503	'edit pledges',
504	'access CiviContribute',
505	'edit contributions',
506	),
507	'delete' => array(
508	'access CiviCRM',
509	'access CiviPledge',
510	'delete in CiviPledge',
511	'access CiviContribute',
512	'delete in CiviContribute',
513	),
514	'get' => array(
515	'access CiviCRM',
516	'access CiviPledge',
517	'access CiviContribute',
518	),
519	'update' => array(
520	'access CiviCRM',
521	'access CiviPledge',
522	'edit pledges',
523	'access CiviContribute',
524	'edit contributions',
525	),
526	),
527	'system' => array(
528	'flush' => array('administer CiviCRM'),
529	),
530	'website' => array(
531	'create' => array(
532	'access CiviCRM',
533	'add contacts',
534	),
535	'delete' => array(
536	'access CiviCRM',
537	'delete contacts',
538	),
539	'get' => array(
540	'access CiviCRM',
541	'view all contacts',
542	),
543	'update' => array(
544	'access CiviCRM',
545	'edit all contacts',
546	),
547	),
548	);
549
550	// let third parties modify the permissions
551	CRM_Utils_Hook::alterAPIPermissions($entity, $action, $params, $permissions);
552
553	return isset($permissions[$entity][$action]) ? $permissions[$entity][$action] : array('administer CiviCRM');
554	}
555
556	# FIXME: not sure how to permission the following API 3 calls:
557	# contribution_transact (make online contributions)
558	# entity_tag_display
559	# group_contact_pending
560	# group_contact_update_status
561	# mailing_event_bounce
562	# mailing_event_click
563	# mailing_event_confirm
564	# mailing_event_forward
565	# mailing_event_open
566	# mailing_event_reply
567	# mailing_group_event_domain_unsubscribe
568	# mailing_group_event_resubscribe
569	# mailing_group_event_subscribe
570	# mailing_group_event_unsubscribe
571	# membership_status_calc
572	# survey_respondant_count