projects / civicrm-core.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #5284 from jitendrapurohit/webtestfixes
[civicrm-core.git] / CRM / Core / Permission.php
CommitLineData
6a488035
TO		 1<?php
2/*
3 +--------------------------------------------------------------------+
39de6fd5 4 | CiviCRM version 4.6 |
6a488035 5 +--------------------------------------------------------------------+
06b69b18 6 | Copyright CiviCRM LLC (c) 2004-2014 |
6a488035
TO		 7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
d25dd0ee 26 */
6a488035
TO		 27
28/**
29 *
30 * @package CRM
06b69b18 31 * @copyright CiviCRM LLC (c) 2004-2014
6a488035
TO		 32 * $Id$
33 *
34 */
35
36/**
37 * This is the basic permission class wrapper
38 */
39class CRM_Core_Permission {
40
41 /**
d09edf64 42 * Static strings used to compose permissions.
6a488035
TO		 43 *
44 * @const
45 * @var string
46 */
7da04cde 47 const EDIT_GROUPS = 'edit contacts in ', VIEW_GROUPS = 'view contacts in ';
6a488035
TO		 48
49 /**
d09edf64 50 * The various type of permissions.
6a488035
TO		 51 *
52 * @var int
53 */
7da04cde 54 const EDIT = 1, VIEW = 2, DELETE = 3, CREATE = 4, SEARCH = 5, ALL = 6, ADMIN = 7;
6a488035 55
085823c1 56 /**
d09edf64 57 * A placeholder permission which always fails.
085823c1
TO		 58 */
59 const ALWAYS_DENY_PERMISSION = "*always deny*";
60
61 /**
d09edf64 62 * A placeholder permission which always fails.
085823c1
TO		 63 */
64 const ALWAYS_ALLOW_PERMISSION = "*always allow*";
65
6dd18b98 66 /**
d09edf64 67 * Various authentication sources.
6dd18b98
DS		 68 *
69 * @var int
70 */
7da04cde 71 const AUTH_SRC_UNKNOWN = 0, AUTH_SRC_CHECKSUM = 1, AUTH_SRC_SITEKEY = 2, AUTH_SRC_LOGIN = 4;
6dd18b98 72
6a488035 73 /**
d09edf64 74 * Get the current permission of this user.
6a488035 75 *
a6c01b45
CW		 76 * @return string
77 * the permission of the user (edit or view or null)
6a488035
TO		 78 */
79 public static function getPermission() {
80 $config = CRM_Core_Config::singleton();
41f314b6 81 return $config->userPermissionClass->getPermission();
6a488035
TO		 82 }
83
84 /**
100fef9d 85 * Given a permission string or array, check for access requirements
6a0b768e
TO		 86 * @param mixed $permissions
87 * The permission to check as an array or string -see examples.
16b10e64 88 * arrays
6a488035 89 *
60ec9f43
E		 90 * Ex 1
91 *
92 * Must have 'access CiviCRM'
93 * (string) 'access CiviCRM'
94 *
95 *
96 * Ex 2 Must have 'access CiviCRM' and 'access Ajax API'
97 * array('access CiviCRM', 'access Ajax API')
98 *
99 * Ex 3 Must have 'access CiviCRM' or 'access Ajax API'
100 * array(
101 * array('access CiviCRM', 'access Ajax API'),
102 * ),
103 *
104 * Ex 4 Must have 'access CiviCRM' or 'access Ajax API' AND 'access CiviEvent'
105 * array(
106 * array('access CiviCRM', 'access Ajax API'),
107 * 'access CiviEvent',
108 * ),
109 *
110 * Note that in permissions.php this is keyed by the action eg.
111 * (access Civi || access AJAX) && (access CiviEvent || access CiviContribute)
112 * 'myaction' => array(
113 * array('access CiviCRM', 'access Ajax API'),
114 * array('access CiviEvent', 'access CiviContribute')
115 * ),
6a488035 116 *
acb1052e 117 * @return bool
a6c01b45 118 * true if yes, else false
6a488035 119 */
00be9182 120 public static function check($permissions) {
60ec9f43
E		 121 $permissions = (array) $permissions;
122
123 foreach ($permissions as $permission) {
22e263ad 124 if (is_array($permission)) {
60ec9f43 125 foreach ($permission as $orPerm) {
22e263ad 126 if (self::check($orPerm)) {
60ec9f43
E		 127 //one of our 'or' permissions has succeeded - stop checking this permission
128 return TRUE;;
129 }
130 }
131 //none of our our conditions was met
132 return FALSE;
133 }
134 else {
22e263ad 135 if (!CRM_Core_Config::singleton()->userPermissionClass->check($permission)) {
60ec9f43
E		 136 //one of our 'and' conditions has not been met
137 return FALSE;
138 }
139 }
140 }
141 return TRUE;
6a488035
TO		 142 }
143
dc92f2f8 144 /**
d09edf64 145 * Determine if any one of the permissions strings applies to current user.
dc92f2f8
TO		 146 *
147 * @param array $perms
148 * @return bool
149 */
150 public static function checkAnyPerm($perms) {
151 foreach ($perms as $perm) {
152 if (CRM_Core_Permission::check($perm)) {
153 return TRUE;
154 }
155 }
156 return FALSE;
157 }
158
6a488035
TO		 159 /**
160 * Given a group/role array, check for access requirements
161 *
6a0b768e
TO		 162 * @param array $array
163 * The group/role to check.
6a488035 164 *
acb1052e 165 * @return bool
a6c01b45 166 * true if yes, else false
6a488035 167 */
00be9182 168 public static function checkGroupRole($array) {
6a488035 169 $config = CRM_Core_Config::singleton();
41f314b6 170 return $config->userPermissionClass->checkGroupRole($array);
6a488035
TO		 171 }
172
173 /**
d09edf64 174 * Get the permissioned where clause for the user.
6a488035 175 *
6a0b768e
TO		 176 * @param int $type
177 * The type of permission needed.
178 * @param array $tables
179 * (reference ) add the tables that are needed for the select clause.
180 * @param array $whereTables
181 * (reference ) add the tables that are needed for the where clause.
6a488035 182 *
a6c01b45
CW		 183 * @return string
184 * the group where clause for this user
6a488035
TO		 185 */
186 public static function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
187 $config = CRM_Core_Config::singleton();
41f314b6 188 return $config->userPermissionClass->getPermissionedStaticGroupClause($type, $tables, $whereTables);
6a488035
TO		 189 }
190
191 /**
192 * Get all groups from database, filtered by permissions
193 * for this user
194 *
6a0b768e
TO		 195 * @param string $groupType
196 * Type of group(Access/Mailing).
3f8d2862
CW		 197 * @param bool $excludeHidden
198 * exclude hidden groups.
6a488035 199 *
6a488035 200 *
a6c01b45
CW		 201 * @return array
202 * array reference of all groups.
6a488035
TO		 203 */
204 public static function group($groupType, $excludeHidden = TRUE) {
205 $config = CRM_Core_Config::singleton();
41f314b6 206 return $config->userPermissionClass->group($groupType, $excludeHidden);
6a488035
TO		 207 }
208
a0ee3941
EM		 209 /**
210 * @return bool
211 */
6a488035
TO		 212 public static function customGroupAdmin() {
213 $admin = FALSE;
214
215 // check if user has all powerful permission
216 // or administer civicrm permission (CRM-1905)
217 if (self::check('access all custom data')) {
218 return TRUE;
219 }
220
634e1a1a
DL		 221 if (
222 self::check('administer Multiple Organizations') &&
6a488035
TO		 223 self::isMultisiteEnabled()
224 ) {
225 return TRUE;
226 }
227
228 if (self::check('administer CiviCRM')) {
229 return TRUE;
230 }
231
232 return FALSE;
233 }
234
a0ee3941
EM		 235 /**
236 * @param int $type
237 * @param bool $reset
238 *
239 * @return array
240 */
6a488035 241 public static function customGroup($type = CRM_Core_Permission::VIEW, $reset = FALSE) {
41f314b6 242 $customGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_CustomField', 'custom_group_id',
243 array('fresh' => $reset));
6a488035
TO		 244 $defaultGroups = array();
245
246 // check if user has all powerful permission
247 // or administer civicrm permission (CRM-1905)
248 if (self::customGroupAdmin()) {
249 $defaultGroups = array_keys($customGroups);
250 }
251
252 return CRM_ACL_API::group($type, NULL, 'civicrm_custom_group', $customGroups, $defaultGroups);
253 }
254
a0ee3941
EM		 255 /**
256 * @param int $type
257 * @param null $prefix
258 * @param bool $reset
259 *
260 * @return string
261 */
00be9182 262 public static function customGroupClause($type = CRM_Core_Permission::VIEW, $prefix = NULL, $reset = FALSE) {
6a488035
TO		 263 if (self::customGroupAdmin()) {
264 return ' ( 1 ) ';
265 }
266
267 $groups = self::customGroup($type, $reset);
268 if (empty($groups)) {
269 return ' ( 0 ) ';
270 }
271 else {
272 return "{$prefix}id IN ( " . implode(',', $groups) . ' ) ';
273 }
274 }
275
a0ee3941 276 /**
100fef9d 277 * @param int $gid
a0ee3941
EM		 278 * @param int $type
279 *
280 * @return bool
281 */
6a488035
TO		 282 public static function ufGroupValid($gid, $type = CRM_Core_Permission::VIEW) {
283 if (empty($gid)) {
284 return TRUE;
285 }
286
287 $groups = self::ufGroup($type);
684b0b22 288 return !empty($groups) && in_array($gid, $groups) ? TRUE : FALSE;
6a488035
TO		 289 }
290
a0ee3941
EM		 291 /**
292 * @param int $type
293 *
294 * @return array
295 */
6a488035 296 public static function ufGroup($type = CRM_Core_Permission::VIEW) {
ff4f7744 297 $ufGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_UFField', 'uf_group_id');
6a488035
TO		 298
299 $allGroups = array_keys($ufGroups);
300
301 // check if user has all powerful permission
302 if (self::check('profile listings and forms')) {
303 return $allGroups;
304 }
305
306 switch ($type) {
307 case CRM_Core_Permission::VIEW:
308 if (self::check('profile view')) {
309 return $allGroups;
310 }
311 break;
312
313 case CRM_Core_Permission::CREATE:
314 if (self::check('profile create')) {
315 return $allGroups;
316 }
317 break;
318
319 case CRM_Core_Permission::EDIT:
320 if (self::check('profile edit')) {
321 return $allGroups;
322 }
323 break;
324
325 case CRM_Core_Permission::SEARCH:
326 if (self::check('profile listings')) {
327 return $allGroups;
328 }
329 break;
330 }
331
332 return CRM_ACL_API::group($type, NULL, 'civicrm_uf_group', $ufGroups);
333 }
334
a0ee3941
EM		 335 /**
336 * @param int $type
337 * @param null $prefix
338 * @param bool $returnUFGroupIds
339 *
340 * @return array|string
341 */
00be9182 342 public static function ufGroupClause($type = CRM_Core_Permission::VIEW, $prefix = NULL, $returnUFGroupIds = FALSE) {
6a488035
TO		 343 $groups = self::ufGroup($type);
344 if ($returnUFGroupIds) {
345 return $groups;
346 }
347 elseif (empty($groups)) {
348 return ' ( 0 ) ';
349 }
350 else {
351 return "{$prefix}id IN ( " . implode(',', $groups) . ' ) ';
352 }
353 }
354
a0ee3941
EM		 355 /**
356 * @param int $type
100fef9d 357 * @param int $eventID
a0ee3941
EM		 358 * @param string $context
359 *
360 * @return array|null
361 */
e2d09ab4 362 public static function event($type = CRM_Core_Permission::VIEW, $eventID = NULL, $context = '') {
22e263ad
TO		 363 if (!empty($context)) {
364 if (CRM_Core_Permission::check($context)) {
e2d09ab4
EM		 365 return TRUE;
366 }
367 }
6a488035
TO		 368 $events = CRM_Event_PseudoConstant::event(NULL, TRUE);
369 $includeEvents = array();
370
371 // check if user has all powerful permission
372 if (self::check('register for events')) {
373 $includeEvents = array_keys($events);
374 }
375
376 if ($type == CRM_Core_Permission::VIEW &&
377 self::check('view event info')
378 ) {
379 $includeEvents = array_keys($events);
380 }
381
382 $permissionedEvents = CRM_ACL_API::group($type, NULL, 'civicrm_event', $events, $includeEvents);
383 if (!$eventID) {
384 return $permissionedEvents;
385 }
41f314b6 386 if (!empty($permissionedEvents)) {
2efcf0c2 387 return array_search($eventID, $permissionedEvents) === FALSE ? NULL : $eventID;
41f314b6 388 }
dfa720e7 389 return NULL;
6a488035
TO		 390 }
391
a0ee3941
EM		 392 /**
393 * @param int $type
394 * @param null $prefix
395 *
396 * @return string
397 */
00be9182 398 public static function eventClause($type = CRM_Core_Permission::VIEW, $prefix = NULL) {
6a488035
TO		 399 $events = self::event($type);
400 if (empty($events)) {
401 return ' ( 0 ) ';
402 }
403 else {
404 return "{$prefix}id IN ( " . implode(',', $events) . ' ) ';
405 }
406 }
407
a0ee3941
EM		 408 /**
409 * @param $module
410 * @param bool $checkPermission
411 *
412 * @return bool
413 */
00be9182 414 public static function access($module, $checkPermission = TRUE) {
6a488035
TO		 415 $config = CRM_Core_Config::singleton();
416
417 if (!in_array($module, $config->enableComponents)) {
418 return FALSE;
419 }
420
421 if ($checkPermission) {
422 if ($module == 'CiviCase') {
423 return CRM_Case_BAO_Case::accessCiviCase();
424 }
425 else {
426 return CRM_Core_Permission::check("access $module");
427 }
428 }
429
430 return TRUE;
431 }
432
433 /**
d09edf64 434 * Check permissions for delete and edit actions.
6a488035 435 *
6a0b768e
TO		 436 * @param string $module
437 * Component name.
438 * @param int $action
439 * Action to be check across component.
6a488035 440 *
77b97be7
EM		 441 *
442 * @return bool
443 */
00be9182 444 public static function checkActionPermission($module, $action) {
6a488035
TO		 445 //check delete related permissions.
446 if ($action & CRM_Core_Action::DELETE) {
447 $permissionName = "delete in $module";
448 }
449 else {
450 $editPermissions = array(
451 'CiviEvent' => 'edit event participants',
452 'CiviMember' => 'edit memberships',
453 'CiviPledge' => 'edit pledges',
454 'CiviContribute' => 'edit contributions',
455 'CiviGrant' => 'edit grants',
456 'CiviMail' => 'access CiviMail',
457 'CiviAuction' => 'add auction items',
458 );
459 $permissionName = CRM_Utils_Array::value($module, $editPermissions);
460 }
461
462 if ($module == 'CiviCase' && !$permissionName) {
463 return CRM_Case_BAO_Case::accessCiviCase();
464 }
465 else {
466 //check for permission.
467 return CRM_Core_Permission::check($permissionName);
468 }
469 }
470
a0ee3941
EM		 471 /**
472 * @param $args
473 * @param string $op
474 *
475 * @return bool
476 */
00be9182 477 public static function checkMenu(&$args, $op = 'and') {
6a488035
TO		 478 if (!is_array($args)) {
479 return $args;
480 }
481 foreach ($args as $str) {
482 $res = CRM_Core_Permission::check($str);
483 if ($op == 'or' && $res) {
484 return TRUE;
485 }
486 elseif ($op == 'and' && !$res) {
487 return FALSE;
488 }
489 }
490 return ($op == 'or') ? FALSE : TRUE;
491 }
492
a0ee3941
EM		 493 /**
494 * @param $item
495 *
496 * @return bool|mixed
497 * @throws Exception
498 */
00be9182 499 public static function checkMenuItem(&$item) {
6a488035
TO		 500 if (!array_key_exists('access_callback', $item)) {
501 CRM_Core_Error::backtrace();
502 CRM_Core_Error::fatal();
503 }
504
505 // if component_id is present, ensure it is enabled
506 if (isset($item['component_id']) &&
507 $item['component_id']
508 ) {
509 $config = CRM_Core_Config::singleton();
510 if (is_array($config->enableComponentIDs) &&
511 in_array($item['component_id'], $config->enableComponentIDs)
512 ) {
513 // continue with process
514 }
515 else {
516 return FALSE;
517 }
518 }
519
520 // the following is imitating drupal 6 code in includes/menu.inc
521 if (empty($item['access_callback']) ||
522 is_numeric($item['access_callback'])
523 ) {
524 return (boolean ) $item['access_callback'];
525 }
526
527 // check whether the following Ajax requests submitted the right key
528 // FIXME: this should be integrated into ACLs proper
529 if (CRM_Utils_Array::value('page_type', $item) == 3) {
530 if (!CRM_Core_Key::validate($_REQUEST['key'], $item['path'])) {
531 return FALSE;
532 }
533 }
534
535 // check if callback is for checkMenu, if so optimize it
536 if (is_array($item['access_callback']) &&
537 $item['access_callback'][0] == 'CRM_Core_Permission' &&
538 $item['access_callback'][1] == 'checkMenu'
539 ) {
540 $op = CRM_Utils_Array::value(1, $item['access_arguments'], 'and');
541 return self::checkMenu($item['access_arguments'][0], $op);
542 }
543 else {
544 return call_user_func_array($item['access_callback'], $item['access_arguments']);
545 }
546 }
547
a0ee3941
EM		 548 /**
549 * @param bool $all
550 *
551 * @return array
552 */
00be9182 553 public static function &basicPermissions($all = FALSE) {
6a488035
TO		 554 static $permissions = NULL;
555
556 if (!$permissions) {
81bb85ea 557 $config = CRM_Core_Config::singleton();
6a488035
TO		 558 $prefix = ts('CiviCRM') . ': ';
559 $permissions = self::getCorePermissions();
560
561 if (self::isMultisiteEnabled()) {
562 $permissions['administer Multiple Organizations'] = $prefix . ts('administer Multiple Organizations');
563 }
564
6a488035
TO		 565 if (!$all) {
566 $components = CRM_Core_Component::getEnabledComponents();
567 }
568 else {
569 $components = CRM_Core_Component::getComponents();
570 }
571
572 foreach ($components as $comp) {
573 $perm = $comp->getPermissions();
574 if ($perm) {
575 $info = $comp->getInfo();
576 foreach ($perm as $p) {
577 $permissions[$p] = $info['translatedName'] . ': ' . $p;
578 }
579 }
580 }
581
582 // Add any permissions defined in hook_civicrm_permission implementations.
6a488035
TO		 583 $module_permissions = $config->userPermissionClass->getAllModulePermissions();
584 $permissions = array_merge($permissions, $module_permissions);
585 }
586
587 return $permissions;
588 }
589
a0ee3941
EM		 590 /**
591 * @return array
592 */
00be9182 593 public static function getAnonymousPermissionsWarnings() {
81bb85ea
AC		 594 static $permissions = array();
595 if (empty($permissions)) {
596 $permissions = array(
21dfd5f5 597 'administer CiviCRM',
81bb85ea
AC		 598 );
599 $components = CRM_Core_Component::getComponents();
600 foreach ($components as $comp) {
601 if (!method_exists($comp, 'getAnonymousPermissionWarnings')) {
602 continue;
603 }
604 $permissions = array_merge($permissions, $comp->getAnonymousPermissionWarnings());
605 }
606 }
607 return $permissions;
608 }
609
a0ee3941
EM		 610 /**
611 * @param $anonymous_perms
612 *
613 * @return array
614 */
00be9182 615 public static function validateForPermissionWarnings($anonymous_perms) {
81bb85ea
AC		 616 return array_intersect($anonymous_perms, self::getAnonymousPermissionsWarnings());
617 }
618
a0ee3941
EM		 619 /**
620 * @return array
621 */
00be9182 622 public static function getCorePermissions() {
6a488035
TO		 623 $prefix = ts('CiviCRM') . ': ';
624 $permissions = array(
625 'add contacts' => $prefix . ts('add contacts'),
626 'view all contacts' => $prefix . ts('view all contacts'),
627 'edit all contacts' => $prefix . ts('edit all contacts'),
aafd773a
DL		 628 'view my contact' => $prefix . ts('view my contact'),
629 'edit my contact' => $prefix . ts('edit my contact'),
6a488035
TO		 630 'delete contacts' => $prefix . ts('delete contacts'),
631 'access deleted contacts' => $prefix . ts('access deleted contacts'),
632 'import contacts' => $prefix . ts('import contacts'),
633 'edit groups' => $prefix . ts('edit groups'),
634 'administer CiviCRM' => $prefix . ts('administer CiviCRM'),
634e1a1a 635 'skip IDS check' => $prefix . ts('skip IDS check'),
6a488035
TO		 636 'access uploaded files' => $prefix . ts('access uploaded files'),
637 'profile listings and forms' => $prefix . ts('profile listings and forms'),
638 'profile listings' => $prefix . ts('profile listings'),
639 'profile create' => $prefix . ts('profile create'),
640 'profile edit' => $prefix . ts('profile edit'),
641 'profile view' => $prefix . ts('profile view'),
642 'access all custom data' => $prefix . ts('access all custom data'),
643 'view all activities' => $prefix . ts('view all activities'),
644 'delete activities' => $prefix . ts('delete activities'),
645 'access CiviCRM' => $prefix . ts('access CiviCRM'),
646 'access Contact Dashboard' => $prefix . ts('access Contact Dashboard'),
647 'translate CiviCRM' => $prefix . ts('translate CiviCRM'),
648 'administer reserved groups' => $prefix . ts('administer reserved groups'),
649 'administer Tagsets' => $prefix . ts('administer Tagsets'),
650 'administer reserved tags' => $prefix . ts('administer reserved tags'),
651 'administer dedupe rules' => $prefix . ts('administer dedupe rules'),
652 'merge duplicate contacts' => $prefix . ts('merge duplicate contacts'),
653 'view debug output' => $prefix . ts('view debug output'),
654 'view all notes' => $prefix . ts('view all notes'),
655 'access AJAX API' => $prefix . ts('access AJAX API'),
656 'access contact reference fields' => $prefix . ts('access contact reference fields'),
657 'create manual batch' => $prefix . ts('create manual batch'),
658 'edit own manual batches' => $prefix . ts('edit own manual batches'),
659 'edit all manual batches' => $prefix . ts('edit all manual batches'),
660 'view own manual batches' => $prefix . ts('view own manual batches'),
661 'view all manual batches' => $prefix . ts('view all manual batches'),
662 'delete own manual batches' => $prefix . ts('delete own manual batches'),
663 'delete all manual batches' => $prefix . ts('delete all manual batches'),
664 'export own manual batches' => $prefix . ts('export own manual batches'),
665 'export all manual batches' => $prefix . ts('export all manual batches'),
e16ce4cd 666 'administer payment processors' => $prefix . ts('administer payment processors'),
f7bfe544 667 'edit message templates' => $prefix . ts('edit message templates'),
6a488035
TO		 668 );
669
670 return $permissions;
671 }
672
673 /**
d09edf64 674 * Validate user permission across.
6a488035
TO		 675 * edit or view or with supportable acls.
676 *
acb1052e
WA		 677 * @return bool
678 */
00be9182 679 public static function giveMeAllACLs() {
6a488035
TO		 680 if (CRM_Core_Permission::check('view all contacts') ||
681 CRM_Core_Permission::check('edit all contacts')
682 ) {
683 return TRUE;
684 }
685
686 $session = CRM_Core_Session::singleton();
687 $contactID = $session->get('userID');
688
6a488035
TO		 689 //check for acl.
690 $aclPermission = self::getPermission();
691 if (in_array($aclPermission, array(
692 CRM_Core_Permission::EDIT,
41f314b6 693 CRM_Core_Permission::VIEW,
694 ))
695 ) {
6a488035
TO		 696 return TRUE;
697 }
698
699 // run acl where hook and see if the user is supplying an ACL clause
700 // that is not false
701 $tables = $whereTables = array();
702 $where = NULL;
703
704 CRM_Utils_Hook::aclWhereClause(CRM_Core_Permission::VIEW,
705 $tables, $whereTables,
706 $contactID, $where
707 );
708 return empty($whereTables) ? FALSE : TRUE;
709 }
710
711 /**
100fef9d 712 * Get component name from given permission.
6a488035 713 *
41f314b6 714 * @param string $permission
6a488035 715 *
76e7a76c
CW		 716 * @return null|string
717 * the name of component.
6a488035 718 */
00be9182 719 public static function getComponentName($permission) {
6a488035
TO		 720 $componentName = NULL;
721 $permission = trim($permission);
722 if (empty($permission)) {
723 return $componentName;
724 }
725
726 static $allCompPermissions = array();
727 if (empty($allCompPermissions)) {
728 $components = CRM_Core_Component::getComponents();
729 foreach ($components as $name => $comp) {
33777e4a
PJ		 730 //get all permissions of each components unconditionally
731 $allCompPermissions[$name] = $comp->getPermissions(TRUE);
6a488035
TO		 732 }
733 }
734
735 if (is_array($allCompPermissions)) {
736 foreach ($allCompPermissions as $name => $permissions) {
737 if (in_array($permission, $permissions)) {
738 $componentName = $name;
739 break;
740 }
741 }
742 }
743
744 return $componentName;
745 }
746
747 /**
d09edf64 748 * Get all the contact emails for users that have a specific permission.
6a488035 749 *
6a0b768e
TO		 750 * @param string $permissionName
751 * Name of the permission we are interested in.
6a488035 752 *
a6c01b45
CW		 753 * @return string
754 * a comma separated list of email addresses
6a488035
TO		 755 */
756 public static function permissionEmails($permissionName) {
757 $config = CRM_Core_Config::singleton();
41f314b6 758 return $config->userPermissionClass->permissionEmails($permissionName);
6a488035
TO		 759 }
760
761 /**
d09edf64 762 * Get all the contact emails for users that have a specific role.
6a488035 763 *
6a0b768e
TO		 764 * @param string $roleName
765 * Name of the role we are interested in.
6a488035 766 *
a6c01b45
CW		 767 * @return string
768 * a comma separated list of email addresses
6a488035
TO		 769 */
770 public static function roleEmails($roleName) {
771 $config = CRM_Core_Config::singleton();
41f314b6 772 return $config->userRoleClass->roleEmails($roleName);
6a488035
TO		 773 }
774
a0ee3941
EM		 775 /**
776 * @return bool
777 */
00be9182 778 public static function isMultisiteEnabled() {
6a488035
TO		 779 return CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::MULTISITE_PREFERENCES_NAME,
780 'is_enabled'
781 ) ? TRUE : FALSE;
782 }
96025800 783
6a488035 784}