projects / civicrm-core.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #5580 from eileenmcnaughton/CRM-16247
[civicrm-core.git] / CRM / Core / Permission.php
CommitLineData
6a488035
TO		 1<?php
2/*
3 +--------------------------------------------------------------------+
39de6fd5 4 | CiviCRM version 4.6 |
6a488035 5 +--------------------------------------------------------------------+
e7112fa7 6 | Copyright CiviCRM LLC (c) 2004-2015 |
6a488035
TO		 7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
d25dd0ee 26 */
6a488035
TO		 27
28/**
29 *
30 * @package CRM
e7112fa7 31 * @copyright CiviCRM LLC (c) 2004-2015
6a488035
TO		 32 * $Id$
33 *
34 */
35
36/**
37 * This is the basic permission class wrapper
38 */
39class CRM_Core_Permission {
40
41 /**
d09edf64 42 * Static strings used to compose permissions.
6a488035
TO		 43 *
44 * @const
45 * @var string
46 */
7da04cde 47 const EDIT_GROUPS = 'edit contacts in ', VIEW_GROUPS = 'view contacts in ';
6a488035
TO		 48
49 /**
d09edf64 50 * The various type of permissions.
6a488035
TO		 51 *
52 * @var int
53 */
7da04cde 54 const EDIT = 1, VIEW = 2, DELETE = 3, CREATE = 4, SEARCH = 5, ALL = 6, ADMIN = 7;
6a488035 55
085823c1 56 /**
d09edf64 57 * A placeholder permission which always fails.
085823c1
TO		 58 */
59 const ALWAYS_DENY_PERMISSION = "*always deny*";
60
61 /**
d09edf64 62 * A placeholder permission which always fails.
085823c1
TO		 63 */
64 const ALWAYS_ALLOW_PERMISSION = "*always allow*";
65
6dd18b98 66 /**
d09edf64 67 * Various authentication sources.
6dd18b98
DS		 68 *
69 * @var int
70 */
7da04cde 71 const AUTH_SRC_UNKNOWN = 0, AUTH_SRC_CHECKSUM = 1, AUTH_SRC_SITEKEY = 2, AUTH_SRC_LOGIN = 4;
6dd18b98 72
6a488035 73 /**
d09edf64 74 * Get the current permission of this user.
6a488035 75 *
a6c01b45
CW		 76 * @return string
77 * the permission of the user (edit or view or null)
6a488035
TO		 78 */
79 public static function getPermission() {
80 $config = CRM_Core_Config::singleton();
41f314b6 81 return $config->userPermissionClass->getPermission();
6a488035
TO		 82 }
83
84 /**
100fef9d 85 * Given a permission string or array, check for access requirements
6a0b768e
TO		 86 * @param mixed $permissions
87 * The permission to check as an array or string -see examples.
16b10e64 88 * arrays
6a488035 89 *
60ec9f43
E		 90 * Ex 1
91 *
92 * Must have 'access CiviCRM'
93 * (string) 'access CiviCRM'
94 *
95 *
96 * Ex 2 Must have 'access CiviCRM' and 'access Ajax API'
97 * array('access CiviCRM', 'access Ajax API')
98 *
99 * Ex 3 Must have 'access CiviCRM' or 'access Ajax API'
100 * array(
101 * array('access CiviCRM', 'access Ajax API'),
102 * ),
103 *
104 * Ex 4 Must have 'access CiviCRM' or 'access Ajax API' AND 'access CiviEvent'
105 * array(
106 * array('access CiviCRM', 'access Ajax API'),
107 * 'access CiviEvent',
108 * ),
109 *
110 * Note that in permissions.php this is keyed by the action eg.
111 * (access Civi || access AJAX) && (access CiviEvent || access CiviContribute)
112 * 'myaction' => array(
113 * array('access CiviCRM', 'access Ajax API'),
114 * array('access CiviEvent', 'access CiviContribute')
115 * ),
6a488035 116 *
acb1052e 117 * @return bool
a6c01b45 118 * true if yes, else false
6a488035 119 */
00be9182 120 public static function check($permissions) {
60ec9f43
E		 121 $permissions = (array) $permissions;
122
123 foreach ($permissions as $permission) {
22e263ad 124 if (is_array($permission)) {
60ec9f43 125 foreach ($permission as $orPerm) {
22e263ad 126 if (self::check($orPerm)) {
60ec9f43
E		 127 //one of our 'or' permissions has succeeded - stop checking this permission
128 return TRUE;;
129 }
130 }
131 //none of our our conditions was met
132 return FALSE;
133 }
134 else {
22e263ad 135 if (!CRM_Core_Config::singleton()->userPermissionClass->check($permission)) {
60ec9f43
E		 136 //one of our 'and' conditions has not been met
137 return FALSE;
138 }
139 }
140 }
141 return TRUE;
6a488035
TO		 142 }
143
dc92f2f8 144 /**
d09edf64 145 * Determine if any one of the permissions strings applies to current user.
dc92f2f8
TO		 146 *
147 * @param array $perms
148 * @return bool
149 */
150 public static function checkAnyPerm($perms) {
151 foreach ($perms as $perm) {
152 if (CRM_Core_Permission::check($perm)) {
153 return TRUE;
154 }
155 }
156 return FALSE;
157 }
158
6a488035
TO		 159 /**
160 * Given a group/role array, check for access requirements
161 *
6a0b768e
TO		 162 * @param array $array
163 * The group/role to check.
6a488035 164 *
acb1052e 165 * @return bool
a6c01b45 166 * true if yes, else false
6a488035 167 */
00be9182 168 public static function checkGroupRole($array) {
6a488035 169 $config = CRM_Core_Config::singleton();
41f314b6 170 return $config->userPermissionClass->checkGroupRole($array);
6a488035
TO		 171 }
172
173 /**
d09edf64 174 * Get the permissioned where clause for the user.
6a488035 175 *
6a0b768e
TO		 176 * @param int $type
177 * The type of permission needed.
178 * @param array $tables
179 * (reference ) add the tables that are needed for the select clause.
180 * @param array $whereTables
181 * (reference ) add the tables that are needed for the where clause.
6a488035 182 *
a6c01b45
CW		 183 * @return string
184 * the group where clause for this user
6a488035
TO		 185 */
186 public static function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
187 $config = CRM_Core_Config::singleton();
41f314b6 188 return $config->userPermissionClass->getPermissionedStaticGroupClause($type, $tables, $whereTables);
6a488035
TO		 189 }
190
191 /**
192 * Get all groups from database, filtered by permissions
193 * for this user
194 *
6a0b768e
TO		 195 * @param string $groupType
196 * Type of group(Access/Mailing).
3f8d2862
CW		 197 * @param bool $excludeHidden
198 * exclude hidden groups.
6a488035 199 *
6a488035 200 *
a6c01b45
CW		 201 * @return array
202 * array reference of all groups.
6a488035
TO		 203 */
204 public static function group($groupType, $excludeHidden = TRUE) {
205 $config = CRM_Core_Config::singleton();
41f314b6 206 return $config->userPermissionClass->group($groupType, $excludeHidden);
6a488035
TO		 207 }
208
a0ee3941
EM		 209 /**
210 * @return bool
211 */
6a488035
TO		 212 public static function customGroupAdmin() {
213 $admin = FALSE;
214
215 // check if user has all powerful permission
216 // or administer civicrm permission (CRM-1905)
217 if (self::check('access all custom data')) {
218 return TRUE;
219 }
220
634e1a1a
DL		 221 if (
222 self::check('administer Multiple Organizations') &&
6a488035
TO		 223 self::isMultisiteEnabled()
224 ) {
225 return TRUE;
226 }
227
228 if (self::check('administer CiviCRM')) {
229 return TRUE;
230 }
231
232 return FALSE;
233 }
234
a0ee3941
EM		 235 /**
236 * @param int $type
237 * @param bool $reset
238 *
239 * @return array
240 */
6a488035 241 public static function customGroup($type = CRM_Core_Permission::VIEW, $reset = FALSE) {
41f314b6 242 $customGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_CustomField', 'custom_group_id',
243 array('fresh' => $reset));
6a488035
TO		 244 $defaultGroups = array();
245
246 // check if user has all powerful permission
247 // or administer civicrm permission (CRM-1905)
248 if (self::customGroupAdmin()) {
249 $defaultGroups = array_keys($customGroups);
250 }
251
252 return CRM_ACL_API::group($type, NULL, 'civicrm_custom_group', $customGroups, $defaultGroups);
253 }
254
a0ee3941
EM		 255 /**
256 * @param int $type
257 * @param null $prefix
258 * @param bool $reset
259 *
260 * @return string
261 */
00be9182 262 public static function customGroupClause($type = CRM_Core_Permission::VIEW, $prefix = NULL, $reset = FALSE) {
6a488035
TO		 263 if (self::customGroupAdmin()) {
264 return ' ( 1 ) ';
265 }
266
267 $groups = self::customGroup($type, $reset);
268 if (empty($groups)) {
269 return ' ( 0 ) ';
270 }
271 else {
272 return "{$prefix}id IN ( " . implode(',', $groups) . ' ) ';
273 }
274 }
275
a0ee3941 276 /**
100fef9d 277 * @param int $gid
a0ee3941
EM		 278 * @param int $type
279 *
280 * @return bool
281 */
6a488035
TO		 282 public static function ufGroupValid($gid, $type = CRM_Core_Permission::VIEW) {
283 if (empty($gid)) {
284 return TRUE;
285 }
286
287 $groups = self::ufGroup($type);
684b0b22 288 return !empty($groups) && in_array($gid, $groups) ? TRUE : FALSE;
6a488035
TO		 289 }
290
a0ee3941
EM		 291 /**
292 * @param int $type
293 *
294 * @return array
295 */
6a488035 296 public static function ufGroup($type = CRM_Core_Permission::VIEW) {
ff4f7744 297 $ufGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_UFField', 'uf_group_id');
6a488035
TO		 298
299 $allGroups = array_keys($ufGroups);
300
301 // check if user has all powerful permission
302 if (self::check('profile listings and forms')) {
303 return $allGroups;
304 }
305
306 switch ($type) {
307 case CRM_Core_Permission::VIEW:
308 if (self::check('profile view')) {
309 return $allGroups;
310 }
311 break;
312
313 case CRM_Core_Permission::CREATE:
314 if (self::check('profile create')) {
315 return $allGroups;
316 }
317 break;
318
319 case CRM_Core_Permission::EDIT:
320 if (self::check('profile edit')) {
321 return $allGroups;
322 }
323 break;
324
325 case CRM_Core_Permission::SEARCH:
326 if (self::check('profile listings')) {
327 return $allGroups;
328 }
329 break;
330 }
331
332 return CRM_ACL_API::group($type, NULL, 'civicrm_uf_group', $ufGroups);
333 }
334
a0ee3941
EM		 335 /**
336 * @param int $type
337 * @param null $prefix
338 * @param bool $returnUFGroupIds
339 *
340 * @return array|string
341 */
00be9182 342 public static function ufGroupClause($type = CRM_Core_Permission::VIEW, $prefix = NULL, $returnUFGroupIds = FALSE) {
6a488035
TO		 343 $groups = self::ufGroup($type);
344 if ($returnUFGroupIds) {
345 return $groups;
346 }
347 elseif (empty($groups)) {
348 return ' ( 0 ) ';
349 }
350 else {
351 return "{$prefix}id IN ( " . implode(',', $groups) . ' ) ';
352 }
353 }
354
a0ee3941
EM		 355 /**
356 * @param int $type
100fef9d 357 * @param int $eventID
a0ee3941
EM		 358 * @param string $context
359 *
360 * @return array|null
361 */
e2d09ab4 362 public static function event($type = CRM_Core_Permission::VIEW, $eventID = NULL, $context = '') {
22e263ad
TO		 363 if (!empty($context)) {
364 if (CRM_Core_Permission::check($context)) {
e2d09ab4
EM		 365 return TRUE;
366 }
367 }
6a488035
TO		 368 $events = CRM_Event_PseudoConstant::event(NULL, TRUE);
369 $includeEvents = array();
370
371 // check if user has all powerful permission
372 if (self::check('register for events')) {
373 $includeEvents = array_keys($events);
374 }
375
376 if ($type == CRM_Core_Permission::VIEW &&
377 self::check('view event info')
378 ) {
379 $includeEvents = array_keys($events);
380 }
381
382 $permissionedEvents = CRM_ACL_API::group($type, NULL, 'civicrm_event', $events, $includeEvents);
383 if (!$eventID) {
384 return $permissionedEvents;
385 }
41f314b6 386 if (!empty($permissionedEvents)) {
2efcf0c2 387 return array_search($eventID, $permissionedEvents) === FALSE ? NULL : $eventID;
41f314b6 388 }
dfa720e7 389 return NULL;
6a488035
TO		 390 }
391
a0ee3941
EM		 392 /**
393 * @param int $type
394 * @param null $prefix
395 *
396 * @return string
397 */
00be9182 398 public static function eventClause($type = CRM_Core_Permission::VIEW, $prefix = NULL) {
6a488035
TO		 399 $events = self::event($type);
400 if (empty($events)) {
401 return ' ( 0 ) ';
402 }
403 else {
404 return "{$prefix}id IN ( " . implode(',', $events) . ' ) ';
405 }
406 }
407
a0ee3941
EM		 408 /**
409 * @param $module
410 * @param bool $checkPermission
411 *
412 * @return bool
413 */
00be9182 414 public static function access($module, $checkPermission = TRUE) {
6a488035
TO		 415 $config = CRM_Core_Config::singleton();
416
417 if (!in_array($module, $config->enableComponents)) {
418 return FALSE;
419 }
420
421 if ($checkPermission) {
422 if ($module == 'CiviCase') {
423 return CRM_Case_BAO_Case::accessCiviCase();
424 }
425 else {
426 return CRM_Core_Permission::check("access $module");
427 }
428 }
429
430 return TRUE;
431 }
432
433 /**
d09edf64 434 * Check permissions for delete and edit actions.
6a488035 435 *
6a0b768e
TO		 436 * @param string $module
437 * Component name.
438 * @param int $action
439 * Action to be check across component.
6a488035 440 *
77b97be7
EM		 441 *
442 * @return bool
443 */
00be9182 444 public static function checkActionPermission($module, $action) {
6a488035
TO		 445 //check delete related permissions.
446 if ($action & CRM_Core_Action::DELETE) {
447 $permissionName = "delete in $module";
448 }
449 else {
450 $editPermissions = array(
451 'CiviEvent' => 'edit event participants',
452 'CiviMember' => 'edit memberships',
453 'CiviPledge' => 'edit pledges',
454 'CiviContribute' => 'edit contributions',
455 'CiviGrant' => 'edit grants',
456 'CiviMail' => 'access CiviMail',
457 'CiviAuction' => 'add auction items',
458 );
459 $permissionName = CRM_Utils_Array::value($module, $editPermissions);
460 }
461
462 if ($module == 'CiviCase' && !$permissionName) {
463 return CRM_Case_BAO_Case::accessCiviCase();
464 }
465 else {
466 //check for permission.
467 return CRM_Core_Permission::check($permissionName);
468 }
469 }
470
a0ee3941
EM		 471 /**
472 * @param $args
473 * @param string $op
474 *
475 * @return bool
476 */
00be9182 477 public static function checkMenu(&$args, $op = 'and') {
6a488035
TO		 478 if (!is_array($args)) {
479 return $args;
480 }
481 foreach ($args as $str) {
482 $res = CRM_Core_Permission::check($str);
483 if ($op == 'or' && $res) {
484 return TRUE;
485 }
486 elseif ($op == 'and' && !$res) {
487 return FALSE;
488 }
489 }
490 return ($op == 'or') ? FALSE : TRUE;
491 }
492
a0ee3941
EM		 493 /**
494 * @param $item
495 *
496 * @return bool|mixed
497 * @throws Exception
498 */
00be9182 499 public static function checkMenuItem(&$item) {
6a488035
TO		 500 if (!array_key_exists('access_callback', $item)) {
501 CRM_Core_Error::backtrace();
502 CRM_Core_Error::fatal();
503 }
504
505 // if component_id is present, ensure it is enabled
506 if (isset($item['component_id']) &&
507 $item['component_id']
508 ) {
509 $config = CRM_Core_Config::singleton();
510 if (is_array($config->enableComponentIDs) &&
511 in_array($item['component_id'], $config->enableComponentIDs)
512 ) {
513 // continue with process
514 }
515 else {
516 return FALSE;
517 }
518 }
519
520 // the following is imitating drupal 6 code in includes/menu.inc
521 if (empty($item['access_callback']) ||
522 is_numeric($item['access_callback'])
523 ) {
524 return (boolean ) $item['access_callback'];
525 }
526
527 // check whether the following Ajax requests submitted the right key
528 // FIXME: this should be integrated into ACLs proper
529 if (CRM_Utils_Array::value('page_type', $item) == 3) {
530 if (!CRM_Core_Key::validate($_REQUEST['key'], $item['path'])) {
531 return FALSE;
532 }
533 }
534
535 // check if callback is for checkMenu, if so optimize it
536 if (is_array($item['access_callback']) &&
537 $item['access_callback'][0] == 'CRM_Core_Permission' &&
538 $item['access_callback'][1] == 'checkMenu'
539 ) {
540 $op = CRM_Utils_Array::value(1, $item['access_arguments'], 'and');
541 return self::checkMenu($item['access_arguments'][0], $op);
542 }
543 else {
544 return call_user_func_array($item['access_callback'], $item['access_arguments']);
545 }
546 }
547
a0ee3941
EM		 548 /**
549 * @param bool $all
221b21b4
AH		 550 * @param bool $descriptions
551 * whether to return descriptions
a0ee3941
EM		 552 *
553 * @return array
554 */
221b21b4
AH		 555 public static function &basicPermissions($all = FALSE, $descriptions = FALSE) {
556 if ($descriptions) {
557 static $permissionsDesc = NULL;
6a488035 558
221b21b4
AH		 559 if (!$permissionsDesc) {
560 $permissionsDesc = self::assembleBasicPermissions($all, $descriptions);
6a488035
TO		 561 }
562
221b21b4
AH		 563 return $permissionsDesc;
564 }
565 else {
566 static $permissions = NULL;
567
568 if (!$permissions) {
569 $permissions = self::assembleBasicPermissions($all, $descriptions);
6a488035
TO		 570 }
571
221b21b4
AH		 572 return $permissions;
573 }
574 }
575
576 /**
577 * @param bool $all
578 * @param bool $descriptions
579 * whether to return descriptions
580 *
581 * @return array
582 */
583 public static function assembleBasicPermissions($all = FALSE, $descriptions = FALSE) {
584 $config = CRM_Core_Config::singleton();
585 $prefix = ts('CiviCRM') . ': ';
586 $permissions = self::getCorePermissions($descriptions);
587
588 if (self::isMultisiteEnabled()) {
589 $permissions['administer Multiple Organizations'] = $prefix . ts('administer Multiple Organizations');
590 }
591
592 if (!$all) {
593 $components = CRM_Core_Component::getEnabledComponents();
594 }
595 else {
596 $components = CRM_Core_Component::getComponents();
597 }
598
599 foreach ($components as $comp) {
600 $perm = $comp->getPermissions(FALSE, $descriptions);
601 if ($perm) {
602 $info = $comp->getInfo();
603 if ($descriptions) {
604 foreach ($perm as $p => $attr) {
605 $title = $info['translatedName'] . ': ' . array_shift($attr);
606 array_unshift($attr, $title);
607 $permissions[$p] = $attr;
608 }
609 }
610 else {
6a488035
TO		 611 foreach ($perm as $p) {
612 $permissions[$p] = $info['translatedName'] . ': ' . $p;
613 }
614 }
615 }
6a488035
TO		 616 }
617
221b21b4 618 // Add any permissions defined in hook_civicrm_permission implementations.
f1db52b9 619 $module_permissions = $config->userPermissionClass->getAllModulePermissions($descriptions);
221b21b4 620 $permissions = array_merge($permissions, $module_permissions);
6a488035
TO		 621 return $permissions;
622 }
623
a0ee3941
EM		 624 /**
625 * @return array
626 */
00be9182 627 public static function getAnonymousPermissionsWarnings() {
81bb85ea
AC		 628 static $permissions = array();
629 if (empty($permissions)) {
630 $permissions = array(
21dfd5f5 631 'administer CiviCRM',
81bb85ea
AC		 632 );
633 $components = CRM_Core_Component::getComponents();
634 foreach ($components as $comp) {
635 if (!method_exists($comp, 'getAnonymousPermissionWarnings')) {
636 continue;
637 }
638 $permissions = array_merge($permissions, $comp->getAnonymousPermissionWarnings());
639 }
640 }
641 return $permissions;
642 }
643
a0ee3941
EM		 644 /**
645 * @param $anonymous_perms
646 *
647 * @return array
648 */
00be9182 649 public static function validateForPermissionWarnings($anonymous_perms) {
81bb85ea
AC		 650 return array_intersect($anonymous_perms, self::getAnonymousPermissionsWarnings());
651 }
652
a0ee3941 653 /**
221b21b4
AH		 654 * @param bool $descriptions
655 * whether to return descriptions
656 *
a0ee3941
EM		 657 * @return array
658 */
221b21b4 659 public static function getCorePermissions($descriptions = FALSE) {
6a488035
TO		 660 $prefix = ts('CiviCRM') . ': ';
661 $permissions = array(
221b21b4
AH		 662 'add contacts' => array(
663 $prefix . ts('add contacts'),
664 ts('Create a new contact record in CiviCRM'),
665 ),
666 'view all contacts' => array(
667 $prefix . ts('view all contacts'),
668 ts('View ANY CONTACT in the CiviCRM database, export contact info and perform activities such as Send Email, Phone Call, etc.'),
669 ),
670 'edit all contacts' => array(
671 $prefix . ts('edit all contacts'),
672 ts('View, Edit and Delete ANY CONTACT in the CiviCRM database; Create and edit relationships, tags and other info about the contacts'),
673 ),
674 'view my contact' => array(
675 $prefix . ts('view my contact'),
676 ),
677 'edit my contact' => array(
678 $prefix . ts('edit my contact'),
679 ),
680 'delete contacts' => array(
681 $prefix . ts('delete contacts'),
682 ),
683 'access deleted contacts' => array(
684 $prefix . ts('access deleted contacts'),
685 ts('Access contacts in the trash'),
686 ),
687 'import contacts' => array(
688 $prefix . ts('import contacts'),
689 ts('Import contacts and activities'),
690 ),
691 'edit groups' => array(
692 $prefix . ts('edit groups'),
693 ts('Create new groups, edit group settings (e.g. group name, visibility...), delete groups'),
694 ),
695 'administer CiviCRM' => array(
696 $prefix . ts('administer CiviCRM'),
697 ts('Perform all tasks in the Administer CiviCRM control panel and Import Contacts'),
698 ),
699 'skip IDS check' => array(
700 $prefix . ts('skip IDS check'),
701 ts('IDS system is bypassed for users with this permission. Prevents false errors for admin users.'),
702 ),
703 'access uploaded files' => array(
704 $prefix . ts('access uploaded files'),
705 ts('View / download files including images and photos'),
706 ),
707 'profile listings and forms' => array(
708 $prefix . ts('profile listings and forms'),
709 ts('Access the profile Search form and listings'),
710 ),
711 'profile listings' => array(
712 $prefix . ts('profile listings'),
713 ),
714 'profile create' => array(
715 $prefix . ts('profile create'),
716 ts('Use profiles in Create mode'),
717 ),
718 'profile edit' => array(
719 $prefix . ts('profile edit'),
720 ts('Use profiles in Edit mode'),
721 ),
722 'profile view' => array(
723 $prefix . ts('profile view'),
724 ),
725 'access all custom data' => array(
726 $prefix . ts('access all custom data'),
727 ts('View all custom fields regardless of ACL rules'),
728 ),
729 'view all activities' => array(
730 $prefix . ts('view all activities'),
731 ts('View all activities (for visible contacts)'),
732 ),
733 'delete activities' => array(
734 $prefix . ts('Delete activities'),
735 ),
736 'access CiviCRM' => array(
737 $prefix . ts('access CiviCRM'),
738 ts('Master control for access to the main CiviCRM backend and API'),
739 ),
740 'access Contact Dashboard' => array(
741 $prefix . ts('access Contact Dashboard'),
742 ts('View Contact Dashboard (for themselves and visible contacts)'),
743 ),
744 'translate CiviCRM' => array(
745 $prefix . ts('translate CiviCRM'),
746 ts('Allow User to enable multilingual'),
747 ),
748 'administer reserved groups' => array(
749 $prefix . ts('administer reserved groups'),
750 ts('Edit and disable Reserved Groups (Needs Edit Groups)'),
751 ),
752 'administer Tagsets' => array(
753 $prefix . ts('administer Tagsets'),
754 ),
755 'administer reserved tags' => array(
756 $prefix . ts('administer reserved tags'),
757 ),
758 'administer dedupe rules' => array(
759 $prefix . ts('administer dedupe rules'),
760 ts('Create and edit rules, change the supervised and unsupervised rules'),
761 ),
762 'merge duplicate contacts' => array(
763 $prefix . ts('merge duplicate contacts'),
764 ts('Delete Contacts must also be granted in order for this to work.'),
765 ),
766 'view debug output' => array(
767 $prefix . ts('view debug output'),
768 ts('View results of debug and backtrace'),
769 ),
770 'view all notes' => array(
771 $prefix . ts('view all notes'),
772 ts("View notes (for visible contacts) even if they're marked admin only"),
773 ),
774 'access AJAX API' => array(
775 $prefix . ts('access AJAX API'),
776 ts('Allow API access even if Access CiviCRM is not granted'),
777 ),
778 'access contact reference fields' => array(
779 $prefix . ts('access contact reference fields'),
780 ts('Allow entering data into contact reference fields'),
781 ),
782 'create manual batch' => array(
783 $prefix . ts('create manual batch'),
784 ts('Create an accounting batch (with Access to CiviContribute and View Own/All Manual Batches)'),
785 ),
786 'edit own manual batches' => array(
787 $prefix . ts('edit own manual batches'),
788 ts('Edit accounting batches created by user'),
789 ),
790 'edit all manual batches' => array(
791 $prefix . ts('edit all manual batches'),
792 ts('Edit all accounting batches'),
793 ),
794 'view own manual batches' => array(
795 $prefix . ts('view own manual batches'),
796 ts('View accounting batches created by user (with Access to CiviContribute)'),
797 ),
798 'view all manual batches' => array(
799 $prefix . ts('view all manual batches'),
800 ts('View all accounting batches (with Access to CiviContribute)'),
801 ),
802 'delete own manual batches' => array(
803 $prefix . ts('delete own manual batches'),
804 ts('Delete accounting batches created by user'),
805 ),
806 'delete all manual batches' => array(
807 $prefix . ts('delete all manual batches'),
808 ts('Delete all accounting batches'),
809 ),
810 'export own manual batches' => array(
811 $prefix . ts('export own manual batches'),
812 ts('Export accounting batches created by user'),
813 ),
814 'export all manual batches' => array(
815 $prefix . ts('export all manual batches'),
816 ts('Export all accounting batches'),
817 ),
818 'administer payment processors' => array(
819 $prefix . ts('administer payment processors'),
820 ts('Add, Update, or Disable Payment Processors'),
821 ),
822 'edit message templates' => array(
823 $prefix . ts('edit message templates'),
824 ),
6a488035
TO		 825 );
826
221b21b4
AH		 827 if (!$descriptions) {
828 foreach ($permissions as $name => $attr) {
829 $permissions[$name] = array_shift($attr);
830 }
831 }
832
6a488035
TO		 833 return $permissions;
834 }
835
836 /**
d09edf64 837 * Validate user permission across.
6a488035
TO		 838 * edit or view or with supportable acls.
839 *
acb1052e
WA		 840 * @return bool
841 */
00be9182 842 public static function giveMeAllACLs() {
6a488035
TO		 843 if (CRM_Core_Permission::check('view all contacts') ||
844 CRM_Core_Permission::check('edit all contacts')
845 ) {
846 return TRUE;
847 }
848
849 $session = CRM_Core_Session::singleton();
850 $contactID = $session->get('userID');
851
6a488035
TO		 852 //check for acl.
853 $aclPermission = self::getPermission();
854 if (in_array($aclPermission, array(
855 CRM_Core_Permission::EDIT,
41f314b6 856 CRM_Core_Permission::VIEW,
857 ))
858 ) {
6a488035
TO		 859 return TRUE;
860 }
861
862 // run acl where hook and see if the user is supplying an ACL clause
863 // that is not false
864 $tables = $whereTables = array();
865 $where = NULL;
866
867 CRM_Utils_Hook::aclWhereClause(CRM_Core_Permission::VIEW,
868 $tables, $whereTables,
869 $contactID, $where
870 );
871 return empty($whereTables) ? FALSE : TRUE;
872 }
873
874 /**
100fef9d 875 * Get component name from given permission.
6a488035 876 *
41f314b6 877 * @param string $permission
6a488035 878 *
76e7a76c
CW		 879 * @return null|string
880 * the name of component.
6a488035 881 */
00be9182 882 public static function getComponentName($permission) {
6a488035
TO		 883 $componentName = NULL;
884 $permission = trim($permission);
885 if (empty($permission)) {
886 return $componentName;
887 }
888
889 static $allCompPermissions = array();
890 if (empty($allCompPermissions)) {
891 $components = CRM_Core_Component::getComponents();
892 foreach ($components as $name => $comp) {
33777e4a
PJ		 893 //get all permissions of each components unconditionally
894 $allCompPermissions[$name] = $comp->getPermissions(TRUE);
6a488035
TO		 895 }
896 }
897
898 if (is_array($allCompPermissions)) {
899 foreach ($allCompPermissions as $name => $permissions) {
900 if (in_array($permission, $permissions)) {
901 $componentName = $name;
902 break;
903 }
904 }
905 }
906
907 return $componentName;
908 }
909
910 /**
d09edf64 911 * Get all the contact emails for users that have a specific permission.
6a488035 912 *
6a0b768e
TO		 913 * @param string $permissionName
914 * Name of the permission we are interested in.
6a488035 915 *
a6c01b45
CW		 916 * @return string
917 * a comma separated list of email addresses
6a488035
TO		 918 */
919 public static function permissionEmails($permissionName) {
920 $config = CRM_Core_Config::singleton();
41f314b6 921 return $config->userPermissionClass->permissionEmails($permissionName);
6a488035
TO		 922 }
923
924 /**
d09edf64 925 * Get all the contact emails for users that have a specific role.
6a488035 926 *
6a0b768e
TO		 927 * @param string $roleName
928 * Name of the role we are interested in.
6a488035 929 *
a6c01b45
CW		 930 * @return string
931 * a comma separated list of email addresses
6a488035
TO		 932 */
933 public static function roleEmails($roleName) {
934 $config = CRM_Core_Config::singleton();
41f314b6 935 return $config->userRoleClass->roleEmails($roleName);
6a488035
TO		 936 }
937
a0ee3941
EM		 938 /**
939 * @return bool
940 */
00be9182 941 public static function isMultisiteEnabled() {
6a488035
TO		 942 return CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::MULTISITE_PREFERENCES_NAME,
943 'is_enabled'
944 ) ? TRUE : FALSE;
945 }
96025800 946
6a488035 947}