| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | CiviCRM version 5 | |
| 5 | +--------------------------------------------------------------------+ |
| 6 | | Copyright CiviCRM LLC (c) 2004-2018 | |
| 7 | +--------------------------------------------------------------------+ |
| 8 | | This file is a part of CiviCRM. | |
| 9 | | | |
| 10 | | CiviCRM is free software; you can copy, modify, and distribute it | |
| 11 | | under the terms of the GNU Affero General Public License | |
| 12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | |
| 13 | | | |
| 14 | | CiviCRM is distributed in the hope that it will be useful, but | |
| 15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
| 17 | | See the GNU Affero General Public License for more details. | |
| 18 | | | |
| 19 | | You should have received a copy of the GNU Affero General Public | |
| 20 | | License and the CiviCRM Licensing Exception along | |
| 21 | | with this program; if not, contact CiviCRM LLC | |
| 22 | | at info[AT]civicrm[DOT]org. If you have questions about the | |
| 23 | | GNU Affero General Public License or the licensing of CiviCRM, | |
| 24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | |
| 25 | +--------------------------------------------------------------------+ |
| 26 | */ |
| 27 | |
| 28 | /** |
| 29 | * Decide what permissions to check for an api call |
| 30 | * |
| 31 | * @param $entity : (str) api entity |
| 32 | * @param $action : (str) api action |
| 33 | * @param $params : (array) api params |
| 34 | * |
| 35 | * @return array |
| 36 | * Array of permissions to check for this entity-action combo |
| 37 | */ |
| 38 | function _civicrm_api3_permissions($entity, $action, &$params) { |
| 39 | // FIXME: Lowercase entity_names are nonstandard but difficult to fix here |
| 40 | // because this function invokes hook_civicrm_alterAPIPermissions |
| 41 | $entity = _civicrm_api_get_entity_name_from_camel($entity); |
| 42 | $permissions = CRM_Core_Permission::getEntityActionPermissions(); |
| 43 | |
| 44 | // Translate 'create' action to 'update' if id is set |
| 45 | if ($action == 'create' && (!empty($params['id']) || !empty($params[$entity . '_id']))) { |
| 46 | $action = 'update'; |
| 47 | } |
| 48 | |
| 49 | // let third parties modify the permissions |
| 50 | CRM_Utils_Hook::alterAPIPermissions($entity, $action, $params, $permissions); |
| 51 | |
| 52 | // Merge permissions for this entity with the defaults |
| 53 | $perm = CRM_Utils_Array::value($entity, $permissions, array()) + $permissions['default']; |
| 54 | |
| 55 | // Return exact match if permission for this action has been declared |
| 56 | if (isset($perm[$action])) { |
| 57 | return $perm[$action]; |
| 58 | } |
| 59 | |
| 60 | // Translate specific actions into their generic equivalents |
| 61 | $action = CRM_Core_Permission::getGenericAction($action); |
| 62 | |
| 63 | return isset($perm[$action]) ? $perm[$action] : $perm['default']; |
| 64 | } |
| 65 | |
| 66 | # FIXME: not sure how to permission the following API 3 calls: |
| 67 | # contribution_transact (make online contributions) |
| 68 | # entity_tag_display |
| 69 | # group_contact_pending |
| 70 | # group_contact_update_status |
| 71 | # mailing_event_bounce |
| 72 | # mailing_event_click |
| 73 | # mailing_event_confirm |
| 74 | # mailing_event_forward |
| 75 | # mailing_event_open |
| 76 | # mailing_event_reply |
| 77 | # mailing_group_event_domain_unsubscribe |
| 78 | # mailing_group_event_resubscribe |
| 79 | # mailing_group_event_subscribe |
| 80 | # mailing_group_event_unsubscribe |
| 81 | # membership_status_calc |
| 82 | # survey_respondant_count |