| 1 | <?php |
| 2 | |
| 3 | /* |
| 4 | +--------------------------------------------------------------------+ |
| 5 | | Copyright CiviCRM LLC. All rights reserved. | |
| 6 | | | |
| 7 | | This work is published under the GNU AGPLv3 license with some | |
| 8 | | permitted exceptions and without any warranty. For full license | |
| 9 | | and copyright information, see https://civicrm.org/licensing | |
| 10 | +--------------------------------------------------------------------+ |
| 11 | */ |
| 12 | |
| 13 | use Civi\Core\Event\GenericHookEvent; |
| 14 | |
| 15 | /** |
| 16 | * Class CRM_Core_Permission_List |
| 17 | * |
| 18 | * When presenting the administrator with a list of available permissions (`Permission.get`), |
| 19 | * the methods in provide the default implementations. |
| 20 | * |
| 21 | * These methods are not intended for public consumption or frequent execution. |
| 22 | * |
| 23 | * @see \Civi\Api4\Action\Permission\Get |
| 24 | */ |
| 25 | class CRM_Core_Permission_List { |
| 26 | |
| 27 | /** |
| 28 | * Enumerate concrete permissions that originate in CiviCRM (core or extension). |
| 29 | * |
| 30 | * @param \Civi\Core\Event\GenericHookEvent $e |
| 31 | * @see \CRM_Utils_Hook::permissionList |
| 32 | */ |
| 33 | public static function findCiviPermissions(GenericHookEvent $e) { |
| 34 | $activeCorePerms = \CRM_Core_Permission::basicPermissions(FALSE); |
| 35 | $allCorePerms = \CRM_Core_Permission::basicPermissions(TRUE, TRUE); |
| 36 | foreach ($allCorePerms as $permName => $corePerm) { |
| 37 | $e->permissions[$permName] = [ |
| 38 | 'group' => 'civicrm', |
| 39 | 'title' => $corePerm['label'] ?? $corePerm[0] ?? $permName, |
| 40 | 'description' => $corePerm['description'] ?? $corePerm[1] ?? NULL, |
| 41 | 'is_active' => isset($activeCorePerms[$permName]), |
| 42 | ]; |
| 43 | } |
| 44 | } |
| 45 | |
| 46 | /** |
| 47 | * Enumerate permissions that originate in the CMS (core or module/plugin), |
| 48 | * excluding any Civi permissions. |
| 49 | * |
| 50 | * @param \Civi\Core\Event\GenericHookEvent $e |
| 51 | * @see \CRM_Utils_Hook::permissionList |
| 52 | */ |
| 53 | public static function findCmsPermissions(GenericHookEvent $e) { |
| 54 | $config = \CRM_Core_Config::singleton(); |
| 55 | |
| 56 | $ufPerms = $config->userPermissionClass->getAvailablePermissions(); |
| 57 | foreach ($ufPerms as $permName => $cmsPerm) { |
| 58 | $e->permissions[$permName] = [ |
| 59 | 'group' => 'cms', |
| 60 | 'title' => $cmsPerm['title'] ?? $permName, |
| 61 | 'description' => $cmsPerm['description'] ?? NULL, |
| 62 | ]; |
| 63 | } |
| 64 | |
| 65 | // There are a handful of special permissions defined in CRM/Core/Permission/*.php |
| 66 | // using the `translatePermission()` mechanism. |
| 67 | $e->permissions['cms:view user account'] = [ |
| 68 | 'group' => 'cms', |
| 69 | 'title' => ts('CMS') . ': ' . ts('View user accounts'), |
| 70 | 'description' => ts('View user accounts. (Synthetic permission - adapts to local CMS)'), |
| 71 | 'is_synthetic' => TRUE, |
| 72 | ]; |
| 73 | $e->permissions['cms:administer users'] = [ |
| 74 | 'group' => 'cms', |
| 75 | 'title' => ts('CMS') . ': ' . ts('Administer user accounts'), |
| 76 | 'description' => ts('Administer user accounts. (Synthetic permission - adapts to local CMS)'), |
| 77 | 'is_synthetic' => TRUE, |
| 78 | ]; |
| 79 | } |
| 80 | |
| 81 | /** |
| 82 | * @param \Civi\Core\Event\GenericHookEvent $e |
| 83 | * @see \CRM_Utils_Hook::permissionList |
| 84 | */ |
| 85 | public static function findConstPermissions(GenericHookEvent $e) { |
| 86 | // There are a handful of special permissions defined in CRM/Core/Permission. |
| 87 | $e->permissions[\CRM_Core_Permission::ALWAYS_DENY_PERMISSION] = [ |
| 88 | 'group' => 'const', |
| 89 | 'title' => ts('Constant: Always deny'), |
| 90 | 'is_synthetic' => TRUE, |
| 91 | ]; |
| 92 | $e->permissions[\CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION] = [ |
| 93 | 'group' => 'const', |
| 94 | 'title' => ts('Constant: Always allow'), |
| 95 | 'is_synthetic' => TRUE, |
| 96 | ]; |
| 97 | } |
| 98 | |
| 99 | } |