5 +--------------------------------------------------------------------+
6 | CiviCRM version 4.3 |
7 +--------------------------------------------------------------------+
8 | Copyright CiviCRM LLC (c) 2004-2013 |
9 +--------------------------------------------------------------------+
10 | This file is a part of CiviCRM. |
12 | CiviCRM is free software; you can copy, modify, and distribute it |
13 | under the terms of the GNU Affero General Public License |
14 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
16 | CiviCRM is distributed in the hope that it will be useful, but |
17 | WITHOUT ANY WARRANTY; without even the implied warranty of |
18 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
19 | See the GNU Affero General Public License for more details. |
21 | You should have received a copy of the GNU Affero General Public |
22 | License and the CiviCRM Licensing Exception along |
23 | with this program; if not, contact CiviCRM LLC |
24 | at info[AT]civicrm[DOT]org. If you have questions about the |
25 | GNU Affero General Public License or the licensing of CiviCRM, |
26 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
27 +--------------------------------------------------------------------+
33 * @copyright CiviCRM LLC (c) 2004-2013
41 class CRM_ACL_BAO_ACL
extends CRM_ACL_DAO_ACL
{
42 static $_entityTable = NULL;
43 static $_objectTable = NULL;
44 static $_operation = NULL;
46 static $_fieldKeys = NULL;
48 static function entityTable() {
49 if (!self
::$_entityTable) {
50 self
::$_entityTable = array(
51 'civicrm_contact' => ts('Contact'),
52 'civicrm_acl_role' => ts('ACL Role'),
55 return self
::$_entityTable;
58 static function objectTable() {
59 if (!self
::$_objectTable) {
60 self
::$_objectTable = array(
61 'civicrm_contact' => ts('Contact'),
62 'civicrm_group' => ts('Group'),
63 'civicrm_saved_search' => ts('Contact Group'),
64 'civicrm_admin' => ts('Administer'),
65 'civicrm_admin' => ts('Import'),
68 return self
::$_objectTable;
71 static function operation() {
72 if (!self
::$_operation) {
73 self
::$_operation = array(
76 'Create' => ts('Create'),
77 'Delete' => ts('Delete'),
78 'Search' => ts('Search'),
82 return self
::$_operation;
86 * Construct a WHERE clause to handle permissions to $object_*
88 * @param array ref $tables - Any tables that may be needed in the FROM
89 * @param string $operation - The operation being attempted
90 * @param string $object_table - The table of the object in question
91 * @param int $object_id - The ID of the object in question
92 * @param int $acl_id - If it's a grant/revoke operation, the ACL ID
93 * @param boolean $acl_role - For grant operations, this flag determines if we're granting a single acl (false) or an entire group.
95 * @return string - The WHERE clause, or 0 on failure
99 public static function permissionClause(&$tables, $operation,
100 $object_table = NULL, $object_id = NULL,
101 $acl_id = NULL, $acl_role = FALSE
103 $dao = new CRM_ACL_DAO_ACL
;
106 'ACL' => self
::getTableName(),
107 'ACLRole' => 'civicrm_acl_role',
108 'ACLEntityRole' => CRM_ACL_DAO_EntityRole
::getTableName(),
109 'Contact' => CRM_Contact_DAO_Contact
::getTableName(),
110 'Group' => CRM_Contact_DAO_Group
::getTableName(),
111 'GroupContact' => CRM_Contact_DAO_GroupContact
::getTableName(),
114 $session = CRM_Core_Session
::singleton();
115 $contact_id = $session->get('userID');
117 $where = " {$t['ACL']}.operation = '" . CRM_Utils_Type
::escape($operation, 'String') . "'";
119 /* Include clause if we're looking for a specific table/id permission */
122 if (!empty($object_table)) {
123 $where .= " AND ( {$t['ACL']}.object_table IS null
124 OR ({$t['ACL']}.object_table = '" . CRM_Utils_Type
::escape($object_table, 'String') . "'";
125 if (!empty($object_id)) {
126 $where .= " AND ({$t['ACL']}.object_id IS null
127 OR {$t['ACL']}.object_id = " . CRM_Utils_Type
::escape($object_id, 'Integer') . ')';
132 /* Include clause if we're granting an ACL or ACL Role */
135 if (!empty($acl_id)) {
136 $where .= " AND ({$t['ACL']}.acl_id IS null
137 OR {$t['ACL']}.acl_id = " . CRM_Utils_Type
::escape($acl_id, 'Integer') . ')';
139 $where .= " AND {$t['ACL']}.acl_table = '{$t['ACLRole']}'";
142 $where .= " AND {$t['ACL']}.acl_table = '{$t['ACL']}'";
148 /* Query for permissions granted to all contacts in the domain */
151 $query[] = "SELECT {$t['ACL']}.*, 0 as override
154 WHERE {$t['ACL']}.entity_table = '{$t['Domain']}'
157 /* Query for permissions granted to all contacts through an ACL group */
160 $query[] = "SELECT {$t['ACL']}.*, 0 as override
163 INNER JOIN {$t['ACLEntityRole']}
164 ON ({$t['ACL']}.entity_table = '{$t['ACLRole']}'
165 AND {$t['ACL']}.entity_id =
166 {$t['ACLEntityRole']}.acl_role_id)
168 INNER JOIN {$t['ACLRole']}
169 ON {$t['ACL']}.entity_id =
172 WHERE {$t['ACLEntityRole']}.entity_table =
174 AND {$t['ACLRole']}.is_active = 1
177 /* Query for permissions granted directly to the contact */
180 $query[] = "SELECT {$t['ACL']}.*, 1 as override
183 INNER JOIN {$t['Contact']}
184 ON ({$t['ACL']}.entity_table = '{$t['Contact']}'
185 AND {$t['ACL']}.entity_id = {$t['Contact']}.id)
187 WHERE {$t['Contact']}.id = $contact_id
190 /* Query for permissions granted to the contact through an ACL group */
193 $query[] = "SELECT {$t['ACL']}.*, 1 as override
196 INNER JOIN {$t['ACLEntityRole']}
197 ON ({$t['ACL']}.entity_table = '{$t['ACLRole']}'
198 AND {$t['ACL']}.entity_id =
199 {$t['ACLEntityRole']}.acl_role_id)
201 INNER JOIN {$t['ACLRole']}
202 ON {$t['ACL']}.entity_id = {$t['ACLRole']}.id
204 WHERE {$t['ACLEntityRole']}.entity_table =
206 AND {$t['ACLRole']}.is_active = 1
207 AND {$t['ACLEntityRole']}.entity_id = $contact_id
210 /* Query for permissions granted to the contact through a group */
213 $query[] = "SELECT {$t['ACL']}.*, 0 as override
216 INNER JOIN {$t['GroupContact']}
217 ON ({$t['ACL']}.entity_table = '{$t['Group']}'
218 AND {$t['ACL']}.entity_id =
219 {$t['GroupContact']}.group_id)
222 AND {$t['GroupContact']}.contact_id = $contact_id
223 AND {$t['GroupContact']}.status = 'Added')";
226 /* Query for permissions granted through an ACL group to a Contact
230 $query[] = "SELECT {$t['ACL']}.*, 0 as override
233 INNER JOIN {$t['ACLEntityRole']}
234 ON ({$t['ACL']}.entity_table = '{$t['ACLRole']}'
235 AND {$t['ACL']}.entity_id =
236 {$t['ACLEntityRole']}.acl_role_id)
238 INNER JOIN {$t['ACLRole']}
239 ON {$t['ACL']}.entity_id = {$t['ACLRole']}.id
241 INNER JOIN {$t['GroupContact']}
242 ON ({$t['ACLEntityRole']}.entity_table =
244 AND {$t['ACLEntityRole']}.entity_id =
245 {$t['GroupContact']}.group_id)
248 AND {$t['ACLRole']}.is_active = 1
249 AND {$t['GroupContact']}.contact_id = $contact_id
250 AND {$t['GroupContact']}.status = 'Added'";
252 $union = '(' . implode(') UNION DISTINCT (', $query) . ')';
260 while ($dao->fetch()) {
261 /* Instant bypass for the following cases:
262 * 1) the rule governs all tables
263 * 2) the rule governs all objects in the table in question
264 * 3) the rule governs the specific object we want
268 if (empty($dao->object_table
) ||
269 ($dao->object_table
== $object_table
270 && (empty($dao->object_id
)
271 ||
$dao->object_id
== $object_id
278 /* Otherwise try to generate a clause for this rule */
281 $clause = self
::getClause(
282 $dao->object_table
, $dao->object_id
, $tables
285 /* If the clause returned is null, then the rule is a blanket
286 * (id is null) on a table other than the one we're interested
290 if (empty($clause)) {
295 /* Now we figure out if this is an allow or deny rule, and possibly
296 * a contact-level override */
305 if ($dao->override
) {
306 $override[] = $clause;
311 $allows = '(' . implode(' OR ', $allow) . ')';
312 $denies = '(' . implode(' OR ', $deny) . ')';
313 if (!empty($override)) {
314 $denies = '(NOT (' . implode(' OR ', $override) . ") AND $denies)";
317 return "($allows AND NOT $denies)";
321 * Given a table and id pair, return the filter clause
323 * @param string $table - The table owning the object
324 * @param int $id - The ID of the object
325 * @param array ref $tables - Tables that will be needed in the FROM
327 * @return string|null - WHERE-style clause to filter results,
328 or null if $table or $id is null
332 public static function getClause($table, $id, &$tables) {
333 $table = CRM_Utils_Type
::escape($table, 'String');
334 $id = CRM_Utils_Type
::escape($id, 'Integer');
335 $whereTables = array();
337 $ssTable = CRM_Contact_BAO_SavedSearch
::getTableName();
342 elseif ($table == $ssTable) {
343 return CRM_Contact_BAO_SavedSearch
::whereClause($id, $tables, $whereTables);
345 elseif (!empty($id)) {
346 $tables[$table] = TRUE;
347 return "$table.id = $id";
353 * Construct an associative array of an ACL rule's properties
355 * @param string sprintf format for array
356 * @param bool empty only return elemnts that have a value set.
358 * @return array - Assoc. array of the ACL rule's properties
361 function toArray($format = '%s', $hideEmpty = false) {
364 if (!self
::$_fieldKeys) {
365 $fields = CRM_ACL_DAO_ACL
::fields();
366 self
::$_fieldKeys = array_keys($fields);
369 foreach (self
::$_fieldKeys as $field) {
370 $result[$field] = $this->$field;
376 * Retrieve ACLs for a contact or group. Note that including a contact id
377 * without a group id will return those ACL rules which are granted
378 * directly to the contact, but not those granted to the contact through
379 * any/all of his group memberships.
381 * @param int $contact_id - ID of a contact to search for
382 * @param int $group_id - ID of a group to search for
383 * @param boolean $aclRoles - Should we include ACL Roles
385 * @return array - Array of assoc. arrays of ACL rules
389 public static function &getACLs($contact_id = NULL, $group_id = NULL, $aclRoles = FALSE) {
392 if (empty($contact_id)) {
396 $contact_id = CRM_Utils_Type
::escape($contact_id, 'Integer');
398 $group_id = CRM_Utils_Type
::escape($group_id, 'Integer');
401 $rule = new CRM_ACL_BAO_ACL();
404 $acl = self
::getTableName();
405 $contact = CRM_Contact_BAO_Contact
::getTableName();
406 $c2g = CRM_Contact_BAO_GroupContact
::getTableName();
407 $group = CRM_Contact_BAO_Group
::getTableName();
409 $query = " SELECT $acl.*
412 if (!empty($group_id)) {
413 $query .= " INNER JOIN $c2g
414 ON $acl.entity_id = $c2g.group_id
415 WHERE $acl.entity_table = '$group'
416 AND $acl.is_active = 1
417 AND $c2g.group_id = $group_id";
419 if (!empty($contact_id)) {
420 $query .= " AND $c2g.contact_id = $contact_id
421 AND $c2g.status = 'Added'";
425 if (!empty($contact_id)) {
426 $query .= " WHERE $acl.entity_table = '$contact'
427 AND $acl.entity_id = $contact_id";
431 $rule->query($query);
433 while ($rule->fetch()) {
434 $results[$rule->id
] = $rule->toArray();
438 $results +
= self
::getACLRoles($contact_id, $group_id);
445 * Get all of the ACLs through ACL groups
447 * @param int $contact_id - ID of a contact to search for
448 * @param int $group_id - ID of a group to search for
450 * @return array - Array of assoc. arrays of ACL rules
454 public static function &getACLRoles($contact_id = NULL, $group_id = NULL) {
455 $contact_id = CRM_Utils_Type
::escape($contact_id, 'Integer');
457 $group_id = CRM_Utils_Type
::escape($group_id, 'Integer');
460 $rule = new CRM_ACL_BAO_ACL();
462 $acl = self
::getTableName();
463 $aclRole = 'civicrm_acl_role';
464 $aclRoleJoin = CRM_ACL_DAO_EntityRole
::getTableName();
465 $contact = CRM_Contact_BAO_Contact
::getTableName();
466 $c2g = CRM_Contact_BAO_GroupContact
::getTableName();
467 $group = CRM_Contact_BAO_Group
::getTableName();
469 $query = " SELECT $acl.*
471 INNER JOIN civicrm_option_group og
472 ON og.name = 'acl_role'
473 INNER JOIN civicrm_option_value ov
474 ON $acl.entity_table = '$aclRole'
475 AND ov.option_group_id = og.id
476 AND $acl.entity_id = ov.value";
478 if (!empty($group_id)) {
479 $query .= " INNER JOIN $c2g
480 ON $acl.entity_id = $c2g.group_id
481 WHERE $acl.entity_table = '$group'
482 AND $acl.is_active = 1
483 AND $c2g.group_id = $group_id";
485 if (!empty($contact_id)) {
486 $query .= " AND $c2g.contact_id = $contact_id
487 AND $c2g.status = 'Added'";
491 if (!empty($contact_id)) {
492 $query .= " WHERE $acl.entity_table = '$contact'
493 AND $acl.is_active = 1
494 AND $acl.entity_id = $contact_id";
500 $rule->query($query);
502 while ($rule->fetch()) {
503 $results[$rule->id
] = $rule->toArray();
510 * Get all ACLs granted to a contact through all group memberships
512 * @param int $contact_id - The contact's ID
513 * @param boolean $aclRoles - Include ACL Roles?
515 * @return array - Assoc array of ACL rules
519 public static function &getGroupACLs($contact_id, $aclRoles = FALSE) {
520 $contact_id = CRM_Utils_Type
::escape($contact_id, 'Integer');
522 $rule = new CRM_ACL_BAO_ACL();
525 $acl = self
::getTableName();
526 $c2g = CRM_Contact_BAO_GroupContact
::getTableName();
527 $group = CRM_Contact_BAO_Group
::getTableName();
535 ON $acl.entity_id = $c2g.group_id
536 WHERE $acl.entity_table = '$group'
537 AND $c2g.contact_id = $contact_id
538 AND $c2g.status = 'Added'";
540 $rule->query($query);
542 while ($rule->fetch()) {
543 $results[$rule->id
] = &$rule->toArray();
548 $results +
= self
::getGroupACLRoles($contact_id);
555 * Get all of the ACLs for a contact through ACL groups owned by Contact
558 * @param int $contact_id - ID of a contact to search for
560 * @return array - Array of assoc. arrays of ACL rules
564 public static function &getGroupACLRoles($contact_id) {
565 $contact_id = CRM_Utils_Type
::escape($contact_id, 'Integer');
567 $rule = new CRM_ACL_BAO_ACL();
569 $acl = self
::getTableName();
570 $aclRole = 'civicrm_acl_role';
573 $aclER = CRM_ACL_DAO_EntityRole
::getTableName();
574 $c2g = CRM_Contact_BAO_GroupContact
::getTableName();
575 $group = CRM_Contact_BAO_Group
::getTableName();
577 $query = " SELECT $acl.*
579 INNER JOIN civicrm_option_group og
580 ON og.name = 'acl_role'
581 INNER JOIN civicrm_option_value ov
582 ON $acl.entity_table = '$aclRole'
583 AND ov.option_group_id = og.id
584 AND $acl.entity_id = ov.value
587 ON $aclER.acl_role_id = $acl.entity_id
588 AND $aclER.is_active = 1
590 ON $aclER.entity_id = $c2g.group_id
591 AND $aclER.entity_table = 'civicrm_group'
592 WHERE $acl.entity_table = '$aclRole'
593 AND $acl.is_active = 1
594 AND $c2g.contact_id = $contact_id
595 AND $c2g.status = 'Added'";
599 $rule->query($query);
601 while ($rule->fetch()) {
602 $results[$rule->id
] = &$rule->toArray();
605 // also get all acls for "Any Role" case
606 // and authenticated User Role if present
608 $session = CRM_Core_Session
::singleton();
609 if ($session->get('ufID') > 0) {
616 WHERE $acl.entity_id IN ( $roles )
617 AND $acl.entity_table = 'civicrm_acl_role'
620 $rule->query($query);
621 while ($rule->fetch()) {
622 $results[$rule->id
] = $rule->toArray();
629 * Get all ACLs owned by a given contact, including domain and group-level.
631 * @param int $contact_id - The contact ID
633 * @return array - Assoc array of ACL rules
637 public static function &getAllByContact($contact_id) {
640 /* First, the contact-specific ACLs, including ACL Roles */
641 $result +
= self
::getACLs($contact_id, NULL, TRUE);
643 /* Then, all ACLs granted through group membership */
644 $result +
= self
::getGroupACLs($contact_id, TRUE);
649 static function create(&$params) {
650 $dao = new CRM_ACL_DAO_ACL();
651 $dao->copyValues($params);
655 static function retrieve(&$params, &$defaults) {
656 CRM_Core_DAO
::commonRetrieve('CRM_ACL_DAO_ACL', $params, $defaults);
660 * update the is_active flag in the db
662 * @param int $id id of the database record
663 * @param boolean $is_active value we want to set the is_active field
665 * @return Object DAO object on sucess, null otherwise
668 static function setIsActive($id, $is_active) {
669 // note this also resets any ACL cache
670 CRM_Core_BAO_Cache
::deleteGroup('contact fields');
672 return CRM_Core_DAO
::setFieldValue('CRM_ACL_DAO_ACL', $id, 'is_active', $is_active);
675 static function check($str, $contactID) {
677 $acls = CRM_ACL_BAO_Cache
::build($contactID);
679 $aclKeys = array_keys($acls);
680 $aclKeys = implode(',', $aclKeys);
682 if (empty($aclKeys)) {
689 FROM civicrm_acl_cache c, civicrm_acl a
690 WHERE c.acl_id = a.id
692 AND a.object_table = %1
693 AND a.id IN ( $aclKeys )
695 $params = array(1 => array($str, 'String'));
697 $count = CRM_Core_DAO
::singleValueQuery($query, $params);
698 return ($count) ?
TRUE : FALSE;
701 public static function whereClause($type, &$tables, &$whereTables, $contactID = NULL) {
702 $acls = CRM_ACL_BAO_Cache
::build($contactID);
703 //CRM_Core_Error::debug( "a: $contactID", $acls );
709 $aclKeys = array_keys($acls);
710 $aclKeys = implode(',', $aclKeys);
713 SELECT a.operation, a.object_id
714 FROM civicrm_acl_cache c, civicrm_acl a
715 WHERE c.acl_id = a.id
717 AND a.object_table = 'civicrm_saved_search'
718 AND a.id IN ( $aclKeys )
722 $dao = CRM_Core_DAO
::executeQuery($query);
724 // do an or of all the where clauses u see
726 while ($dao->fetch()) {
727 // make sure operation matches the type TODO
728 if (self
::matchType($type, $dao->operation
)) {
729 if (!$dao->object_id
) {
731 $whereClause = ' ( 1 ) ';
734 $ids[] = $dao->object_id
;
739 $ids = implode(',', $ids);
743 WHERE g.id IN ( $ids )
746 $dao = CRM_Core_DAO
::executeQuery($query);
747 $staticGroupIDs = array();
748 $cachedGroupIDs = array();
749 while ($dao->fetch()) {
750 // currently operation is restrcited to VIEW/EDIT
751 if ($dao->where_clause
) {
752 if ($dao->select_tables
) {
753 $tmpTables = array();
754 foreach (unserialize($dao->select_tables
) as $tmpName => $tmpInfo) {
755 if ($tmpName == '`civicrm_group_contact-' . $dao->id
. '`') {
756 $tmpName = '`civicrm_group_contact-ACL`';
757 $tmpInfo = str_replace('civicrm_group_contact-' . $dao->id
, 'civicrm_group_contact-ACL', $tmpInfo);
759 elseif ($tmpName == '`civicrm_group_contact_cache_' . $dao->id
. '`') {
760 $tmpName = '`civicrm_group_contact_cache-ACL`';
761 $tmpInfo = str_replace('civicrm_group_contact_cache_' . $dao->id
, 'civicrm_group_contact_cache-ACL', $tmpInfo);
763 $tmpTables[$tmpName] = $tmpInfo;
765 $tables = array_merge($tables,
769 if ($dao->where_tables
) {
770 $tmpTables = array();
771 foreach (unserialize($dao->where_tables
) as $tmpName => $tmpInfo) {
772 if ($tmpName == '`civicrm_group_contact-' . $dao->id
. '`') {
773 $tmpName = '`civicrm_group_contact-ACL`';
774 $tmpInfo = str_replace('civicrm_group_contact-' . $dao->id
, 'civicrm_group_contact-ACL', $tmpInfo);
775 $staticGroupIDs[] = $dao->id
;
777 elseif ($tmpName == '`civicrm_group_contact_cache_' . $dao->id
. '`') {
778 $tmpName = '`civicrm_group_contact_cache-ACL`';
779 $tmpInfo = str_replace('civicrm_group_contact_cache_' . $dao->id
, 'civicrm_group_contact_cache-ACL', $tmpInfo);
780 $cachedGroupIDs[] = $dao->id
;
782 $tmpTables[$tmpName] = $tmpInfo;
784 $whereTables = array_merge($whereTables, $tmpTables);
788 if (($dao->saved_search_id ||
$dao->children ||
$dao->parents
) &&
789 $dao->cache_date
== NULL) {
790 CRM_Contact_BAO_GroupContactCache
::load($dao);
794 if ($staticGroupIDs) {
795 $clauses[] = '( `civicrm_group_contact-ACL`.group_id IN (' . join(', ', $staticGroupIDs) . ') AND `civicrm_group_contact-ACL`.status IN ("Added") )';
798 if ($cachedGroupIDs) {
799 $clauses[] = '`civicrm_group_contact_cache-ACL`.group_id IN (' . join(', ', $cachedGroupIDs) . ')';
804 if (!empty($clauses)) {
805 $whereClause = ' ( ' . implode(' OR ', $clauses) . ' ) ';
808 // call the hook to get additional whereClauses
809 CRM_Utils_Hook
::aclWhereClause($type, $tables, $whereTables, $contactID, $whereClause);
811 if (empty($whereClause)) {
812 $whereClause = ' ( 0 ) ';
818 public static function group($type,
820 $tableName = 'civicrm_saved_search',
822 $includedGroups = NULL
825 $acls = CRM_ACL_BAO_Cache
::build($contactID);
827 if (!empty($includedGroups) &&
828 is_array($includedGroups)
830 $ids = $includedGroups;
837 $aclKeys = array_keys($acls);
838 $aclKeys = implode(',', $aclKeys);
841 SELECT a.operation, a.object_id
842 FROM civicrm_acl_cache c, civicrm_acl a
843 WHERE c.acl_id = a.id
845 AND a.object_table = %1
846 AND a.id IN ( $aclKeys )
847 GROUP BY a.operation,a.object_id
850 $params = array(1 => array($tableName, 'String'));
851 $dao = CRM_Core_DAO
::executeQuery($query, $params);
852 while ($dao->fetch()) {
853 if ($dao->object_id
) {
854 if (self
::matchType($type, $dao->operation
)) {
855 $ids[] = $dao->object_id
;
859 // this user has got the permission for all objects of this type
860 // check if the type matches
861 if (self
::matchType($type, $dao->operation
)) {
862 foreach ($allGroups as $id => $dontCare) {
871 CRM_Utils_Hook
::aclGroup($type, $contactID, $tableName, $allGroups, $ids);
876 static function matchType($type, $operation) {
878 switch ($operation) {
884 if ($type == CRM_ACL_API
::VIEW
) {
890 if ($type == CRM_ACL_API
::VIEW ||
$type == CRM_ACL_API
::EDIT
) {
896 if ($type == CRM_ACL_API
::CREATE
) {
902 if ($type == CRM_ACL_API
::DELETE
) {
908 if ($type == CRM_ACL_API
::SEARCH
) {
917 * Function to delete ACL records
919 * @param int $aclId ID of the ACL record to be deleted.
924 static function del($aclId) {
925 // delete all entries from the acl cache
926 CRM_ACL_BAO_Cache
::resetCache();
928 $acl = new CRM_ACL_DAO_ACL();