projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
code reformatting CRM-11329
[civicrm-core.git] / CRM / Core / DAO / permissions.php
1 <?php
2
3 /*
4 +--------------------------------------------------------------------+
5 | CiviCRM version 4.3 |
6 +--------------------------------------------------------------------+
7 | Copyright CiviCRM LLC (c) 2004-2013 |
8 +--------------------------------------------------------------------+
9 | This file is a part of CiviCRM. |
10 | |
11 | CiviCRM is free software; you can copy, modify, and distribute it |
12 | under the terms of the GNU Affero General Public License |
13 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | |
15 | CiviCRM is distributed in the hope that it will be useful, but |
16 | WITHOUT ANY WARRANTY; without even the implied warranty of |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
18 | See the GNU Affero General Public License for more details. |
19 | |
20 | You should have received a copy of the GNU Affero General Public |
21 | License and the CiviCRM Licensing Exception along |
22 | with this program; if not, contact CiviCRM LLC |
23 | at info[AT]civicrm[DOT]org. If you have questions about the |
24 | GNU Affero General Public License or the licensing of CiviCRM, |
25 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
26 +--------------------------------------------------------------------+
27 */
28
29 /**
30 * Decide what permissions to check for an api call
31 * The contact must have all of the returned permissions for the api call to be allowed
32 *
33 * @param $entity: (str) api entity
34 * @param $action: (str) api action
35 * @param $params: (array) api params
36 *
37 * @return array of permissions to check for this entity-action combo
38 */
39 function _civicrm_api3_permissions($entity, $action, &$params) {
40 $entity = strtolower($entity);
41 $action = strtolower($action);
42 $permissions = array();
43
44 $permissions['activity'] = array(
45 'delete' => array(
46 'access CiviCRM',
47 'delete activities',
48 ),
49 'get' => array(
50 'access CiviCRM',
51 'view all activities',
52 ),
53 );
54 $permissions['address'] = array(
55 'create' => array(
56 'access CiviCRM',
57 'add contacts',
58 ),
59 'delete' => array(
60 'access CiviCRM',
61 'delete contacts',
62 ),
63 'get' => array(
64 'access CiviCRM',
65 'view all contacts',
66 ),
67 'update' => array(
68 'access CiviCRM',
69 'edit all contacts',
70 ),
71 );
72 $permissions['contact'] = array(
73 'create' => array(
74 'access CiviCRM',
75 'add contacts',
76 ),
77 'delete' => array(
78 'access CiviCRM',
79 'delete contacts',
80 ),
81 // managed by query object
82 'get' => array(),
83 'update' => array(
84 'access CiviCRM',
85 'edit all contacts',
86 ),
87 'getquick' => array('access CiviCRM'),
88 );
89 $permissions['contribution'] = array(
90 'create' => array(
91 'access CiviCRM',
92 'access CiviContribute',
93 'edit contributions',
94 ),
95 'delete' => array(
96 'access CiviCRM',
97 'access CiviContribute',
98 'delete in CiviContribute',
99 ),
100 'get' => array(
101 'access CiviCRM',
102 'access CiviContribute',
103 ),
104 'update' => array(
105 'access CiviCRM',
106 'access CiviContribute',
107 'edit contributions',
108 ),
109 );
110 $permissions['custom_field'] = array(
111 'create' => array(
112 'administer CiviCRM',
113 'access CiviCRM',
114 'access all custom data',
115 ),
116 'delete' => array(
117 'administer CiviCRM',
118 'access CiviCRM',
119 'access all custom data',
120 ),
121 'get' => array(
122 'administer CiviCRM',
123 'access CiviCRM',
124 'access all custom data',
125 ),
126 'update' => array(
127 'administer CiviCRM',
128 'access CiviCRM',
129 'access all custom data',
130 ),
131 );
132 $permissions['custom_group'] = array(
133 'create' => array(
134 'administer CiviCRM',
135 'access CiviCRM',
136 'access all custom data',
137 ),
138 'delete' => array(
139 'administer CiviCRM',
140 'access CiviCRM',
141 'access all custom data',
142 ),
143 'get' => array(
144 'administer CiviCRM',
145 'access CiviCRM',
146 'access all custom data',
147 ),
148 'update' => array(
149 'administer CiviCRM',
150 'access CiviCRM',
151 'access all custom data',
152 ),
153 );
154 $permissions['email'] = array(
155 'create' => array(
156 'access CiviCRM',
157 'add contacts',
158 ),
159 'delete' => array(
160 'access CiviCRM',
161 'delete contacts',
162 ),
163 'get' => array(
164 'access CiviCRM',
165 'view all contacts',
166 ),
167 'update' => array(
168 'access CiviCRM',
169 'edit all contacts',
170 ),
171 );
172 $permissions['event'] = array(
173 'create' => array(
174 'access CiviCRM',
175 'access CiviEvent',
176 'edit all events',
177 ),
178 'delete' => array(
179 'access CiviCRM',
180 'access CiviEvent',
181 'delete in CiviEvent',
182 ),
183 'get' => array(
184 'access CiviCRM',
185 'access CiviEvent',
186 'view event info',
187 ),
188 'update' => array(
189 'access CiviCRM',
190 'access CiviEvent',
191 'edit all events',
192 ),
193 );
194 $permissions['file'] = array(
195 'create' => array(
196 'access CiviCRM',
197 'access uploaded files',
198 ),
199 'delete' => array(
200 'access CiviCRM',
201 'access uploaded files',
202 ),
203 'get' => array(
204 'access CiviCRM',
205 'access uploaded files',
206 ),
207 'update' => array(
208 'access CiviCRM',
209 'access uploaded files',
210 ),
211 );
212 $permissions['files_by_entity'] = array(
213 'create' => array(
214 'access CiviCRM',
215 'access uploaded files',
216 ),
217 'delete' => array(
218 'access CiviCRM',
219 'access uploaded files',
220 ),
221 'get' => array(
222 'access CiviCRM',
223 'access uploaded files',
224 ),
225 'update' => array(
226 'access CiviCRM',
227 'access uploaded files',
228 ),
229 );
230 $permissions['group'] = array(
231 'create' => array(
232 'access CiviCRM',
233 'edit groups',
234 ),
235 'delete' => array(
236 'access CiviCRM',
237 'edit groups',
238 ),
239 'update' => array(
240 'access CiviCRM',
241 'edit groups',
242 ),
243 );
244 $permissions['group_contact'] = array(
245 'create' => array(
246 'access CiviCRM',
247 'edit groups',
248 ),
249 'delete' => array(
250 'access CiviCRM',
251 'edit groups',
252 ),
253 'update' => array(
254 'access CiviCRM',
255 'edit groups',
256 ),
257 );
258 $permissions['group_nesting'] = array(
259 'create' => array(
260 'access CiviCRM',
261 'edit groups',
262 ),
263 'delete' => array(
264 'access CiviCRM',
265 'edit groups',
266 ),
267 'update' => array(
268 'access CiviCRM',
269 'edit groups',
270 ),
271 );
272 $permissions['group_organization'] = array(
273 'create' => array(
274 'access CiviCRM',
275 'edit groups',
276 ),
277 'delete' => array(
278 'access CiviCRM',
279 'edit groups',
280 ),
281 'update' => array(
282 'access CiviCRM',
283 'edit groups',
284 ),
285 );
286 $permissions['location'] = array(
287 'create' => array(
288 'access CiviCRM',
289 'add contacts',
290 ),
291 'delete' => array(
292 'access CiviCRM',
293 'delete contacts',
294 ),
295 'get' => array(
296 'access CiviCRM',
297 'view all contacts',
298 ),
299 'update' => array(
300 'access CiviCRM',
301 'edit all contacts',
302 ),
303 );
304 $permissions['membership'] = array(
305 'create' => array(
306 'access CiviCRM',
307 'access CiviMember',
308 'edit memberships',
309 ),
310 'delete' => array(
311 'access CiviCRM',
312 'access CiviMember',
313 'delete in CiviMember',
314 ),
315 'get' => array(
316 'access CiviCRM',
317 'access CiviMember',
318 ),
319 'update' => array(
320 'access CiviCRM',
321 'access CiviMember',
322 'edit memberships',
323 ),
324 );
325 $permissions['membership_payment'] = array(
326 'create' => array(
327 'access CiviCRM',
328 'access CiviMember',
329 'edit memberships',
330 'access CiviContribute',
331 'edit contributions',
332 ),
333 'delete' => array(
334 'access CiviCRM',
335 'access CiviMember',
336 'delete in CiviMember',
337 'access CiviContribute',
338 'delete in CiviContribute',
339 ),
340 'get' => array(
341 'access CiviCRM',
342 'access CiviMember',
343 'access CiviContribute',
344 ),
345 'update' => array(
346 'access CiviCRM',
347 'access CiviMember',
348 'edit memberships',
349 'access CiviContribute',
350 'edit contributions',
351 ),
352 );
353 $permissions['membership_status'] = array(
354 'create' => array(
355 'access CiviCRM',
356 'access CiviMember',
357 'edit memberships',
358 ),
359 'delete' => array(
360 'access CiviCRM',
361 'access CiviMember',
362 'delete in CiviMember',
363 ),
364 'get' => array(
365 'access CiviCRM',
366 'access CiviMember',
367 ),
368 'update' => array(
369 'access CiviCRM',
370 'access CiviMember',
371 'edit memberships',
372 ),
373 );
374 $permissions['membership_type'] = array(
375 'create' => array(
376 'access CiviCRM',
377 'access CiviMember',
378 'edit memberships'
379 ),
380 'delete' => array(
381 'access CiviCRM',
382 'access CiviMember',
383 'delete in CiviMember',
384 ),
385 'get' => array(
386 'access CiviCRM',
387 'access CiviMember',
388 ),
389 'update' => array(
390 'access CiviCRM',
391 'access CiviMember',
392 'edit memberships',
393 ),
394 );
395 $permissions['note'] = array(
396 'create' => array(
397 'access CiviCRM',
398 'add contacts'
399 ),
400 'delete' => array(
401 'access CiviCRM',
402 'delete contacts',
403 ),
404 'get' => array(
405 'access CiviCRM',
406 'view all contacts',
407 ),
408 'update' => array(
409 'access CiviCRM',
410 'edit all contacts',
411 ),
412 );
413 $permissions['participant'] = array(
414 'create' => array(
415 'access CiviCRM',
416 'access CiviEvent',
417 'register for events',
418 ),
419 'delete' => array(
420 'access CiviCRM',
421 'access CiviEvent',
422 'edit event participants',
423 ),
424 'get' => array(
425 'access CiviCRM',
426 'access CiviEvent',
427 'view event participants',
428 ),
429 'update' => array(
430 'access CiviCRM',
431 'access CiviEvent',
432 'edit event participants',
433 ),
434 );
435 $permissions['participant_payment'] = array(
436 'create' => array(
437 'access CiviCRM',
438 'access CiviEvent',
439 'register for events',
440 'access CiviContribute',
441 'edit contributions',
442 ),
443 'delete' => array(
444 'access CiviCRM',
445 'access CiviEvent',
446 'edit event participants',
447 'access CiviContribute',
448 'delete in CiviContribute',
449 ),
450 'get' => array(
451 'access CiviCRM',
452 'access CiviEvent',
453 'view event participants',
454 'access CiviContribute',
455 ),
456 'update' => array(
457 'access CiviCRM',
458 'access CiviEvent',
459 'edit event participants',
460 'access CiviContribute',
461 'edit contributions',
462 ),
463 );
464 $permissions['phone'] = array(
465 'create' => array(
466 'access CiviCRM',
467 'add contacts',
468 ),
469 'delete' => array(
470 'access CiviCRM',
471 'delete contacts',
472 ),
473 'get' => array(
474 'access CiviCRM',
475 'view all contacts',
476 ),
477 'update' => array(
478 'access CiviCRM',
479 'edit all contacts',
480 ),
481 );
482 $permissions['pledge'] = array(
483 'create' => array(
484 'access CiviCRM',
485 'access CiviPledge',
486 'edit pledges',
487 ),
488 'delete' => array(
489 'access CiviCRM',
490 'access CiviPledge',
491 'delete in CiviPledge',
492 ),
493 'get' => array(
494 'access CiviCRM',
495 'access CiviPledge',
496 ),
497 'update' => array(
498 'access CiviCRM',
499 'access CiviPledge',
500 'edit pledges',
501 ),
502 );
503 $permissions['pledge_payment'] = array(
504 'create' => array(
505 'access CiviCRM',
506 'access CiviPledge',
507 'edit pledges',
508 'access CiviContribute',
509 'edit contributions',
510 ),
511 'delete' => array(
512 'access CiviCRM',
513 'access CiviPledge',
514 'delete in CiviPledge',
515 'access CiviContribute',
516 'delete in CiviContribute',
517 ),
518 'get' => array(
519 'access CiviCRM',
520 'access CiviPledge',
521 'access CiviContribute',
522 ),
523 'update' => array(
524 'access CiviCRM',
525 'access CiviPledge',
526 'edit pledges',
527 'access CiviContribute',
528 'edit contributions',
529 ),
530 );
531 $permissions['system'] = array(
532 'flush' => array('administer CiviCRM'),
533 );
534 $permissions['website'] = array(
535 'create' => array(
536 'access CiviCRM',
537 'add contacts',
538 ),
539 'delete' => array(
540 'access CiviCRM',
541 'delete contacts',
542 ),
543 'get' => array(
544 'access CiviCRM',
545 'view all contacts',
546 ),
547 'update' => array(
548 'access CiviCRM',
549 'edit all contacts',
550 ),
551 );
552
553 // let third parties modify the permissions
554 CRM_Utils_Hook::alterAPIPermissions($entity, $action, $params, $permissions);
555
556 return isset($permissions[$entity][$action]) ? $permissions[$entity][$action] : array('administer CiviCRM');
557 }
558
559 # FIXME: not sure how to permission the following API 3 calls:
560 # contribution_transact (make online contributions)
561 # entity_tag_display
562 # group_contact_pending
563 # group_contact_update_status
564 # mailing_event_bounce
565 # mailing_event_click
566 # mailing_event_confirm
567 # mailing_event_forward
568 # mailing_event_open
569 # mailing_event_reply
570 # mailing_group_event_domain_unsubscribe
571 # mailing_group_event_resubscribe
572 # mailing_group_event_subscribe
573 # mailing_group_event_unsubscribe
574 # membership_status_calc
575 # survey_respondant_count