CRM/Core/DAO/permissions.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 5                                                  |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2019                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26  */
  27
  28 /**
  29  * Decide what permissions to check for an api call
  30  *
  31  * @param $entity : (str) api entity
  32  * @param $action : (str) api action
  33  * @param $params : (array) api params
  34  *
  35  * @return array
  36  *   Array of permissions to check for this entity-action combo
  37  */
  38 function _civicrm_api3_permissions($entity, $action, &$params) {
  39   // FIXME: Lowercase entity_names are nonstandard but difficult to fix here
  40   // because this function invokes hook_civicrm_alterAPIPermissions
  41   $entity = _civicrm_api_get_entity_name_from_camel($entity);
  42   $permissions = CRM_Core_Permission::getEntityActionPermissions();
  43
  44   // Translate 'create' action to 'update' if id is set
  45   if ($action == 'create' && (!empty($params['id']) || !empty($params[$entity . '_id']))) {
  46     $action = 'update';
  47   }
  48
  49   // let third parties modify the permissions
  50   CRM_Utils_Hook::alterAPIPermissions($entity, $action, $params, $permissions);
  51
  52   // Merge permissions for this entity with the defaults
  53   $perm = CRM_Utils_Array::value($entity, $permissions, array()) + $permissions['default'];
  54
  55   // Return exact match if permission for this action has been declared
  56   if (isset($perm[$action])) {
  57     return $perm[$action];
  58   }
  59
  60   // Translate specific actions into their generic equivalents
  61   $action = CRM_Core_Permission::getGenericAction($action);
  62
  63   return isset($perm[$action]) ? $perm[$action] : $perm['default'];
  64 }
  65
  66 # FIXME: not sure how to permission the following API 3 calls:
  67 # contribution_transact (make online contributions)
  68 # entity_tag_display
  69 # group_contact_pending
  70 # group_contact_update_status
  71 # mailing_event_bounce
  72 # mailing_event_click
  73 # mailing_event_confirm
  74 # mailing_event_forward
  75 # mailing_event_open
  76 # mailing_event_reply
  77 # mailing_group_event_domain_unsubscribe
  78 # mailing_group_event_resubscribe
  79 # mailing_group_event_subscribe
  80 # mailing_group_event_unsubscribe
  81 # membership_status_calc
  82 # survey_respondant_count