projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #7970 from otetard/CRM-18235
[civicrm-core.git] / CRM / Core / DAO / permissions.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.7 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2016 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 * Decide what permissions to check for an api call
30 *
31 * @param $entity : (str) api entity
32 * @param $action : (str) api action
33 * @param $params : (array) api params
34 *
35 * @return array
36 * Array of permissions to check for this entity-action combo
37 */
38 function _civicrm_api3_permissions($entity, $action, &$params) {
39 // FIXME: Lowercase entity_names are nonstandard but difficult to fix here
40 // because this function invokes hook_civicrm_alterAPIPermissions
41 $entity = _civicrm_api_get_entity_name_from_camel($entity);
42
43 /**
44 * @var array of permissions
45 *
46 * For each entity, we declare an array of permissions required for each action
47 * The action is the array key, possible values:
48 * * create: applies to create (with no id in params)
49 * * update: applies to update, setvalue, create (with id in params)
50 * * get: applies to getcount, getsingle, getvalue and other gets
51 * * delete: applies to delete, replace
52 * * meta: applies to getfields, getoptions, getspec
53 * * default: catch-all for anything not declared
54 *
55 * Note: some APIs declare other actions as well
56 *
57 * Permissions should use arrays for AND and arrays of arrays for OR
58 * @see CRM_Core_Permission::check for more documentation
59 */
60 $permissions = array();
61
62 // These are the default permissions - if any entity does not declare permissions for a given action,
63 // (or the entity does not declare permissions at all) - then the action will be used from here
64 $permissions['default'] = array(
65 // applies to getfields, getoptions, etc.
66 'meta' => array('access CiviCRM'),
67 // catch-all, applies to create, get, delete, etc.
68 // If an entity declares it's own 'default' action it will override this one
69 'default' => array('administer CiviCRM'),
70 );
71
72 // Note: Additional permissions in DynamicFKAuthorization
73 $permissions['attachment'] = array(
74 'default' => array(
75 array('access CiviCRM', 'access AJAX API'),
76 ),
77 );
78
79 // Contact permissions
80 $permissions['contact'] = array(
81 'create' => array(
82 'access CiviCRM',
83 'add contacts',
84 ),
85 'delete' => array(
86 'access CiviCRM',
87 'delete contacts',
88 ),
89 // managed by query object
90 'get' => array(),
91 // managed by _civicrm_api3_check_edit_permissions
92 'update' => array(),
93 'getquick' => array(
94 array('access CiviCRM', 'access AJAX API'),
95 ),
96 );
97
98 // CRM-16963 - Permissions for country.
99 $permissions['country'] = array(
100 'get' => array(
101 'access CiviCRM',
102 ),
103 'default' => array(
104 'administer CiviCRM',
105 ),
106 );
107
108 // Contact-related data permissions.
109 $permissions['address'] = array(
110 // get is managed by BAO::addSelectWhereClause
111 // create/delete are managed by _civicrm_api3_check_edit_permissions
112 'default' => array(),
113 );
114 $permissions['email'] = $permissions['address'];
115 $permissions['phone'] = $permissions['address'];
116 $permissions['website'] = $permissions['address'];
117 $permissions['im'] = $permissions['address'];
118
119 // @todo - implement CRM_Core_BAO_EntityTag::addSelectWhereClause and remove this heavy-handed restriction
120 $permissions['entity_tag'] = array(
121 'get' => array('access CiviCRM', 'view all contacts'),
122 'default' => array('access CiviCRM', 'edit all contacts'),
123 );
124 // @todo - ditto
125 $permissions['note'] = $permissions['entity_tag'];
126
127 // CRM-17350 - entity_tag ACL permissions are checked at the BAO level
128 $permissions['entity_tag'] = array(
129 'get' => array(
130 'access CiviCRM',
131 'view all contacts',
132 ),
133 'default' => array(
134 'access CiviCRM',
135 ),
136 );
137
138 // Allow non-admins to get and create tags to support tagset widget
139 // Delete is still reserved for admins
140 $permissions['tag'] = array(
141 'get' => array('access CiviCRM'),
142 'create' => array('access CiviCRM'),
143 'update' => array('access CiviCRM'),
144 );
145
146 //relationship permissions
147 $permissions['relationship'] = array(
148 // get is managed by BAO::addSelectWhereClause
149 'get' => array(),
150 'delete' => array(
151 'access CiviCRM',
152 'edit all contacts',
153 ),
154 'default' => array(
155 'access CiviCRM',
156 'edit all contacts',
157 ),
158 );
159
160 // CRM-17741 - Permissions for RelationshipType.
161 $permissions['relationship_type'] = array(
162 'get' => array(
163 'access CiviCRM',
164 ),
165 'default' => array(
166 'administer CiviCRM',
167 ),
168 );
169
170 // Activity permissions
171 $permissions['activity'] = array(
172 'delete' => array(
173 'access CiviCRM',
174 'delete activities',
175 ),
176 'default' => array(
177 'access CiviCRM',
178 'view all activities',
179 ),
180 );
181
182 // Case permissions
183 $permissions['case'] = array(
184 'create' => array(
185 'access CiviCRM',
186 'add cases',
187 ),
188 'delete' => array(
189 'access CiviCRM',
190 'delete in CiviCase',
191 ),
192 'default' => array(
193 // At minimum the user needs one of the following. Finer-grained access is controlled by CRM_Case_BAO_Case::addSelectWhereClause
194 array('access my cases and activities', 'access all cases and activities'),
195 ),
196 );
197 $permissions['case_contact'] = $permissions['case'];
198
199 $permissions['case_type'] = array(
200 'default' => array('administer CiviCase'),
201 'get' => array(
202 // nested array = OR
203 array('access my cases and activities', 'access all cases and activities'),
204 ),
205 );
206
207 // Campaign permissions
208 $permissions['campaign'] = array(
209 'get' => array('access CiviCRM'),
210 'default' => array(
211 // nested array = OR
212 array('administer CiviCampaign', 'manage campaign')
213 ),
214 );
215 $permissions['survey'] = $permissions['campaign'];
216
217 // Financial permissions
218 $permissions['contribution'] = array(
219 'get' => array(
220 'access CiviCRM',
221 'access CiviContribute',
222 ),
223 'delete' => array(
224 'access CiviCRM',
225 'access CiviContribute',
226 'delete in CiviContribute',
227 ),
228 'completetransaction' => array(
229 'edit contributions',
230 ),
231 'default' => array(
232 'access CiviCRM',
233 'access CiviContribute',
234 'edit contributions',
235 ),
236 );
237 $permissions['line_item'] = $permissions['contribution'];
238
239 // Payment permissions
240 $permissions['payment'] = array(
241 'get' => array(
242 'access CiviCRM',
243 'access CiviContribute',
244 ),
245 'delete' => array(
246 'access CiviCRM',
247 'access CiviContribute',
248 'delete in CiviContribute',
249 ),
250 'cancel' => array(
251 'access CiviCRM',
252 'access CiviContribute',
253 'edit contributions',
254 ),
255 'create' => array(
256 'access CiviCRM',
257 'access CiviContribute',
258 'edit contributions',
259 ),
260 'default' => array(
261 'access CiviCRM',
262 'access CiviContribute',
263 'edit contributions',
264 ),
265 );
266
267 // Custom field permissions
268 $permissions['custom_field'] = array(
269 'default' => array(
270 'administer CiviCRM',
271 'access all custom data',
272 ),
273 );
274 $permissions['custom_group'] = $permissions['custom_field'];
275
276 // Event permissions
277 $permissions['event'] = array(
278 'create' => array(
279 'access CiviCRM',
280 'access CiviEvent',
281 'edit all events',
282 ),
283 'delete' => array(
284 'access CiviCRM',
285 'access CiviEvent',
286 'delete in CiviEvent',
287 ),
288 'get' => array(
289 'access CiviCRM',
290 'access CiviEvent',
291 'view event info',
292 ),
293 'update' => array(
294 'access CiviCRM',
295 'access CiviEvent',
296 'edit all events',
297 ),
298 );
299 // Loc block is only used for events
300 $permissions['loc_block'] = $permissions['event'];
301
302 // File permissions
303 $permissions['file'] = array(
304 'default' => array(
305 'access CiviCRM',
306 'access uploaded files',
307 ),
308 );
309 $permissions['files_by_entity'] = $permissions['file'];
310
311 // Group permissions
312 $permissions['group'] = array(
313 'get' => array(
314 'access CiviCRM',
315 ),
316 'default' => array(
317 'access CiviCRM',
318 'edit groups',
319 ),
320 );
321
322 $permissions['group_nesting'] = $permissions['group'];
323 $permissions['group_organization'] = $permissions['group'];
324
325 //Group Contact permission
326 $permissions['group_contact'] = array(
327 'get' => array(
328 'access CiviCRM',
329 ),
330 'default' => array(
331 'access CiviCRM',
332 'edit all contacts',
333 ),
334 );
335
336 // CiviMail Permissions
337 $civiMailBasePerms = array(
338 // To get/preview/update, one must have least one of these perms:
339 // Mailing API implementations enforce nuances of create/approve/schedule permissions.
340 'access CiviMail',
341 'create mailings',
342 'schedule mailings',
343 'approve mailings',
344 );
345 $permissions['mailing'] = array(
346 'get' => array(
347 'access CiviCRM',
348 $civiMailBasePerms,
349 ),
350 'delete' => array(
351 'access CiviCRM',
352 $civiMailBasePerms,
353 'delete in CiviMail',
354 ),
355 'submit' => array(
356 'access CiviCRM',
357 array('access CiviMail', 'schedule mailings'),
358 ),
359 'default' => array(
360 'access CiviCRM',
361 $civiMailBasePerms,
362 ),
363 );
364 $permissions['mailing_group'] = $permissions['mailing'];
365 $permissions['mailing_job'] = $permissions['mailing'];
366 $permissions['mailing_recipients'] = $permissions['mailing'];
367
368 $permissions['mailing_a_b'] = array(
369 'get' => array(
370 'access CiviCRM',
371 'access CiviMail',
372 ),
373 'delete' => array(
374 'access CiviCRM',
375 'access CiviMail',
376 'delete in CiviMail',
377 ),
378 'submit' => array(
379 'access CiviCRM',
380 array('access CiviMail', 'schedule mailings'),
381 ),
382 'default' => array(
383 'access CiviCRM',
384 'access CiviMail',
385 ),
386 );
387
388 // Membership permissions
389 $permissions['membership'] = array(
390 'get' => array(
391 'access CiviCRM',
392 'access CiviMember',
393 ),
394 'delete' => array(
395 'access CiviCRM',
396 'access CiviMember',
397 'delete in CiviMember',
398 ),
399 'default' => array(
400 'access CiviCRM',
401 'access CiviMember',
402 'edit memberships',
403 ),
404 );
405 $permissions['membership_status'] = $permissions['membership'];
406 $permissions['membership_type'] = $permissions['membership'];
407 $permissions['membership_payment'] = array(
408 'create' => array(
409 'access CiviCRM',
410 'access CiviMember',
411 'edit memberships',
412 'access CiviContribute',
413 'edit contributions',
414 ),
415 'delete' => array(
416 'access CiviCRM',
417 'access CiviMember',
418 'delete in CiviMember',
419 'access CiviContribute',
420 'delete in CiviContribute',
421 ),
422 'get' => array(
423 'access CiviCRM',
424 'access CiviMember',
425 'access CiviContribute',
426 ),
427 'update' => array(
428 'access CiviCRM',
429 'access CiviMember',
430 'edit memberships',
431 'access CiviContribute',
432 'edit contributions',
433 ),
434 );
435
436 // Participant permissions
437 $permissions['participant'] = array(
438 'create' => array(
439 'access CiviCRM',
440 'access CiviEvent',
441 'register for events',
442 ),
443 'delete' => array(
444 'access CiviCRM',
445 'access CiviEvent',
446 'edit event participants',
447 ),
448 'get' => array(
449 'access CiviCRM',
450 'access CiviEvent',
451 'view event participants',
452 ),
453 'update' => array(
454 'access CiviCRM',
455 'access CiviEvent',
456 'edit event participants',
457 ),
458 );
459 $permissions['participant_payment'] = array(
460 'create' => array(
461 'access CiviCRM',
462 'access CiviEvent',
463 'register for events',
464 'access CiviContribute',
465 'edit contributions',
466 ),
467 'delete' => array(
468 'access CiviCRM',
469 'access CiviEvent',
470 'edit event participants',
471 'access CiviContribute',
472 'delete in CiviContribute',
473 ),
474 'get' => array(
475 'access CiviCRM',
476 'access CiviEvent',
477 'view event participants',
478 'access CiviContribute',
479 ),
480 'update' => array(
481 'access CiviCRM',
482 'access CiviEvent',
483 'edit event participants',
484 'access CiviContribute',
485 'edit contributions',
486 ),
487 );
488
489 // Pledge permissions
490 $permissions['pledge'] = array(
491 'create' => array(
492 'access CiviCRM',
493 'access CiviPledge',
494 'edit pledges',
495 ),
496 'delete' => array(
497 'access CiviCRM',
498 'access CiviPledge',
499 'delete in CiviPledge',
500 ),
501 'get' => array(
502 'access CiviCRM',
503 'access CiviPledge',
504 ),
505 'update' => array(
506 'access CiviCRM',
507 'access CiviPledge',
508 'edit pledges',
509 ),
510 );
511
512 //CRM-16777: Disable schedule reminder for user that have 'edit all events' and 'administer CiviCRM' permission.
513 $permissions['action_schedule'] = array(
514 'update' => array(
515 array(
516 'access CiviCRM',
517 'edit all events',
518 ),
519 ),
520 );
521
522 $permissions['pledge_payment'] = array(
523 'create' => array(
524 'access CiviCRM',
525 'access CiviPledge',
526 'edit pledges',
527 'access CiviContribute',
528 'edit contributions',
529 ),
530 'delete' => array(
531 'access CiviCRM',
532 'access CiviPledge',
533 'delete in CiviPledge',
534 'access CiviContribute',
535 'delete in CiviContribute',
536 ),
537 'get' => array(
538 'access CiviCRM',
539 'access CiviPledge',
540 'access CiviContribute',
541 ),
542 'update' => array(
543 'access CiviCRM',
544 'access CiviPledge',
545 'edit pledges',
546 'access CiviContribute',
547 'edit contributions',
548 ),
549 );
550
551 // Profile permissions
552 $permissions['profile'] = array(
553 'get' => array(), // the profile will take care of this
554 );
555
556 $permissions['uf_group'] = array(
557 'create' => array(
558 'access CiviCRM',
559 array(
560 'administer CiviCRM',
561 'manage event profiles',
562 ),
563 ),
564 'get' => array(
565 'access CiviCRM',
566 ),
567 'update' => array(
568 'access CiviCRM',
569 array(
570 'administer CiviCRM',
571 'manage event profiles',
572 ),
573 ),
574 );
575 $permissions['uf_field'] = $permissions['uf_join'] = $permissions['uf_group'];
576 $permissions['uf_field']['delete'] = array(
577 'access CiviCRM',
578 array(
579 'administer CiviCRM',
580 'manage event profiles',
581 ),
582 );
583 $permissions['option_value'] = $permissions['uf_group'];
584 $permissions['option_group'] = $permissions['option_value'];
585
586 $permissions['message_template'] = array(
587 'get' => array('access CiviCRM'),
588 'create' => array('edit message templates'),
589 'update' => array('edit message templates'),
590 );
591
592 // Translate 'create' action to 'update' if id is set
593 if ($action == 'create' && (!empty($params['id']) || !empty($params[$entity . '_id']))) {
594 $action = 'update';
595 }
596
597 // let third parties modify the permissions
598 CRM_Utils_Hook::alterAPIPermissions($entity, $action, $params, $permissions);
599
600 // Merge permissions for this entity with the defaults
601 $perm = CRM_Utils_Array::value($entity, $permissions, array()) + $permissions['default'];
602
603 // Return exact match if permission for this action has been declared
604 if (isset($perm[$action])) {
605 return $perm[$action];
606 }
607
608 // Translate specific actions into their generic equivalents
609 $snippet = substr($action, 0, 3);
610 if ($action == 'replace' || $snippet == 'del') {
611 // 'Replace' is a combination of get+create+update+delete; however, the permissions
612 // on each of those will be tested separately at runtime. This is just a sniff-test
613 // based on the heuristic that 'delete' tends to be the most closely guarded
614 // of the necessary permissions.
615 $action = 'delete';
616 }
617 elseif ($action == 'setvalue' || $snippet == 'upd') {
618 $action = 'update';
619 }
620 elseif ($action == 'getfields' || $action == 'getfield' || $action == 'getspec' || $action == 'getoptions') {
621 $action = 'meta';
622 }
623 elseif ($snippet == 'get') {
624 $action = 'get';
625 }
626 return isset($perm[$action]) ? $perm[$action] : $perm['default'];
627 }
628
629 # FIXME: not sure how to permission the following API 3 calls:
630 # contribution_transact (make online contributions)
631 # entity_tag_display
632 # group_contact_pending
633 # group_contact_update_status
634 # mailing_event_bounce
635 # mailing_event_click
636 # mailing_event_confirm
637 # mailing_event_forward
638 # mailing_event_open
639 # mailing_event_reply
640 # mailing_group_event_domain_unsubscribe
641 # mailing_group_event_resubscribe
642 # mailing_group_event_subscribe
643 # mailing_group_event_unsubscribe
644 # membership_status_calc
645 # survey_respondant_count