projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #8318 from AdamHillier/CRM-17657
[civicrm-core.git] / CRM / Core / DAO / permissions.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.7 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2016 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 * Decide what permissions to check for an api call
30 *
31 * @param $entity : (str) api entity
32 * @param $action : (str) api action
33 * @param $params : (array) api params
34 *
35 * @return array
36 * Array of permissions to check for this entity-action combo
37 */
38 function _civicrm_api3_permissions($entity, $action, &$params) {
39 // FIXME: Lowercase entity_names are nonstandard but difficult to fix here
40 // because this function invokes hook_civicrm_alterAPIPermissions
41 $entity = _civicrm_api_get_entity_name_from_camel($entity);
42
43 /**
44 * @var array of permissions
45 *
46 * For each entity, we declare an array of permissions required for each action
47 * The action is the array key, possible values:
48 * * create: applies to create (with no id in params)
49 * * update: applies to update, setvalue, create (with id in params)
50 * * get: applies to getcount, getsingle, getvalue and other gets
51 * * delete: applies to delete, replace
52 * * meta: applies to getfields, getoptions, getspec
53 * * default: catch-all for anything not declared
54 *
55 * Note: some APIs declare other actions as well
56 *
57 * Permissions should use arrays for AND and arrays of arrays for OR
58 * @see CRM_Core_Permission::check for more documentation
59 */
60 $permissions = array();
61
62 // These are the default permissions - if any entity does not declare permissions for a given action,
63 // (or the entity does not declare permissions at all) - then the action will be used from here
64 $permissions['default'] = array(
65 // applies to getfields, getoptions, etc.
66 'meta' => array('access CiviCRM'),
67 // catch-all, applies to create, get, delete, etc.
68 // If an entity declares it's own 'default' action it will override this one
69 'default' => array('administer CiviCRM'),
70 );
71
72 // Note: Additional permissions in DynamicFKAuthorization
73 $permissions['attachment'] = array(
74 'default' => array(
75 array('access CiviCRM', 'access AJAX API'),
76 ),
77 );
78
79 // Contact permissions
80 $permissions['contact'] = array(
81 'create' => array(
82 'access CiviCRM',
83 'add contacts',
84 ),
85 'delete' => array(
86 'access CiviCRM',
87 'delete contacts',
88 ),
89 // managed by query object
90 'get' => array(),
91 // managed by _civicrm_api3_check_edit_permissions
92 'update' => array(),
93 'getquick' => array(
94 array('access CiviCRM', 'access AJAX API'),
95 ),
96 );
97
98 // CRM-16963 - Permissions for country.
99 $permissions['country'] = array(
100 'get' => array(
101 'access CiviCRM',
102 ),
103 'default' => array(
104 'administer CiviCRM',
105 ),
106 );
107
108 // Contact-related data permissions.
109 $permissions['address'] = array(
110 // get is managed by BAO::addSelectWhereClause
111 // create/delete are managed by _civicrm_api3_check_edit_permissions
112 'default' => array(),
113 );
114 $permissions['email'] = $permissions['address'];
115 $permissions['phone'] = $permissions['address'];
116 $permissions['website'] = $permissions['address'];
117 $permissions['im'] = $permissions['address'];
118
119 // @todo - implement CRM_Core_BAO_EntityTag::addSelectWhereClause and remove this heavy-handed restriction
120 $permissions['entity_tag'] = array(
121 'get' => array('access CiviCRM', 'view all contacts'),
122 'default' => array('access CiviCRM', 'edit all contacts'),
123 );
124 // @todo - ditto
125 $permissions['note'] = $permissions['entity_tag'];
126
127 // CRM-17350 - entity_tag ACL permissions are checked at the BAO level
128 $permissions['entity_tag'] = array(
129 'get' => array(
130 'access CiviCRM',
131 'view all contacts',
132 ),
133 'default' => array(
134 'access CiviCRM',
135 ),
136 );
137
138 // Allow non-admins to get and create tags to support tagset widget
139 // Delete is still reserved for admins
140 $permissions['tag'] = array(
141 'get' => array('access CiviCRM'),
142 'create' => array('access CiviCRM'),
143 'update' => array('access CiviCRM'),
144 );
145
146 //relationship permissions
147 $permissions['relationship'] = array(
148 // get is managed by BAO::addSelectWhereClause
149 'get' => array(),
150 'delete' => array(
151 'access CiviCRM',
152 'edit all contacts',
153 ),
154 'default' => array(
155 'access CiviCRM',
156 'edit all contacts',
157 ),
158 );
159
160 // CRM-17741 - Permissions for RelationshipType.
161 $permissions['relationship_type'] = array(
162 'get' => array(
163 'access CiviCRM',
164 ),
165 'default' => array(
166 'administer CiviCRM',
167 ),
168 );
169
170 // Activity permissions
171 $permissions['activity'] = array(
172 'delete' => array(
173 'access CiviCRM',
174 'delete activities',
175 ),
176 'get' => array(
177 'access CiviCRM',
178 // Note that view all activities is also required within the api
179 // if the id is not passed in. Where the id is passed in the activity
180 // specific check functions are used and tested.
181 ),
182 'default' => array(
183 'access CiviCRM',
184 'view all activities',
185 ),
186 );
187
188 // Case permissions
189 $permissions['case'] = array(
190 'create' => array(
191 'access CiviCRM',
192 'add cases',
193 ),
194 'delete' => array(
195 'access CiviCRM',
196 'delete in CiviCase',
197 ),
198 'default' => array(
199 // At minimum the user needs one of the following. Finer-grained access is controlled by CRM_Case_BAO_Case::addSelectWhereClause
200 array('access my cases and activities', 'access all cases and activities'),
201 ),
202 );
203 $permissions['case_contact'] = $permissions['case'];
204
205 $permissions['case_type'] = array(
206 'default' => array('administer CiviCase'),
207 'get' => array(
208 // nested array = OR
209 array('access my cases and activities', 'access all cases and activities'),
210 ),
211 );
212
213 // Campaign permissions
214 $permissions['campaign'] = array(
215 'get' => array('access CiviCRM'),
216 'default' => array(
217 // nested array = OR
218 array('administer CiviCampaign', 'manage campaign')
219 ),
220 );
221 $permissions['survey'] = $permissions['campaign'];
222
223 // Financial permissions
224 $permissions['contribution'] = array(
225 'get' => array(
226 'access CiviCRM',
227 'access CiviContribute',
228 ),
229 'delete' => array(
230 'access CiviCRM',
231 'access CiviContribute',
232 'delete in CiviContribute',
233 ),
234 'completetransaction' => array(
235 'edit contributions',
236 ),
237 'default' => array(
238 'access CiviCRM',
239 'access CiviContribute',
240 'edit contributions',
241 ),
242 );
243 $permissions['line_item'] = $permissions['contribution'];
244
245 // Payment permissions
246 $permissions['payment'] = array(
247 'get' => array(
248 'access CiviCRM',
249 'access CiviContribute',
250 ),
251 'delete' => array(
252 'access CiviCRM',
253 'access CiviContribute',
254 'delete in CiviContribute',
255 ),
256 'cancel' => array(
257 'access CiviCRM',
258 'access CiviContribute',
259 'edit contributions',
260 ),
261 'create' => array(
262 'access CiviCRM',
263 'access CiviContribute',
264 'edit contributions',
265 ),
266 'default' => array(
267 'access CiviCRM',
268 'access CiviContribute',
269 'edit contributions',
270 ),
271 );
272
273 // Custom field permissions
274 $permissions['custom_field'] = array(
275 'default' => array(
276 'administer CiviCRM',
277 'access all custom data',
278 ),
279 );
280 $permissions['custom_group'] = $permissions['custom_field'];
281
282 // Event permissions
283 $permissions['event'] = array(
284 'create' => array(
285 'access CiviCRM',
286 'access CiviEvent',
287 'edit all events',
288 ),
289 'delete' => array(
290 'access CiviCRM',
291 'access CiviEvent',
292 'delete in CiviEvent',
293 ),
294 'get' => array(
295 'access CiviCRM',
296 'access CiviEvent',
297 'view event info',
298 ),
299 'update' => array(
300 'access CiviCRM',
301 'access CiviEvent',
302 'edit all events',
303 ),
304 );
305 // Loc block is only used for events
306 $permissions['loc_block'] = $permissions['event'];
307
308 // File permissions
309 $permissions['file'] = array(
310 'default' => array(
311 'access CiviCRM',
312 'access uploaded files',
313 ),
314 );
315 $permissions['files_by_entity'] = $permissions['file'];
316
317 // Group permissions
318 $permissions['group'] = array(
319 'get' => array(
320 'access CiviCRM',
321 ),
322 'default' => array(
323 'access CiviCRM',
324 'edit groups',
325 ),
326 );
327
328 $permissions['group_nesting'] = $permissions['group'];
329 $permissions['group_organization'] = $permissions['group'];
330
331 //Group Contact permission
332 $permissions['group_contact'] = array(
333 'get' => array(
334 'access CiviCRM',
335 ),
336 'default' => array(
337 'access CiviCRM',
338 'edit all contacts',
339 ),
340 );
341
342 // CiviMail Permissions
343 $civiMailBasePerms = array(
344 // To get/preview/update, one must have least one of these perms:
345 // Mailing API implementations enforce nuances of create/approve/schedule permissions.
346 'access CiviMail',
347 'create mailings',
348 'schedule mailings',
349 'approve mailings',
350 );
351 $permissions['mailing'] = array(
352 'get' => array(
353 'access CiviCRM',
354 $civiMailBasePerms,
355 ),
356 'delete' => array(
357 'access CiviCRM',
358 $civiMailBasePerms,
359 'delete in CiviMail',
360 ),
361 'submit' => array(
362 'access CiviCRM',
363 array('access CiviMail', 'schedule mailings'),
364 ),
365 'default' => array(
366 'access CiviCRM',
367 $civiMailBasePerms,
368 ),
369 );
370 $permissions['mailing_group'] = $permissions['mailing'];
371 $permissions['mailing_job'] = $permissions['mailing'];
372 $permissions['mailing_recipients'] = $permissions['mailing'];
373
374 $permissions['mailing_a_b'] = array(
375 'get' => array(
376 'access CiviCRM',
377 'access CiviMail',
378 ),
379 'delete' => array(
380 'access CiviCRM',
381 'access CiviMail',
382 'delete in CiviMail',
383 ),
384 'submit' => array(
385 'access CiviCRM',
386 array('access CiviMail', 'schedule mailings'),
387 ),
388 'default' => array(
389 'access CiviCRM',
390 'access CiviMail',
391 ),
392 );
393
394 // Membership permissions
395 $permissions['membership'] = array(
396 'get' => array(
397 'access CiviCRM',
398 'access CiviMember',
399 ),
400 'delete' => array(
401 'access CiviCRM',
402 'access CiviMember',
403 'delete in CiviMember',
404 ),
405 'default' => array(
406 'access CiviCRM',
407 'access CiviMember',
408 'edit memberships',
409 ),
410 );
411 $permissions['membership_status'] = $permissions['membership'];
412 $permissions['membership_type'] = $permissions['membership'];
413 $permissions['membership_payment'] = array(
414 'create' => array(
415 'access CiviCRM',
416 'access CiviMember',
417 'edit memberships',
418 'access CiviContribute',
419 'edit contributions',
420 ),
421 'delete' => array(
422 'access CiviCRM',
423 'access CiviMember',
424 'delete in CiviMember',
425 'access CiviContribute',
426 'delete in CiviContribute',
427 ),
428 'get' => array(
429 'access CiviCRM',
430 'access CiviMember',
431 'access CiviContribute',
432 ),
433 'update' => array(
434 'access CiviCRM',
435 'access CiviMember',
436 'edit memberships',
437 'access CiviContribute',
438 'edit contributions',
439 ),
440 );
441
442 // Participant permissions
443 $permissions['participant'] = array(
444 'create' => array(
445 'access CiviCRM',
446 'access CiviEvent',
447 'register for events',
448 ),
449 'delete' => array(
450 'access CiviCRM',
451 'access CiviEvent',
452 'edit event participants',
453 ),
454 'get' => array(
455 'access CiviCRM',
456 'access CiviEvent',
457 'view event participants',
458 ),
459 'update' => array(
460 'access CiviCRM',
461 'access CiviEvent',
462 'edit event participants',
463 ),
464 );
465 $permissions['participant_payment'] = array(
466 'create' => array(
467 'access CiviCRM',
468 'access CiviEvent',
469 'register for events',
470 'access CiviContribute',
471 'edit contributions',
472 ),
473 'delete' => array(
474 'access CiviCRM',
475 'access CiviEvent',
476 'edit event participants',
477 'access CiviContribute',
478 'delete in CiviContribute',
479 ),
480 'get' => array(
481 'access CiviCRM',
482 'access CiviEvent',
483 'view event participants',
484 'access CiviContribute',
485 ),
486 'update' => array(
487 'access CiviCRM',
488 'access CiviEvent',
489 'edit event participants',
490 'access CiviContribute',
491 'edit contributions',
492 ),
493 );
494
495 // Pledge permissions
496 $permissions['pledge'] = array(
497 'create' => array(
498 'access CiviCRM',
499 'access CiviPledge',
500 'edit pledges',
501 ),
502 'delete' => array(
503 'access CiviCRM',
504 'access CiviPledge',
505 'delete in CiviPledge',
506 ),
507 'get' => array(
508 'access CiviCRM',
509 'access CiviPledge',
510 ),
511 'update' => array(
512 'access CiviCRM',
513 'access CiviPledge',
514 'edit pledges',
515 ),
516 );
517
518 //CRM-16777: Disable schedule reminder for user that have 'edit all events' and 'administer CiviCRM' permission.
519 $permissions['action_schedule'] = array(
520 'update' => array(
521 array(
522 'access CiviCRM',
523 'edit all events',
524 ),
525 ),
526 );
527
528 $permissions['pledge_payment'] = array(
529 'create' => array(
530 'access CiviCRM',
531 'access CiviPledge',
532 'edit pledges',
533 'access CiviContribute',
534 'edit contributions',
535 ),
536 'delete' => array(
537 'access CiviCRM',
538 'access CiviPledge',
539 'delete in CiviPledge',
540 'access CiviContribute',
541 'delete in CiviContribute',
542 ),
543 'get' => array(
544 'access CiviCRM',
545 'access CiviPledge',
546 'access CiviContribute',
547 ),
548 'update' => array(
549 'access CiviCRM',
550 'access CiviPledge',
551 'edit pledges',
552 'access CiviContribute',
553 'edit contributions',
554 ),
555 );
556
557 // Profile permissions
558 $permissions['profile'] = array(
559 'get' => array(), // the profile will take care of this
560 );
561
562 $permissions['uf_group'] = array(
563 'create' => array(
564 'access CiviCRM',
565 array(
566 'administer CiviCRM',
567 'manage event profiles',
568 ),
569 ),
570 'get' => array(
571 'access CiviCRM',
572 ),
573 'update' => array(
574 'access CiviCRM',
575 array(
576 'administer CiviCRM',
577 'manage event profiles',
578 ),
579 ),
580 );
581 $permissions['uf_field'] = $permissions['uf_join'] = $permissions['uf_group'];
582 $permissions['uf_field']['delete'] = array(
583 'access CiviCRM',
584 array(
585 'administer CiviCRM',
586 'manage event profiles',
587 ),
588 );
589 $permissions['option_value'] = $permissions['uf_group'];
590 $permissions['option_group'] = $permissions['option_value'];
591
592 $permissions['message_template'] = array(
593 'get' => array('access CiviCRM'),
594 'create' => array('edit message templates'),
595 'update' => array('edit message templates'),
596 );
597
598 // Translate 'create' action to 'update' if id is set
599 if ($action == 'create' && (!empty($params['id']) || !empty($params[$entity . '_id']))) {
600 $action = 'update';
601 }
602
603 // let third parties modify the permissions
604 CRM_Utils_Hook::alterAPIPermissions($entity, $action, $params, $permissions);
605
606 // Merge permissions for this entity with the defaults
607 $perm = CRM_Utils_Array::value($entity, $permissions, array()) + $permissions['default'];
608
609 // Return exact match if permission for this action has been declared
610 if (isset($perm[$action])) {
611 return $perm[$action];
612 }
613
614 // Translate specific actions into their generic equivalents
615 $snippet = substr($action, 0, 3);
616 if ($action == 'replace' || $snippet == 'del') {
617 // 'Replace' is a combination of get+create+update+delete; however, the permissions
618 // on each of those will be tested separately at runtime. This is just a sniff-test
619 // based on the heuristic that 'delete' tends to be the most closely guarded
620 // of the necessary permissions.
621 $action = 'delete';
622 }
623 elseif ($action == 'setvalue' || $snippet == 'upd') {
624 $action = 'update';
625 }
626 elseif ($action == 'getfields' || $action == 'getfield' || $action == 'getspec' || $action == 'getoptions') {
627 $action = 'meta';
628 }
629 elseif ($snippet == 'get') {
630 $action = 'get';
631 }
632 return isset($perm[$action]) ? $perm[$action] : $perm['default'];
633 }
634
635 # FIXME: not sure how to permission the following API 3 calls:
636 # contribution_transact (make online contributions)
637 # entity_tag_display
638 # group_contact_pending
639 # group_contact_update_status
640 # mailing_event_bounce
641 # mailing_event_click
642 # mailing_event_confirm
643 # mailing_event_forward
644 # mailing_event_open
645 # mailing_event_reply
646 # mailing_group_event_domain_unsubscribe
647 # mailing_group_event_resubscribe
648 # mailing_group_event_subscribe
649 # mailing_group_event_unsubscribe
650 # membership_status_calc
651 # survey_respondant_count