<?php
/*
+--------------------------------------------------------------------+
- | CiviCRM version 4.3 |
+ | CiviCRM version 4.4 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2013 |
+--------------------------------------------------------------------+
*/
CONST EDIT = 1, VIEW = 2, DELETE = 3, CREATE = 4, SEARCH = 5, ALL = 6, ADMIN = 7;
+ /**
+ * A placeholder permission which always fails
+ */
+ const ALWAYS_DENY_PERMISSION = "*always deny*";
+
+ /**
+ * A placeholder permission which always fails
+ */
+ const ALWAYS_ALLOW_PERMISSION = "*always allow*";
+
+ /**
+ * Various authentication sources
+ *
+ * @var int
+ */
+ CONST AUTH_SRC_UNKNOWN = 0, AUTH_SRC_CHECKSUM = 1, AUTH_SRC_SITEKEY = 2, AUTH_SRC_LOGIN = 4;
+
/**
* get the current permission of this user
*
*/
public static function getPermission() {
$config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->getPermission( );
+ return $config->userPermissionClass->getPermission();
}
/**
- * given a permission string, check for access requirements
+ * given a permission string or array, check for access requirements
+ * @param mixed $permissions the permission to check as an array or string -see examples
+ * arrays
+ *
+ * Ex 1
+ *
+ * Must have 'access CiviCRM'
+ * (string) 'access CiviCRM'
+ *
+ *
+ * Ex 2 Must have 'access CiviCRM' and 'access Ajax API'
+ * array('access CiviCRM', 'access Ajax API')
+ *
+ * Ex 3 Must have 'access CiviCRM' or 'access Ajax API'
+ * array(
+ * array('access CiviCRM', 'access Ajax API'),
+ * ),
*
- * @param string $str the permission to check
+ * Ex 4 Must have 'access CiviCRM' or 'access Ajax API' AND 'access CiviEvent'
+ * array(
+ * array('access CiviCRM', 'access Ajax API'),
+ * 'access CiviEvent',
+ * ),
+ *
+ * Note that in permissions.php this is keyed by the action eg.
+ * (access Civi || access AJAX) && (access CiviEvent || access CiviContribute)
+ * 'myaction' => array(
+ * array('access CiviCRM', 'access Ajax API'),
+ * array('access CiviEvent', 'access CiviContribute')
+ * ),
*
* @return boolean true if yes, else false
* @static
* @access public
*/
- static function check($str) {
- $config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->check( $str );
+ static function check($permissions) {
+ $permissions = (array) $permissions;
+
+ foreach ($permissions as $permission) {
+ if(is_array($permission)) {
+ foreach ($permission as $orPerm) {
+ if(self::check($orPerm)) {
+ //one of our 'or' permissions has succeeded - stop checking this permission
+ return TRUE;;
+ }
+ }
+ //none of our our conditions was met
+ return FALSE;
+ }
+ else {
+ if(!CRM_Core_Config::singleton()->userPermissionClass->check($permission)) {
+ //one of our 'and' conditions has not been met
+ return FALSE;
+ }
+ }
+ }
+ return TRUE;
}
/**
*/
static function checkGroupRole($array) {
$config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->checkGroupRole( $array );
+ return $config->userPermissionClass->checkGroupRole($array);
}
/**
*/
public static function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
$config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->getPermissionedStaticGroupClause( $type, $tables, $whereTables );
+ return $config->userPermissionClass->getPermissionedStaticGroupClause($type, $tables, $whereTables);
}
/**
*/
public static function group($groupType, $excludeHidden = TRUE) {
$config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->group( $groupType, $excludeHidden );
+ return $config->userPermissionClass->group($groupType, $excludeHidden);
}
public static function customGroupAdmin() {
return TRUE;
}
- if (self::check('administer Multiple Organizations') &&
+ if (
+ self::check('administer Multiple Organizations') &&
self::isMultisiteEnabled()
) {
return TRUE;
}
public static function customGroup($type = CRM_Core_Permission::VIEW, $reset = FALSE) {
- $customGroups = CRM_Core_PseudoConstant::customGroup($reset);
+ $customGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_CustomField', 'custom_group_id',
+ array('fresh' => $reset));
$defaultGroups = array();
// check if user has all powerful permission
}
public static function ufGroup($type = CRM_Core_Permission::VIEW) {
- $ufGroups = CRM_Core_PseudoConstant::ufGroup();
+ $ufGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_UFField', 'uf_group_id');
$allGroups = array_keys($ufGroups);
if (!$eventID) {
return $permissionedEvents;
}
- return array_search($eventID, $permissionedEvents) === FALSE ? NULL : $eventID;
+ if (!empty($permissionedEvents)) {
+ return array_search($eventID, $permissionedEvents) === FALSE ? NULL : $eventID;
+ }
+ else {
+ return $eventID;
+ }
}
static function eventClause($type = CRM_Core_Permission::VIEW, $prefix = NULL) {
/**
* check permissions for delete and edit actions
*
- * @param string $module component name.
+ * @param string $module component name.
* @param $action action to be check across component
*
**/
'add contacts' => $prefix . ts('add contacts'),
'view all contacts' => $prefix . ts('view all contacts'),
'edit all contacts' => $prefix . ts('edit all contacts'),
+ 'view my contact' => $prefix . ts('view my contact'),
+ 'edit my contact' => $prefix . ts('edit my contact'),
'delete contacts' => $prefix . ts('delete contacts'),
'access deleted contacts' => $prefix . ts('access deleted contacts'),
'import contacts' => $prefix . ts('import contacts'),
'edit groups' => $prefix . ts('edit groups'),
'administer CiviCRM' => $prefix . ts('administer CiviCRM'),
+ 'skip IDS check' => $prefix . ts('skip IDS check'),
'access uploaded files' => $prefix . ts('access uploaded files'),
'profile listings and forms' => $prefix . ts('profile listings and forms'),
'profile listings' => $prefix . ts('profile listings'),
$aclPermission = self::getPermission();
if (in_array($aclPermission, array(
CRM_Core_Permission::EDIT,
- CRM_Core_Permission::VIEW,
- ))) {
+ CRM_Core_Permission::VIEW,
+ ))
+ ) {
return TRUE;
}
/**
* Function to get component name from given permission.
*
- * @param string $permission
+ * @param string $permission
*
* return string $componentName the name of component.
* @static
if (empty($allCompPermissions)) {
$components = CRM_Core_Component::getComponents();
foreach ($components as $name => $comp) {
- $allCompPermissions[$name] = $comp->getPermissions();
+ //get all permissions of each components unconditionally
+ $allCompPermissions[$name] = $comp->getPermissions(TRUE);
}
}
*/
public static function permissionEmails($permissionName) {
$config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->permissionEmails( $permissionName );
+ return $config->userPermissionClass->permissionEmails($permissionName);
}
/**
*/
public static function roleEmails($roleName) {
$config = CRM_Core_Config::singleton();
- return $config->userRoleClass->roleEmails( $roleName );
+ return $config->userRoleClass->roleEmails($roleName);
}
static function isMultisiteEnabled() {
) ? TRUE : FALSE;
}
}
-