<?php
/*
+--------------------------------------------------------------------+
- | CiviCRM version 4.3 |
+ | CiviCRM version 4.4 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2013 |
+--------------------------------------------------------------------+
*/
const ALWAYS_ALLOW_PERMISSION = "*always allow*";
+ /**
+ * Various authentication sources
+ *
+ * @var int
+ */
+ CONST AUTH_SRC_UNKNOWN = 0, AUTH_SRC_CHECKSUM = 1, AUTH_SRC_SITEKEY = 2, AUTH_SRC_LOGIN = 4;
+
/**
* get the current permission of this user
*
*/
public static function getPermission() {
$config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->getPermission( );
+ return $config->userPermissionClass->getPermission();
}
/**
- * given a permission string, check for access requirements
+ * given a permission string or array, check for access requirements
+ * @param mixed $permissions the permission to check as an array or string -see examples
+ * arrays
+ *
+ * Ex 1
+ *
+ * Must have 'access CiviCRM'
+ * (string) 'access CiviCRM'
*
- * @param string $str the permission to check
+ *
+ * Ex 2 Must have 'access CiviCRM' and 'access Ajax API'
+ * array('access CiviCRM', 'access Ajax API')
+ *
+ * Ex 3 Must have 'access CiviCRM' or 'access Ajax API'
+ * array(
+ * array('access CiviCRM', 'access Ajax API'),
+ * ),
+ *
+ * Ex 4 Must have 'access CiviCRM' or 'access Ajax API' AND 'access CiviEvent'
+ * array(
+ * array('access CiviCRM', 'access Ajax API'),
+ * 'access CiviEvent',
+ * ),
+ *
+ * Note that in permissions.php this is keyed by the action eg.
+ * (access Civi || access AJAX) && (access CiviEvent || access CiviContribute)
+ * 'myaction' => array(
+ * array('access CiviCRM', 'access Ajax API'),
+ * array('access CiviEvent', 'access CiviContribute')
+ * ),
*
* @return boolean true if yes, else false
* @static
* @access public
*/
- static function check($str) {
- $config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->check( $str );
+ static function check($permissions) {
+ $permissions = (array) $permissions;
+
+ foreach ($permissions as $permission) {
+ if(is_array($permission)) {
+ foreach ($permission as $orPerm) {
+ if(self::check($orPerm)) {
+ //one of our 'or' permissions has succeeded - stop checking this permission
+ return TRUE;;
+ }
+ }
+ //none of our our conditions was met
+ return FALSE;
+ }
+ else {
+ if(!CRM_Core_Config::singleton()->userPermissionClass->check($permission)) {
+ //one of our 'and' conditions has not been met
+ return FALSE;
+ }
+ }
+ }
+ return TRUE;
}
/**
*/
static function checkGroupRole($array) {
$config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->checkGroupRole( $array );
+ return $config->userPermissionClass->checkGroupRole($array);
}
/**
*/
public static function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
$config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->getPermissionedStaticGroupClause( $type, $tables, $whereTables );
+ return $config->userPermissionClass->getPermissionedStaticGroupClause($type, $tables, $whereTables);
}
/**
*/
public static function group($groupType, $excludeHidden = TRUE) {
$config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->group( $groupType, $excludeHidden );
+ return $config->userPermissionClass->group($groupType, $excludeHidden);
}
public static function customGroupAdmin() {
}
public static function customGroup($type = CRM_Core_Permission::VIEW, $reset = FALSE) {
- $customGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_CustomField', 'custom_group_id', array('fresh' => $reset));
+ $customGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_CustomField', 'custom_group_id',
+ array('fresh' => $reset));
$defaultGroups = array();
// check if user has all powerful permission
}
public static function ufGroup($type = CRM_Core_Permission::VIEW) {
- $ufGroups = CRM_Core_PseudoConstant::ufGroup();
+ $ufGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_UFField', 'uf_group_id');
$allGroups = array_keys($ufGroups);
if (!$eventID) {
return $permissionedEvents;
}
- return array_search($eventID, $permissionedEvents) === FALSE ? NULL : $eventID;
+ if (!empty($permissionedEvents)) {
+ return array_search($eventID, $permissionedEvents) === FALSE ? NULL : $eventID;
+ }
+ else {
+ return $eventID;
+ }
}
static function eventClause($type = CRM_Core_Permission::VIEW, $prefix = NULL) {
/**
* check permissions for delete and edit actions
*
- * @param string $module component name.
+ * @param string $module component name.
* @param $action action to be check across component
*
**/
'delete all manual batches' => $prefix . ts('delete all manual batches'),
'export own manual batches' => $prefix . ts('export own manual batches'),
'export all manual batches' => $prefix . ts('export all manual batches'),
+ 'administer payment processors' => $prefix . ts('administer payment processors'),
);
return $permissions;
$aclPermission = self::getPermission();
if (in_array($aclPermission, array(
CRM_Core_Permission::EDIT,
- CRM_Core_Permission::VIEW,
- ))) {
+ CRM_Core_Permission::VIEW,
+ ))
+ ) {
return TRUE;
}
/**
* Function to get component name from given permission.
*
- * @param string $permission
+ * @param string $permission
*
* return string $componentName the name of component.
* @static
*/
public static function permissionEmails($permissionName) {
$config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->permissionEmails( $permissionName );
+ return $config->userPermissionClass->permissionEmails($permissionName);
}
/**
*/
public static function roleEmails($roleName) {
$config = CRM_Core_Config::singleton();
- return $config->userRoleClass->roleEmails( $roleName );
+ return $config->userRoleClass->roleEmails($roleName);
}
static function isMultisiteEnabled() {
) ? TRUE : FALSE;
}
}
-
projects / civicrm-core.git / blobdiff