+--------------------------------------------------------------------+
| CiviCRM version 4.6 |
+--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2014 |
+ | Copyright CiviCRM LLC (c) 2004-2015 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
-*/
+ */
/**
*
* @package CRM
- * @copyright CiviCRM LLC (c) 2004-2014
+ * @copyright CiviCRM LLC (c) 2004-2015
* $Id$
*
*/
class CRM_Core_Permission {
/**
- * Static strings used to compose permissions
+ * Static strings used to compose permissions.
*
* @const
* @var string
const EDIT_GROUPS = 'edit contacts in ', VIEW_GROUPS = 'view contacts in ';
/**
- * The various type of permissions
+ * The various type of permissions.
*
* @var int
*/
const EDIT = 1, VIEW = 2, DELETE = 3, CREATE = 4, SEARCH = 5, ALL = 6, ADMIN = 7;
/**
- * A placeholder permission which always fails
+ * A placeholder permission which always fails.
*/
const ALWAYS_DENY_PERMISSION = "*always deny*";
/**
- * A placeholder permission which always fails
+ * A placeholder permission which always fails.
*/
const ALWAYS_ALLOW_PERMISSION = "*always allow*";
/**
- * Various authentication sources
+ * Various authentication sources.
*
* @var int
*/
const AUTH_SRC_UNKNOWN = 0, AUTH_SRC_CHECKSUM = 1, AUTH_SRC_SITEKEY = 2, AUTH_SRC_LOGIN = 4;
/**
- * Get the current permission of this user
+ * Get the current permission of this user.
*
- * @return string the permission of the user (edit or view or null)
+ * @return string
+ * the permission of the user (edit or view or null)
*/
public static function getPermission() {
$config = CRM_Core_Config::singleton();
* Given a permission string or array, check for access requirements
* @param mixed $permissions
* The permission to check as an array or string -see examples.
- * arrays
+ * arrays
*
* Ex 1
*
* array('access CiviEvent', 'access CiviContribute')
* ),
*
- * @return boolean true if yes, else false
- * @static
+ * @return bool
+ * true if yes, else false
*/
public static function check($permissions) {
$permissions = (array) $permissions;
}
/**
- * Determine if any one of the permissions strings applies to current user
+ * Determine if any one of the permissions strings applies to current user.
*
* @param array $perms
* @return bool
* @param array $array
* The group/role to check.
*
- * @return boolean true if yes, else false
- * @static
+ * @return bool
+ * true if yes, else false
*/
public static function checkGroupRole($array) {
$config = CRM_Core_Config::singleton();
}
/**
- * Get the permissioned where clause for the user
+ * Get the permissioned where clause for the user.
*
* @param int $type
* The type of permission needed.
* @param array $whereTables
* (reference ) add the tables that are needed for the where clause.
*
- * @return string the group where clause for this user
+ * @return string
+ * the group where clause for this user
*/
public static function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
$config = CRM_Core_Config::singleton();
*
* @param string $groupType
* Type of group(Access/Mailing).
- * @param bool|\boolen $excludeHidden exclude hidden groups.
+ * @param bool $excludeHidden
+ * exclude hidden groups.
*
- * @static
*
- * @return array - array reference of all groups.
+ * @return array
+ * array reference of all groups.
*/
public static function group($groupType, $excludeHidden = TRUE) {
$config = CRM_Core_Config::singleton();
}
/**
- * Check permissions for delete and edit actions
+ * Check permissions for delete and edit actions.
*
* @param string $module
* Component name.
/**
* @param bool $all
+ * @param bool $descriptions
+ * whether to return descriptions
*
* @return array
*/
- public static function &basicPermissions($all = FALSE) {
- static $permissions = NULL;
+ public static function &basicPermissions($all = FALSE, $descriptions = FALSE) {
+ if ($descriptions) {
+ static $permissionsDesc = NULL;
- if (!$permissions) {
- $config = CRM_Core_Config::singleton();
- $prefix = ts('CiviCRM') . ': ';
- $permissions = self::getCorePermissions();
-
- if (self::isMultisiteEnabled()) {
- $permissions['administer Multiple Organizations'] = $prefix . ts('administer Multiple Organizations');
+ if (!$permissionsDesc) {
+ $permissionsDesc = self::assembleBasicPermissions($all, $descriptions);
}
- if (!$all) {
- $components = CRM_Core_Component::getEnabledComponents();
- }
- else {
- $components = CRM_Core_Component::getComponents();
+ return $permissionsDesc;
+ }
+ else {
+ static $permissions = NULL;
+
+ if (!$permissions) {
+ $permissions = self::assembleBasicPermissions($all, $descriptions);
}
- foreach ($components as $comp) {
- $perm = $comp->getPermissions();
- if ($perm) {
- $info = $comp->getInfo();
+ return $permissions;
+ }
+ }
+
+ /**
+ * @param bool $all
+ * @param bool $descriptions
+ * whether to return descriptions
+ *
+ * @return array
+ */
+ public static function assembleBasicPermissions($all = FALSE, $descriptions = FALSE) {
+ $config = CRM_Core_Config::singleton();
+ $prefix = ts('CiviCRM') . ': ';
+ $permissions = self::getCorePermissions($descriptions);
+
+ if (self::isMultisiteEnabled()) {
+ $permissions['administer Multiple Organizations'] = $prefix . ts('administer Multiple Organizations');
+ }
+
+ if (!$all) {
+ $components = CRM_Core_Component::getEnabledComponents();
+ }
+ else {
+ $components = CRM_Core_Component::getComponents();
+ }
+
+ foreach ($components as $comp) {
+ $perm = $comp->getPermissions(FALSE, $descriptions);
+ if ($perm) {
+ $info = $comp->getInfo();
+ if ($descriptions) {
+ foreach ($perm as $p => $attr) {
+ $title = $info['translatedName'] . ': ' . array_shift($attr);
+ array_unshift($attr, $title);
+ $permissions[$p] = $attr;
+ }
+ }
+ else {
foreach ($perm as $p) {
$permissions[$p] = $info['translatedName'] . ': ' . $p;
}
}
}
-
- // Add any permissions defined in hook_civicrm_permission implementations.
- $module_permissions = $config->userPermissionClass->getAllModulePermissions();
- $permissions = array_merge($permissions, $module_permissions);
}
+ // Add any permissions defined in hook_civicrm_permission implementations.
+ $module_permissions = $config->userPermissionClass->getAllModulePermissions($descriptions);
+ $permissions = array_merge($permissions, $module_permissions);
return $permissions;
}
static $permissions = array();
if (empty($permissions)) {
$permissions = array(
- 'administer CiviCRM'
+ 'administer CiviCRM',
);
$components = CRM_Core_Component::getComponents();
foreach ($components as $comp) {
}
/**
+ * @param bool $descriptions
+ * whether to return descriptions
+ *
* @return array
*/
- public static function getCorePermissions() {
+ public static function getCorePermissions($descriptions = FALSE) {
$prefix = ts('CiviCRM') . ': ';
$permissions = array(
- 'add contacts' => $prefix . ts('add contacts'),
- 'view all contacts' => $prefix . ts('view all contacts'),
- 'edit all contacts' => $prefix . ts('edit all contacts'),
- 'view my contact' => $prefix . ts('view my contact'),
- 'edit my contact' => $prefix . ts('edit my contact'),
- 'delete contacts' => $prefix . ts('delete contacts'),
- 'access deleted contacts' => $prefix . ts('access deleted contacts'),
- 'import contacts' => $prefix . ts('import contacts'),
- 'edit groups' => $prefix . ts('edit groups'),
- 'administer CiviCRM' => $prefix . ts('administer CiviCRM'),
- 'skip IDS check' => $prefix . ts('skip IDS check'),
- 'access uploaded files' => $prefix . ts('access uploaded files'),
- 'profile listings and forms' => $prefix . ts('profile listings and forms'),
- 'profile listings' => $prefix . ts('profile listings'),
- 'profile create' => $prefix . ts('profile create'),
- 'profile edit' => $prefix . ts('profile edit'),
- 'profile view' => $prefix . ts('profile view'),
- 'access all custom data' => $prefix . ts('access all custom data'),
- 'view all activities' => $prefix . ts('view all activities'),
- 'delete activities' => $prefix . ts('delete activities'),
- 'access CiviCRM' => $prefix . ts('access CiviCRM'),
- 'access Contact Dashboard' => $prefix . ts('access Contact Dashboard'),
- 'translate CiviCRM' => $prefix . ts('translate CiviCRM'),
- 'administer reserved groups' => $prefix . ts('administer reserved groups'),
- 'administer Tagsets' => $prefix . ts('administer Tagsets'),
- 'administer reserved tags' => $prefix . ts('administer reserved tags'),
- 'administer dedupe rules' => $prefix . ts('administer dedupe rules'),
- 'merge duplicate contacts' => $prefix . ts('merge duplicate contacts'),
- 'view debug output' => $prefix . ts('view debug output'),
- 'view all notes' => $prefix . ts('view all notes'),
- 'access AJAX API' => $prefix . ts('access AJAX API'),
- 'access contact reference fields' => $prefix . ts('access contact reference fields'),
- 'create manual batch' => $prefix . ts('create manual batch'),
- 'edit own manual batches' => $prefix . ts('edit own manual batches'),
- 'edit all manual batches' => $prefix . ts('edit all manual batches'),
- 'view own manual batches' => $prefix . ts('view own manual batches'),
- 'view all manual batches' => $prefix . ts('view all manual batches'),
- 'delete own manual batches' => $prefix . ts('delete own manual batches'),
- 'delete all manual batches' => $prefix . ts('delete all manual batches'),
- 'export own manual batches' => $prefix . ts('export own manual batches'),
- 'export all manual batches' => $prefix . ts('export all manual batches'),
- 'administer payment processors' => $prefix . ts('administer payment processors'),
+ 'add contacts' => array(
+ $prefix . ts('add contacts'),
+ ts('Create a new contact record in CiviCRM'),
+ ),
+ 'view all contacts' => array(
+ $prefix . ts('view all contacts'),
+ ts('View ANY CONTACT in the CiviCRM database, export contact info and perform activities such as Send Email, Phone Call, etc.'),
+ ),
+ 'edit all contacts' => array(
+ $prefix . ts('edit all contacts'),
+ ts('View, Edit and Delete ANY CONTACT in the CiviCRM database; Create and edit relationships, tags and other info about the contacts'),
+ ),
+ 'view my contact' => array(
+ $prefix . ts('view my contact'),
+ ),
+ 'edit my contact' => array(
+ $prefix . ts('edit my contact'),
+ ),
+ 'delete contacts' => array(
+ $prefix . ts('delete contacts'),
+ ),
+ 'access deleted contacts' => array(
+ $prefix . ts('access deleted contacts'),
+ ts('Access contacts in the trash'),
+ ),
+ 'import contacts' => array(
+ $prefix . ts('import contacts'),
+ ts('Import contacts and activities'),
+ ),
+ 'edit groups' => array(
+ $prefix . ts('edit groups'),
+ ts('Create new groups, edit group settings (e.g. group name, visibility...), delete groups'),
+ ),
+ 'administer CiviCRM' => array(
+ $prefix . ts('administer CiviCRM'),
+ ts('Perform all tasks in the Administer CiviCRM control panel and Import Contacts'),
+ ),
+ 'skip IDS check' => array(
+ $prefix . ts('skip IDS check'),
+ ts('IDS system is bypassed for users with this permission. Prevents false errors for admin users.'),
+ ),
+ 'access uploaded files' => array(
+ $prefix . ts('access uploaded files'),
+ ts('View / download files including images and photos'),
+ ),
+ 'profile listings and forms' => array(
+ $prefix . ts('profile listings and forms'),
+ ts('Access the profile Search form and listings'),
+ ),
+ 'profile listings' => array(
+ $prefix . ts('profile listings'),
+ ),
+ 'profile create' => array(
+ $prefix . ts('profile create'),
+ ts('Use profiles in Create mode'),
+ ),
+ 'profile edit' => array(
+ $prefix . ts('profile edit'),
+ ts('Use profiles in Edit mode'),
+ ),
+ 'profile view' => array(
+ $prefix . ts('profile view'),
+ ),
+ 'access all custom data' => array(
+ $prefix . ts('access all custom data'),
+ ts('View all custom fields regardless of ACL rules'),
+ ),
+ 'view all activities' => array(
+ $prefix . ts('view all activities'),
+ ts('View all activities (for visible contacts)'),
+ ),
+ 'delete activities' => array(
+ $prefix . ts('Delete activities'),
+ ),
+ 'access CiviCRM' => array(
+ $prefix . ts('access CiviCRM'),
+ ts('Master control for access to the main CiviCRM backend and API'),
+ ),
+ 'access Contact Dashboard' => array(
+ $prefix . ts('access Contact Dashboard'),
+ ts('View Contact Dashboard (for themselves and visible contacts)'),
+ ),
+ 'translate CiviCRM' => array(
+ $prefix . ts('translate CiviCRM'),
+ ts('Allow User to enable multilingual'),
+ ),
+ 'administer reserved groups' => array(
+ $prefix . ts('administer reserved groups'),
+ ts('Edit and disable Reserved Groups (Needs Edit Groups)'),
+ ),
+ 'administer Tagsets' => array(
+ $prefix . ts('administer Tagsets'),
+ ),
+ 'administer reserved tags' => array(
+ $prefix . ts('administer reserved tags'),
+ ),
+ 'administer dedupe rules' => array(
+ $prefix . ts('administer dedupe rules'),
+ ts('Create and edit rules, change the supervised and unsupervised rules'),
+ ),
+ 'merge duplicate contacts' => array(
+ $prefix . ts('merge duplicate contacts'),
+ ts('Delete Contacts must also be granted in order for this to work.'),
+ ),
+ 'view debug output' => array(
+ $prefix . ts('view debug output'),
+ ts('View results of debug and backtrace'),
+ ),
+ 'view all notes' => array(
+ $prefix . ts('view all notes'),
+ ts("View notes (for visible contacts) even if they're marked admin only"),
+ ),
+ 'access AJAX API' => array(
+ $prefix . ts('access AJAX API'),
+ ts('Allow API access even if Access CiviCRM is not granted'),
+ ),
+ 'access contact reference fields' => array(
+ $prefix . ts('access contact reference fields'),
+ ts('Allow entering data into contact reference fields'),
+ ),
+ 'create manual batch' => array(
+ $prefix . ts('create manual batch'),
+ ts('Create an accounting batch (with Access to CiviContribute and View Own/All Manual Batches)'),
+ ),
+ 'edit own manual batches' => array(
+ $prefix . ts('edit own manual batches'),
+ ts('Edit accounting batches created by user'),
+ ),
+ 'edit all manual batches' => array(
+ $prefix . ts('edit all manual batches'),
+ ts('Edit all accounting batches'),
+ ),
+ 'view own manual batches' => array(
+ $prefix . ts('view own manual batches'),
+ ts('View accounting batches created by user (with Access to CiviContribute)'),
+ ),
+ 'view all manual batches' => array(
+ $prefix . ts('view all manual batches'),
+ ts('View all accounting batches (with Access to CiviContribute)'),
+ ),
+ 'delete own manual batches' => array(
+ $prefix . ts('delete own manual batches'),
+ ts('Delete accounting batches created by user'),
+ ),
+ 'delete all manual batches' => array(
+ $prefix . ts('delete all manual batches'),
+ ts('Delete all accounting batches'),
+ ),
+ 'export own manual batches' => array(
+ $prefix . ts('export own manual batches'),
+ ts('Export accounting batches created by user'),
+ ),
+ 'export all manual batches' => array(
+ $prefix . ts('export all manual batches'),
+ ts('Export all accounting batches'),
+ ),
+ 'administer payment processors' => array(
+ $prefix . ts('administer payment processors'),
+ ts('Add, Update, or Disable Payment Processors'),
+ ),
+ 'edit message templates' => array(
+ $prefix . ts('edit message templates'),
+ ),
);
+ if (!$descriptions) {
+ foreach ($permissions as $name => $attr) {
+ $permissions[$name] = array_shift($attr);
+ }
+ }
+
return $permissions;
}
/**
- * Validate user permission across
+ * Validate user permission across.
* edit or view or with supportable acls.
*
- * return boolean true/false.
- **/
+ * @return bool
+ */
public static function giveMeAllACLs() {
if (CRM_Core_Permission::check('view all contacts') ||
CRM_Core_Permission::check('edit all contacts')
*
* @param string $permission
*
- * return string $componentName the name of component.
- *
- * @return int|null|string
- * @static
+ * @return null|string
+ * the name of component.
*/
public static function getComponentName($permission) {
$componentName = NULL;
}
/**
- * Get all the contact emails for users that have a specific permission
+ * Get all the contact emails for users that have a specific permission.
*
* @param string $permissionName
* Name of the permission we are interested in.
*
- * @return string a comma separated list of email addresses
+ * @return string
+ * a comma separated list of email addresses
*/
public static function permissionEmails($permissionName) {
$config = CRM_Core_Config::singleton();
}
/**
- * Get all the contact emails for users that have a specific role
+ * Get all the contact emails for users that have a specific role.
*
* @param string $roleName
* Name of the role we are interested in.
*
- * @return string a comma separated list of email addresses
+ * @return string
+ * a comma separated list of email addresses
*/
public static function roleEmails($roleName) {
$config = CRM_Core_Config::singleton();
'is_enabled'
) ? TRUE : FALSE;
}
+
}
projects / civicrm-core.git / blobdiff