<?php
/*
+--------------------------------------------------------------------+
- | CiviCRM version 4.3 |
+ | CiviCRM version 4.5 |
+--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2013 |
+ | Copyright CiviCRM LLC (c) 2004-2014 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
/**
*
* @package CRM
- * @copyright CiviCRM LLC (c) 2004-2013
+ * @copyright CiviCRM LLC (c) 2004-2014
* $Id$
*
*/
*/
const ALWAYS_ALLOW_PERMISSION = "*always allow*";
+ /**
+ * Various authentication sources
+ *
+ * @var int
+ */
+ CONST AUTH_SRC_UNKNOWN = 0, AUTH_SRC_CHECKSUM = 1, AUTH_SRC_SITEKEY = 2, AUTH_SRC_LOGIN = 4;
+
/**
* get the current permission of this user
*
}
/**
- * given a permission string, check for access requirements
+ * given a permission string or array, check for access requirements
+ * @param mixed $permissions the permission to check as an array or string -see examples
+ * arrays
+ *
+ * Ex 1
*
- * @param string $str the permission to check
+ * Must have 'access CiviCRM'
+ * (string) 'access CiviCRM'
+ *
+ *
+ * Ex 2 Must have 'access CiviCRM' and 'access Ajax API'
+ * array('access CiviCRM', 'access Ajax API')
+ *
+ * Ex 3 Must have 'access CiviCRM' or 'access Ajax API'
+ * array(
+ * array('access CiviCRM', 'access Ajax API'),
+ * ),
+ *
+ * Ex 4 Must have 'access CiviCRM' or 'access Ajax API' AND 'access CiviEvent'
+ * array(
+ * array('access CiviCRM', 'access Ajax API'),
+ * 'access CiviEvent',
+ * ),
+ *
+ * Note that in permissions.php this is keyed by the action eg.
+ * (access Civi || access AJAX) && (access CiviEvent || access CiviContribute)
+ * 'myaction' => array(
+ * array('access CiviCRM', 'access Ajax API'),
+ * array('access CiviEvent', 'access CiviContribute')
+ * ),
*
* @return boolean true if yes, else false
* @static
* @access public
*/
- static function check($str) {
- $config = CRM_Core_Config::singleton();
- return $config->userPermissionClass->check($str);
+ static function check($permissions) {
+ $permissions = (array) $permissions;
+
+ foreach ($permissions as $permission) {
+ if(is_array($permission)) {
+ foreach ($permission as $orPerm) {
+ if(self::check($orPerm)) {
+ //one of our 'or' permissions has succeeded - stop checking this permission
+ return TRUE;;
+ }
+ }
+ //none of our our conditions was met
+ return FALSE;
+ }
+ else {
+ if(!CRM_Core_Config::singleton()->userPermissionClass->check($permission)) {
+ //one of our 'and' conditions has not been met
+ return FALSE;
+ }
+ }
+ }
+ return TRUE;
}
/**
if (!empty($permissionedEvents)) {
return array_search($eventID, $permissionedEvents) === FALSE ? NULL : $eventID;
}
- else {
- return $eventID;
- }
+ return NULL;
}
static function eventClause($type = CRM_Core_Permission::VIEW, $prefix = NULL) {
'delete all manual batches' => $prefix . ts('delete all manual batches'),
'export own manual batches' => $prefix . ts('export own manual batches'),
'export all manual batches' => $prefix . ts('export all manual batches'),
+ 'administer payment processors' => $prefix . ts('administer payment processors'),
);
return $permissions;