X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FCore%2FPermission.php;h=4f75345e49bfa11234b646f0703446899a045bb4;hb=b824d5c0a288d8c466a85715cdb8eac5e8b669ec;hp=7ed36300112d33de07f543b90ed8ccc750c43cc8;hpb=fa387a70d0a9a2a12db573dba781fba20196d8ee;p=civicrm-core.git diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php index 7ed3630011..4f75345e49 100644 --- a/CRM/Core/Permission.php +++ b/CRM/Core/Permission.php @@ -1,7 +1,7 @@ userPermissionClass->getPermission( ); + return $config->userPermissionClass->getPermission(); } /** - * given a permission string, check for access requirements + * given a permission string or array, check for access requirements + * @param mixed $permissions the permission to check as an array or string -see examples + * arrays + * + * Ex 1 + * + * Must have 'access CiviCRM' + * (string) 'access CiviCRM' * - * @param string $str the permission to check + * + * Ex 2 Must have 'access CiviCRM' and 'access Ajax API' + * array('access CiviCRM', 'access Ajax API') + * + * Ex 3 Must have 'access CiviCRM' or 'access Ajax API' + * array( + * array('access CiviCRM', 'access Ajax API'), + * ), + * + * Ex 4 Must have 'access CiviCRM' or 'access Ajax API' AND 'access CiviEvent' + * array( + * array('access CiviCRM', 'access Ajax API'), + * 'access CiviEvent', + * ), + * + * Note that in permissions.php this is keyed by the action eg. + * (access Civi || access AJAX) && (access CiviEvent || access CiviContribute) + * 'myaction' => array( + * array('access CiviCRM', 'access Ajax API'), + * array('access CiviEvent', 'access CiviContribute') + * ), * * @return boolean true if yes, else false * @static * @access public */ - static function check($str) { - $config = CRM_Core_Config::singleton(); - return $config->userPermissionClass->check( $str ); + static function check($permissions) { + $permissions = (array) $permissions; + + foreach ($permissions as $permission) { + if(is_array($permission)) { + foreach ($permission as $orPerm) { + if(self::check($orPerm)) { + //one of our 'or' permissions has succeeded - stop checking this permission + return TRUE;; + } + } + //none of our our conditions was met + return FALSE; + } + else { + if(!CRM_Core_Config::singleton()->userPermissionClass->check($permission)) { + //one of our 'and' conditions has not been met + return FALSE; + } + } + } + return TRUE; } /** @@ -113,7 +166,7 @@ class CRM_Core_Permission { */ static function checkGroupRole($array) { $config = CRM_Core_Config::singleton(); - return $config->userPermissionClass->checkGroupRole( $array ); + return $config->userPermissionClass->checkGroupRole($array); } /** @@ -128,7 +181,7 @@ class CRM_Core_Permission { */ public static function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) { $config = CRM_Core_Config::singleton(); - return $config->userPermissionClass->getPermissionedStaticGroupClause( $type, $tables, $whereTables ); + return $config->userPermissionClass->getPermissionedStaticGroupClause($type, $tables, $whereTables); } /** @@ -146,7 +199,7 @@ class CRM_Core_Permission { */ public static function group($groupType, $excludeHidden = TRUE) { $config = CRM_Core_Config::singleton(); - return $config->userPermissionClass->group( $groupType, $excludeHidden ); + return $config->userPermissionClass->group($groupType, $excludeHidden); } public static function customGroupAdmin() { @@ -173,7 +226,8 @@ class CRM_Core_Permission { } public static function customGroup($type = CRM_Core_Permission::VIEW, $reset = FALSE) { - $customGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_CustomField', 'custom_group_id', array('fresh' => $reset)); + $customGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_CustomField', 'custom_group_id', + array('fresh' => $reset)); $defaultGroups = array(); // check if user has all powerful permission @@ -279,7 +333,12 @@ class CRM_Core_Permission { if (!$eventID) { return $permissionedEvents; } - return array_search($eventID, $permissionedEvents) === FALSE ? NULL : $eventID; + if (!empty($permissionedEvents)) { + return array_search($eventID, $permissionedEvents) === FALSE ? NULL : $eventID; + } + else { + return $eventID; + } } static function eventClause($type = CRM_Core_Permission::VIEW, $prefix = NULL) { @@ -314,7 +373,7 @@ class CRM_Core_Permission { /** * check permissions for delete and edit actions * - * @param string $module component name. + * @param string $module component name. * @param $action action to be check across component * **/ @@ -518,8 +577,9 @@ class CRM_Core_Permission { $aclPermission = self::getPermission(); if (in_array($aclPermission, array( CRM_Core_Permission::EDIT, - CRM_Core_Permission::VIEW, - ))) { + CRM_Core_Permission::VIEW, + )) + ) { return TRUE; } @@ -538,7 +598,7 @@ class CRM_Core_Permission { /** * Function to get component name from given permission. * - * @param string $permission + * @param string $permission * * return string $componentName the name of component. * @static @@ -580,7 +640,7 @@ class CRM_Core_Permission { */ public static function permissionEmails($permissionName) { $config = CRM_Core_Config::singleton(); - return $config->userPermissionClass->permissionEmails( $permissionName ); + return $config->userPermissionClass->permissionEmails($permissionName); } /** @@ -592,7 +652,7 @@ class CRM_Core_Permission { */ public static function roleEmails($roleName) { $config = CRM_Core_Config::singleton(); - return $config->userRoleClass->roleEmails( $roleName ); + return $config->userRoleClass->roleEmails($roleName); } static function isMultisiteEnabled() { @@ -601,4 +661,3 @@ class CRM_Core_Permission { ) ? TRUE : FALSE; } } -