X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FCore%2FPermission.php;h=7d9cebd1d29305ed10fa6aa76b707eeef9b231b3;hb=37d5fc559ee587efb96bcf05721448c2c2e3cd57;hp=e3f80f9c3a992cc067f20a82770bfa6cfd15be44;hpb=912a3736c0c169f3d27d9de8495a28983ba9bf4c;p=civicrm-core.git

diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php
index e3f80f9c3a..7d9cebd1d2 100644
--- a/CRM/Core/Permission.php
+++ b/CRM/Core/Permission.php
@@ -63,6 +63,13 @@ class CRM_Core_Permission {
    */
   const ALWAYS_ALLOW_PERMISSION = "*always allow*";
 
+  /**
+   * Various authentication sources
+   *
+   * @var int
+   */
+  CONST AUTH_SRC_UNKNOWN = 0, AUTH_SRC_CHECKSUM = 1, AUTH_SRC_SITEKEY = 2, AUTH_SRC_LOGIN = 4;
+
   /**
    * get the current permission of this user
    *
@@ -74,17 +81,63 @@ class CRM_Core_Permission {
   }
 
   /**
-   * given a permission string, check for access requirements
+   * given a permission string or array, check for access requirements
+   * @param mixed $permissions the permission to check as an array or string -see examples
+   *  arrays
+   *
+   *  Ex 1
+   *
+   *  Must have 'access CiviCRM'
+   *  (string) 'access CiviCRM'
+   *
+   *
+   *  Ex 2 Must have 'access CiviCRM' and 'access Ajax API'
+   *   array('access CiviCRM', 'access Ajax API')
+   *
+   *  Ex 3 Must have 'access CiviCRM' or 'access Ajax API'
+   *   array(
+   *      array('access CiviCRM', 'access Ajax API'),
+   *   ),
+   *
+   *  Ex 4 Must have 'access CiviCRM' or 'access Ajax API' AND 'access CiviEvent'
+   *  array(
+   *    array('access CiviCRM', 'access Ajax API'),
+   *    'access CiviEvent',
+   *   ),
    *
-   * @param string $str the permission to check
+   *  Note that in permissions.php this is keyed by the action eg.
+   *  (access Civi || access AJAX) && (access CiviEvent || access CiviContribute)
+   *  'myaction' => array(
+   *    array('access CiviCRM', 'access Ajax API'),
+   *    array('access CiviEvent', 'access CiviContribute')
+   *  ),
    *
    * @return boolean true if yes, else false
    * @static
    * @access public
    */
-  static function check($str) {
-    $config = CRM_Core_Config::singleton();
-    return $config->userPermissionClass->check($str);
+  static function check($permissions) {
+    $permissions = (array) $permissions;
+
+    foreach ($permissions as $permission) {
+      if(is_array($permission)) {
+        foreach ($permission as $orPerm) {
+          if(self::check($orPerm)) {
+            //one of our 'or' permissions has succeeded - stop checking this permission
+            return TRUE;;
+          }
+        }
+        //none of our our conditions was met
+        return FALSE;
+      }
+      else {
+        if(!CRM_Core_Config::singleton()->userPermissionClass->check($permission)) {
+          //one of our 'and' conditions has not been met
+          return FALSE;
+        }
+      }
+    }
+    return TRUE;
   }
 
   /**
@@ -499,6 +552,7 @@ class CRM_Core_Permission {
       'delete all manual batches' => $prefix . ts('delete all manual batches'),
       'export own manual batches' => $prefix . ts('export own manual batches'),
       'export all manual batches' => $prefix . ts('export all manual batches'),
+      'administer payment processors' => $prefix . ts('administer payment processors'),
     );
 
     return $permissions;