X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FCore%2FPermission.php;h=9fb1bd155174fb01d2d8dc8c08ea51b9ee491717;hb=dad652254a7b1467c130027633efe76218eb8756;hp=9b4ca59a07081e71ddafadccb9ff1d6a40f60521;hpb=8b3bede6c663e2459a0efb06b03852643df81c48;p=civicrm-core.git diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php index 9b4ca59a07..9fb1bd1551 100644 --- a/CRM/Core/Permission.php +++ b/CRM/Core/Permission.php @@ -3,7 +3,7 @@ +--------------------------------------------------------------------+ | CiviCRM version 4.6 | +--------------------------------------------------------------------+ - | Copyright CiviCRM LLC (c) 2004-2014 | + | Copyright CiviCRM LLC (c) 2004-2015 | +--------------------------------------------------------------------+ | This file is a part of CiviCRM. | | | @@ -23,12 +23,12 @@ | GNU Affero General Public License or the licensing of CiviCRM, | | see the CiviCRM license FAQ at http://civicrm.org/licensing | +--------------------------------------------------------------------+ -*/ + */ /** * * @package CRM - * @copyright CiviCRM LLC (c) 2004-2014 + * @copyright CiviCRM LLC (c) 2004-2015 * $Id$ * */ @@ -39,7 +39,7 @@ class CRM_Core_Permission { /** - * Static strings used to compose permissions + * Static strings used to compose permissions. * * @const * @var string @@ -47,31 +47,31 @@ class CRM_Core_Permission { const EDIT_GROUPS = 'edit contacts in ', VIEW_GROUPS = 'view contacts in '; /** - * The various type of permissions + * The various type of permissions. * * @var int */ const EDIT = 1, VIEW = 2, DELETE = 3, CREATE = 4, SEARCH = 5, ALL = 6, ADMIN = 7; /** - * A placeholder permission which always fails + * A placeholder permission which always fails. */ const ALWAYS_DENY_PERMISSION = "*always deny*"; /** - * A placeholder permission which always fails + * A placeholder permission which always fails. */ const ALWAYS_ALLOW_PERMISSION = "*always allow*"; /** - * Various authentication sources + * Various authentication sources. * * @var int */ const AUTH_SRC_UNKNOWN = 0, AUTH_SRC_CHECKSUM = 1, AUTH_SRC_SITEKEY = 2, AUTH_SRC_LOGIN = 4; /** - * Get the current permission of this user + * Get the current permission of this user. * * @return string * the permission of the user (edit or view or null) @@ -114,7 +114,7 @@ class CRM_Core_Permission { * array('access CiviEvent', 'access CiviContribute') * ), * - * @return boolean + * @return bool * true if yes, else false */ public static function check($permissions) { @@ -142,7 +142,7 @@ class CRM_Core_Permission { } /** - * Determine if any one of the permissions strings applies to current user + * Determine if any one of the permissions strings applies to current user. * * @param array $perms * @return bool @@ -162,7 +162,7 @@ class CRM_Core_Permission { * @param array $array * The group/role to check. * - * @return boolean + * @return bool * true if yes, else false */ public static function checkGroupRole($array) { @@ -171,7 +171,7 @@ class CRM_Core_Permission { } /** - * Get the permissioned where clause for the user + * Get the permissioned where clause for the user. * * @param int $type * The type of permission needed. @@ -431,7 +431,7 @@ class CRM_Core_Permission { } /** - * Check permissions for delete and edit actions + * Check permissions for delete and edit actions. * * @param string $module * Component name. @@ -547,43 +547,77 @@ class CRM_Core_Permission { /** * @param bool $all + * @param bool $descriptions + * whether to return descriptions * * @return array */ - public static function &basicPermissions($all = FALSE) { - static $permissions = NULL; - - if (!$permissions) { - $config = CRM_Core_Config::singleton(); - $prefix = ts('CiviCRM') . ': '; - $permissions = self::getCorePermissions(); + public static function &basicPermissions($all = FALSE, $descriptions = FALSE) { + if ($descriptions) { + static $permissionsDesc = NULL; - if (self::isMultisiteEnabled()) { - $permissions['administer Multiple Organizations'] = $prefix . ts('administer Multiple Organizations'); + if (!$permissionsDesc) { + $permissionsDesc = self::assembleBasicPermissions($all, $descriptions); } - if (!$all) { - $components = CRM_Core_Component::getEnabledComponents(); - } - else { - $components = CRM_Core_Component::getComponents(); + return $permissionsDesc; + } + else { + static $permissions = NULL; + + if (!$permissions) { + $permissions = self::assembleBasicPermissions($all, $descriptions); } - foreach ($components as $comp) { - $perm = $comp->getPermissions(); - if ($perm) { - $info = $comp->getInfo(); + return $permissions; + } + } + + /** + * @param bool $all + * @param bool $descriptions + * whether to return descriptions + * + * @return array + */ + public static function assembleBasicPermissions($all = FALSE, $descriptions = FALSE) { + $config = CRM_Core_Config::singleton(); + $prefix = ts('CiviCRM') . ': '; + $permissions = self::getCorePermissions($descriptions); + + if (self::isMultisiteEnabled()) { + $permissions['administer Multiple Organizations'] = $prefix . ts('administer Multiple Organizations'); + } + + if (!$all) { + $components = CRM_Core_Component::getEnabledComponents(); + } + else { + $components = CRM_Core_Component::getComponents(); + } + + foreach ($components as $comp) { + $perm = $comp->getPermissions(FALSE, $descriptions); + if ($perm) { + $info = $comp->getInfo(); + if ($descriptions) { + foreach ($perm as $p => $attr) { + $title = $info['translatedName'] . ': ' . array_shift($attr); + array_unshift($attr, $title); + $permissions[$p] = $attr; + } + } + else { foreach ($perm as $p) { $permissions[$p] = $info['translatedName'] . ': ' . $p; } } } - - // Add any permissions defined in hook_civicrm_permission implementations. - $module_permissions = $config->userPermissionClass->getAllModulePermissions(); - $permissions = array_merge($permissions, $module_permissions); } + // Add any permissions defined in hook_civicrm_permission implementations. + $module_permissions = $config->userPermissionClass->getAllModulePermissions($descriptions); + $permissions = array_merge($permissions, $module_permissions); return $permissions; } @@ -617,64 +651,194 @@ class CRM_Core_Permission { } /** + * @param bool $descriptions + * whether to return descriptions + * * @return array */ - public static function getCorePermissions() { + public static function getCorePermissions($descriptions = FALSE) { $prefix = ts('CiviCRM') . ': '; $permissions = array( - 'add contacts' => $prefix . ts('add contacts'), - 'view all contacts' => $prefix . ts('view all contacts'), - 'edit all contacts' => $prefix . ts('edit all contacts'), - 'view my contact' => $prefix . ts('view my contact'), - 'edit my contact' => $prefix . ts('edit my contact'), - 'delete contacts' => $prefix . ts('delete contacts'), - 'access deleted contacts' => $prefix . ts('access deleted contacts'), - 'import contacts' => $prefix . ts('import contacts'), - 'edit groups' => $prefix . ts('edit groups'), - 'administer CiviCRM' => $prefix . ts('administer CiviCRM'), - 'skip IDS check' => $prefix . ts('skip IDS check'), - 'access uploaded files' => $prefix . ts('access uploaded files'), - 'profile listings and forms' => $prefix . ts('profile listings and forms'), - 'profile listings' => $prefix . ts('profile listings'), - 'profile create' => $prefix . ts('profile create'), - 'profile edit' => $prefix . ts('profile edit'), - 'profile view' => $prefix . ts('profile view'), - 'access all custom data' => $prefix . ts('access all custom data'), - 'view all activities' => $prefix . ts('view all activities'), - 'delete activities' => $prefix . ts('delete activities'), - 'access CiviCRM' => $prefix . ts('access CiviCRM'), - 'access Contact Dashboard' => $prefix . ts('access Contact Dashboard'), - 'translate CiviCRM' => $prefix . ts('translate CiviCRM'), - 'administer reserved groups' => $prefix . ts('administer reserved groups'), - 'administer Tagsets' => $prefix . ts('administer Tagsets'), - 'administer reserved tags' => $prefix . ts('administer reserved tags'), - 'administer dedupe rules' => $prefix . ts('administer dedupe rules'), - 'merge duplicate contacts' => $prefix . ts('merge duplicate contacts'), - 'view debug output' => $prefix . ts('view debug output'), - 'view all notes' => $prefix . ts('view all notes'), - 'access AJAX API' => $prefix . ts('access AJAX API'), - 'access contact reference fields' => $prefix . ts('access contact reference fields'), - 'create manual batch' => $prefix . ts('create manual batch'), - 'edit own manual batches' => $prefix . ts('edit own manual batches'), - 'edit all manual batches' => $prefix . ts('edit all manual batches'), - 'view own manual batches' => $prefix . ts('view own manual batches'), - 'view all manual batches' => $prefix . ts('view all manual batches'), - 'delete own manual batches' => $prefix . ts('delete own manual batches'), - 'delete all manual batches' => $prefix . ts('delete all manual batches'), - 'export own manual batches' => $prefix . ts('export own manual batches'), - 'export all manual batches' => $prefix . ts('export all manual batches'), - 'administer payment processors' => $prefix . ts('administer payment processors'), + 'add contacts' => array( + $prefix . ts('add contacts'), + ts('Create a new contact record in CiviCRM'), + ), + 'view all contacts' => array( + $prefix . ts('view all contacts'), + ts('View ANY CONTACT in the CiviCRM database, export contact info and perform activities such as Send Email, Phone Call, etc.'), + ), + 'edit all contacts' => array( + $prefix . ts('edit all contacts'), + ts('View, Edit and Delete ANY CONTACT in the CiviCRM database; Create and edit relationships, tags and other info about the contacts'), + ), + 'view my contact' => array( + $prefix . ts('view my contact'), + ), + 'edit my contact' => array( + $prefix . ts('edit my contact'), + ), + 'delete contacts' => array( + $prefix . ts('delete contacts'), + ), + 'access deleted contacts' => array( + $prefix . ts('access deleted contacts'), + ts('Access contacts in the trash'), + ), + 'import contacts' => array( + $prefix . ts('import contacts'), + ts('Import contacts and activities'), + ), + 'edit groups' => array( + $prefix . ts('edit groups'), + ts('Create new groups, edit group settings (e.g. group name, visibility...), delete groups'), + ), + 'administer CiviCRM' => array( + $prefix . ts('administer CiviCRM'), + ts('Perform all tasks in the Administer CiviCRM control panel and Import Contacts'), + ), + 'skip IDS check' => array( + $prefix . ts('skip IDS check'), + ts('IDS system is bypassed for users with this permission. Prevents false errors for admin users.'), + ), + 'access uploaded files' => array( + $prefix . ts('access uploaded files'), + ts('View / download files including images and photos'), + ), + 'profile listings and forms' => array( + $prefix . ts('profile listings and forms'), + ts('Access the profile Search form and listings'), + ), + 'profile listings' => array( + $prefix . ts('profile listings'), + ), + 'profile create' => array( + $prefix . ts('profile create'), + ts('Use profiles in Create mode'), + ), + 'profile edit' => array( + $prefix . ts('profile edit'), + ts('Use profiles in Edit mode'), + ), + 'profile view' => array( + $prefix . ts('profile view'), + ), + 'access all custom data' => array( + $prefix . ts('access all custom data'), + ts('View all custom fields regardless of ACL rules'), + ), + 'view all activities' => array( + $prefix . ts('view all activities'), + ts('View all activities (for visible contacts)'), + ), + 'delete activities' => array( + $prefix . ts('Delete activities'), + ), + 'access CiviCRM' => array( + $prefix . ts('access CiviCRM'), + ts('Master control for access to the main CiviCRM backend and API'), + ), + 'access Contact Dashboard' => array( + $prefix . ts('access Contact Dashboard'), + ts('View Contact Dashboard (for themselves and visible contacts)'), + ), + 'translate CiviCRM' => array( + $prefix . ts('translate CiviCRM'), + ts('Allow User to enable multilingual'), + ), + 'administer reserved groups' => array( + $prefix . ts('administer reserved groups'), + ts('Edit and disable Reserved Groups (Needs Edit Groups)'), + ), + 'administer Tagsets' => array( + $prefix . ts('administer Tagsets'), + ), + 'administer reserved tags' => array( + $prefix . ts('administer reserved tags'), + ), + 'administer dedupe rules' => array( + $prefix . ts('administer dedupe rules'), + ts('Create and edit rules, change the supervised and unsupervised rules'), + ), + 'merge duplicate contacts' => array( + $prefix . ts('merge duplicate contacts'), + ts('Delete Contacts must also be granted in order for this to work.'), + ), + 'view debug output' => array( + $prefix . ts('view debug output'), + ts('View results of debug and backtrace'), + ), + 'view all notes' => array( + $prefix . ts('view all notes'), + ts("View notes (for visible contacts) even if they're marked admin only"), + ), + 'access AJAX API' => array( + $prefix . ts('access AJAX API'), + ts('Allow API access even if Access CiviCRM is not granted'), + ), + 'access contact reference fields' => array( + $prefix . ts('access contact reference fields'), + ts('Allow entering data into contact reference fields'), + ), + 'create manual batch' => array( + $prefix . ts('create manual batch'), + ts('Create an accounting batch (with Access to CiviContribute and View Own/All Manual Batches)'), + ), + 'edit own manual batches' => array( + $prefix . ts('edit own manual batches'), + ts('Edit accounting batches created by user'), + ), + 'edit all manual batches' => array( + $prefix . ts('edit all manual batches'), + ts('Edit all accounting batches'), + ), + 'view own manual batches' => array( + $prefix . ts('view own manual batches'), + ts('View accounting batches created by user (with Access to CiviContribute)'), + ), + 'view all manual batches' => array( + $prefix . ts('view all manual batches'), + ts('View all accounting batches (with Access to CiviContribute)'), + ), + 'delete own manual batches' => array( + $prefix . ts('delete own manual batches'), + ts('Delete accounting batches created by user'), + ), + 'delete all manual batches' => array( + $prefix . ts('delete all manual batches'), + ts('Delete all accounting batches'), + ), + 'export own manual batches' => array( + $prefix . ts('export own manual batches'), + ts('Export accounting batches created by user'), + ), + 'export all manual batches' => array( + $prefix . ts('export all manual batches'), + ts('Export all accounting batches'), + ), + 'administer payment processors' => array( + $prefix . ts('administer payment processors'), + ts('Add, Update, or Disable Payment Processors'), + ), + 'edit message templates' => array( + $prefix . ts('edit message templates'), + ), ); + if (!$descriptions) { + foreach ($permissions as $name => $attr) { + $permissions[$name] = array_shift($attr); + } + } + return $permissions; } /** - * Validate user permission across + * Validate user permission across. * edit or view or with supportable acls. * - * @return boolean - **/ + * @return bool + */ public static function giveMeAllACLs() { if (CRM_Core_Permission::check('view all contacts') || CRM_Core_Permission::check('edit all contacts') @@ -744,7 +908,7 @@ class CRM_Core_Permission { } /** - * Get all the contact emails for users that have a specific permission + * Get all the contact emails for users that have a specific permission. * * @param string $permissionName * Name of the permission we are interested in. @@ -758,7 +922,7 @@ class CRM_Core_Permission { } /** - * Get all the contact emails for users that have a specific role + * Get all the contact emails for users that have a specific role. * * @param string $roleName * Name of the role we are interested in. @@ -779,4 +943,5 @@ class CRM_Core_Permission { 'is_enabled' ) ? TRUE : FALSE; } + }