triage api permissions CRM-11817

diff --git a/CRM/Core/DAO/permissions.php b/CRM/Core/DAO/permissions.php
index 53b1205733de395612da3b703ea5e9aa2df15fc0..e2cf3b263193ad62b42adf9fc150528bc42f5df7 100644 (file)
--- a/CRM/Core/DAO/permissions.php
+++ b/CRM/Core/DAO/permissions.php
@@ -66,17 +66,8 @@ function _civicrm_api3_permissions($entity, $action, &$params) {
     'default' => array('administer CiviCRM'),
   );
 
-  $permissions['activity'] = array(
-    'delete' => array(
-      'access CiviCRM',
-      'delete activities',
-    ),
-    'get' => array(
-      'access CiviCRM',
-      'view all activities',
-    ),
-  );
-  $permissions['address'] = array(
+  // Contact permissions
+  $permissions['contact'] = array(
     'create' => array(
       'access CiviCRM',
       'add contacts',
@@ -85,115 +76,97 @@ function _civicrm_api3_permissions($entity, $action, &$params) {
       'access CiviCRM',
       'delete contacts',
     ),
-    'get' => array(
-      'access CiviCRM',
-      'view all contacts',
-    ),
+    // managed by query object
+    'get' => array(),
     'update' => array(
       'access CiviCRM',
       'edit all contacts',
     ),
+    'getquick' => array(
+      'access CiviCRM',
+    ),
   );
-  $permissions['contact'] = array(
-    'create' => array(
+
+  // Contact-related data permissions
+  $permissions['address'] = array(
+    'get' => array(
       'access CiviCRM',
-      'add contacts',
+      'view all contacts',
     ),
     'delete' => array(
       'access CiviCRM',
       'delete contacts',
     ),
-    // managed by query object
-    'get' => array(),
-    'update' => array(
+    'default' => array(
       'access CiviCRM',
       'edit all contacts',
     ),
-    'getquick' => array('access CiviCRM'),
   );
-  $permissions['contribution'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'access CiviContribute',
-      'edit contributions',
-    ),
+  $permissions['email'] = $permissions['address'];
+  $permissions['phone'] = $permissions['address'];
+  $permissions['website'] = $permissions['address'];
+  $permissions['im'] = $permissions['address'];
+  $permissions['loc_block'] = $permissions['address'];
+  $permissions['entity_tag'] = $permissions['address'];
+  $permissions['note'] = $permissions['address'];
+
+  // Activity permissions
+  $permissions['activity'] = array(
     'delete' => array(
       'access CiviCRM',
-      'access CiviContribute',
-      'delete in CiviContribute',
-    ),
-    'get' => array(
-      'access CiviCRM',
-      'access CiviContribute',
+      'delete activities',
     ),
-    'update' => array(
+    'default' => array(
       'access CiviCRM',
-      'access CiviContribute',
-      'edit contributions',
+      'view all activities',
     ),
   );
-  $permissions['custom_field'] = array(
+
+  // Case permissions
+  $permissions['case'] = array(
     'create' => array(
-      'administer CiviCRM',
       'access CiviCRM',
-      'access all custom data',
+      'add cases',
     ),
     'delete' => array(
-      'administer CiviCRM',
       'access CiviCRM',
-      'access all custom data',
+      'delete in CiviCase',
     ),
-    'get' => array(
-      'administer CiviCRM',
+    'default' => array(
       'access CiviCRM',
-      'access all custom data',
-    ),
-    'update' => array(
-      'administer CiviCRM',
-      'access CiviCRM',
-      'access all custom data',
+      'access all cases and activities',
     ),
   );
-  $permissions['custom_group'] = array(
-    'create' => array(
-      'administer CiviCRM',
+
+  // Financial permissions
+  $permissions['contribution'] = array(
+    'get' => array(
       'access CiviCRM',
-      'access all custom data',
+      'access CiviContribute',
     ),
     'delete' => array(
-      'administer CiviCRM',
       'access CiviCRM',
-      'access all custom data',
+      'access CiviContribute',
+      'delete in CiviContribute',
     ),
-    'get' => array(
-      'administer CiviCRM',
+    'default' => array(
       'access CiviCRM',
-      'access all custom data',
+      'access CiviContribute',
+      'edit contributions',
     ),
-    'update' => array(
+  );
+  $permissions['line_item'] = $permissions['contribution'];
+
+  // Custom field permissions
+  $permissions['custom_field'] = array(
+    'default' => array(
       'administer CiviCRM',
-      'access CiviCRM',
       'access all custom data',
     ),
   );
-  $permissions['email'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'add contacts',
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'delete contacts',
-    ),
-    'get' => array(
-      'access CiviCRM',
-      'view all contacts',
-    ),
-    'update' => array(
-      'access CiviCRM',
-      'edit all contacts',
-    ),
-  );
+  $permissions['custom_group'] = $permissions['custom_field'];
+
+  // Event permissions
   $permissions['event'] = array(
     'create' => array(
       'access CiviCRM',
@@ -216,137 +189,49 @@ function _civicrm_api3_permissions($entity, $action, &$params) {
       'edit all events',
     ),
   );
+
+  // File permissions
   $permissions['file'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'access uploaded files',
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'access uploaded files',
-    ),
-    'get' => array(
-      'access CiviCRM',
-      'access uploaded files',
-    ),
-    'update' => array(
-      'access CiviCRM',
-      'access uploaded files',
-    ),
-  );
-  $permissions['files_by_entity'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'access uploaded files',
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'access uploaded files',
-    ),
-    'get' => array(
-      'access CiviCRM',
-      'access uploaded files',
-    ),
-    'update' => array(
+    'default' => array(
       'access CiviCRM',
       'access uploaded files',
     ),
   );
+  $permissions['files_by_entity'] = $permissions['file'];
+
+  // Group permissions
   $permissions['group'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'edit groups',
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'edit groups',
-    ),
-    'update' => array(
-      'access CiviCRM',
-      'edit groups',
-    ),
-  );
-  $permissions['group_contact'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'edit groups',
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'edit groups',
-    ),
-    'update' => array(
-      'access CiviCRM',
-      'edit groups',
-    ),
-  );
-  $permissions['group_nesting'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'edit groups',
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'edit groups',
-    ),
-    'update' => array(
-      'access CiviCRM',
-      'edit groups',
-    ),
-  );
-  $permissions['group_organization'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'edit groups',
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'edit groups',
-    ),
-    'update' => array(
-      'access CiviCRM',
-      'edit groups',
-    ),
-  );
-  $permissions['location'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'add contacts',
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'delete contacts',
-    ),
     'get' => array(
       'access CiviCRM',
-      'view all contacts',
     ),
-    'update' => array(
+    'default' => array(
       'access CiviCRM',
-      'edit all contacts',
+      'edit groups',
     ),
   );
+  $permissions['group_contact'] = $permissions['group'];
+  $permissions['group_nesting'] = $permissions['group'];
+  $permissions['group_organization'] = $permissions['group'];
+
+  // Membership permissions
   $permissions['membership'] = array(
-    'create' => array(
+    'get' => array(
       'access CiviCRM',
       'access CiviMember',
-      'edit memberships',
     ),
     'delete' => array(
       'access CiviCRM',
       'access CiviMember',
       'delete in CiviMember',
     ),
-    'get' => array(
-      'access CiviCRM',
-      'access CiviMember',
-    ),
-    'update' => array(
+    'default' => array(
       'access CiviCRM',
       'access CiviMember',
       'edit memberships',
     ),
   );
+  $permissions['membership_status'] = $permissions['membership'];
+  $permissions['membership_type'] = $permissions['membership'];
   $permissions['membership_payment'] = array(
     'create' => array(
       'access CiviCRM',
@@ -375,66 +260,8 @@ function _civicrm_api3_permissions($entity, $action, &$params) {
       'edit contributions',
     ),
   );
-  $permissions['membership_status'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'access CiviMember',
-      'edit memberships',
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'access CiviMember',
-      'delete in CiviMember',
-    ),
-    'get' => array(
-      'access CiviCRM',
-      'access CiviMember',
-    ),
-    'update' => array(
-      'access CiviCRM',
-      'access CiviMember',
-      'edit memberships',
-    ),
-  );
-  $permissions['membership_type'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'access CiviMember',
-      'edit memberships'
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'access CiviMember',
-      'delete in CiviMember',
-    ),
-    'get' => array(
-      'access CiviCRM',
-      'access CiviMember',
-    ),
-    'update' => array(
-      'access CiviCRM',
-      'access CiviMember',
-      'edit memberships',
-    ),
-  );
-  $permissions['note'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'add contacts'
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'delete contacts',
-    ),
-    'get' => array(
-      'access CiviCRM',
-      'view all contacts',
-    ),
-    'update' => array(
-      'access CiviCRM',
-      'edit all contacts',
-    ),
-  );
+
+  // Participant permissions
   $permissions['participant'] = array(
     'create' => array(
       'access CiviCRM',
@@ -486,24 +313,8 @@ function _civicrm_api3_permissions($entity, $action, &$params) {
       'edit contributions',
     ),
   );
-  $permissions['phone'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'add contacts',
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'delete contacts',
-    ),
-    'get' => array(
-      'access CiviCRM',
-      'view all contacts',
-    ),
-    'update' => array(
-      'access CiviCRM',
-      'edit all contacts',
-    ),
-  );
+
+  // Pledge permissions
   $permissions['pledge'] = array(
     'create' => array(
       'access CiviCRM',
@@ -553,27 +364,14 @@ function _civicrm_api3_permissions($entity, $action, &$params) {
       'edit contributions',
     ),
   );
-  $permissions['system'] = array(
-    'flush' => array('administer CiviCRM'),
-  );
-  $permissions['website'] = array(
-    'create' => array(
-      'access CiviCRM',
-      'add contacts',
-    ),
-    'delete' => array(
-      'access CiviCRM',
-      'delete contacts',
-    ),
+
+  // Profile permissions
+  $permissions['uf_group'] = array(
     'get' => array(
       'access CiviCRM',
-      'view all contacts',
-    ),
-    'update' => array(
-      'access CiviCRM',
-      'edit all contacts',
     ),
   );
+  $permissions['uf_field'] = $permissions['uf_group'];
 
   // Translate 'create' action to 'update' if id is set
   if ($action == 'create' && (!empty($params['id']) || !empty($params[$entity . '_id']))) {