CRM_Core_Resources - Add API to export permission info

diff --git a/CRM/Core/Resources.php b/CRM/Core/Resources.php
index fae2d0b2c37ac734c7c748678bb63a0786e5f0bb..b46698fac7a7578e0e8a607ce781e22aa2d21e68 100644 (file)
--- a/CRM/Core/Resources.php
+++ b/CRM/Core/Resources.php
@@ -148,6 +148,29 @@ class CRM_Core_Resources {
     );
   }
 
+  /**
+   * Export permission data to the client to enable smarter GUIs.
+   *
+   * Note: Application security stems from the server's enforcement
+   * of the security logic (e.g. in the API permissions). There's no way
+   * the client can use this info to make the app more secure; however,
+   * it can produce a better-tuned (non-broken) UI.
+   *
+   * @param array $permNames
+   *   List of permission names to check/export.
+   * @return CRM_Core_Resources
+   */
+  public function addPermissions($permNames) {
+    $permNames = (array) $permNames;
+    $perms = array();
+    foreach ($permNames as $permName) {
+      $perms[$permName] = CRM_Core_Permission::check($permName);
+    }
+    return $this->addSetting(array(
+      'permissions' => $perms,
+    ));
+  }
+
   /**
    * Add a JavaScript file to the current page using <SCRIPT SRC>.
    *

diff --git a/js/Common.js b/js/Common.js
index bd100e2b33bf10c9e0e561a1ba77a8ab84662450..a03074f495e498d6f06a6f265fe671b52515f46d 100644 (file)
--- a/js/Common.js
+++ b/js/Common.js
@@ -1311,4 +1311,10 @@ CRM.strings = CRM.strings || {};
       }
     }
   };
+
+  // Determine if a user has a given permission.
+  // @see CRM_Core_Resources::addPermissions
+  CRM.checkPerm = function(perm) {
+    return CRM.permissions[perm];
+  };
 })(jQuery, _);