CRM_Core_Permission

class CRM_Core_Permission

This is the basic permission class wrapper

Constants

EDIT_GROUPS

Static strings used to compose permissions.
VIEW_GROUPS

Static strings used to compose permissions.
EDIT

The various type of permissions.
VIEW

The various type of permissions.
DELETE

The various type of permissions.
CREATE

The various type of permissions.
SEARCH

The various type of permissions.
ALL

The various type of permissions.
ADMIN

The various type of permissions.
ALWAYS_DENY_PERMISSION

A placeholder permission which always fails.
ALWAYS_ALLOW_PERMISSION

A placeholder permission which always fails.
AUTH_SRC_UNKNOWN

Various authentication sources.
AUTH_SRC_CHECKSUM

Various authentication sources.
AUTH_SRC_SITEKEY

Various authentication sources.
AUTH_SRC_LOGIN

Various authentication sources.

Methods

static string
getPermission()

Get the current permission of this user.

static bool
check(string|array $permissions, int $contactId = NULL)

Given a permission string or array, check for access requirements

static bool
checkAnyPerm(array $perms)

Determine if any one of the permissions strings applies to current user.

static bool
checkGroupRole(array $array)

Given a group/role array, check for access requirements

static string
getPermissionedStaticGroupClause(int $type, array $tables, array $whereTables)

Get the permissioned where clause for the user.

static array
group(string $groupType, bool $excludeHidden = TRUE)

Get all groups from database, filtered by permissions for this user

static bool
customGroupAdmin()

No description

static array
customGroup(int $type = CRM_Core_Permission::VIEW, bool $reset = FALSE)

No description

static string
customGroupClause(int $type = CRM_Core_Permission::VIEW, null $prefix = NULL, bool $reset = FALSE)

No description

static bool
ufGroupValid(int $gid, int $type = CRM_Core_Permission::VIEW)

No description

static array
ufGroup(int $type = CRM_Core_Permission::VIEW)

No description

static array|string
ufGroupClause(int $type = CRM_Core_Permission::VIEW, null $prefix = NULL, bool $returnUFGroupIds = FALSE)

No description

static array|null
event(int $type = CRM_Core_Permission::VIEW, int $eventID = NULL, string $context = '')

No description

static string
eventClause(int $type = CRM_Core_Permission::VIEW, null $prefix = NULL)

No description

static bool
access(string $module, bool $checkPermission = TRUE, bool $requireAllCasesPermOnCiviCase = FALSE)

Checks that component is enabled and optionally that user has basic perm.

static bool
checkActionPermission(string $module, int $action)

Check permissions for delete and edit actions.

static bool
checkMenu($args, string $op = 'and')

No description

static bool|mixed
checkMenuItem($item)

No description

static array
basicPermissions(bool $all = FALSE, bool $descriptions = FALSE)

No description

static array
assembleBasicPermissions(bool $all = FALSE, bool $descriptions = FALSE)

No description

static array
getAnonymousPermissionsWarnings()

No description

static array
validateForPermissionWarnings($anonymous_perms)

No description

static array
getCorePermissions()

Get core permissions.

static array
getEntityActionPermissions()

For each entity provides an array of permissions required for each action

static string
getGenericAction(string $action)

Translate an unknown action to a canonical form.

static bool
giveMeAllACLs()

Validate user permission across.

static null|string
getComponentName(string $permission)

Get component name from given permission.

static string
permissionEmails(string $permissionName)

Get all the contact emails for users that have a specific permission.

static string
roleEmails(string $roleName)

Get all the contact emails for users that have a specific role.

static bool
isMultisiteEnabled()

No description

static bool
checkDownloadInvoice()

Verify if the user has permission to get the invoice.

Details

at line 77
static string getPermission()

Get the current permission of this user.

Return Value

string the permission of the user (edit or view or null)

at line 118
static bool check(string|array $permissions, int $contactId = NULL)

Given a permission string or array, check for access requirements

Ex 1: Must have 'access CiviCRM' (string) 'access CiviCRM'

Ex 2: Must have 'access CiviCRM' and 'access Ajax API' ['access CiviCRM', 'access Ajax API']

Ex 3: Must have 'access CiviCRM' or 'access Ajax API' [ ['access CiviCRM', 'access Ajax API'], ],

Ex 4: Must have 'access CiviCRM' or 'access Ajax API' AND 'access CiviEvent' [ ['access CiviCRM', 'access Ajax API'], 'access CiviEvent', ],

Note that in permissions.php this is keyed by the action eg. (access Civi || access AJAX) && (access CiviEvent || access CiviContribute) 'myaction' => [ ['access CiviCRM', 'access Ajax API'], ['access CiviEvent', 'access CiviContribute'] ],

Parameters

string|array $permissions The permission to check as an array or string -see examples.
int $contactId Contact id to check permissions for. Defaults to current logged-in user.

Return Value

bool true if contact has permission(s), else false

at line 159
static bool checkAnyPerm(array $perms)

Determine if any one of the permissions strings applies to current user.

Parameters

array $perms

Return Value

bool

at line 177
static bool checkGroupRole(array $array)

Given a group/role array, check for access requirements

Parameters

array $array The group/role to check.

Return Value

bool true if yes, else false

at line 195
static string getPermissionedStaticGroupClause(int $type, array $tables, array $whereTables)

Get the permissioned where clause for the user.

Parameters

int $type The type of permission needed.
array $tables (reference ) add the tables that are needed for the select clause.
array $whereTables (reference ) add the tables that are needed for the where clause.

Return Value

string the group where clause for this user

at line 213
static array group(string $groupType, bool $excludeHidden = TRUE)

Get all groups from database, filtered by permissions for this user

Parameters

string $groupType Type of group(Access/Mailing).
bool $excludeHidden exclude hidden groups.

Return Value

array array reference of all groups.

at line 221
static bool customGroupAdmin()

Return Value

bool

at line 250
static array customGroup(int $type = CRM_Core_Permission::VIEW, bool $reset = FALSE)

Parameters

int $type
bool $reset

Return Value

array

at line 271
static string customGroupClause(int $type = CRM_Core_Permission::VIEW, null $prefix = NULL, bool $reset = FALSE)

Parameters

int $type
null $prefix
bool $reset

Return Value

string

at line 291
static bool ufGroupValid(int $gid, int $type = CRM_Core_Permission::VIEW)

Parameters

int $gid
int $type

Return Value

bool

at line 305
static array ufGroup(int $type = CRM_Core_Permission::VIEW)

Parameters

int $type

Return Value

array

at line 351
static array|string ufGroupClause(int $type = CRM_Core_Permission::VIEW, null $prefix = NULL, bool $returnUFGroupIds = FALSE)

Parameters

int $type
null $prefix
bool $returnUFGroupIds

Return Value

array|string

at line 371
static array|null event(int $type = CRM_Core_Permission::VIEW, int $eventID = NULL, string $context = '')

Parameters

int $type
int $eventID
string $context

Return Value

array|null

at line 407
static string eventClause(int $type = CRM_Core_Permission::VIEW, null $prefix = NULL)

Parameters

int $type
null $prefix

Return Value

string

at line 433
static bool access(string $module, bool $checkPermission = TRUE, bool $requireAllCasesPermOnCiviCase = FALSE)

Checks that component is enabled and optionally that user has basic perm.

Parameters

string $module Specifies the name of the CiviCRM component.
bool $checkPermission Check not only that module is enabled, but that user has necessary permission.
bool $requireAllCasesPermOnCiviCase Significant only if $module == CiviCase Require "access all cases and activities", not just "access my cases and activities".

Return Value

bool Access to specified $module is granted.

at line 469
static bool checkActionPermission(string $module, int $action)

Check permissions for delete and edit actions.

Parameters

string $module Component name.
int $action Action to be check across component.

Return Value

bool

at line 502
static bool checkMenu($args, string $op = 'and')

Parameters

$args
string $op

Return Value

bool

at line 524
static bool|mixed checkMenuItem($item)

Parameters

$item

Return Value

bool|mixed

Exceptions

Exception

at line 582
static array basicPermissions(bool $all = FALSE, bool $descriptions = FALSE)

Parameters

bool $all Include disabled components
bool $descriptions Whether to return descriptions

Return Value

array

at line 597
static array assembleBasicPermissions(bool $all = FALSE, bool $descriptions = FALSE)

Parameters

bool $all
bool $descriptions whether to return descriptions

Return Value

array

at line 650
static array getAnonymousPermissionsWarnings()

Return Value

array

at line 672
static array validateForPermissionWarnings($anonymous_perms)

Parameters

$anonymous_perms

Return Value

array

at line 681
static array getCorePermissions()

Get core permissions.

Return Value

array

at line 935
static array getEntityActionPermissions()

For each entity provides an array of permissions required for each action

The action is the array key, possible values: * create: applies to create (with no id in params) * update: applies to update, setvalue, create (with id in params) * get: applies to getcount, getsingle, getvalue and other gets * delete: applies to delete, replace * meta: applies to getfields, getoptions, getspec * default: catch-all for anything not declared

Note: some APIs declare other actions as well

Permissions should use arrays for AND and arrays of arrays for OR

Return Value

array of permissions

See also

CRM_Core_Permission::check

at line 1519
static string getGenericAction(string $action)

Translate an unknown action to a canonical form.

Parameters

string $action

Return Value

string the standardised action name

at line 1546
static bool giveMeAllACLs()

Validate user permission across.

edit or view or with supportable acls.

Return Value

bool

at line 1586
static null|string getComponentName(string $permission)

Get component name from given permission.

Parameters

string $permission

Return Value

null|string the name of component.

at line 1623
static string permissionEmails(string $permissionName)

Get all the contact emails for users that have a specific permission.

Parameters

string $permissionName Name of the permission we are interested in.

Return Value

string a comma separated list of email addresses

at line 1637
static string roleEmails(string $roleName)

Get all the contact emails for users that have a specific role.

Parameters

string $roleName Name of the role we are interested in.

Return Value

string a comma separated list of email addresses

at line 1645
static bool isMultisiteEnabled()

Return Value

bool

at line 1656
static bool checkDownloadInvoice()

Verify if the user has permission to get the invoice.

Return Value

bool TRUE if the user has download all invoices permission or download my invoices permission and the invoice author is the current user.