public static function checkFilePerms($op, $file, $user)
{
$opsRequiringProjectId = array(CRM_Core_Action::UPDATE, CRM_Core_Action::DELETE);
if (in_array($op, $opsRequiringProjectId) && empty($projectId)) {
CRM_Core_Error::fatal('Missing required parameter Project ID');
}
//Run the hook that allows third party extensions to
//Alter the permissions of a file operation.
//If true, they have permission
//If False, they expressly do not
//If null, fallback on the following checks.
$validByHook = CRM_Securefiles_Hooks::checkPermissions($op, $file, $user);
if (!is_null($validByHook)) {
return $validByHook;
}
$contactId = CRM_Core_Session::getLoggedInContactID();
$checkUserRelationship = !($contactId == $user);
switch ($op) {
case CRM_Core_Action::ADD:
case CRM_Core_Action::UPDATE:
if ($checkUserRelationship) {
return self::check('upload others secure files');
//Todo: Check relationships and allow for permissioned relationships
} else {
return self::check('upload own secure files');
}
break;
case CRM_Core_Action::DELETE:
if ($checkUserRelationship) {
return self::check("delete all secure files");
//Todo: Check relationships and allow for permissioned relationships
} else {
return self::check("delete own secure files");
}
break;
case CRM_Core_Action::VIEW:
if ($checkUserRelationship) {
return self::check('view all secure files');
//Todo: Check relationships and allow for permissioned relationships
} else {
return self::check('view own secure files');
}
break;
case self::LIST_SECURE_FILES:
if ($checkUserRelationship) {
return self::check('list all secure files');
//Todo: Check relationships and allow for permissioned relationships
} else {
return self::check('list own secure files');
}
break;
}
return FALSE;
}
