/** * See if the current user can edit an event. * * @param int $eventId * The event ID. * * @return bool * Whether permission is granted. */ public static function checkPerms($eventId) { // Admins or users with "edit all events" can edit all events. if (CRM_Core_Permission::check('edit all events') || CRM_Core_Permission::check('administer CiviCRM')) { return TRUE; } if (!$eventId) { return NULL; } $contactId = CRM_Core_Session::singleton()->get('userID'); // Creators of events can edit their events. try { $result = civicrm_api3('Event', 'getcount', array('id' => $eventId, 'created_id' => $contactId)); if (!empty($result)) { return TRUE; } } catch (CiviCRM_API3_Exception $e) { $error = $e->getMessage(); CRM_Core_Error::debug_log_message(ts('API Error finding event owner: %1', array('domain' => 'com.aghstrategies.eventpermissions', 1 => $error))); } // Hosts of events can edit their events. try { // TODO: fix role_id depending upon site-specific naming. $result = civicrm_api3('Participant', 'getcount', array('contact_id' => $contactId, 'event_id' => $eventId, 'role_id' => "Host")); if (!empty($result)) { return TRUE; } } catch (CiviCRM_API3_Exception $e) { $error = $e->getMessage(); CRM_Core_Error::debug_log_message(ts('API Error finding event owner: %1', array('domain' => 'com.aghstrategies.eventpermissions', 1 => $error))); } return FALSE; }
/** * Get the permissioned where clause for the user * * @param int $type the type of permission needed * @param array $tables (reference ) add the tables that are needed for the select clause * @param array $whereTables (reference ) add the tables that are needed for the where clause * @param int $contactID the contactID for whom the check is made * @param bool $onlyDeleted whether to include only deleted contacts * @param bool $skipDeleteClause don't add delete clause if this is true, * this means it is handled by generating query * * @return string the group where clause for this user * @access public */ public static function whereClause($type, &$tables, &$whereTables, $contactID = null, $onlyDeleted = false, $skipDeleteClause = false) { // first see if the contact has edit / view all contacts if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) { $deleteClause = ' ( 1 ) '; if (!$skipDeleteClause) { if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) { $deleteClause = '(contact_a.is_deleted)'; } else { // CRM-6181 $deleteClause = '(contact_a.is_deleted = 0)'; } } return $deleteClause; } if ($contactID == null) { $session = CRM_Core_Session::singleton(); $contactID = $session->get('userID'); } if (!$contactID) { $contactID = 0; // anonymous user } require_once 'CRM/ACL/BAO/ACL.php'; return CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID); }
public function preProcess() { $this->_contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $this, FALSE); $this->_system = CRM_Utils_Request::retrieve('system', 'Boolean', $this, FALSE, TRUE); $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'update'); if (isset($action)) { $this->assign('action', $action); } $session = CRM_Core_Session::singleton(); $this->_config = new CRM_Core_DAO(); if ($this->_system) { if (CRM_Core_Permission::check('administer CiviCRM')) { $this->_contactID = NULL; } else { CRM_Utils_System::fatal('You do not have permission to edit preferences'); } $this->_config->contact_id = NULL; } else { if (!$this->_contactID) { $this->_contactID = $session->get('userID'); if (!$this->_contactID) { CRM_Utils_System::fatal('Could not retrieve contact id'); } $this->set('cid', $this->_contactID); } $this->_config->contact_id = $this->_contactID; } $settings = Civi::settings(); foreach ($this->_varNames as $groupName => $settingNames) { foreach ($settingNames as $settingName => $options) { $this->_config->{$settingName} = $settings->get($settingName); } } $session->pushUserContext(CRM_Utils_System::url('civicrm/admin', 'reset=1')); }
/** * Set variables up before form is built. */ public function preProcess() { if (CRM_Mailing_Info::workflowEnabled()) { if (!CRM_Core_Permission::check('approve mailings') && !CRM_Core_Permission::check('access CiviMail')) { $this->redirectToListing(); } } else { $this->redirectToListing(); } // when user come from search context. $this->_searchBasedMailing = CRM_Contact_Form_Search::isSearchContext($this->get('context')); //retrieve mid from different wizard and url contexts $this->_mailingID = $this->get('mailing_id'); $this->_approveFormOnly = FALSE; if (!$this->_mailingID) { $this->_mailingID = CRM_Utils_Request::retrieve('mid', 'Integer', $this, TRUE); $this->_approveFormOnly = TRUE; } $session = CRM_Core_Session::singleton(); $this->_contactID = $session->get('userID'); $this->_mailing = new CRM_Mailing_BAO_Mailing(); $this->_mailing->id = $this->_mailingID; if (!$this->_mailing->find(TRUE)) { $this->redirectToListing(); } }
function preProcess() { $this->_mailingID = $this->get('mailing_id'); if (CRM_Core_Permission::check('administer CiviCRM')) { $this->assign('isAdmin', 1); } }
/** * Run dashboard * * @return void * @access public */ function run() { CRM_Utils_System::setTitle(ts('Dashlets')); $this->assign('admin', CRM_Core_Permission::check('administer CiviCRM')); // get all dashlets $allDashlets = CRM_Core_BAO_Dashboard::getDashlets(FALSE); // get dashlets for logged in contact $currentDashlets = CRM_Core_BAO_Dashboard::getContactDashlets(); $contactDashlets = $availableDashlets = array(); foreach ($currentDashlets as $columnNo => $values) { foreach ($values as $val => $isMinimized) { list($weight, $dashletID) = explode('-', $val); $key = "{$dashletID}-{$isMinimized}"; $contactDashlets[$columnNo][$key] = array('label' => $allDashlets[$dashletID]['label'], 'is_reserved' => $allDashlets[$dashletID]['is_reserved']); unset($allDashlets[$dashletID]); } } foreach ($allDashlets as $dashletID => $values) { $key = "{$dashletID}-0"; $availableDashlets[$key] = array('label' => $values['label'], 'is_reserved' => $values['is_reserved']); } $this->assign('contactDashlets', $contactDashlets); $this->assign('availableDashlets', $availableDashlets); return parent::run(); }
/** * Function to set variables up before form is built * * @return void * @access public */ public function preProcess() { $this->_contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $this); $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this); $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); $this->assign('action', $this->_action); $this->assign('context', $this->_context); //check permission for action. if (!CRM_Core_Permission::checkActionPermission('CiviGrant', $this->_action)) { CRM_Core_Error::fatal(ts('You do not have permission to access this page')); } if ($this->_action & CRM_Core_Action::DELETE) { return; } $this->_noteId = null; if ($this->_id) { require_once 'CRM/Core/BAO/Note.php'; $noteDAO = new CRM_Core_BAO_Note(); $noteDAO->entity_table = 'civicrm_grant'; $noteDAO->entity_id = $this->_id; if ($noteDAO->find(true)) { $this->_noteId = $noteDAO->id; } } //build custom data CRM_Custom_Form_Customdata::preProcess($this, null, null, 1, 'Grant', $this->_id); }
/** * Lets do permission checking here * First check for valid mailing, if false return fatal * Second check for visibility * Call a hook to see if hook wants to override visibility setting */ function checkPermission() { if (!$this->_mailing) { return false; } // check for visibility, if visibility is user pages // return true if ($this->_mailing->visibility == 'Public Pages') { return true; } // if user is an admin, return true require_once 'CRM/Core/Permission.php'; if (CRM_Core_Permission::check('administer CiviCRM') || CRM_Core_Permission::check('access CiviMail')) { return true; } // if anon user return false if (empty($this->_contactID)) { return false; } // if user has recd this mailing return true, else return false // check in mailing event table for this contact $sql = "\nSELECT id\nFROM civicrm_mailing_event_queue q\nINNER JOIN civicrm_mailing_job j ON q.job_id = j.id\nWHERE j.mailing_id = %1\nAND q.contact_id = %2\n"; $params = array(1 => array($this->_mailingID, 'Integer'), 2 => array($this->_contactID, 'Integer')); return CRM_Core_DAO::singleValueQuery($sql, $params) ? true : false; }
/** * Browse all options. */ public function browse() { $permission = FALSE; $this->assign('editClass', FALSE); if (CRM_Core_Permission::check('access CiviCRM')) { $this->assign('editClass', TRUE); $permission = TRUE; } $daoResult = new CRM_Core_DAO_Persistent(); $daoResult->find(); $schoolValues = array(); while ($daoResult->fetch()) { $values[$daoResult->id] = array(); CRM_Core_DAO::storeValues($daoResult, $values[$daoResult->id]); if ($daoResult->is_config == 1) { $values[$daoResult->id]['action'] = CRM_Core_Action::formLink(self::customizeActionLinks(), NULL, array('id' => $daoResult->id), ts('more'), FALSE, 'persistent.config.actions', 'Persistent', $daoResult->id); $values[$daoResult->id]['data'] = implode(',', unserialize($daoResult->data)); $configCustomization[$daoResult->id] = $values[$daoResult->id]; } if ($daoResult->is_config == 0) { $values[$daoResult->id]['action'] = CRM_Core_Action::formLink(self::stringActionLinks(), NULL, array('id' => $daoResult->id), ts('more'), FALSE, 'persistent.row.actions', 'Persistent', $daoResult->id); $configStrings[$daoResult->id] = $values[$daoResult->id]; } } $rows = array('configTemplates' => $configStrings, 'customizeTemplates' => $configCustomization); $this->assign('rows', $rows); }
public function creatNewShortcut(&$shortCuts) { require_once 'CRM/Core/Permission.php'; if (CRM_Core_Permission::check('manage campaign') || CRM_Core_Permission::check('administer CiviCampaign')) { $shortCuts = array_merge($shortCuts, array(array('path' => 'civicrm/campaign/add', 'query' => "reset=1&action=add", 'ref' => 'new-campaign', 'title' => ts('Campaign')), array('path' => 'civicrm/survey/add', 'query' => "reset=1&action=add", 'ref' => 'new-survey', 'title' => ts('Survey')))); } }
/** * Set variables up before form is built. * * @return void */ public function preProcess() { $this->_addProfileBottom = CRM_Utils_Array::value('addProfileBottom', $_GET, FALSE); $this->_profileBottomNum = CRM_Utils_Array::value('addProfileNum', $_GET, 0); $this->_addProfileBottomAdd = CRM_Utils_Array::value('addProfileBottomAdd', $_GET, FALSE); $this->_profileBottomNumAdd = CRM_Utils_Array::value('addProfileNumAdd', $_GET, 0); parent::preProcess(); $this->assign('addProfileBottom', $this->_addProfileBottom); $this->assign('profileBottomNum', $this->_profileBottomNum); $urlParams = "id={$this->_id}&addProfileBottom=1&qfKey={$this->controller->_key}"; $this->assign('addProfileParams', $urlParams); if ($addProfileBottom = CRM_Utils_Array::value('custom_post_id_multiple', $_POST)) { foreach (array_keys($addProfileBottom) as $profileNum) { self::buildMultipleProfileBottom($this, $profileNum); } } $this->assign('perm', 0); $ufGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_UFField', 'uf_group_id'); $ufCreate = CRM_ACL_API::group(CRM_Core_Permission::CREATE, NULL, 'civicrm_uf_group', $ufGroups); $ufEdit = CRM_ACL_API::group(CRM_Core_Permission::EDIT, NULL, 'civicrm_uf_group', $ufGroups); $checkPermission = array(array('administer CiviCRM', 'manage event profiles')); if (CRM_Core_Permission::check($checkPermission) || !empty($ufCreate) || !empty($ufEdit)) { $this->assign('perm', 1); } $this->assign('addProfileBottomAdd', $this->_addProfileBottomAdd); $this->assign('profileBottomNumAdd', $this->_profileBottomNumAdd); $urlParamsAdd = "id={$this->_id}&addProfileBottomAdd=1&qfKey={$this->controller->_key}"; $this->assign('addProfileParamsAdd', $urlParamsAdd); if ($addProfileBottomAdd = CRM_Utils_Array::value('additional_custom_post_id_multiple', $_POST)) { foreach (array_keys($addProfileBottomAdd) as $profileNum) { self::buildMultipleProfileBottom($this, $profileNum, 'additional_', ts('Profile for Additional Participants')); } } }
/** * Function to build the form * * @return None * @access public */ public function buildQuickForm() { parent::buildQuickForm(); if ($this->_action & CRM_Core_Action::DELETE) { return; } if (isset($this->_id)) { $params = array('id' => $this->_id); CRM_Core_BAO_Navigation::retrieve($params, $this->_defaults); } $this->applyFilter('__ALL__', 'trim'); $this->add('text', 'label', ts('Title'), CRM_Core_DAO::getAttribute('CRM_Core_DAO_Navigation', 'label'), true); $this->add('text', 'url', ts('Url'), CRM_Core_DAO::getAttribute('CRM_Core_DAO_Navigation', 'url')); require_once 'CRM/Core/Permission.php'; $permissions = CRM_Core_Permission::basicPermissions(true); $include =& $this->addElement('advmultiselect', 'permission', ts('Permission') . ' ', $permissions, array('size' => 5, 'style' => 'width:150px', 'class' => 'advmultiselect')); $include->setButtonAttributes('add', array('value' => ts('Add >>'))); $include->setButtonAttributes('remove', array('value' => ts('<< Remove'))); $operators = array('AND' => 'AND', 'OR' => 'OR'); $this->add('select', 'permission_operator', ts('Operator'), $operators); $this->add('checkbox', 'has_separator', ts('Separator?')); $active = $this->add('checkbox', 'is_active', ts('Enabled?')); if ($this->_defaults['name'] == 'Home') { $active->freeze(); } else { $parentMenu = CRM_Core_BAO_Navigation::getNavigationList(); if (isset($this->_id)) { unset($parentMenu[$this->_id]); } // also unset home. $homeMenuId = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Navigation', 'Home', 'id', 'name'); unset($parentMenu[$homeMenuId]); $parent = $this->add('select', 'parent_id', ts('Parent'), array('' => ts('-- select --')) + $parentMenu); } }
function preProcess() { $this->_contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $this, false); $this->_system = CRM_Utils_Request::retrieve('system', 'Boolean', $this, false, true); $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, false, 'update'); if (isset($action)) { $this->assign('action', $action); } $session = CRM_Core_Session::singleton(); require_once 'CRM/Core/DAO/Preferences.php'; $this->_config = new CRM_Core_DAO_Preferences(); $this->_config->domain_id = CRM_Core_Config::domainID(); if ($this->_system) { if (CRM_Core_Permission::check('administer CiviCRM')) { $this->_contactID = null; } else { CRM_Utils_System::fatal('You do not have permission to edit preferences'); } $this->_config->is_domain = 1; $this->_config->contact_id = null; } else { if (!$this->_contactID) { $this->_contactID = $session->get('userID'); if (!$this->_contactID) { CRM_Utils_System::fatal('Could not retrieve contact id'); } $this->set('cid', $this->_contactID); } $this->_config->is_domain = 0; $this->_config->contact_id = $this->_contactID; } $this->_config->find(true); $session->pushUserContext(CRM_Utils_System::url('civicrm/admin/setting', 'reset=1')); }
/** * Pre processing work done here. * * gets session variables for group or field id * * @param * * @return void */ public function preProcess() { if ($_SERVER['REQUEST_METHOD'] != 'POST') { // CRM_Core_Controller validates qfKey for POST requests, but not necessarily // for GET requests. Allowing GET would therefore be CSRF vulnerability. CRM_Core_Error::fatal(ts('Preview only supports HTTP POST')); } // Inline forms don't get menu-level permission checks $checkPermission = array(array('administer CiviCRM', 'manage event profiles')); if (!CRM_Core_Permission::check($checkPermission)) { CRM_Core_Error::fatal(ts('Permission Denied')); } $content = json_decode($_REQUEST['ufData'], TRUE); foreach (array('ufGroup', 'ufFieldCollection') as $key) { if (!is_array($content[$key])) { CRM_Core_Error::fatal("Missing JSON parameter, {$key}"); } } //echo '<pre>'.htmlentities(var_export($content, TRUE)) .'</pre>'; //CRM_Utils_System::civiExit(); $fields = CRM_Core_BAO_UFGroup::formatUFFields($content['ufGroup'], $content['ufFieldCollection']); //$fields = CRM_Core_BAO_UFGroup::getFields(1); $this->setProfile($fields); //echo '<pre>'.htmlentities(var_export($fields, TRUE)) .'</pre>';CRM_Utils_System::civiExit(); }
/** * Heart of the viewing process. The runner gets all the meta data for * the contact and calls the appropriate type of page to view. * * @return void * @access public * */ function preProcess() { $admin = CRM_Core_Permission::check('administer CiviCRM'); $grantSummary = CRM_Grant_BAO_Grant::getGrantSummary($admin); $this->assign('grantAdmin', $admin); $this->assign('grantSummary', $grantSummary); }
/** * Execute "checkAll". * * @param array|NULL $messages * List of CRM_Utils_Check_Message; or NULL if the default list should be fetched. * @param array|string|callable $filter * Restrict messages using a callback filter. * By default, only show warnings and errors. * Set TRUE to show all messages. */ public function showPeriodicAlerts($messages = NULL, $filter = array(__CLASS__, 'severityMap')) { if (CRM_Core_Permission::check('administer CiviCRM') && CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'securityAlert', NULL, TRUE)) { $session = CRM_Core_Session::singleton(); if ($session->timer('check_' . __CLASS__, self::CHECK_TIMER)) { // Best attempt at re-securing folders $config = CRM_Core_Config::singleton(); $config->cleanup(0, FALSE); if ($messages === NULL) { $messages = $this->checkAll(); } $statusMessages = array(); $statusType = 'alert'; foreach ($messages as $message) { if ($filter === TRUE || $message->getSeverity() >= 3) { $statusType = $message->getSeverity() >= 4 ? 'error' : $statusType; $statusMessage = $message->getMessage(); $statusMessages[] = $statusTitle = $message->getTitle(); } } if (count($statusMessages)) { if (count($statusMessages) > 1) { $statusTitle = ts('Multiple Alerts'); $statusMessage = '<ul><li>' . implode('</li><li>', $statusMessages) . '</li></ul>'; } // TODO: add link to status page CRM_Core_Session::setStatus($statusMessage, $statusTitle, $statusType); } } } }
/** * Get AngularJS modules and their dependencies * * @return array * list of modules; same format as CRM_Utils_Hook::angularModules(&$angularModules) * @see CRM_Utils_Hook::angularModules */ public function getAngularModules() { // load angular files only if valid permissions are granted to the user if (!CRM_Core_Permission::check('access CiviMail') && !CRM_Core_Permission::check('create mailings') && !CRM_Core_Permission::check('schedule mailings') && !CRM_Core_Permission::check('approve mailings')) { return array(); } $result = array(); $result['crmMailing'] = array('ext' => 'civicrm', 'js' => array('ang/crmMailing.js', 'ang/crmMailing/*.js'), 'css' => array('ang/crmMailing.css'), 'partials' => array('ang/crmMailing')); $result['crmMailingAB'] = array('ext' => 'civicrm', 'js' => array('ang/crmMailingAB.js', 'ang/crmMailingAB/*.js', 'ang/crmMailingAB/*/*.js'), 'css' => array('ang/crmMailingAB.css'), 'partials' => array('ang/crmMailingAB')); $result['crmD3'] = array('ext' => 'civicrm', 'js' => array('ang/crmD3.js', 'bower_components/d3/d3.min.js')); $config = CRM_Core_Config::singleton(); $session = CRM_Core_Session::singleton(); $contactID = $session->get('userID'); // Get past mailings // CRM-16155 - Limit to a reasonable number $civiMails = civicrm_api3('Mailing', 'get', array('is_completed' => 1, 'mailing_type' => array('IN' => array('standalone', 'winner')), 'return' => array('id', 'name', 'scheduled_date'), 'sequential' => 1, 'options' => array('limit' => 500, 'sort' => 'is_archived asc, scheduled_date desc'))); // Generic params $params = array('options' => array('limit' => 0), 'sequential' => 1); $groupNames = civicrm_api3('Group', 'get', $params + array('is_active' => 1, 'check_permissions' => TRUE, 'return' => array('title', 'visibility', 'group_type', 'is_hidden'))); $headerfooterList = civicrm_api3('MailingComponent', 'get', $params + array('is_active' => 1, 'return' => array('name', 'component_type', 'is_default', 'body_html', 'body_text'))); $emailAdd = civicrm_api3('Email', 'get', array('sequential' => 1, 'return' => "email", 'contact_id' => $contactID)); $mesTemplate = civicrm_api3('MessageTemplate', 'get', $params + array('sequential' => 1, 'is_active' => 1, 'return' => array("id", "msg_title"), 'workflow_id' => array('IS NULL' => ""))); $mailTokens = civicrm_api3('Mailing', 'gettokens', array('entity' => array('contact', 'mailing'), 'sequential' => 1)); $fromAddress = civicrm_api3('OptionValue', 'get', $params + array('option_group_id' => "from_email_address", 'domain_id' => CRM_Core_Config::domainID())); CRM_Core_Resources::singleton()->addSetting(array('crmMailing' => array('civiMails' => $civiMails['values'], 'campaignEnabled' => in_array('CiviCampaign', $config->enableComponents), 'groupNames' => $groupNames['values'], 'headerfooterList' => $headerfooterList['values'], 'mesTemplate' => $mesTemplate['values'], 'emailAdd' => $emailAdd['values'], 'mailTokens' => $mailTokens['values'], 'contactid' => $contactID, 'requiredTokens' => CRM_Utils_Token::getRequiredTokens(), 'enableReplyTo' => (int) CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::MAILING_PREFERENCES_NAME, 'replyTo'), 'disableMandatoryTokensCheck' => (int) CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::MAILING_PREFERENCES_NAME, 'disable_mandatory_tokens_check'), 'fromAddress' => $fromAddress['values'], 'defaultTestEmail' => civicrm_api3('Contact', 'getvalue', array('id' => 'user_contact_id', 'return' => 'email')), 'visibility' => CRM_Utils_Array::makeNonAssociative(CRM_Core_SelectValues::groupVisibility()), 'workflowEnabled' => CRM_Mailing_Info::workflowEnabled())))->addPermissions(array('view all contacts', 'access CiviMail', 'create mailings', 'schedule mailings', 'approve mailings', 'delete in CiviMail', 'edit message templates')); return $result; }
/** * This function is the main function that is called when the page loads, it decides the which action has to be taken for the page. * * return null * @access public */ function run() { $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse'); $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); $this->assign('action', $this->_action); $this->assign('context', $this->_context); $this->_contactId = CRM_Utils_Request::retrieve('cid', 'Positive', $this); CRM_Pledge_Page_Tab::setContext($this); if ($this->_action & CRM_Core_Action::UPDATE) { $this->edit(); } else { $pledgeId = CRM_Utils_Request::retrieve('pledgeId', 'Positive', $this); $paymentDetails = CRM_Pledge_BAO_PledgePayment::getPledgePayments($pledgeId); $this->assign('rows', $paymentDetails); $this->assign('pledgeId', $pledgeId); $this->assign('contactId', $this->_contactId); // check if we can process credit card contribs $this->assign('newCredit', CRM_Core_Config::isEnabledBackOfficeCreditCardPayments()); // check is the user has view/edit signer permission $permission = 'view'; if (CRM_Core_Permission::check('edit pledges')) { $permission = 'edit'; } $this->assign('permission', $permission); } return parent::run(); }
/** * Get tab Links for events. * * @param $enableCart * * @return array * (reference) of tab links */ public static function &tabs($enableCart) { $cacheKey = $enableCart ? 1 : 0; if (!self::$_tabLinks) { self::$_tabLinks = array(); } if (!isset(self::$_tabLinks[$cacheKey])) { self::$_tabLinks[$cacheKey]['settings'] = array('title' => ts('Info and Settings'), 'url' => 'civicrm/event/manage/settings', 'field' => 'id'); self::$_tabLinks[$cacheKey]['location'] = array('title' => ts('Location'), 'url' => 'civicrm/event/manage/location', 'field' => 'loc_block_id'); self::$_tabLinks[$cacheKey]['fee'] = array('title' => ts('Fees'), 'url' => 'civicrm/event/manage/fee', 'field' => 'is_monetary'); self::$_tabLinks[$cacheKey]['registration'] = array('title' => ts('Online Registration'), 'url' => 'civicrm/event/manage/registration', 'field' => 'is_online_registration'); if (CRM_Core_Permission::check('administer CiviCRM') || CRM_Event_BAO_Event::checkPermission(NULL, CRM_Core_Permission::EDIT)) { self::$_tabLinks[$cacheKey]['reminder'] = array('title' => ts('Schedule Reminders'), 'url' => 'civicrm/event/manage/reminder', 'field' => 'reminder'); } self::$_tabLinks[$cacheKey]['conference'] = array('title' => ts('Conference Slots'), 'url' => 'civicrm/event/manage/conference', 'field' => 'slot_label_id'); self::$_tabLinks[$cacheKey]['friend'] = array('title' => ts('Tell a Friend'), 'url' => 'civicrm/event/manage/friend', 'field' => 'friend'); self::$_tabLinks[$cacheKey]['pcp'] = array('title' => ts('Personal Campaign Pages'), 'url' => 'civicrm/event/manage/pcp', 'field' => 'is_pcp_enabled'); self::$_tabLinks[$cacheKey]['repeat'] = array('title' => ts('Repeat'), 'url' => 'civicrm/event/manage/repeat', 'field' => 'is_repeating_event'); } if (!$enableCart) { unset(self::$_tabLinks[$cacheKey]['conference']); } CRM_Utils_Hook::tabset('civicrm/event/manage', self::$_tabLinks[$cacheKey], array()); return self::$_tabLinks[$cacheKey]; }
/** * run this page (figure out the action needed and perform it). * * @return void */ function run() { $instanceId = CRM_Report_Utils_Report::getInstanceID(); $action = CRM_Utils_Request::retrieve('action', 'String', $this); $optionVal = CRM_Report_Utils_Report::getValueFromUrl($instanceId); $reportUrl = CRM_Utils_System::url('civicrm/report/list', "reset=1"); if ($action & CRM_Core_Action::DELETE) { if (!CRM_Core_Permission::check('administer Reports')) { $statusMessage = ts('Your do not have permission to Delete Report.'); CRM_Core_Error::statusBounce($statusMessage, $reportUrl); } CRM_Report_BAO_Instance::delete($instanceId); CRM_Core_Session::setStatus(ts('Selected Instance has been deleted.')); } else { require_once 'CRM/Core/OptionGroup.php'; $templateInfo = CRM_Core_OptionGroup::getRowValues('report_template', "{$optionVal}", 'value'); if (strstr($templateInfo['name'], '_Form')) { $instanceInfo = array(); CRM_Report_BAO_Instance::retrieve(array('id' => $instanceId), $instanceInfo); if (!empty($instanceInfo['title'])) { CRM_Utils_System::setTitle($instanceInfo['title']); $this->assign('reportTitle', $instanceInfo['title']); } else { CRM_Utils_System::setTitle($templateInfo['label']); $this->assign('reportTitle', $templateInfo['label']); } $wrapper =& new CRM_Utils_Wrapper(); return $wrapper->run($templateInfo['name'], null, null); } CRM_Core_Session::setStatus(ts('Could not find template for the instance.')); } return CRM_Utils_System::redirect($reportUrl); }
/** * Given a note id, decide if the note should be displayed based on privacy setting * * @param object $note * Either the id of the note to retrieve, or the CRM_Core_DAO_Note object itself. * * @return bool * TRUE if the note should be displayed, otherwise FALSE * */ public static function getNotePrivacyHidden($note) { if (CRM_Core_Permission::check('view all notes')) { return FALSE; } $noteValues = array(); if (is_object($note) && get_class($note) == 'CRM_Core_DAO_Note') { CRM_Core_DAO::storeValues($note, $noteValues); } else { $noteDAO = new CRM_Core_DAO_Note(); $noteDAO->id = $note; $noteDAO->find(); if ($noteDAO->fetch()) { CRM_Core_DAO::storeValues($noteDAO, $noteValues); } } CRM_Utils_Hook::notePrivacy($noteValues); if (!$noteValues['privacy']) { return FALSE; } elseif (isset($noteValues['notePrivacy_hidden'])) { // If the hook has set visibility, use that setting. return $noteValues['notePrivacy_hidden']; } else { // Default behavior (if hook has not set visibility) // is to hide privacy notes unless the note creator is the current user. if ($noteValues['privacy']) { $session = CRM_Core_Session::singleton(); $userID = $session->get('userID'); return $noteValues['contact_id'] != $userID; } else { return FALSE; } } }
/** * Output navigation script tag * * @param array $params * - is_default: bool, true if this is normal/default instance of the menu (which may be subject to CIVICRM_DISABLE_DEFAULT_MENU) * @param CRM_Core_Smarty $smarty * The Smarty object. * * @return string * HTML */ function smarty_function_crmNavigationMenu($params, &$smarty) { $config = CRM_Core_Config::singleton(); //check if logged in user has access CiviCRM permission and build menu $buildNavigation = !CRM_Core_Config::isUpgradeMode() && CRM_Core_Permission::check('access CiviCRM'); if (defined('CIVICRM_DISABLE_DEFAULT_MENU') && CRM_Utils_Array::value('is_default', $params, FALSE)) { $buildNavigation = FALSE; } if ($config->userFrameworkFrontend) { $buildNavigation = FALSE; } if ($buildNavigation) { $session = CRM_Core_Session::singleton(); $contactID = $session->get('userID'); if ($contactID) { // These params force the browser to refresh the js file when switching user, domain, or language // We don't put them as a query string because some browsers will refuse to cache a page with a ? in the url // @see CRM_Admin_Page_AJAX::getNavigationMenu $lang = $config->lcMessages; $domain = CRM_Core_Config::domainID(); $key = CRM_Core_BAO_Navigation::getCacheKey($contactID); $src = CRM_Utils_System::url("civicrm/ajax/menujs/{$contactID}/{$lang}/{$domain}/{$key}"); // CRM-15493 QFkey needed for quicksearch bar - must be unique on each page refresh so adding it directly to markup $qfKey = CRM_Core_Key::get('CRM_Contact_Controller_Search', TRUE); return '<script id="civicrm-navigation-menu" type="text/javascript" src="' . $src . '" data-qfkey=' . json_encode($qfKey) . '></script>'; } } return ''; }
/** * run this page (figure out the action needed and perform it). * * @return void */ function run() { if (!CRM_Core_Permission::check('administer Reports')) { return CRM_Utils_System::redirect(CRM_Utils_System::url('civicrm/report/list', 'reset=1')); } $optionVal = CRM_Report_Utils_Report::getValueFromUrl(); $templateInfo = CRM_Core_OptionGroup::getRowValues('report_template', "{$optionVal}", 'value', 'String', FALSE); $extKey = strpos(CRM_Utils_Array::value('name', $templateInfo), '.'); $reportClass = NULL; if ($extKey !== FALSE) { $ext = CRM_Extension_System::singleton()->getMapper(); $reportClass = $ext->keyToClass($templateInfo['name'], 'report'); $templateInfo['name'] = $reportClass; } if (strstr(CRM_Utils_Array::value('name', $templateInfo), '_Form') || !is_null($reportClass)) { CRM_Utils_System::setTitle($templateInfo['label'] . ' - Template'); $this->assign('reportTitle', $templateInfo['label']); $session = CRM_Core_Session::singleton(); $session->set('reportDescription', $templateInfo['description']); $wrapper = new CRM_Utils_Wrapper(); return $wrapper->run($templateInfo['name'], NULL, NULL); } if ($optionVal) { CRM_Core_Session::setStatus(ts('Could not find the report template. Make sure the report template is registered and / or url is correct.'), ts('Template Not Found'), 'error'); } return CRM_Utils_System::redirect(CRM_Utils_System::url('civicrm/report/list', 'reset=1')); }
/** * @param \Civi\API\Event\AuthorizeEvent $event * API authorization event. * * @throws \Civi\API\Exception\UnauthorizedException */ public function onApiAuthorize(\Civi\API\Event\AuthorizeEvent $event) { $apiRequest = $event->getApiRequest(); if ($apiRequest['version'] < 4) { // return early unless we’re told explicitly to do the permission check if (empty($apiRequest['params']['check_permissions']) or $apiRequest['params']['check_permissions'] == FALSE) { $event->authorize(); $event->stopPropagation(); return; } require_once 'CRM/Core/DAO/permissions.php'; $permissions = _civicrm_api3_permissions($apiRequest['entity'], $apiRequest['action'], $apiRequest['params']); // $params might’ve been reset by the alterAPIPermissions() hook if (isset($apiRequest['params']['check_permissions']) and $apiRequest['params']['check_permissions'] == FALSE) { $event->authorize(); $event->stopPropagation(); return; } if (!\CRM_Core_Permission::check($permissions) and !self::checkACLPermission($apiRequest)) { if (is_array($permissions)) { foreach ($permissions as &$permission) { if (is_array($permission)) { $permission = '( ' . implode(' or ', $permission) . ' )'; } } $permissions = implode(' and ', $permissions); } // FIXME: Generating the exception ourselves allows for detailed error // but doesn't play well with multiple authz subscribers. throw new \Civi\API\Exception\UnauthorizedException("API permission check failed for {$apiRequest['entity']}/{$apiRequest['action']} call; insufficient permission: require {$permissions}"); } $event->authorize(); $event->stopPropagation(); } }
/** * List activities as dashlet * * @return none * * @access public */ function run() { $session = CRM_Core_Session::singleton(); $contactID = $session->get('userID'); // a user can always view their own activity // if they have access CiviCRM permission $permission = CRM_Core_Permission::VIEW; // make the permission edit if the user has edit permission on the contact require_once 'CRM/Contact/BAO/Contact/Permission.php'; if (CRM_Contact_BAO_Contact_Permission::allow($contactID, CRM_Core_Permission::EDIT)) { $permission = CRM_Core_Permission::EDIT; } $admin = CRM_Core_Permission::check('view all activities') || CRM_Core_Permission::check('administer CiviCRM'); require_once 'CRM/Core/Selector/Controller.php'; $output = CRM_Core_Selector_Controller::SESSION; require_once 'CRM/Activity/Selector/Activity.php'; $selector = new CRM_Activity_Selector_Activity($contactID, $permission, $admin, 'home'); $sortID = null; if ($this->get(CRM_Utils_Sort::SORT_ID)) { $sortID = CRM_Utils_Sort::sortIDValue($this->get(CRM_Utils_Sort::SORT_ID), $this->get(CRM_Utils_Sort::SORT_DIRECTION)); } $controller = new CRM_Core_Selector_Controller($selector, $this->get(CRM_Utils_Pager::PAGE_ID), $sortID, CRM_Core_Action::VIEW, $this, $output); $controller->setEmbedded(true); $controller->run(); $controller->moveFromSessionToTemplate(); return parent::run(); }
/** * This function is the main function that is called when the page loads, it decides the which action has to be taken for the page. * * return null * @access public */ function run() { $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse'); $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this); $this->assign('action', $this->_action); $this->assign('context', $this->_context); $this->_contactId = CRM_Utils_Request::retrieve('cid', 'Positive', $this); CRM_Pledge_Page_Tab::setContext(); if ($this->_action & CRM_Core_Action::UPDATE) { $this->edit(); // set page title CRM_Contact_Page_View::setTitle($this->_contactId); } else { $pledgeId = CRM_Utils_Request::retrieve('pledgeId', 'Positive', $this); $paymentDetails = CRM_Pledge_BAO_PledgePayment::getPledgePayments($pledgeId); $this->assign('rows', $paymentDetails); $this->assign('pledgeId', $pledgeId); $this->assign('contactId', $this->_contactId); // check if we can process credit card contribs $processors = CRM_Core_PseudoConstant::paymentProcessor(FALSE, FALSE, "billing_mode IN ( 1, 3 )"); if (count($processors) > 0) { $this->assign('newCredit', TRUE); } else { $this->assign('newCredit', FALSE); } // check is the user has view/edit signer permission $permission = 'view'; if (CRM_Core_Permission::check('edit pledges')) { $permission = 'edit'; } $this->assign('permission', $permission); } return parent::run(); }
/** * Heart of the viewing process. The runner gets all the meta data for * the contact and calls the appropriate type of page to view. * * @return void * @access public * */ function preProcess() { // Make sure case types have been configured for the component require_once 'CRM/Core/OptionGroup.php'; $caseType = CRM_Core_OptionGroup::values('case_type'); if (empty($caseType)) { $this->assign('notConfigured', 1); return; } $session =& CRM_Core_Session::singleton(); $allCases = CRM_Utils_Request::retrieve('all', 'Positive', $session); CRM_Utils_System::setTitle(ts('CiviCase Dashboard')); $userID = $session->get('userID'); if (!$allCases) { $this->assign('myCases', true); } else { $this->assign('myCases', false); } $this->assign('newClient', false); if (CRM_Core_Permission::check('add contacts')) { $this->assign('newClient', true); } require_once 'CRM/Case/BAO/Case.php'; $summary = CRM_Case_BAO_Case::getCasesSummary($allCases, $userID); $upcoming = CRM_Case_BAO_Case::getCases($allCases, $userID, 'upcoming'); $recent = CRM_Case_BAO_Case::getCases($allCases, $userID, 'recent'); $this->assign('casesSummary', $summary); if (!empty($upcoming)) { $this->assign('upcomingCases', $upcoming); } if (!empty($recent)) { $this->assign('recentCases', $recent); } }
/** * Build price options. * * @param CRM_Event_BAO_Event $event * * @return array */ public function build_price_options($event) { $price_fields_for_event = array(); $base_field_name = "event_{$event->id}_amount"; $price_set_id = CRM_Price_BAO_PriceSet::getFor('civicrm_event', $event->id); //CRM-14492 display admin fields only if user is admin $adminFieldVisible = FALSE; if (CRM_Core_Permission::check('administer CiviCRM')) { $adminFieldVisible = TRUE; } if ($price_set_id) { $price_sets = CRM_Price_BAO_PriceSet::getSetDetail($price_set_id, TRUE, TRUE); $price_set = $price_sets[$price_set_id]; $index = -1; foreach ($price_set['fields'] as $field) { $index++; if (CRM_Utils_Array::value('visibility', $field) == 'public' || CRM_Utils_Array::value('visibility', $field) == 'admin' && $adminFieldVisible == TRUE) { $field_name = "event_{$event->id}_price_{$field['id']}"; CRM_Price_BAO_PriceField::addQuickFormElement($this, $field_name, $field['id'], FALSE); $price_fields_for_event[] = $field_name; } } } return $price_fields_for_event; }
/** * Display daily system status alerts (admin only). */ public function showPeriodicAlerts() { if (CRM_Core_Permission::check('administer CiviCRM')) { $session = CRM_Core_Session::singleton(); if ($session->timer('check_' . __CLASS__, self::CHECK_TIMER)) { // Best attempt at re-securing folders $config = CRM_Core_Config::singleton(); $config->cleanup(0, FALSE); $statusMessages = array(); $maxSeverity = 0; foreach ($this->checkAll() as $message) { if (!$message->isVisible()) { continue; } if ($message->getLevel() >= 3) { $maxSeverity = max($maxSeverity, $message->getLevel()); $statusMessage = $message->getMessage(); $statusMessages[] = $statusTitle = $message->getTitle(); } } if ($statusMessages) { if (count($statusMessages) > 1) { $statusTitle = self::toStatusLabel($maxSeverity); $statusMessage = '<ul><li>' . implode('</li><li>', $statusMessages) . '</li></ul>'; } $statusMessage .= '<p><a href="' . CRM_Utils_System::url('civicrm/a/#/status') . '">' . ts('View details and manage alerts') . '</a></p>'; $statusType = $maxSeverity >= 4 ? 'error' : 'alert'; CRM_Core_Session::setStatus($statusMessage, $statusTitle, $statusType); } } } }
/** * Output navigation script tag * * @param array $params * - is_default: bool, true if this is normal/default instance of the menu (which may be subject to CIVICRM_DISABLE_DEFAULT_MENU) * @param object $smarty the Smarty object * * @return string HTML */ function smarty_function_crmNavigationMenu($params, &$smarty) { $config = CRM_Core_Config::singleton(); //check if logged in user has access CiviCRM permission and build menu $buildNavigation = !CRM_Core_Config::isUpgradeMode() && CRM_Core_Permission::check('access CiviCRM'); if (defined('CIVICRM_DISABLE_DEFAULT_MENU') && CRM_Utils_Array::value('is_default', $params, FALSE)) { $buildNavigation = FALSE; } if ($config->userFrameworkFrontend) { $buildNavigation = FALSE; } if ($buildNavigation) { $session = CRM_Core_Session::singleton(); $contactID = $session->get('userID'); if ($contactID) { // These params force the browser to refresh the js file when switching user, domain, or language // We don't put them as a query string because some browsers will refuse to cache a page with a ? in the url // We end the string with .js to trick apache mods into sending pro-caching headers // @see CRM_Admin_Page_AJAX::getNavigationMenu $lang = $config->lcMessages; $domain = CRM_Core_Config::domainID(); $key = CRM_Core_BAO_Navigation::getCacheKey($contactID); $src = CRM_Utils_System::url("civicrm/ajax/menujs/{$contactID}/{$lang}/{$domain}/{$key}.js"); return '<script type="text/javascript" src="' . $src . '"></script>'; } } return ''; }