/**
* make sure that the user has permission to access this group
*
* @param int $id the id of the object
* @param int $name the name or title of the object
*
* @return string the permission that the user has (or null)
* @access public
* @static
*/
static function checkPermission($id, $title)
{
require_once 'CRM/ACL/API.php';
require_once 'CRM/Core/Permission.php';
$allGroups = CRM_Core_PseudoConstant::allGroup();
$permissions = null;
if (CRM_Core_Permission::check('edit all contacts') || CRM_ACL_API::groupPermission(CRM_ACL_API::EDIT, $id, null, 'civicrm_saved_search', $allGroups)) {
$permissions[] = CRM_Core_Permission::EDIT;
}
if (CRM_Core_Permission::check('view all contacts') || CRM_ACL_API::groupPermission(CRM_ACL_API::VIEW, $id, null, 'civicrm_saved_search', $allGroups)) {
$permissions[] = CRM_Core_Permission::VIEW;
}
if (CRM_Core_Permission::check('delete contacts')) {
$permissions[] = CRM_Core_Permission::DELETE;
}
return $permissions;
}
/**
* Set up an acl allowing contact to see 2 specified groups
* - $this->_permissionedGroup & $this->_permissionedDisabledGroup
*
* You need to have pre-created these groups & created the user e.g
* $this->createLoggedInUser();
* $this->_permissionedDisabledGroup = $this->groupCreate(array('title' => 'pick-me-disabled', 'is_active' => 0, 'name' => 'pick-me-disabled'));
* $this->_permissionedGroup = $this->groupCreate(array('title' => 'pick-me-active', 'is_active' => 1, 'name' => 'pick-me-active'));
*
* @param bool $isProfile
*/
public function setupACL($isProfile = FALSE)
{
global $_REQUEST;
$_REQUEST = $this->_params;
CRM_Core_Config::singleton()->userPermissionClass->permissions = array('access CiviCRM');
$optionGroupID = $this->callAPISuccessGetValue('option_group', array('return' => 'id', 'name' => 'acl_role'));
$optionValue = $this->callAPISuccess('option_value', 'create', array('option_group_id' => $optionGroupID, 'label' => 'pick me', 'value' => 55));
CRM_Core_DAO::executeQuery("\n TRUNCATE civicrm_acl_cache\n ");
CRM_Core_DAO::executeQuery("\n TRUNCATE civicrm_acl_contact_cache\n ");
CRM_Core_DAO::executeQuery("\n INSERT INTO civicrm_acl_entity_role (\n `acl_role_id`, `entity_table`, `entity_id`, `is_active`\n ) VALUES (55, 'civicrm_group', {$this->_permissionedGroup}, 1);\n ");
if ($isProfile) {
CRM_Core_DAO::executeQuery("\n INSERT INTO civicrm_acl (\n `name`, `entity_table`, `entity_id`, `operation`, `object_table`, `object_id`, `is_active`\n )\n VALUES (\n 'view picked', 'civicrm_acl_role', 55, 'Edit', 'civicrm_uf_group', 0, 1\n );\n ");
} else {
CRM_Core_DAO::executeQuery("\n INSERT INTO civicrm_acl (\n `name`, `entity_table`, `entity_id`, `operation`, `object_table`, `object_id`, `is_active`\n )\n VALUES (\n 'view picked', 'civicrm_group', {$this->_permissionedGroup} , 'Edit', 'civicrm_saved_search', {$this->_permissionedGroup}, 1\n );\n ");
CRM_Core_DAO::executeQuery("\n INSERT INTO civicrm_acl (\n `name`, `entity_table`, `entity_id`, `operation`, `object_table`, `object_id`, `is_active`\n )\n VALUES (\n 'view picked', 'civicrm_group', {$this->_permissionedGroup}, 'Edit', 'civicrm_saved_search', {$this->_permissionedDisabledGroup}, 1\n );\n ");
}
$this->_loggedInUser = CRM_Core_Session::singleton()->get('userID');
$this->callAPISuccess('group_contact', 'create', array('group_id' => $this->_permissionedGroup, 'contact_id' => $this->_loggedInUser));
if (!$isProfile) {
//flush cache
CRM_ACL_BAO_Cache::resetCache();
CRM_Contact_BAO_Group::getPermissionClause(TRUE);
CRM_ACL_API::groupPermission('whatever', 9999, NULL, 'civicrm_saved_search', NULL, NULL, TRUE);
}
}
/**
* Make sure that the user has permission to access this group.
*
* @param int $id
* The id of the object.
* @param bool $excludeHidden
* Should hidden groups be excluded.
* Logically this is the wrong place to filter hidden groups out as that is
* not a permission issue. However, as other functions may rely on that defaulting to
* FALSE for now & only the api call is calling with true.
*
* @return array
* The permission that the user has (or NULL)
*/
public static function checkPermission($id, $excludeHidden = FALSE)
{
$allGroups = CRM_Core_PseudoConstant::allGroup(NULL, $excludeHidden);
$permissions = NULL;
if (CRM_Core_Permission::check('edit all contacts') || CRM_ACL_API::groupPermission(CRM_ACL_API::EDIT, $id, NULL, 'civicrm_saved_search', $allGroups)) {
$permissions[] = CRM_Core_Permission::EDIT;
}
if (CRM_Core_Permission::check('view all contacts') || CRM_ACL_API::groupPermission(CRM_ACL_API::VIEW, $id, NULL, 'civicrm_saved_search', $allGroups)) {
$permissions[] = CRM_Core_Permission::VIEW;
}
if (!empty($permissions) && CRM_Core_Permission::check('delete contacts')) {
// Note: using !empty() in if condition, restricts the scope of delete
// permission to groups/contacts that are editable/viewable.
// We can remove this !empty condition once we have ACL support for delete functionality.
$permissions[] = CRM_Core_Permission::DELETE;
}
return $permissions;
}
/**
* make sure that the user has permission to access this group
*
* @param int $id the id of the object
* @param int $name the name or title of the object
*
* @return string the permission that the user has (or null)
* @access public
* @static
*/
static function checkPermission($id, $title)
{
require_once 'CRM/ACL/API.php';
require_once 'CRM/Core/Permission.php';
$allGroups = CRM_Core_PseudoConstant::allGroup();
$permissions = null;
if (CRM_Core_Permission::check('edit all contacts') || CRM_ACL_API::groupPermission(CRM_ACL_API::EDIT, $id, null, 'civicrm_saved_search', $allGroups)) {
$permissions[] = CRM_Core_Permission::EDIT;
}
if (CRM_Core_Permission::check('view all contacts') || CRM_ACL_API::groupPermission(CRM_ACL_API::VIEW, $id, null, 'civicrm_saved_search', $allGroups)) {
$permissions[] = CRM_Core_Permission::VIEW;
}
if (!empty($permissions) && CRM_Core_Permission::check('delete contacts')) {
// Note: using !empty() in if condition, restricts the scope of delete
// permission to groups/contacts that are editable/viewable.
// We can remove this !empty condition once we have ACL support for delete functionality.
$permissions[] = CRM_Core_Permission::DELETE;
}
return $permissions;
}
