public static function checkFilePerms($op, $file, $user) { $opsRequiringProjectId = array(CRM_Core_Action::UPDATE, CRM_Core_Action::DELETE); if (in_array($op, $opsRequiringProjectId) && empty($projectId)) { CRM_Core_Error::fatal('Missing required parameter Project ID'); } //Run the hook that allows third party extensions to //Alter the permissions of a file operation. //If true, they have permission //If False, they expressly do not //If null, fallback on the following checks. $validByHook = CRM_Securefiles_Hooks::checkPermissions($op, $file, $user); if (!is_null($validByHook)) { return $validByHook; } $contactId = CRM_Core_Session::getLoggedInContactID(); $checkUserRelationship = !($contactId == $user); switch ($op) { case CRM_Core_Action::ADD: case CRM_Core_Action::UPDATE: if ($checkUserRelationship) { return self::check('upload others secure files'); //Todo: Check relationships and allow for permissioned relationships } else { return self::check('upload own secure files'); } break; case CRM_Core_Action::DELETE: if ($checkUserRelationship) { return self::check("delete all secure files"); //Todo: Check relationships and allow for permissioned relationships } else { return self::check("delete own secure files"); } break; case CRM_Core_Action::VIEW: if ($checkUserRelationship) { return self::check('view all secure files'); //Todo: Check relationships and allow for permissioned relationships } else { return self::check('view own secure files'); } break; case self::LIST_SECURE_FILES: if ($checkUserRelationship) { return self::check('list all secure files'); //Todo: Check relationships and allow for permissioned relationships } else { return self::check('list own secure files'); } break; } return FALSE; }