/** * Validate user permission across * edit or view or with supportable acls. * * return boolean true/false. **/ static function giveMeAllACLs() { if (CRM_Core_Permission::check('view all contacts') || CRM_Core_Permission::check('edit all contacts')) { return TRUE; } $session = CRM_Core_Session::singleton(); $contactID = $session->get('userID'); if (self::isMultisiteEnabled()) { // For multisite just check if there are contacts in acl_contact_cache table for now. // FixMe: so even if a user in multisite has very limited permission could still // see search / contact navigation options for example. return CRM_Contact_BAO_Contact_Permission::hasContactsInCache(CRM_Core_Permission::VIEW, $contactID); } //check for acl. $aclPermission = self::getPermission(); if (in_array($aclPermission, array(CRM_Core_Permission::EDIT, CRM_Core_Permission::VIEW))) { return TRUE; } // run acl where hook and see if the user is supplying an ACL clause // that is not false $tables = $whereTables = array(); $where = NULL; CRM_Utils_Hook::aclWhereClause(CRM_Core_Permission::VIEW, $tables, $whereTables, $contactID, $where); return empty($whereTables) ? FALSE : TRUE; }