本文整理匯總了PHP中CRM_ACL_API類的典型用法代碼示例。如果您正苦於以下問題:PHP CRM_ACL_API類的具體用法?PHP CRM_ACL_API怎麽用?PHP CRM_ACL_API使用的例子?那麽, 這裏精選的類代碼示例或許可以為您提供幫助。
在下文中一共展示了CRM_ACL_API類的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: preProcess
/**
* Set variables up before form is built.
*
* @return void
*/
public function preProcess()
{
$this->_addProfileBottom = CRM_Utils_Array::value('addProfileBottom', $_GET, FALSE);
$this->_profileBottomNum = CRM_Utils_Array::value('addProfileNum', $_GET, 0);
$this->_addProfileBottomAdd = CRM_Utils_Array::value('addProfileBottomAdd', $_GET, FALSE);
$this->_profileBottomNumAdd = CRM_Utils_Array::value('addProfileNumAdd', $_GET, 0);
parent::preProcess();
$this->assign('addProfileBottom', $this->_addProfileBottom);
$this->assign('profileBottomNum', $this->_profileBottomNum);
$urlParams = "id={$this->_id}&addProfileBottom=1&qfKey={$this->controller->_key}";
$this->assign('addProfileParams', $urlParams);
if ($addProfileBottom = CRM_Utils_Array::value('custom_post_id_multiple', $_POST)) {
foreach (array_keys($addProfileBottom) as $profileNum) {
self::buildMultipleProfileBottom($this, $profileNum);
}
}
$this->assign('perm', 0);
$ufGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_UFField', 'uf_group_id');
$ufCreate = CRM_ACL_API::group(CRM_Core_Permission::CREATE, NULL, 'civicrm_uf_group', $ufGroups);
$ufEdit = CRM_ACL_API::group(CRM_Core_Permission::EDIT, NULL, 'civicrm_uf_group', $ufGroups);
$checkPermission = array(array('administer CiviCRM', 'manage event profiles'));
if (CRM_Core_Permission::check($checkPermission) || !empty($ufCreate) || !empty($ufEdit)) {
$this->assign('perm', 1);
}
$this->assign('addProfileBottomAdd', $this->_addProfileBottomAdd);
$this->assign('profileBottomNumAdd', $this->_profileBottomNumAdd);
$urlParamsAdd = "id={$this->_id}&addProfileBottomAdd=1&qfKey={$this->controller->_key}";
$this->assign('addProfileParamsAdd', $urlParamsAdd);
if ($addProfileBottomAdd = CRM_Utils_Array::value('additional_custom_post_id_multiple', $_POST)) {
foreach (array_keys($addProfileBottomAdd) as $profileNum) {
self::buildMultipleProfileBottom($this, $profileNum, 'additional_', ts('Profile for Additional Participants'));
}
}
}
示例2: cache
/**
* fill the acl contact cache for this contact id if empty
*
* @param int $id contact id
* @param string $type the type of operation (view|edit)
* @param boolean $force should we force a recompute
*
* @return void
* @access public
* @static
*/
static function cache($userID, $type = CRM_Core_Permission::VIEW, $force = false)
{
static $_processed = array();
if ($type = CRM_Core_Permission::VIEW) {
$operationClause = " operation IN ( 'Edit', 'View' ) ";
$operation = 'View';
} else {
$operationClause = " operation = 'Edit' ";
$operation = 'Edit';
}
if (!$force) {
if (CRM_Utils_Array::value($userID, $_processed)) {
return;
}
// run a query to see if the cache is filled
$sql = "\nSELECT count(id)\nFROM civicrm_acl_contact_cache\nWHERE user_id = %1\nAND {$operationClause}\n";
$params = array(1 => array($userID, 'Integer'));
$count = CRM_Core_DAO::singleValueQuery($sql, $params);
if ($count > 0) {
$_processed[$userID] = 1;
return;
}
}
$tables = array();
$whereTables = array();
require_once 'CRM/ACL/API.php';
$permission = CRM_ACL_API::whereClause($type, $tables, $whereTables, $userID);
require_once "CRM/Contact/BAO/Query.php";
$from = CRM_Contact_BAO_Query::fromClause($whereTables);
$query = "\nSELECT DISTINCT(contact_a.id) as id\n {$from}\nWHERE {$permission}\n";
$values = array();
$dao = CRM_Core_DAO::executeQuery($query);
while ($dao->fetch()) {
$values[] = "( {$userID}, {$dao->id}, '{$operation}' )";
}
// now store this in the table
while (!empty($values)) {
$processed = true;
$input = array_splice($values, 0, self::NUM_CONTACTS_TO_INSERT);
$str = implode(',', $input);
$sql = "REPLACE INTO civicrm_acl_contact_cache ( user_id, contact_id, operation ) VALUES {$str};";
CRM_Core_DAO::executeQuery($sql);
}
CRM_Core_DAO::executeQuery('DELETE FROM civicrm_acl_contact_cache WHERE contact_id IN (SELECT id FROM civicrm_contact WHERE is_deleted = 1)');
$_processed[$userID] = 1;
return;
}
示例3: event
public static function event($type = CRM_Core_Permission::VIEW, $eventID = NULL)
{
$events = CRM_Event_PseudoConstant::event(NULL, TRUE);
$includeEvents = array();
// check if user has all powerful permission
if (self::check('register for events')) {
$includeEvents = array_keys($events);
}
if ($type == CRM_Core_Permission::VIEW && self::check('view event info')) {
$includeEvents = array_keys($events);
}
$permissionedEvents = CRM_ACL_API::group($type, NULL, 'civicrm_event', $events, $includeEvents);
if (!$eventID) {
return $permissionedEvents;
}
return array_search($eventID, $permissionedEvents) === FALSE ? NULL : $eventID;
}
示例4: group
/**
* Get all groups from database, filtered by permissions
* for this user
*
* @param string $groupType
* Type of group(Access/Mailing).
* @param bool $excludeHidden
* Exclude hidden groups.
*
*
* @return array
* array reference of all groups.
*/
public function group($groupType = NULL, $excludeHidden = TRUE)
{
if (!isset($this->_viewPermissionedGroups)) {
$this->_viewPermissionedGroups = $this->_editPermissionedGroups = array();
}
$groupKey = $groupType ? $groupType : 'all';
if (!isset($this->_viewPermissionedGroups[$groupKey])) {
$this->_viewPermissionedGroups[$groupKey] = $this->_editPermissionedGroups[$groupKey] = array();
$groups = CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
if ($this->check('edit all contacts')) {
// this is the most powerful permission, so we return
// immediately rather than dilute it further
$this->_editAdminUser = $this->_viewAdminUser = TRUE;
$this->_editPermission = $this->_viewPermission = TRUE;
$this->_editPermissionedGroups[$groupKey] = $groups;
$this->_viewPermissionedGroups[$groupKey] = $groups;
return $this->_viewPermissionedGroups[$groupKey];
} elseif ($this->check('view all contacts')) {
$this->_viewAdminUser = TRUE;
$this->_viewPermission = TRUE;
$this->_viewPermissionedGroups[$groupKey] = $groups;
}
$ids = CRM_ACL_API::group(CRM_Core_Permission::VIEW, NULL, 'civicrm_saved_search', $groups);
if (!empty($ids)) {
foreach (array_values($ids) as $id) {
$title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
$this->_viewPermissionedGroups[$groupKey][$id] = $title;
$this->_viewPermission = TRUE;
}
}
$ids = CRM_ACL_API::group(CRM_Core_Permission::EDIT, NULL, 'civicrm_saved_search', $groups);
if (!empty($ids)) {
foreach (array_values($ids) as $id) {
$title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
$this->_editPermissionedGroups[$groupKey][$id] = $title;
$this->_viewPermissionedGroups[$groupKey][$id] = $title;
$this->_editPermission = TRUE;
$this->_viewPermission = TRUE;
}
}
}
return $this->_viewPermissionedGroups[$groupKey];
}
示例5: whereClause
static function whereClause(&$params, $sortBy = TRUE, $excludeHidden = TRUE)
{
$values = array();
$clauses = array();
$title = CRM_Utils_Array::value('title', $params);
if ($title) {
$clauses[] = "groups.title LIKE %1";
if (strpos($title, '%') !== FALSE) {
$params[1] = array($title, 'String', FALSE);
} else {
$params[1] = array($title, 'String', TRUE);
}
}
$groupType = CRM_Utils_Array::value('group_type', $params);
if ($groupType) {
$types = explode(',', $groupType);
if (!empty($types)) {
$clauses[] = 'groups.group_type LIKE %2';
$typeString = CRM_Core_DAO::VALUE_SEPARATOR . implode(CRM_Core_DAO::VALUE_SEPARATOR, $types) . CRM_Core_DAO::VALUE_SEPARATOR;
$params[2] = array($typeString, 'String', TRUE);
}
}
$visibility = CRM_Utils_Array::value('visibility', $params);
if ($visibility) {
$clauses[] = 'groups.visibility = %3';
$params[3] = array($visibility, 'String');
}
$groupStatus = CRM_Utils_Array::value('status', $params);
if ($groupStatus) {
switch ($groupStatus) {
case 1:
$clauses[] = 'groups.is_active = 1';
$params[4] = array($groupStatus, 'Integer');
break;
case 2:
$clauses[] = 'groups.is_active = 0';
$params[4] = array($groupStatus, 'Integer');
break;
case 3:
$clauses[] = '(groups.is_active = 0 OR groups.is_active = 1 )';
break;
}
}
$parentsOnly = CRM_Utils_Array::value('parentsOnly', $params);
if ($parentsOnly) {
$clauses[] = 'groups.parents IS NULL';
}
// only show child groups of a specific parent group
$parent_id = CRM_Utils_Array::value('parent_id', $params);
if ($parent_id) {
$clauses[] = 'groups.id IN (SELECT child_group_id FROM civicrm_group_nesting WHERE parent_group_id = %5)';
$params[5] = array($parent_id, 'Integer');
}
if ($createdBy = CRM_Utils_Array::value('created_by', $params)) {
$clauses[] = "createdBy.sort_name LIKE %6";
if (strpos($createdBy, '%') !== FALSE) {
$params[6] = array($createdBy, 'String', FALSE);
} else {
$params[6] = array($createdBy, 'String', TRUE);
}
}
/*
if ( $sortBy &&
$this->_sortByCharacter !== null ) {
$clauses[] =
"groups.title LIKE '" .
strtolower(CRM_Core_DAO::escapeWildCardString($this->_sortByCharacter)) .
"%'";
}
// dont do a the below assignement when doing a
// AtoZ pager clause
if ( $sortBy ) {
if ( count( $clauses ) > 1 ) {
$this->assign( 'isSearch', 1 );
} else {
$this->assign( 'isSearch', 0 );
}
}
*/
if (empty($clauses)) {
$clauses[] = 'groups.is_active = 1';
}
if ($excludeHidden) {
$clauses[] = 'groups.is_hidden = 0';
}
//CRM-12209
if (!CRM_Core_Permission::check('view all contacts')) {
//get the allowed groups for the current user
$groups = CRM_ACL_API::group(CRM_ACL_API::VIEW);
if (!empty($groups)) {
$groupList = implode(', ', array_values($groups));
$clauses[] = "groups.id IN ( {$groupList} ) ";
}
}
return implode(' AND ', $clauses);
}
示例6: checkPermission
/**
* make sure that the user has permission to access this event
*
* @param int $id the id of the event
* @param int $name the name or title of the event
*
* @return string the permission that the user has (or null)
* @access public
* @static
*/
static function checkPermission($eventId = null, $type = CRM_Core_Permission::VIEW)
{
static $permissions = null;
if (empty($permissions)) {
require_once 'CRM/ACL/API.php';
require_once 'CRM/Event/PseudoConstant.php';
$allEvents = CRM_Event_PseudoConstant::event(null, true);
$createdEvents = array();
$session =& CRM_Core_Session::singleton();
if ($userID = $session->get('userID')) {
$createdEvents = array_keys(CRM_Event_PseudoConstant::event(null, true, "created_id={$userID}"));
}
// Note: for a multisite setup, a user with edit all events, can edit all events
// including those from other sites
if (CRM_Core_Permission::check('edit all events')) {
$permissions[CRM_Core_Permission::EDIT] = array_keys($allEvents);
} else {
$permissions[CRM_Core_Permission::EDIT] =& CRM_ACL_API::group(CRM_Core_Permission::EDIT, null, 'civicrm_event', $allEvents, $createdEvents);
}
if (CRM_Core_Permission::check('edit all events')) {
$permissions[CRM_Core_Permission::VIEW] = array_keys($allEvents);
} else {
if (CRM_Core_Permission::check('access CiviEvent') && CRM_Core_Permission::check('view event participants')) {
// use case: allow "view all events" but NOT "edit all events"
// so for a normal site allow users with these two permissions to view all events AND
// at the same time also allow any hook to override if needed.
$createdEvents = array_keys($allEvents);
}
$permissions[CRM_Core_Permission::VIEW] =& CRM_ACL_API::group(CRM_Core_Permission::VIEW, null, 'civicrm_event', $allEvents, $createdEvents);
}
$permissions[CRM_Core_Permission::DELETE] = array();
if (CRM_Core_Permission::check('delete in CiviEvent')) {
// Note: we want to restrict the scope of delete permission to
// events that are editable/viewable (usecase multisite).
// We can remove array_intersect once we have ACL support for delete functionality.
$permissions[CRM_Core_Permission::DELETE] = array_intersect($permissions[CRM_Core_Permission::EDIT], $permissions[CRM_Core_Permission::VIEW]);
}
}
if ($eventId) {
return in_array($eventId, $permissions[$type]) ? true : false;
}
return $permissions;
}
示例7: __construct
/**
* Class constructor.
*/
public function __construct()
{
parent::__construct();
$this->addClass('crm-report-form');
if ($this->_tagFilter) {
$this->buildTagFilter();
}
if ($this->_exposeContactID) {
if (array_key_exists('civicrm_contact', $this->_columns)) {
$this->_columns['civicrm_contact']['fields']['exposed_id'] = array('name' => 'id', 'title' => 'Contact ID', 'no_repeat' => TRUE);
}
}
if ($this->_groupFilter) {
$this->buildGroupFilter();
}
// Get all custom groups
$allGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_CustomField', 'custom_group_id');
// Get the custom groupIds for which the user has VIEW permission
// If the user has 'access all custom data' permission, we'll leave $permCustomGroupIds empty
// and addCustomDataToColumns() will allow access to all custom groups.
$permCustomGroupIds = array();
if (!CRM_Core_Permission::check('access all custom data')) {
$permCustomGroupIds = CRM_ACL_API::group(CRM_Core_Permission::VIEW, NULL, 'civicrm_custom_group', $allGroups, NULL);
// do not allow custom data for reports if user doesn't have
// permission to access custom data.
if (!empty($this->_customGroupExtends) && empty($permCustomGroupIds)) {
$this->_customGroupExtends = array();
}
}
// merge custom data columns to _columns list, if any
$this->addCustomDataToColumns(TRUE, $permCustomGroupIds);
// add / modify display columns, filters ..etc
CRM_Utils_Hook::alterReportVar('columns', $this->_columns, $this);
//assign currencyColumn variable to tpl
$this->assign('currencyColumn', $this->_currencyColumn);
}
示例8: generatePermissionClause
/**
* Populate $this->_permissionWhereClause with permission related clause and update other
* query related properties.
*
* Function calls ACL permission class and hooks to filter the query appropriately
*
* Note that these 2 params were in the code when extracted from another function
* and a second round extraction would be to make them properties of the class
*
* @param bool $onlyDeleted
* Only get deleted contacts.
* @param bool $count
* Return Count only.
*/
public function generatePermissionClause($onlyDeleted = FALSE, $count = FALSE)
{
if (!$this->_skipPermission) {
$this->_permissionWhereClause = CRM_ACL_API::whereClause(CRM_Core_Permission::VIEW, $this->_tables, $this->_whereTables, NULL, $onlyDeleted, $this->_skipDeleteClause);
// regenerate fromClause since permission might have added tables
if ($this->_permissionWhereClause) {
//fix for row count in qill (in contribute/membership find)
if (!$count) {
$this->_useDistinct = TRUE;
}
//CRM-15231
$this->_fromClause = self::fromClause($this->_tables, NULL, NULL, $this->_primaryLocation, $this->_mode);
$this->_simpleFromClause = self::fromClause($this->_whereTables, NULL, NULL, $this->_primaryLocation, $this->_mode);
// note : this modifies _fromClause and _simpleFromClause
$this->includePseudoFieldsJoin($this->_sort);
}
} else {
// add delete clause if needed even if we are skipping permission
// CRM-7639
if (!$this->_skipDeleteClause) {
if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) {
$this->_permissionWhereClause = '(contact_a.is_deleted)';
} else {
// CRM-6181
$this->_permissionWhereClause = '(contact_a.is_deleted = 0)';
}
}
}
}
示例9: preProcess
/**
* Set variables up before form is built.
*
* @return void
*/
public function preProcess()
{
$config = CRM_Core_Config::singleton();
if (in_array('CiviEvent', $config->enableComponents)) {
$this->assign('CiviEvent', TRUE);
}
CRM_Core_Form_RecurringEntity::preProcess('civicrm_event');
$this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'add', 'REQUEST');
$this->assign('action', $this->_action);
$this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this, FALSE, NULL, 'GET');
if ($this->_id) {
$this->_isRepeatingEvent = CRM_Core_BAO_RecurringEntity::getParentFor($this->_id, 'civicrm_event');
$this->assign('eventId', $this->_id);
if (!empty($this->_addBlockName) && empty($this->_addProfileBottom) && empty($this->_addProfileBottomAdd)) {
$this->add('hidden', 'id', $this->_id);
}
$this->_single = TRUE;
$params = array('id' => $this->_id);
CRM_Event_BAO_Event::retrieve($params, $eventInfo);
// its an update mode, do a permission check
if (!CRM_Event_BAO_Event::checkPermission($this->_id, CRM_Core_Permission::EDIT)) {
CRM_Core_Error::fatal(ts('You do not have permission to access this page.'));
}
$participantListingID = CRM_Utils_Array::value('participant_listing_id', $eventInfo);
//CRM_Core_DAO::getFieldValue( 'CRM_Event_DAO_Event', $this->_id, 'participant_listing_id' );
if ($participantListingID) {
$participantListingURL = CRM_Utils_System::url('civicrm/event/participant', "reset=1&id={$this->_id}", TRUE, NULL, TRUE, TRUE);
$this->assign('participantListingURL', $participantListingURL);
}
$this->assign('isOnlineRegistration', CRM_Utils_Array::value('is_online_registration', $eventInfo));
$this->assign('id', $this->_id);
}
// figure out whether we’re handling an event or an event template
if ($this->_id) {
$this->_isTemplate = CRM_Utils_Array::value('is_template', $eventInfo);
} elseif ($this->_action & CRM_Core_Action::ADD) {
$this->_isTemplate = CRM_Utils_Request::retrieve('is_template', 'Boolean', $this);
}
$this->assign('isTemplate', $this->_isTemplate);
if ($this->_id) {
if ($this->_isTemplate) {
$title = CRM_Utils_Array::value('template_title', $eventInfo);
CRM_Utils_System::setTitle(ts('Edit Event Template') . " - {$title}");
} else {
$configureText = ts('Configure Event');
$title = CRM_Utils_Array::value('title', $eventInfo);
//If it is a repeating event change title
if ($this->_isRepeatingEvent) {
$configureText = 'Configure Repeating Event';
}
CRM_Utils_System::setTitle($configureText . " - {$title}");
}
$this->assign('title', $title);
} elseif ($this->_action & CRM_Core_Action::ADD) {
if ($this->_isTemplate) {
$title = ts('New Event Template');
CRM_Utils_System::setTitle($title);
} else {
$title = ts('New Event');
CRM_Utils_System::setTitle($title);
}
$this->assign('title', $title);
}
if (CRM_Core_Permission::check('view event participants') && CRM_Core_Permission::check('view all contacts')) {
$statusTypes = CRM_Event_PseudoConstant::participantStatus(NULL, 'is_counted = 1', 'label');
$statusTypesPending = CRM_Event_PseudoConstant::participantStatus(NULL, 'is_counted = 0', 'label');
$findParticipants['statusCounted'] = implode(', ', array_values($statusTypes));
$findParticipants['statusNotCounted'] = implode(', ', array_values($statusTypesPending));
$this->assign('findParticipants', $findParticipants);
}
$this->_templateId = (int) CRM_Utils_Request::retrieve('template_id', 'Integer', $this);
//Is a repeating event
if ($this->_isRepeatingEvent) {
$isRepeatingEntity = TRUE;
$this->assign('isRepeatingEntity', $isRepeatingEntity);
}
// CRM-16776 - show edit/copy/create buttons for Profiles if user has required permission.
$ufGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_UFField', 'uf_group_id');
$ufCreate = CRM_ACL_API::group(CRM_Core_Permission::CREATE, NULL, 'civicrm_uf_group', $ufGroups);
$ufEdit = CRM_ACL_API::group(CRM_Core_Permission::EDIT, NULL, 'civicrm_uf_group', $ufGroups);
$checkPermission = array(array('administer CiviCRM', 'manage event profiles'));
if (CRM_Core_Permission::check($checkPermission) || !empty($ufCreate) || !empty($ufEdit)) {
$this->assign('perm', TRUE);
}
// also set up tabs
CRM_Event_Form_ManageEvent_TabHeader::build($this);
// Set Done button URL and breadcrumb. Templates go back to Manage Templates,
// otherwise go to Manage Event for new event or ManageEventEdit if event if exists.
$breadCrumb = array();
if (!$this->_isTemplate) {
if ($this->_id) {
$this->_doneUrl = CRM_Utils_System::url(CRM_Utils_System::currentPath(), "action=update&reset=1&id={$this->_id}");
} else {
$this->_doneUrl = CRM_Utils_System::url('civicrm/event/manage', 'reset=1');
$breadCrumb = array(array('title' => ts('Manage Events'), 'url' => $this->_doneUrl));
//.........這裏部分代碼省略.........
示例10: searchQuery
/**
* create and query the db for an contact search
*
* @param int $offset the offset for the query
* @param int $rowCount the number of rows to return
* @param string $sort the order by string
* @param boolean $count is this a count only query ?
* @param boolean $includeContactIds should we include contact ids?
* @param boolean $sortByChar if true returns the distinct array of first characters for search results
* @param boolean $groupContacts if true, use a single mysql group_concat statement to get the contact ids
* @param boolean $returnQuery should we return the query as a string
* @param string $additionalWhereClause if the caller wants to further restrict the search (used for components)
*
* @return CRM_Contact_DAO_Contact
* @access public
*/
function searchQuery($offset = 0, $rowCount = 0, $sort = null, $count = false, $includeContactIds = false, $sortByChar = false, $groupContacts = false, $returnQuery = false, $additionalWhereClause = null, $sortOrder = null)
{
require_once 'CRM/Core/Permission.php';
if ($includeContactIds) {
$this->_includeContactIds = true;
$this->_whereClause = $this->whereClause();
}
// hack for now, add permission only if we are in search
// FIXME: we should actually filter out deleted contacts (unless requested to do the opposite)
$permission = ' ( 1 ) ';
$onlyDeleted = false;
$onlyDeleted = in_array(array('deleted_contacts', '=', '1', '0', '0'), $this->_params);
// if we’re explicitely looking for a certain contact’s contribs, events, etc.
// and that contact happens to be deleted, set $onlyDeleted to true
foreach ($this->_params as $values) {
list($name, $op, $value, $_, $_) = $values;
if ($name == 'contact_id' and $op == '=') {
if (CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $value, 'is_deleted')) {
$onlyDeleted = true;
}
break;
}
}
if (!$this->_skipPermission) {
require_once 'CRM/ACL/API.php';
$permission = CRM_ACL_API::whereClause(CRM_Core_Permission::VIEW, $this->_tables, $this->_whereTables, null, $onlyDeleted, $this->_skipDeleteClause);
// CRM_Core_Error::debug( 'p', $permission );
// CRM_Core_Error::debug( 't', $this->_tables );
// CRM_Core_Error::debug( 'w', $this->_whereTables );
// regenerate fromClause since permission might have added tables
if ($permission) {
//fix for row count in qill (in contribute/membership find)
if (!$count) {
$this->_useDistinct = true;
}
$this->_fromClause = self::fromClause($this->_tables, null, null, $this->_primaryLocation, $this->_mode);
$this->_simpleFromClause = self::fromClause($this->_whereTables, null, null, $this->_primaryLocation, $this->_mode);
}
}
list($select, $from, $where) = $this->query($count, $sortByChar, $groupContacts);
if (empty($where)) {
$where = "WHERE {$permission}";
} else {
$where = "{$where} AND {$permission}";
}
// CRM_Core_Error::debug( 't', $this );
// CRM_Core_Error::debug( 'w', $where );
// CRM_Core_Error::debug( 'a', $additionalWhereClause );
if ($additionalWhereClause) {
$where = $where . ' AND ' . $additionalWhereClause;
}
$order = $orderBy = $limit = '';
if (!$count) {
$config = CRM_Core_Config::singleton();
if ($config->includeOrderByClause) {
if ($sort) {
if (is_string($sort)) {
$orderBy = $sort;
} else {
$orderBy = trim($sort->orderBy());
}
if (!empty($orderBy)) {
// this is special case while searching for
// changelog CRM-1718
if (preg_match('/sort_name/i', $orderBy)) {
$orderBy = str_replace('sort_name', 'contact_a.sort_name', $orderBy);
}
$order = " ORDER BY {$orderBy}";
if ($sortOrder) {
$order .= " {$sortOrder}";
}
}
} else {
if ($sortByChar) {
$orderBy = " ORDER BY LEFT(contact_a.sort_name, 1) asc";
} else {
$orderBy = " ORDER BY contact_a.sort_name asc";
}
}
}
if ($rowCount > 0 && $offset >= 0) {
$limit = " LIMIT {$offset}, {$rowCount} ";
// ok here is a first hack at an optimization, lets get all the contact ids
// that are restricted and we'll then do the final clause with it
//.........這裏部分代碼省略.........
示例11: check
/**
* given a permission string, check for access requirements
*
* @param string $str the permission to check
*
* @return boolean true if yes, else false
* @static
* @access public
*/
static function check($str)
{
static $isAdmin = null;
if ($isAdmin === null) {
$session =& CRM_Core_Session::singleton();
if ($session->get('new_install') == 1 && $session->get('goahead') == 'yes') {
return true;
}
}
require_once 'CRM/ACL/API.php';
return $isAdmin ? true : CRM_ACL_API::check($str, null);
}
示例12: event
public static function event($type = CRM_Core_Permission::VIEW, $eventID = null)
{
require_once 'CRM/Event/PseudoConstant.php';
$events = CRM_Event_PseudoConstant::event(null, true);
$includeEvents = array();
// check if user has all powerful permission
if (self::check('register for events')) {
$includeEvents = array_keys($events);
}
if ($type == CRM_Core_Permission::VIEW && self::check('view event info')) {
$includeEvents = array_keys($events);
}
require_once 'CRM/ACL/API.php';
$permissionedEvents = CRM_ACL_API::group($type, null, 'civicrm_event', $events, $includeEvents);
if (!$eventID) {
return $permissionedEvents;
}
return array_search($eventID, $permissionedEvents) === false ? null : $eventID;
}
示例13: searchQuery
/**
* create and query the db for an contact search
*
* @param int $offset the offset for the query
* @param int $rowCount the number of rows to return
* @param string $sort the order by string
* @param boolean $count is this a count only query ?
* @param boolean $includeContactIds should we include contact ids?
* @param boolean $sortByChar if true returns the distinct array of first characters for search results
* @param boolean $groupContacts if true, use a single mysql group_concat statement to get the contact ids
* @param boolean $returnQuery should we return the query as a string
* @param string $additionalWhereClause if the caller wants to further restrict the search (used for components)
*
* @return CRM_Contact_DAO_Contact
* @access public
*/
function searchQuery($offset = 0, $rowCount = 0, $sort = null, $count = false, $includeContactIds = false, $sortByChar = false, $groupContacts = false, $returnQuery = false, $additionalWhereClause = null)
{
require_once 'CRM/Core/Permission.php';
if ($includeContactIds) {
$this->_includeContactIds = true;
$this->_whereClause = $this->whereClause();
}
// hack for now, add permission only if we are in search
$permission = ' ( 1 ) ';
if (!$this->_skipPermission) {
require_once 'CRM/ACL/API.php';
$permission = CRM_ACL_API::whereClause(CRM_Core_Permission::VIEW, $this->_tables, $this->_whereTables);
// CRM_Core_Error::debug( 'p', $permission );
// CRM_Core_Error::debug( 't', $this->_tables );
// CRM_Core_Error::debug( 'w', $this->_whereTables );
// regenerate fromClause since permission might have added tables
if ($permission) {
//fix for row count in qill (in contribute/membership find)
if (!$count) {
$this->_useDistinct = true;
}
$this->_fromClause = self::fromClause($this->_tables, null, null, $this->_primaryLocation, $this->_mode);
$this->_simpleFromClause = self::fromClause($this->_whereTables, null, null, $this->_primaryLocation, $this->_mode);
}
}
list($select, $from, $where) = $this->query($count, $sortByChar, $groupContacts);
if (empty($where)) {
$where = "WHERE {$permission}";
} else {
$where = "{$where} AND {$permission}";
}
if ($additionalWhereClause) {
$where = $where . ' AND ' . $additionalWhereClause;
}
$order = $orderBy = $limit = '';
if (!$count) {
$config =& CRM_Core_Config::singleton();
if ($config->includeOrderByClause) {
if ($sort) {
if (is_string($sort)) {
$orderBy = $sort;
} else {
$orderBy = trim($sort->orderBy());
}
if (!empty($orderBy)) {
// this is special case while searching for
// changelog CRM-1718
if (preg_match('/sort_name/i', $orderBy)) {
$orderBy = str_replace('sort_name', 'contact_a.sort_name', $orderBy);
}
$order = " ORDER BY {$orderBy}";
}
} else {
if ($sortByChar) {
$orderBy = " ORDER BY LEFT(contact_a.sort_name, 1) asc";
} else {
$orderBy = " ORDER BY contact_a.sort_name asc";
}
}
}
if ($rowCount > 0 && $offset >= 0) {
$limit = " LIMIT {$offset}, {$rowCount} ";
// ok here is a first hack at an optimization, lets get all the contact ids
// that are restricted and we'll then do the final clause with it
$limitSelect = $this->_useDistinct ? 'SELECT DISTINCT(contact_a.id) as id' : 'SELECT contact_a.id as id';
$doOpt = true;
// hack for order clause
if ($orderBy) {
list($field, $dir) = split(' ', $orderBy);
if ($field) {
switch ($field) {
case 'sort_name':
break;
case 'city':
case 'postal_code':
$this->_whereTables["civicrm_address"] = 1;
$limitSelect .= ", civicrm_address.{$field} as {$field}";
break;
case 'country':
case 'state_province':
$this->_whereTables["civicrm_{$field}"] = 1;
$limitSelect .= ", civicrm_{$field}.name as {$field}";
break;
case 'email':
//.........這裏部分代碼省略.........
示例14: getPermissionClause
/**
* Get permission relevant clauses.
* CRM-12209
*
* @param bool $force
*
* @return array
*/
public static function getPermissionClause($force = FALSE)
{
static $clause = 1;
static $retrieved = FALSE;
if ((!$retrieved || $force) && !CRM_Core_Permission::check('view all contacts') && !CRM_Core_Permission::check('edit all contacts')) {
//get the allowed groups for the current user
$groups = CRM_ACL_API::group(CRM_ACL_API::VIEW);
if (!empty($groups)) {
$groupList = implode(', ', array_values($groups));
$clause = "groups.id IN ( {$groupList} ) ";
} else {
$clause = '1 = 0';
}
}
$retrieved = TRUE;
return $clause;
}
示例15: checkPermission
/**
* make sure that the user has permission to access this group
*
* @param int $id the id of the object
* @param int $name the name or title of the object
*
* @return string the permission that the user has (or null)
* @access public
* @static
*/
static function checkPermission($id, $title)
{
$allGroups = CRM_Core_PseudoConstant::allGroup();
$permissions = NULL;
if (CRM_Core_Permission::check('edit all contacts') || CRM_ACL_API::groupPermission(CRM_ACL_API::EDIT, $id, NULL, 'civicrm_saved_search', $allGroups)) {
$permissions[] = CRM_Core_Permission::EDIT;
}
if (CRM_Core_Permission::check('view all contacts') || CRM_ACL_API::groupPermission(CRM_ACL_API::VIEW, $id, NULL, 'civicrm_saved_search', $allGroups)) {
$permissions[] = CRM_Core_Permission::VIEW;
}
if (!empty($permissions) && CRM_Core_Permission::check('delete contacts')) {
// Note: using !empty() in if condition, restricts the scope of delete
// permission to groups/contacts that are editable/viewable.
// We can remove this !empty condition once we have ACL support for delete functionality.
$permissions[] = CRM_Core_Permission::DELETE;
}
return $permissions;
}