forked from vibjerg/ding_permissions
-
Notifications
You must be signed in to change notification settings - Fork 6
/
ding_permissions.module
904 lines (892 loc) · 28.2 KB
/
ding_permissions.module
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
<?php
/**
* @file
* Module file for secure permissions in code.
*/
include_once 'ding_permissions.features.inc';
/**
* Implements hook_menu_alter().
*
* Alters the user edit menu path to ensure that only the right roles can edit
* the other users. E.g the local administrator role should not be able to
* change the profile of an administrator, but do to Drupal only have one
* permission "administer users" we are not able to control this.
*/
function ding_permissions_menu_alter(&$items) {
$items['user/%user/edit']['access callback'] = 'ding_permissions_user_access_level';
$items['user/%user/roles']['access callback'] = 'ding_permission_check_roles_access';
$items['user/%user/roles']['access arguments'] = array(1);
}
/**
* Implements hook_permission().
*
* Defines the new user edit permission based on user role id's.
*
* @see ding_permissions_menu_alter()
*/
function ding_permissions_permission() {
$permissions = array();
// Get all roles.
$roles = user_roles(TRUE);
// Add edit permission for each role.
foreach ($roles as $rid => $role) {
// Create a new permission for each user role.
$permissions['administer user role ' . $rid] = array(
'title' => t('Administer user with role: %role', array('%role' => $role)),
'description' => t('Edit user with this role.'),
);
}
return $permissions;
}
/**
* Access callback that checks user has access to edit profile.
*
* Next calls to check that the user is allowed to edit roles and thereby
* having the roles tab shown.
*
* @param Object $account
* The user being edited.
*
* @see ding_permissions_menu_alter()
*
* @return bool
* If the user is allowed to edit the account TRUE is returned else FALSE.
*/
function ding_permissions_user_access_level($account) {
// We don't allow anonymous to edit users.
if ($account->uid) {
// Allow users to edit own profile.
if ($GLOBALS['user']->uid == $account->uid) {
return TRUE;
}
else {
return ding_permission_check_roles_access($account);
}
}
return FALSE;
}
/**
* Access callback that checks user role edit permissions.
*
* @param Object $account
* The user being edited.
*
* @see ding_permissions_menu_alter()
*
* @return bool
* If the user is allowed to edit the account TRUE is returned else FALSE.
*/
function ding_permission_check_roles_access($account) {
// Check that the user have "administer users" permission.
if (user_access('administer users')) {
// Get the roles of the account we are trying to edit.
$rids = array_keys($account->roles);
foreach ($rids as $rid) {
// Check if the user logged in has permission to edit the accounts
// role. If we are allowed to edit just one of the roles access is
// granted.
if (user_access('administer user role ' . $rid)) {
return TRUE;
}
}
}
return FALSE;
}
/**
* Define site roles in code.
*
* Create a secure_permissions_data module directory and place this function
* in secure_permissions_data.module.
*
* @return array
* An array defining all the roles for the site.
*/
function ding_permissions_secure_permissions_roles() {
return array(
'anonymous user',
'authenticated user',
'editor',
'guest blogger',
'local administrator',
'local editor',
'provider',
'staff',
'administrators',
);
}
/**
* Define site permissions in code.
*
* Create a secure_permissions_data module directory and place this function
* in secure_permissions_data.module.
*
* @param string $role
* The role for which the permissions are being requested.
*
* @return array
* An array defining all the permissions for the site.
*/
function ding_permissions_secure_permissions($role) {
$permissions = array(
// Permissions to disable that aren't assigned to any roles.
0 => array(
),
'anonymous user' => array(
'access comments',
'access content',
'access site-wide contact form',
'access user profiles',
'display EU Cookie Compliance popup',
'perform reservation',
'search content',
'view any ding_staff_profile profile',
'view files',
),
'authenticated user' => array(
'access comments',
'access content',
'access site-wide contact form',
'access user profiles',
'display EU Cookie Compliance popup',
'edit own comments',
'post comments',
'search content',
'skip comment approval',
'view any ding_staff_profile profile',
'view files',
'view own ding_staff_profile profile',
'view own files',
'view own private files',
),
'administrators' => array(
'access administration pages',
'access all views',
'access all webform results',
'access campaign rules',
'access comments',
'access content',
'access content overview',
'access contextual links',
'access overlay',
'access own webform results',
'access own webform submissions',
'access relations',
'access rules debug',
'access site in maintenance mode',
'access site reports',
'access site-wide contact form',
'access the block administration page',
'access toolbar',
'access user contact forms',
'access user profiles',
'access workbench',
'add media from remote sources',
'administer actions',
'administer advanced pane settings',
'administer autologout',
'administer block access settings',
'administer blocks',
'administer bpi',
'administer comments',
'administer contact forms',
'administer content types',
'administer custom content',
'administer dibs settings',
'administer dibs transactions',
'administer ding provider',
'administer EU Cookie Compliance popup',
'administer features',
'administer fieldgroups',
'administer file types',
'administer files',
'administer filters',
'administer flags',
'administer frontpage settings',
'administer group',
'administer image styles',
'administer languages',
'administer media browser',
'administer menu',
'administer menu positions',
'administer module filter',
'administer modules',
'administer nodequeue',
'administer nodes',
'administer og menu',
'administer og menu configuration',
'administer opening hours configuration',
'administer page manager',
'administer pane access',
'administer panel-nodes',
'administer panels layouts',
'administer panels styles',
'administer pathauto',
'administer permissions',
'administer place2book settings',
'administer profile types',
'administer profiles',
'administer realname',
'administer redirects',
'administer relation types',
'administer relations',
'administer rules',
'administer scheduler',
'administer search',
'administer shortcuts',
'administer site configuration',
'administer software updates',
'administer taxonomy',
'administer themes',
'administer ting settings',
'administer tipsy',
'administer url aliases',
'administer user role 1',
'administer user role 2',
'administer user role 3',
'administer user role 4',
'administer user role 5',
'administer user role 6',
'administer user role 7',
'administer user role 8',
'administer user role 9',
'administer users',
'administer uuid',
'administer varnish',
'administer views',
'administer workbench',
'administer workflow',
'assign administrators role',
'assign all roles',
'assign anonymous user role',
'assign editor role',
'assign guest blogger role',
'assign local administrator role',
'assign local editor role',
'assign provider role',
'assign staff role',
'block IP addresses',
'bpi push content',
'bpi syndicate content',
'bypass file access',
'bypass node access',
'bypass rules access',
'cancel account',
'change layouts in place editing',
'change own logout threshold',
'change own username',
'clone node',
'clone own nodes',
'create ding_campaign content',
'configure all block body fields',
'configure all block descriptions',
'configure all block titles',
'configure all blocks',
'configure all content type visibility settings',
'configure all language settings',
'configure all page visibility settings',
'configure all region settings',
'configure all role visibility settings',
'configure all user visibility settings',
'configure all visibility settings',
'configure carousel',
'create blocks',
'create ding_event content',
'create ding_group content',
'create ding_library content',
'create ding_news content',
'create ding_page content',
'create ding_rolltab content',
'create files',
'create new_materials content',
'create panel content',
'create panel-nodes',
'create relations',
'create url aliases',
'customize shortcut links',
'delete all blocks',
'delete all webform submissions',
'delete any audio files',
'delete any ding_campaign content',
'delete any ding_event content',
'delete any ding_group content',
'delete any ding_library content',
'delete any ding_news content',
'delete any ding_page content',
'delete any ding_rolltab content',
'delete any document files',
'delete any image files',
'delete any new_materials content',
'delete any panel content',
'delete any panel-nodes',
'delete any video files',
'delete bpi content',
'delete own audio files',
'delete own ding_campaign content',
'delete own ding_event content',
'delete own ding_group content',
'delete own ding_library content',
'delete own ding_news content',
'delete own ding_page content',
'delete own ding_rolltab content',
'delete own document files',
'delete own image files',
'delete own new_materials content',
'delete own panel content',
'delete own panel-nodes',
'delete own video files',
'delete own webform submissions',
'delete relations',
'delete revisions',
'delete terms in 1',
'delete terms in 2',
'delete terms in 3',
'delete terms in 4',
'delete terms in 5',
'delete terms in 6',
'delete terms in 7',
'disable all blocks',
'download any audio files',
'download any document files',
'download any image files',
'download any video files',
'download own audio files',
'download own document files',
'download own image files',
'download own video files',
'dynamic background configure default',
'dynamic background upload default',
'dynamic backgrounds css callback',
'dynamic backgrounds set default',
'dynamic backgrounds weight',
'edit all webform submissions',
'edit any audio files',
'edit any ding_campaign content',
'edit any ding_event content',
'edit any ding_group content',
'edit any ding_library content',
'edit any ding_news content',
'edit any ding_page content',
'edit any ding_rolltab content',
'edit any ding_staff_profile profile',
'edit any document files',
'edit any image files',
'edit any new_materials content',
'edit any panel content',
'edit any panel-nodes',
'edit any provider_alma profile',
'edit any video files',
'edit opening hours for content',
'edit own audio files',
'edit own comments',
'edit own ding_campaign content',
'edit own ding_event content',
'edit own ding_group content',
'edit own ding_library content',
'edit own ding_news content',
'edit own ding_page content',
'edit own ding_rolltab content',
'edit own document files',
'edit own image files',
'edit own new_materials content',
'edit own panel content',
'edit own panel-nodes',
'edit own video files',
'edit own webform submissions',
'edit relations',
'edit terms in 1',
'edit terms in 2',
'edit terms in 3',
'edit terms in 4',
'edit terms in 5',
'edit terms in 6',
'edit terms in 7',
'edit webform components',
'edit workflow comment',
'export nodes',
'export own nodes',
'enable all blocks',
'export relation types',
'export secure permissions',
'generate features',
'geocoder_service_all_handlers',
'geocoder_service_handler_exif',
'geocoder_service_handler_google',
'geocoder_service_handler_gpx',
'geocoder_service_handler_json',
'geocoder_service_handler_kml',
'geocoder_service_handler_latlon',
'geocoder_service_handler_mapquest_nominatim',
'geocoder_service_handler_wkt',
'geocoder_service_handler_yahoo',
'geocoder_service_handler_yandex',
'manage features',
'manipulate all queues',
'manipulate queues',
'move all blocks',
'notify of path changes',
'participate in workflow',
'pay using dibs',
'post comments',
'revert revisions',
'schedule (un)publishing of nodes',
'schedule workflow transitions',
'search content',
'select account cancellation method',
'show workflow state form',
'skip comment approval',
'switch shortcut sets',
'translate admin strings',
'translate content',
'translate interface',
'translate user-defined strings',
'use advanced search',
'use flag import',
'use ipe with page manager',
'use page manager',
'use panels caching features',
'use panels dashboard',
'use panels in place editing',
'use panels locks',
'use PHP to import nodes',
'use text format ding_wysiwyg',
'view all blocks',
'view any ding_staff_profile profile',
'view any provider_alma profile',
'view any unpublished content',
'view any provider_openruth profile',
'view any unpublished ding_event content',
'view any unpublished ding_group content',
'view any unpublished ding_library content',
'view any unpublished ding_news content',
'view any unpublished ding_page content',
'view any unpublished ding_rolltab content',
'view any unpublished panel content',
'view bpi statistics',
'view files',
'view own ding_staff_profile profile',
'view own files',
'view own private files',
'view own unpublished content',
'view pane admin links',
'view private files',
'view revisions',
'view the administration theme',
),
'editor' => array(
'access all webform results',
'access campaign rules',
'access content overview',
'access contextual links',
'access site-wide contact form',
'access overlay',
'access own webform results',
'access own webform submissions',
'access toolbar',
'access workbench',
'add media from remote sources',
'administer bpi',
'administer contact forms',
'administer menu',
'administer opening hours configuration',
'administer place2book settings',
'administer shortcuts',
'administer url aliases',
'administer user role 4',
'administer user role 5',
'administer user role 7',
'assign editor role',
'assign guest blogger role',
'assign local editor role',
'assign staff role',
'bpi push content',
'bpi syndicate content',
'clone node',
'clone own nodes',
'configure carousel',
'create ding_campaign content',
'create ding_event content',
'create ding_group content',
'create ding_library content',
'create ding_news content',
'create ding_page content',
'create ding_rolltab content',
'create files',
'create new_materials content',
'create url aliases',
'customize shortcut links',
'delete any audio files',
'delete any ding_campaign content',
'delete any ding_event content',
'delete any ding_group content',
'delete any ding_library content',
'delete any ding_news content',
'delete any ding_page content',
'delete any ding_rolltab content',
'delete any document files',
'delete any image files',
'delete any new_materials content',
'delete any video files',
'delete bpi content',
'delete own audio files',
'delete own ding_campaign content',
'delete own ding_event content',
'delete own ding_group content',
'delete own ding_library content',
'delete own ding_news content',
'delete own ding_page content',
'delete own ding_rolltab content',
'delete own document files',
'delete own image files',
'delete own new_materials content',
'delete own video files',
'delete revisions',
'delete terms in 1',
'delete terms in 2',
'delete terms in 3',
'delete terms in 4',
'delete terms in 5',
'delete terms in 6',
'delete terms in 7',
'download any audio files',
'download any document files',
'download any image files',
'download any video files',
'download own audio files',
'download own document files',
'download own image files',
'download own video files',
'dynamic background upload default',
'dynamic backgrounds css callback',
'dynamic backgrounds set default',
'dynamic backgrounds weight',
'edit any audio files',
'edit any ding_campaign content',
'edit any ding_event content',
'edit any ding_group content',
'edit any ding_library content',
'edit any ding_news content',
'edit any ding_page content',
'edit any ding_rolltab content',
'edit any document files',
'edit any image files',
'edit any new_materials content',
'edit any video files',
'edit opening hours for content',
'edit own audio files',
'edit own ding_campaign content',
'edit own ding_event content',
'edit own ding_group content',
'edit own ding_library content',
'edit own ding_news content',
'edit own ding_page content',
'edit own ding_rolltab content',
'edit own document files',
'edit own image files',
'edit own new_materials content',
'edit own video files',
'edit terms in 1',
'edit terms in 2',
'edit terms in 3',
'edit terms in 4',
'edit terms in 5',
'edit terms in 6',
'edit terms in 7',
'edit webform components',
'manipulate all queues',
'manipulate queues',
'notify of path changes',
'participate in workflow',
'revert revisions',
'schedule (un)publishing of nodes',
'show workflow state form',
'switch shortcut sets',
'translate admin strings',
'translate content',
'translate interface',
'translate user-defined strings',
'use text format ding_wysiwyg',
'view any unpublished content',
'view bpi statistics',
'view own unpublished content',
'view revisions',
'view the administration theme',
),
'guest blogger' => array(
'access overlay',
'access site-wide contact form',
'access toolbar',
'access workbench',
'administer user role 5',
'bpi push content',
'bpi syndicate content',
'clone node',
'clone own nodes',
'create ding_news content',
'create files',
'delete bpi content',
'download own audio files',
'download own document files',
'download own image files',
'download own video files',
'edit own audio files',
'edit own ding_news content',
'edit own document files',
'edit own image files',
'edit own video files',
'schedule (un)publishing of nodes',
'show workflow state form',
'use text format ding_wysiwyg',
'view own private files',
'view own unpublished content',
'view the administration theme',
),
'local administrator' => array(
'access administration pages',
'access all webform results',
'access campaign rules',
'access content overview',
'access site-wide contact form',
'access contextual links',
'access overlay',
'access own webform results',
'access own webform submissions',
'access site in maintenance mode',
'access toolbar',
'access workbench',
'add media from remote sources',
'administer autologout',
'administer bpi',
'administer comments',
'administer contact forms',
'administer dibs settings',
'administer dibs transactions',
'administer ding provider',
'administer EU Cookie Compliance popup',
'administer files',
'administer frontpage settings',
'administer menu',
'administer nodes',
'administer opening hours configuration',
'administer redirects',
'administer place2book settings',
'administer search',
'administer shortcuts',
'administer site configuration',
'administer taxonomy',
'administer themes',
'administer ting settings',
'administer url aliases',
'administer user role 4',
'administer user role 5',
'administer user role 6',
'administer user role 7',
'administer user role 9',
'administer users',
'assign editor role',
'assign guest blogger role',
'assign local administrator role',
'assign local editor role',
'assign staff role',
'bpi push content',
'bpi syndicate content',
'cancel account',
'change own username',
'configure carousel',
'clone node',
'clone own nodes',
'create ding_campaign content',
'create ding_event content',
'create ding_group content',
'create ding_library content',
'create ding_news content',
'create ding_page content',
'create ding_rolltab content',
'create files',
'create new_materials content',
'create url aliases',
'customize shortcut links',
'delete any audio files',
'delete any ding_campaign content',
'delete any ding_event content',
'delete any ding_group content',
'delete any ding_library content',
'delete any ding_news content',
'delete any ding_page content',
'delete any ding_rolltab content',
'delete any document files',
'delete any image files',
'delete any new_materials content',
'delete any video files',
'delete bpi content',
'delete own audio files',
'delete own ding_campaign content',
'delete own ding_event content',
'delete own ding_group content',
'delete own ding_library content',
'delete own ding_news content',
'delete own ding_page content',
'delete own ding_rolltab content',
'delete own document files',
'delete own image files',
'delete own new_materials content',
'delete own video files',
'delete revisions',
'delete terms in 1',
'delete terms in 2',
'delete terms in 3',
'delete terms in 4',
'delete terms in 5',
'delete terms in 6',
'delete terms in 7',
'download any audio files',
'download any document files',
'download any image files',
'download any video files',
'download own audio files',
'download own document files',
'download own image files',
'download own video files',
'dynamic background upload default',
'dynamic backgrounds css callback',
'dynamic backgrounds set default',
'dynamic backgrounds weight',
'edit any audio files',
'edit any ding_campaign content',
'edit any ding_event content',
'edit any ding_group content',
'edit any ding_library content',
'edit any ding_news content',
'edit any ding_page content',
'edit any ding_rolltab content',
'edit any ding_staff_profile profile',
'edit any document files',
'edit any image files',
'edit any new_materials content',
'edit any video files',
'edit opening hours for content',
'edit own audio files',
'edit own ding_campaign content',
'edit own ding_event content',
'edit own ding_group content',
'edit own ding_library content',
'edit own ding_news content',
'edit own ding_page content',
'edit own ding_rolltab content',
'edit own document files',
'edit own image files',
'edit own new_materials content',
'edit own video files',
'edit terms in 1',
'edit terms in 2',
'edit terms in 3',
'edit terms in 4',
'edit terms in 5',
'edit terms in 6',
'edit terms in 7',
'edit webform components',
'edit workflow comment',
'manipulate all queues',
'manipulate queues',
'notify of path changes',
'participate in workflow',
'revert revisions',
'schedule (un)publishing of nodes',
'show workflow state form',
'switch shortcut sets',
'translate admin strings',
'translate content',
'translate interface',
'translate user-defined strings',
'use advanced search',
'use panels in place editing',
'use text format ding_wysiwyg',
'view any provider_alma profile',
'view any provider_openruth profile',
'view any unpublished content',
'view bpi statistics',
'view own unpublished content',
'view pane admin links',
'view private files',
'view revisions',
'view the administration theme',
),
'local editor' => array(
'access campaign rules',
'access content overview',
'access contextual links',
'access site-wide contact form',
'access overlay',
'access toolbar',
'access workbench',
'add media from remote sources',
'administer contact forms',
'administer menu',
'administer shortcuts',
'administer user role 4',
'administer user role 5',
'administer user role 7',
'bpi push content',
'bpi syndicate content',
'clone node',
'clone own nodes',
'configure carousel',
'create ding_event content',
'create ding_news content',
'create ding_page content',
'create files',
'customize shortcut links',
'delete any ding_event content',
'delete bpi content',
'delete own ding_event content',
'delete own ding_news content',
'delete own ding_page content',
'delete terms in 2',
'download own audio files',
'download own document files',
'download own image files',
'download own video files',
'edit any ding_event content',
'edit any ding_library content',
'edit any ding_news content',
'edit any ding_page content',
'edit own audio files',
'edit own ding_event content',
'edit own ding_library content',
'edit own ding_news content',
'edit own ding_page content',
'edit own document files',
'edit own image files',
'edit own video files',
'edit terms in 2',
'participate in workflow',
'schedule (un)publishing of nodes',
'show workflow state form',
'translate admin strings',
'translate content',
'translate user-defined strings',
'use text format ding_wysiwyg',
'view any unpublished content',
'view bpi statistics',
'view own unpublished content',
'view revisions',
'view the administration theme',
),
'provider' => array(
'create files',
'edit own provider_alma profile',
'edit own provider_openruth profile',
'pay using dibs',
'perform bookmark',
'perform reservation',
'view own private files',
'view own provider_alma profile',
'view own provider_openruth profile',
),
'staff' => array(
'edit own ding_staff_profile profile',
),
);
if (isset($permissions[$role])) {
return $permissions[$role];
}
}