oa_access.module in Open Atrium Core 7.2
Code for the Open Atrium Access module.
File
modules/oa_access/oa_access.moduleView source
<?php
/**
* @file
* Code for the Open Atrium Access module.
*/
/**
* Path to the Group admin page.
*/
define('OA_ACCESS_GROUP_ADMIN_PATH', 'groups/oa_access');
/**
* Path to the Team admin pages.
*/
define('OA_ACCESS_TEAM_ADMIN_PATH', 'group/%/%/admin/oa_access');
/**
* Permission type -- Allows permission to be assigned to a Team.
*/
define('OA_ACCESS_TEAM_PERMISSION', 1);
/**
* Permission type -- Allows permission to be assigned to a Group.
*/
define('OA_ACCESS_GROUP_PERMISSION', 2);
/**
* Permission type -- Allows permission have an 'All' option.
*/
define('OA_ACCESS_ALLOW_OPTION_ALL', 4);
/**
* Permission type -- This permission will be set to 'All' by default for Groups.
*
* This implies OA_ACCESS_ALLOW_OPTION_ALL as well.
*/
define('OA_ACCESS_GROUP_DEFAULT_OPTION_ALL', 8 | OA_ACCESS_ALLOW_OPTION_ALL);
/**
* Permission type -- This permission will be set to 'All' by default for Teams.
*
* This implies OA_ACCESS_ALLOW_OPTION_ALL as well.
*/
define('OA_ACCESS_TEAM_DEFAULT_OPTION_ALL', 16 | OA_ACCESS_ALLOW_OPTION_ALL);
/**
* Permission type -- This permission will be set to 'All' by default for all.
*
* This combines OA_ACCESS_GROUP_DEFAULT_OPTION_ALL and
* OA_ACCESS_TEAM_DEFAULT_OPTION_ALL.
*/
define('OA_ACCESS_DEFAULT_OPTION_ALL', OA_ACCESS_GROUP_DEFAULT_OPTION_ALL | OA_ACCESS_TEAM_DEFAULT_OPTION_ALL);
/**
* Permission type -- The default permission type.
*
* Allows permission to be assigned to a Team or Group and doesn't allow an
* 'All' option. This is most useful for permissions where we are only removing
* permission, not adding it, for example, oa_workbench_access.
*
* @see oa_workbench_access
*/
define('OA_ACCESS_DEFAULT_PERMISSION', OA_ACCESS_TEAM_PERMISSION | OA_ACCESS_GROUP_PERMISSION);
/**
* Permission combine type -- Union of Group and Team permissions.
*
* If either the Group or Team grants permission, then the user has this
* permission.
*/
define('OA_ACCESS_COMBINE_UNION', 1);
/**
* Permission combine type -- Intersection of Group and Team permissions.
*
* Both the Group and Team must grant permission in order for this user to
* be granted permission.
*/
define('OA_ACCESS_COMBINE_INTERSECTION', 2);
/**
* Permission combine type -- Team permissions override.
*
* If both Group and Team permissions are set, then the Team permissions
* override the Group permissions.
*/
define('OA_ACCESS_COMBINE_TEAM_OVERRIDE', 3);
/**
* Permission combine type -- Team permissions override.
*
* If both Group and Team permissions are set, then the Group permissions
* override the Team permissions.
*/
define('OA_ACCESS_COMBINE_GROUP_OVERRIDE', 4);
/**
* Implements hook_menu().
*/
function oa_access_menu() {
$items = array();
$items[OA_ACCESS_GROUP_ADMIN_PATH] = array(
'title' => 'Group permissions',
'description' => 'Configure which Groups have which permissions.',
'access arguments' => array(
'administer oa_access permissions',
),
'page callback' => 'drupal_get_form',
'page arguments' => array(
'oa_access_group_permissions_form',
),
'file' => 'oa_access.admin.inc',
'type' => MENU_LOCAL_TASK,
);
if (module_exists('oa_teams')) {
$items[OA_ACCESS_TEAM_ADMIN_PATH] = array(
'title' => 'Team permissions',
'description' => 'Configure which Teams have which permissions.',
'access callback' => 'og_ui_user_access_group',
'access arguments' => array(
'administer oa_access permissions',
1,
2,
),
'page callback' => 'drupal_get_form',
'page arguments' => array(
'oa_access_team_permissions_form',
1,
2,
),
'file' => 'oa_access.admin.inc',
'type' => MENU_NORMAL_ITEM,
);
}
return $items;
}
/**
* Implements hook_menu_alter().
*/
function oa_access_menu_alter(&$items) {
if (!isset($items['groups/list'])) {
$items['groups/list'] = array(
'title' => 'List',
'type' => MENU_DEFAULT_LOCAL_TASK,
);
}
}
/**
* Implements hook_og_ui_get_group_admin().
*/
function oa_access_og_ui_get_group_admin($group_type, $gid) {
$items = array();
if (module_exists('oa_teams') && og_user_access($group_type, $gid, 'administer oa_access permissions')) {
$items['oa_access'] = array(
'title' => t('Team permissions'),
'description' => t('Configure which Teams have which permissions.'),
'href' => 'admin/oa_access',
);
}
return $items;
}
/**
* Implements hook_strongarm_alter().
*/
function oa_access_strongarm_alter(&$items) {
if (isset($items['contextual_tabs_extract'])) {
$items['contextual_tabs_extract']->value .= "\n" . implode("\n", array(
"groups:Group permissions,icon-user",
"List,icon-th-list",
));
}
}
/**
* Implements hook_permission().
*/
function oa_access_permission() {
return array(
'administer oa_access permissions' => array(
'title' => t('Administer Open Atrium Access permissions'),
'description' => t('Allows users to configure which Groups have which permissions.'),
),
);
}
/**
* Implements hook_og_permission().
*/
function oa_access_og_permission() {
return array(
'administer oa_access permissions' => array(
'title' => t('Administer Open Atrium Access permissions'),
'description' => t('Allows users to configure which Teams have which permissions.'),
'default role' => array(
OG_ADMINISTRATOR_ROLE,
),
),
);
}
/**
* Implements hook_theme().
*/
function oa_access_theme() {
return array(
'oa_access_permissions_form' => array(
'render element' => 'permissions',
'file' => 'oa_access.theme.inc',
),
);
}
/**
* Implements hook_node_insert().
*/
function oa_access_node_insert($node) {
if ($node->type == 'oa_space') {
// Find all permissions which are type OA_ACCESS_DEFAULT_OPTION_ALL and
// OA_ACCESS_TEAM_PERMISSION and add the default 'All' option for those
// new spaces.
foreach (oa_access_get_permissions() as $name => $perm) {
if ($perm['type'] & OA_ACCESS_TEAM_PERMISSION && ($perm['type'] & OA_ACCESS_TEAM_DEFAULT_OPTION_ALL) == OA_ACCESS_TEAM_DEFAULT_OPTION_ALL) {
oa_access_initialize_permissions(array(
$name => $perm,
), array(
$node->nid,
));
}
}
}
}
/**
* Implements hook_node_delete().
*/
function oa_access_node_delete($node) {
db_delete('oa_access')
->condition('nid', $node->nid)
->execute();
}
/**
* Implements hook_modules_installed().
*
* Check each new module enabled to see if it defines some oa_access_permisions
* and if they are type OA_ACCESS_GROUP_DEFAULT_OPTION_ALL or
* OA_ACCESS_TEAM_DEFAULT_OPTION_ALL, then we set the 'All' permission for all
* existing Groups and Teams.
*/
function oa_access_modules_installed($modules) {
$permission_modules = array();
foreach ($modules as $module) {
$func = $module . '_oa_access_permission';
if (function_exists($module . '_oa_access_permission')) {
$permission_modules[] = $module;
}
}
if (!empty($permission_modules)) {
// Gather all the permissions we intend to initialize.
$permissions = array();
foreach (oa_access_get_permissions(TRUE) as $name => $perm) {
if (in_array($perm['module'], $permission_modules)) {
$permissions[$name] = $perm;
}
}
// Initialize them all at once (to avoid pulling groups multiple times).
oa_access_initialize_permissions($permissions);
}
}
/**
* Implements hook_modules_uninstalled().
*/
function oa_access_modules_uninstalled($modules) {
db_delete('oa_access')
->condition('module', $modules, 'IN')
->execute();
}
/**
* Get all permissions defined by implementing modules.
*
* @param boolean $reset
* (Optional) If set to TRUE, it will reset the static cache.
*
* @return array
* Associative array keyed with the permission name containing associative
* arrays with the following keys:
* - title: Human readable name of the permission.
* - description: Human readable description of the permission.
* - module: The machine name of the module which defines it.
* - type: Flags specifying if can be used for Groups or Teams or both.
*/
function oa_access_get_permissions($reset = FALSE) {
if ($reset) {
drupal_static_reset(__FUNCTION__);
}
$perms =& drupal_static(__FUNCTION__, NULL);
if (is_null($perms)) {
$perms = array();
foreach (module_implements('oa_access_permission') as $module) {
if ($result = module_invoke($module, 'oa_access_permission')) {
foreach ($result as $key => $perm) {
$perms[$key] = array_merge($perm, array(
'module' => $module,
));
// Set the default 'type' if not set.
if (empty($perms[$key]['type'])) {
$perms[$key]['type'] = OA_ACCESS_DEFAULT_PERMISSION;
}
elseif (!($perms[$key]['type'] & OA_ACCESS_GROUP_PERMISSION) && !($perms[$key]['type'] & OA_ACCESS_TEAM_PERMISSION)) {
$perms[$key]['type'] |= OA_ACCESS_DEFAULT_PERMISSION;
}
// Set the default 'combine' if not set.
if (empty($perms[$key]['combine'])) {
$perms[$key]['combine'] = OA_ACCESS_COMBINE_UNION;
}
}
}
}
drupal_alter('oa_access_permission', $perms);
}
return $perms;
}
/**
* Get a list of this user's Groups.
*
* @param object $account
* (Optional) The user to get groups for. If NULL, it will find groups for
* the currently logged in user.
*
* @return array
* An array of Group nids.
*/
function oa_access_user_groups($account = NULL) {
global $user;
if (is_null($account)) {
$account = $user;
}
$cache =& drupal_static(__FUNCTION__, array());
if (!isset($cache[$account->uid])) {
// First, get all the users oa_groups.
$query = db_select('og_membership', 'og');
$query
->innerJoin('node', 'n', 'og.gid = n.nid');
$query
->fields('n', array(
'nid',
'type',
))
->condition('og.group_type', 'node')
->condition('og.entity_type', 'user')
->condition('og.state', OG_STATE_ACTIVE)
->condition('n.type', 'oa_group')
->condition('og.etid', $account->uid);
$groups = array();
foreach ($query
->execute() as $row) {
$groups[$row->nid] = $row->nid;
}
// All users are members of the magic 'All' group with an NID of 0.
$groups[0] = 0;
$cache[$account->uid] = $groups;
}
return $cache[$account->uid];
}
/**
* Get a list of this user's Teams.
*
* @param object|NULL $user
* (Optional) The user to get groups for. If NULL, it will find groups for
* the currently logged in user.
* @param integer $space_nid
* (Optional) The nid of a Space. If given, this will include the Teams
* from the given Space. If not given, then Teams won't be included.
*
* @return array
* An array of Team nids.
*/
function oa_access_user_teams($space_nid, $account = NULL) {
global $user;
if (!module_exists('oa_teams')) {
return array();
}
if (is_null($account)) {
$account = $user;
}
$cache =& drupal_static(__FUNCTION__, array());
if (!isset($cache[$space_nid][$account->uid])) {
$teams = array();
$valid_teams = oa_teams_get_teams_for_space($space_nid);
if (count($valid_teams) > 0) {
// Then, we get all the user's oa_teams, optionally filtering by valid
// teams for this particular Space.
$query = db_select('field_data_' . OA_TEAM_USERS_FIELD, 'f')
->fields('f', array(
'entity_id',
))
->condition('entity_type', 'node')
->condition('entity_id', array_keys($valid_teams), 'IN')
->condition('deleted', 0)
->condition(OA_TEAM_USERS_FIELD . '_target_id', $account->uid);
foreach ($query
->execute() as $row) {
$teams[$row->entity_id] = $row->entity_id;
}
}
// All Space members are members of the magic 'All' team with an NID
// that is equal to the Space's NID.
if (og_is_member('node', $space_nid, 'user', $account)) {
$teams[$space_nid] = $space_nid;
}
$cache[$space_nid][$account->uid] = $teams;
}
return $cache[$space_nid][$account->uid];
}
/**
* Gets all the permissions that a list of groups have.
*
* @param array $groups
* An array of nids of Groups or Teams.
*
* @return array
* An associative array keyed by group nid containing associative arrays
* keyed by the module and containing an array of permission names, for
* example:
* @code
* array('27' => array('mymodule' => array('a permission')))
* @endcode
* Which signifies that the group with nid 27 has 'a permission' from
* a module called 'mymodule'.
*
* @see oa_access_set_group_permissions()
* @see oa_access_user_groups()
* @see oa_access_user_teams()
*/
function oa_access_get_group_permissions($groups) {
$cache =& drupal_static(__FUNCTION__, array());
// First, go through the static cache and any groups we don't have data
// for to the $missing array.
$missing = array();
foreach ($groups as $gid) {
if (!isset($cache[$gid])) {
$missing[] = $gid;
}
}
// Next, query any of the missing groups from the database and add them to
// the static cache.
if (!empty($missing)) {
$query = db_select('oa_access', 'a')
->fields('a', array(
'nid',
'permission',
'module',
))
->condition('a.nid', $missing, 'IN');
foreach ($query
->execute() as $row) {
$cache[$row->nid][$row->module][] = $row->permission;
}
}
// Finally, add all the necessary permissions from the static cache and
// return it!
$return = array();
foreach ($groups as $gid) {
$return[$gid] = isset($cache[$gid]) ? $cache[$gid] : array();
}
return $return;
}
/**
* Changes the permissions for a set of groups.
*
* @param array $group_permissions
* An associatiive array keyed by Group or Team nid containing associative
* arrays keyed by module containing a list of permissions, for example:
* @code
* array('27' => array('mymodule' => array('a permission')))
* @endcode
* Which signifies that the group with nid 27 has 'a permission' from
* a module called 'mymodule'.
*
* @see oa_access_get_group_permissions()
*/
function oa_access_set_group_permissions($group_permissions) {
$cache =& drupal_static('oa_access_get_group_permissions', array());
// Delete current permissions for the given groups.
db_delete('oa_access')
->condition('nid', array_keys($group_permissions), 'IN')
->execute();
// Then build them back up!
foreach ($group_permissions as $nid => $modules) {
foreach ($modules as $module => $permissions) {
foreach ($permissions as $name) {
db_insert('oa_access')
->fields(array(
'nid' => $nid,
'permission' => $name,
'module' => $module,
))
->execute();
}
// Replace these entries in the cache, so that we don't have to pull them
// from the database at all!
$cache[$nid] = $modules;
}
}
}
/**
* Gets a combined list of the permissions that a list of groups can perform.
*
* This doesn't obey the permissions 'combine' property - it's just a straight
* forward union of all the permissions from each Group or Team.
*
* @param array
* An array of Group or Team nids.
*
* @return array
* @code
* array('one permission' => TRUE, 'an other permission' => TRUE)
* @endcode
* Which signifies that the combined permissions of the given groups
* include 'one permission' and 'an other permission'.
*
* @see oa_access_get_group_permissions()
* @see oa_access_user_groups()
* @see oa_access_user_teams()
*/
function oa_access_get_group_permissions_combined($groups) {
$return = array();
foreach (oa_access_get_group_permissions($groups) as $gid => $modules) {
foreach ($modules as $perms) {
foreach ($perms as $name) {
$return[$name] = TRUE;
}
}
}
return $return;
}
/**
* Helper function to determine if a permission is overridden by Group or Team.
*
* @param string $perm
* The permission name.
* @param integer $space_nid
* The nid of a Space, when checking if Teams override, or zero if checking
* if the Groups override.
*/
function _oa_access_is_overridden($perm, $space_nid) {
$groups =& drupal_static(__FUNCTION__, array());
if (!isset($groups[$space_nid])) {
if ($space_nid == 0) {
// Get an array of all the Group nids.
$groups[$space_nid] = array_keys(oa_core_get_all_groups());
}
else {
// Get an array of all the Team nids.
$groups[$space_nid] = array_keys(oa_teams_get_teams_for_space($space_nid));
}
// Add the magic 'All' option.
$groups[$space_nid][] = $space_nid;
}
$permissions = oa_access_get_group_permissions_combined($groups[$space_nid]);
return isset($permissions[$perm]);
}
/**
* Determines if the user has a permission.
*
* This is based on the user's membership in an Open Atrium Group or Team in
* the same way that user_access() is based on a user's membership in a role.
*
* @param object|integer|NULL $space
* The Space in which we want to perform the action. You can pass NULL if
* there is no Space active (this will mean that Team permissions won't be
* considered).
* @param string $permission
* The machine name of the permission we are checking.
* @param object|NULL $account
* (Optional) A user object representing the user to check. If NULL, it will
* check for the currently logged in user.
*
* @returns boolean
* TRUE if the user has permission; otherwise FALSE.
*/
function oa_access($space, $permission, $account = NULL) {
global $user;
if (is_null($account)) {
$account = $user;
}
// This function is most commonly called with the same $account but different
// $permissions's. So the layout of the static cache is optimized for that case.
//
// Also, when Teams come into play, access is dependent on the Space which the
// node belongs to. This is because permission gained by membership in a Team
// on Space A shouldn't give you that permission when editting content in
// Space B.
//
// So, the cache looks like this:
//
// $cache[$space_nid][$account->uid][$permission] = TRUE;
//
// However, if oa_teams is disabled, we'll use a constant for $space_nid to
// group everything togather for a modest performance boost.
//
$cache =& drupal_static(__FUNCTION__, array());
$space = !module_exists('oa_teams') ? 0 : ($space ? $space : 0);
$space_nid = is_object($space) ? $space->nid : $space;
if (!isset($cache[$space_nid][$account->uid])) {
// Get the Group and Team permissions.
$group_permissions = oa_access_get_group_permissions_combined(oa_access_user_groups($account));
$team_permissions = $space_nid ? oa_access_get_group_permissions_combined(oa_access_user_teams($space_nid, $account)) : array();
// Loop over the permissions, combining the Group and Team grants per the
// 'combine' property on the permission.
$perms = array();
foreach (oa_access_get_permissions() as $perm => $info) {
switch ($info['combine']) {
case OA_ACCESS_COMBINE_UNION:
$perms[$perm] = isset($group_permissions[$perm]) || isset($team_permissions[$perm]);
break;
case OA_ACCESS_COMBINE_INTERSECTION:
$perms[$perm] = isset($group_permissions[$perm]) && isset($team_permissions[$perm]);
break;
case OA_ACCESS_COMBINE_TEAM_OVERRIDE:
if ($space_nid && _oa_access_is_overridden($perm, $space_nid)) {
$perms[$perm] = isset($team_permissions[$perm]);
}
else {
$perms[$perm] = isset($group_permissions[$perm]) || isset($team_permissions[$perm]);
}
break;
case OA_ACCESS_COMBINE_GROUP_OVERRIDE:
if (_oa_access_is_overridden($perm, 0)) {
$perms[$perm] = isset($group_permissions[$perm]);
}
else {
$perms[$perm] = isset($group_permissions[$perm]) || isset($team_permissions[$perm]);
}
break;
}
}
$cache[$space_nid][$account->uid] = $perms;
}
return $cache[$space_nid][$account->uid][$permission];
}
/**
* Initializes new permissions that were added after module install.
*
* You should call this function when a new permission is added AFTER the
* initial install of your module. (Open Atrium Access will take care of
* initializing any permissions on install of your module for you.)
*
* When possible avoid calling this multiple times without the $groups argument.
* It's better to call it once for multiple permissions, because it will reduce
* the number of repeated database queries.
*
* At the moment, all this does is set the default permissions for permissions
* with a type of OA_ACCESS_GROUP_DEFAULT_OPTION_ALL or
* OA_ACCESS_TEAM_DEFAULT_OPTION_ALL. If you don't have any with those types,
* you don't have to ever call this function.
*
* @param string|object $perms
* The machine name of the new permission or an associative array containing
* the full permission array's keyed by permission machine name.
* @param array $groups
* (Optional) The nids of groups that were just added. If omitted, it will
* find all the appropriate groups in the system. This is primary for
* internal use.
*/
function oa_access_initialize_permissions($perms, array $groups = array()) {
if (is_string($perms)) {
$all_perms = oa_access_get_permissions(TRUE);
if (!isset($all_perms[$perms])) {
throw new Exception("Unknown permission: {$perms}");
}
$perms = array(
$perms => $all_perms[$perms],
);
}
if (empty($groups)) {
$groups = db_select('node', 'n')
->fields('n', array(
'nid',
))
->condition('type', 'oa_space')
->execute()
->fetchCol();
}
$updated = FALSE;
foreach ($perms as $name => $perm) {
$nids = array();
if ($perm['type'] & OA_ACCESS_TEAM_PERMISSION && ($perm['type'] & OA_ACCESS_TEAM_DEFAULT_OPTION_ALL) == OA_ACCESS_TEAM_DEFAULT_OPTION_ALL) {
$nids = $groups;
}
if ($perm['type'] & OA_ACCESS_GROUP_PERMISSION && ($perm['type'] & OA_ACCESS_GROUP_DEFAULT_OPTION_ALL) == OA_ACCESS_GROUP_DEFAULT_OPTION_ALL) {
// Add the '0' nid for the 'All' group.
$nids[] = 0;
}
if (count($nids) > 0) {
foreach ($nids as $nid) {
db_merge('oa_access')
->key(array(
'nid' => $nid,
'permission' => $name,
))
->fields(array(
'module' => $perm['module'],
))
->execute();
}
$updated = TRUE;
}
}
if ($updated) {
drupal_static_reset('oa_access_get_group_permissions');
}
}
/**
* Removes left over permissions that are no longer valid.
*
* @param string|NULL $module
* (Optional) If specified it will only attempt to cleanup permissions for
* the given module; otherwise it'll do them all.
*/
function oa_access_cleanup_permissions($module = NULL) {
$valid_permissions = oa_access_get_permissions();
$query = db_select('oa_access', 'a')
->distinct()
->fields('a', array(
'permission',
));
if ($module) {
$query
->condition('a.module', $module);
}
// Find all the permissions in the database which aren't declared by
// hook_oa_access_permission().
$invalid = array();
foreach ($query
->execute() as $row) {
if (!isset($valid_permissions[$row->permission])) {
$invalid[] = $row->permission;
}
}
// And delete them!
if (!empty($invalid)) {
db_delete('oa_access')
->condition('permission', $invalid, 'IN')
->execute();
}
}Functions
Name |
Description |
|---|---|
| oa_access | Determines if the user has a permission. |
| oa_access_cleanup_permissions | Removes left over permissions that are no longer valid. |
| oa_access_get_group_permissions | Gets all the permissions that a list of groups have. |
| oa_access_get_group_permissions_combined | Gets a combined list of the permissions that a list of groups can perform. |
| oa_access_get_permissions | Get all permissions defined by implementing modules. |
| oa_access_initialize_permissions | Initializes new permissions that were added after module install. |
| oa_access_menu | Implements hook_menu(). |
| oa_access_menu_alter | Implements hook_menu_alter(). |
| oa_access_modules_installed | Implements hook_modules_installed(). |
| oa_access_modules_uninstalled | Implements hook_modules_uninstalled(). |
| oa_access_node_delete | Implements hook_node_delete(). |
| oa_access_node_insert | Implements hook_node_insert(). |
| oa_access_og_permission | Implements hook_og_permission(). |
| oa_access_og_ui_get_group_admin | Implements hook_og_ui_get_group_admin(). |
| oa_access_permission | Implements hook_permission(). |
| oa_access_set_group_permissions | Changes the permissions for a set of groups. |
| oa_access_strongarm_alter | Implements hook_strongarm_alter(). |
| oa_access_theme | Implements hook_theme(). |
| oa_access_user_groups | Get a list of this user's Groups. |
| oa_access_user_teams | Get a list of this user's Teams. |
| _oa_access_is_overridden | Helper function to determine if a permission is overridden by Group or Team. |
Constants
|
Name |
Description |
|---|---|
| OA_ACCESS_ALLOW_OPTION_ALL | Permission type -- Allows permission have an 'All' option. |
| OA_ACCESS_COMBINE_GROUP_OVERRIDE | Permission combine type -- Team permissions override. |
| OA_ACCESS_COMBINE_INTERSECTION | Permission combine type -- Intersection of Group and Team permissions. |
| OA_ACCESS_COMBINE_TEAM_OVERRIDE | Permission combine type -- Team permissions override. |
| OA_ACCESS_COMBINE_UNION | Permission combine type -- Union of Group and Team permissions. |
| OA_ACCESS_DEFAULT_OPTION_ALL | Permission type -- This permission will be set to 'All' by default for all. |
| OA_ACCESS_DEFAULT_PERMISSION | Permission type -- The default permission type. |
| OA_ACCESS_GROUP_ADMIN_PATH | Path to the Group admin page. |
| OA_ACCESS_GROUP_DEFAULT_OPTION_ALL | Permission type -- This permission will be set to 'All' by default for Groups. |
| OA_ACCESS_GROUP_PERMISSION | Permission type -- Allows permission to be assigned to a Group. |
| OA_ACCESS_TEAM_ADMIN_PATH | Path to the Team admin pages. |
| OA_ACCESS_TEAM_DEFAULT_OPTION_ALL | Permission type -- This permission will be set to 'All' by default for Teams. |
| OA_ACCESS_TEAM_PERMISSION | Permission type -- Allows permission to be assigned to a Team. |