From 5fba1c58ac455a9f0878b1fc0bd6504f2f493447 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Thu, 21 Jan 2021 18:58:41 -0800
Subject: [PATCH 1/6] Permission.get API - Fix warning on Drupal/Backdrop

---
 CRM/Core/Permission/Backdrop.php | 2 +-
 CRM/Core/Permission/Drupal.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CRM/Core/Permission/Backdrop.php b/CRM/Core/Permission/Backdrop.php
index 09411c38fa12..de90766d724d 100644
--- a/CRM/Core/Permission/Backdrop.php
+++ b/CRM/Core/Permission/Backdrop.php
@@ -109,7 +109,7 @@ public function getAvailablePermissions() {
     $modules = system_get_info('module');
     foreach ($modules as $moduleName => $module) {
       $prefix = isset($module['name']) ? ($module['name'] . ': ') : '';
-      foreach (module_invoke($moduleName, 'permission') as $permName => $perm) {
+      foreach (module_invoke($moduleName, 'permission') ?? [] as $permName => $perm) {
         if (isset($allCorePerms[$permName])) {
           continue;
         }
diff --git a/CRM/Core/Permission/Drupal.php b/CRM/Core/Permission/Drupal.php
index b179cdf0c3b1..a6dbdd7a41e8 100644
--- a/CRM/Core/Permission/Drupal.php
+++ b/CRM/Core/Permission/Drupal.php
@@ -108,7 +108,7 @@ public function getAvailablePermissions() {
     $modules = system_get_info('module');
     foreach ($modules as $moduleName => $module) {
       $prefix = isset($module['name']) ? ($module['name'] . ': ') : '';
-      foreach (module_invoke($moduleName, 'permission') as $permName => $perm) {
+      foreach (module_invoke($moduleName, 'permission') ?? [] as $permName => $perm) {
         if (isset($allCorePerms[$permName])) {
           continue;
         }

From f1de39ec1217db1360500384c92a64b99779244b Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Thu, 21 Jan 2021 19:07:41 -0800
Subject: [PATCH 2/6] Afform - Use API for listing/searching available
 permissions

---
 .../admin/Civi/AfformAdmin/AfformAdminMeta.php      | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/ext/afform/admin/Civi/AfformAdmin/AfformAdminMeta.php b/ext/afform/admin/Civi/AfformAdmin/AfformAdminMeta.php
index 468d690bdbcd..c2068cc18983 100644
--- a/ext/afform/admin/Civi/AfformAdmin/AfformAdminMeta.php
+++ b/ext/afform/admin/Civi/AfformAdmin/AfformAdminMeta.php
@@ -216,11 +216,16 @@ public static function getGuiSettings() {
     ];
 
     $data['permissions'] = [];
-    foreach (\CRM_Core_Permission::basicPermissions(TRUE, TRUE) as $name => $perm) {
+    $perms = \Civi\Api4\Permission::get()
+      ->addWhere('group', 'IN', ['afformGeneric', 'const', 'civicrm', 'cms'])
+      ->addWhere('is_active', '=', 1)
+      ->setOrderBy(['group' => 'ASC', 'name' => 'ASC'])
+      ->execute();
+    foreach ($perms as $perm) {
       $data['permissions'][] = [
-        'id' => $name,
-        'text' => $perm[0],
-        'description' => $perm[1] ?? NULL,
+        'id' => $perm['name'],
+        'text' => $perm['title'],
+        'description' => $perm['description'] ?? NULL,
       ];
     }
 

From 79f05dc43ad6e4abccc07e81ce013693348d5c9b Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Thu, 4 Feb 2021 14:04:51 -0800
Subject: [PATCH 3/6] CiviReport - Use API for listing/searching available
 permissions. Use select2.

---
 CRM/Report/Form/Instance.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CRM/Report/Form/Instance.php b/CRM/Report/Form/Instance.php
index 97744f694438..564f693b7ace 100644
--- a/CRM/Report/Form/Instance.php
+++ b/CRM/Report/Form/Instance.php
@@ -102,10 +102,17 @@ public static function buildForm(&$form) {
       $form->freeze('is_reserved');
     }
 
+    $getPerms = \Civi\Api4\Permission::get(0)
+      ->addWhere('is_active', '=', 1)
+      ->addWhere('group', 'IN', ['civicrm', 'cms', 'const'])
+      ->setOrderBy(['group' => 'ASC', 'name' => 'ASC'])
+      ->execute();
     $form->addElement('select',
       'permission',
       ts('Permission'),
-      ['0' => ts('Everyone (includes anonymous)')] + CRM_Core_Permission::basicPermissions()
+      // FIXME: Historically, CiviReport hard-coded an extra '0' option. This should change to the more general ALWAYS_ALLOW_PERMISSION (but may require testing/migration).
+      ['0' => ts('Everyone (includes anonymous)')] + array_combine($getPerms->column('name'), $getPerms->column('title')),
+      ['class' => 'crm-select2']
     );
 
     // prepare user_roles to save as names not as ids

From 15ee4ffd32b653edecb11a8c0ed93cb47d51c081 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Thu, 4 Feb 2021 14:14:35 -0800
Subject: [PATCH 4/6] Nav Menu Editor - Use API for listing/searching available
 permissions

---
 CRM/Admin/Form/Navigation.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/CRM/Admin/Form/Navigation.php b/CRM/Admin/Form/Navigation.php
index 0b21a818d970..3249beed8b08 100644
--- a/CRM/Admin/Form/Navigation.php
+++ b/CRM/Admin/Form/Navigation.php
@@ -55,9 +55,13 @@ public function buildQuickForm() {
 
     $this->add('text', 'icon', ts('Icon'), ['class' => 'crm-icon-picker', 'title' => ts('Choose Icon'), 'allowClear' => TRUE]);
 
+    $getPerms = (array) \Civi\Api4\Permission::get(0)
+      ->addWhere('group', 'IN', ['civicrm', 'cms', 'const'])
+      ->setOrderBy(['group' => 'ASC', 'name' => 'ASC'])
+      ->execute();
     $permissions = [];
-    foreach (CRM_Core_Permission::basicPermissions(TRUE, TRUE) as $id => $vals) {
-      $permissions[] = ['id' => $id, 'text' => $vals[0], 'description' => (array) CRM_Utils_Array::value(1, $vals)];
+    foreach ($getPerms as $perm) {
+      $permissions[] = ['id' => $perm['name'], 'text' => $perm['title'], 'description' => $perm['description'] ?? ''];
     }
     $this->add('select2', 'permission', ts('Permission'), $permissions, FALSE,
       ['placeholder' => ts('Unrestricted'), 'class' => 'huge', 'multiple' => TRUE]

From 7abba9861bf619b75705d896cf1244cbd4b6295d Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Thu, 4 Feb 2021 16:49:33 -0800
Subject: [PATCH 5/6] CRM_Core_Permission_List - Tweak labels for `*always
 allow*` and `*always deny*`

---
 CRM/Core/Permission/List.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CRM/Core/Permission/List.php b/CRM/Core/Permission/List.php
index d23ad5091c2f..5138286303d2 100644
--- a/CRM/Core/Permission/List.php
+++ b/CRM/Core/Permission/List.php
@@ -86,12 +86,12 @@ public static function findConstPermissions(GenericHookEvent $e) {
     // There are a handful of special permissions defined in CRM/Core/Permission.
     $e->permissions[\CRM_Core_Permission::ALWAYS_DENY_PERMISSION] = [
       'group' => 'const',
-      'title' => ts('Constant: Always deny'),
+      'title' => ts('Generic: Deny all users'),
       'is_synthetic' => TRUE,
     ];
     $e->permissions[\CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION] = [
       'group' => 'const',
-      'title' => ts('Constant: Always allow'),
+      'title' => ts('Generic: Allow all users (including anonymous)'),
       'is_synthetic' => TRUE,
     ];
   }

From 7efb95e746d50b700321541cefad0b35721599c0 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Fri, 5 Feb 2021 12:49:16 -0800
Subject: [PATCH 6/6] Sort permission list by title. Make it easier to skim.

---
 CRM/Admin/Form/Navigation.php                         | 2 +-
 CRM/Report/Form/Instance.php                          | 2 +-
 ext/afform/admin/Civi/AfformAdmin/AfformAdminMeta.php | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CRM/Admin/Form/Navigation.php b/CRM/Admin/Form/Navigation.php
index 3249beed8b08..6a50bf5e652b 100644
--- a/CRM/Admin/Form/Navigation.php
+++ b/CRM/Admin/Form/Navigation.php
@@ -57,7 +57,7 @@ public function buildQuickForm() {
 
     $getPerms = (array) \Civi\Api4\Permission::get(0)
       ->addWhere('group', 'IN', ['civicrm', 'cms', 'const'])
-      ->setOrderBy(['group' => 'ASC', 'name' => 'ASC'])
+      ->setOrderBy(['title' => 'ASC'])
       ->execute();
     $permissions = [];
     foreach ($getPerms as $perm) {
diff --git a/CRM/Report/Form/Instance.php b/CRM/Report/Form/Instance.php
index 564f693b7ace..224d404fc11c 100644
--- a/CRM/Report/Form/Instance.php
+++ b/CRM/Report/Form/Instance.php
@@ -105,7 +105,7 @@ public static function buildForm(&$form) {
     $getPerms = \Civi\Api4\Permission::get(0)
       ->addWhere('is_active', '=', 1)
       ->addWhere('group', 'IN', ['civicrm', 'cms', 'const'])
-      ->setOrderBy(['group' => 'ASC', 'name' => 'ASC'])
+      ->setOrderBy(['title' => 'ASC'])
       ->execute();
     $form->addElement('select',
       'permission',
diff --git a/ext/afform/admin/Civi/AfformAdmin/AfformAdminMeta.php b/ext/afform/admin/Civi/AfformAdmin/AfformAdminMeta.php
index c2068cc18983..fcf85c4af227 100644
--- a/ext/afform/admin/Civi/AfformAdmin/AfformAdminMeta.php
+++ b/ext/afform/admin/Civi/AfformAdmin/AfformAdminMeta.php
@@ -219,7 +219,7 @@ public static function getGuiSettings() {
     $perms = \Civi\Api4\Permission::get()
       ->addWhere('group', 'IN', ['afformGeneric', 'const', 'civicrm', 'cms'])
       ->addWhere('is_active', '=', 1)
-      ->setOrderBy(['group' => 'ASC', 'name' => 'ASC'])
+      ->setOrderBy(['title' => 'ASC'])
       ->execute();
     foreach ($perms as $perm) {
       $data['permissions'][] = [