Afform (et al) - Fetch more complete list of permissions via APIv4

CRM/Admin/Form/Navigation.php

@@ -55,9 +55,13 @@ public function buildQuickForm() {
 
     $this->add('text', 'icon', ts('Icon'), ['class' => 'crm-icon-picker', 'title' => ts('Choose Icon'), 'allowClear' => TRUE]);
 
+    $getPerms = (array) \Civi\Api4\Permission::get(0)
+      ->addWhere('group', 'IN', ['civicrm', 'cms', 'const'])
+      ->setOrderBy(['title' => 'ASC'])
+      ->execute();
     $permissions = [];
-    foreach (CRM_Core_Permission::basicPermissions(TRUE, TRUE) as $id => $vals) {
-      $permissions[] = ['id' => $id, 'text' => $vals[0], 'description' => (array) CRM_Utils_Array::value(1, $vals)];
+    foreach ($getPerms as $perm) {
+      $permissions[] = ['id' => $perm['name'], 'text' => $perm['title'], 'description' => $perm['description'] ?? ''];
     }
     $this->add('select2', 'permission', ts('Permission'), $permissions, FALSE,
       ['placeholder' => ts('Unrestricted'), 'class' => 'huge', 'multiple' => TRUE]

CRM/Core/Permission/Backdrop.php

@@ -109,7 +109,7 @@ public function getAvailablePermissions() {
     $modules = system_get_info('module');
     foreach ($modules as $moduleName => $module) {
       $prefix = isset($module['name']) ? ($module['name'] . ': ') : '';
-      foreach (module_invoke($moduleName, 'permission') as $permName => $perm) {
+      foreach (module_invoke($moduleName, 'permission') ?? [] as $permName => $perm) {
         if (isset($allCorePerms[$permName])) {
           continue;
         }

CRM/Core/Permission/Drupal.php

@@ -108,7 +108,7 @@ public function getAvailablePermissions() {
     $modules = system_get_info('module');
     foreach ($modules as $moduleName => $module) {
       $prefix = isset($module['name']) ? ($module['name'] . ': ') : '';
-      foreach (module_invoke($moduleName, 'permission') as $permName => $perm) {
+      foreach (module_invoke($moduleName, 'permission') ?? [] as $permName => $perm) {
         if (isset($allCorePerms[$permName])) {
           continue;
         }

CRM/Core/Permission/List.php

@@ -86,12 +86,12 @@ public static function findConstPermissions(GenericHookEvent $e) {
     // There are a handful of special permissions defined in CRM/Core/Permission.
     $e->permissions[\CRM_Core_Permission::ALWAYS_DENY_PERMISSION] = [
       'group' => 'const',
-      'title' => ts('Constant: Always deny'),
+      'title' => ts('Generic: Deny all users'),
       'is_synthetic' => TRUE,
     ];
     $e->permissions[\CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION] = [
       'group' => 'const',
-      'title' => ts('Constant: Always allow'),
+      'title' => ts('Generic: Allow all users (including anonymous)'),
       'is_synthetic' => TRUE,
     ];
   }

CRM/Report/Form/Instance.php

@@ -102,10 +102,17 @@ public static function buildForm(&$form) {
       $form->freeze('is_reserved');
     }
 
+    $getPerms = \Civi\Api4\Permission::get(0)
+      ->addWhere('is_active', '=', 1)
+      ->addWhere('group', 'IN', ['civicrm', 'cms', 'const'])
+      ->setOrderBy(['title' => 'ASC'])
+      ->execute();
     $form->addElement('select',
       'permission',
       ts('Permission'),
-      ['0' => ts('Everyone (includes anonymous)')] + CRM_Core_Permission::basicPermissions()
+      // FIXME: Historically, CiviReport hard-coded an extra '0' option. This should change to the more general ALWAYS_ALLOW_PERMISSION (but may require testing/migration).
+      ['0' => ts('Everyone (includes anonymous)')] + array_combine($getPerms->column('name'), $getPerms->column('title')),
+      ['class' => 'crm-select2']
     );
 
     // prepare user_roles to save as names not as ids

ext/afform/admin/Civi/AfformAdmin/AfformAdminMeta.php

@@ -216,11 +216,16 @@ public static function getGuiSettings() {
     ];
 
     $data['permissions'] = [];
-    foreach (\CRM_Core_Permission::basicPermissions(TRUE, TRUE) as $name => $perm) {
+    $perms = \Civi\Api4\Permission::get()
+      ->addWhere('group', 'IN', ['afformGeneric', 'const', 'civicrm', 'cms'])
+      ->addWhere('is_active', '=', 1)
+      ->setOrderBy(['title' => 'ASC'])
+      ->execute();
+    foreach ($perms as $perm) {
       $data['permissions'][] = [
-        'id' => $name,
-        'text' => $perm[0],
-        'description' => $perm[1] ?? NULL,
+        'id' => $perm['name'],
+        'text' => $perm['title'],
+        'description' => $perm['description'] ?? NULL,
       ];
     }