Commit | Line | Data |
---|---|---|
6a488035 | 1 | <?php |
6a488035 TO |
2 | /* |
3 | +--------------------------------------------------------------------+ | |
39de6fd5 | 4 | | CiviCRM version 4.6 | |
6a488035 | 5 | +--------------------------------------------------------------------+ |
e7112fa7 | 6 | | Copyright CiviCRM LLC (c) 2004-2015 | |
6a488035 TO |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
d25dd0ee | 26 | */ |
6a488035 TO |
27 | |
28 | /** | |
29 | * | |
30 | * @package CRM | |
e7112fa7 | 31 | * @copyright CiviCRM LLC (c) 2004-2015 |
6a488035 TO |
32 | * $Id$ |
33 | * | |
34 | */ | |
35 | class CRM_ACL_API { | |
36 | ||
37 | /** | |
d2e5d2ce | 38 | * The various type of permissions. |
6a488035 TO |
39 | * |
40 | * @var int | |
41 | */ | |
7da04cde TO |
42 | const EDIT = 1; |
43 | const VIEW = 2; | |
44 | const DELETE = 3; | |
45 | const CREATE = 4; | |
46 | const SEARCH = 5; | |
47 | const ALL = 6; | |
6a488035 TO |
48 | |
49 | /** | |
100fef9d | 50 | * Given a permission string, check for access requirements |
6a488035 | 51 | * |
b758c7d5 TO |
52 | * @param string $str |
53 | * The permission to check. | |
54 | * @param int $contactID | |
55 | * The contactID for whom the check is made. | |
6a488035 | 56 | * |
acb1052e | 57 | * @return bool |
a6c01b45 | 58 | * true if yes, else false |
6a488035 | 59 | */ |
00be9182 | 60 | public static function check($str, $contactID = NULL) { |
6a488035 TO |
61 | if ($contactID == NULL) { |
62 | $session = CRM_Core_Session::singleton(); | |
63 | $contactID = $session->get('userID'); | |
64 | } | |
65 | ||
66 | if (!$contactID) { | |
67 | // anonymous user | |
68 | $contactID = 0; | |
69 | } | |
70 | ||
71 | return CRM_ACL_BAO_ACL::check($str, $contactID); | |
72 | } | |
73 | ||
74 | /** | |
d2e5d2ce | 75 | * Get the permissioned where clause for the user. |
6a488035 | 76 | * |
b758c7d5 TO |
77 | * @param int $type |
78 | * The type of permission needed. | |
79 | * @param array $tables | |
80 | * (reference ) add the tables that are needed for the select clause. | |
81 | * @param array $whereTables | |
82 | * (reference ) add the tables that are needed for the where clause. | |
83 | * @param int $contactID | |
84 | * The contactID for whom the check is made. | |
85 | * @param bool $onlyDeleted | |
86 | * Whether to include only deleted contacts. | |
87 | * @param bool $skipDeleteClause | |
88 | * Don't add delete clause if this is true,. | |
a1258782 | 89 | * this means it is handled by generating query |
6a488035 | 90 | * |
a6c01b45 CW |
91 | * @return string |
92 | * the group where clause for this user | |
6a488035 | 93 | */ |
e6a83034 TO |
94 | public static function whereClause( |
95 | $type, | |
6a488035 TO |
96 | &$tables, |
97 | &$whereTables, | |
100b0ec6 TO |
98 | $contactID = NULL, |
99 | $onlyDeleted = FALSE, | |
6a488035 TO |
100 | $skipDeleteClause = FALSE |
101 | ) { | |
102 | // the default value which is valid for rhe final AND | |
103 | $deleteClause = ' ( 1 ) '; | |
104 | if (!$skipDeleteClause) { | |
105 | if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) { | |
106 | $deleteClause = '(contact_a.is_deleted)'; | |
107 | } | |
108 | else { | |
109 | // CRM-6181 | |
110 | $deleteClause = '(contact_a.is_deleted = 0)'; | |
111 | } | |
112 | } | |
113 | ||
114 | // first see if the contact has edit / view all contacts | |
115 | if (CRM_Core_Permission::check('edit all contacts') || | |
116 | ($type == self::VIEW && | |
117 | CRM_Core_Permission::check('view all contacts') | |
118 | ) | |
119 | ) { | |
120 | return $skipDeleteClause ? ' ( 1 ) ' : $deleteClause; | |
121 | } | |
122 | ||
123 | if ($contactID == NULL) { | |
124 | $session = CRM_Core_Session::singleton(); | |
125 | $contactID = $session->get('userID'); | |
126 | } | |
127 | ||
128 | if (!$contactID) { | |
129 | // anonymous user | |
130 | $contactID = 0; | |
131 | } | |
132 | ||
133 | return implode(' AND ', | |
134 | array( | |
135 | CRM_ACL_BAO_ACL::whereClause($type, | |
136 | $tables, | |
137 | $whereTables, | |
138 | $contactID | |
139 | ), | |
140 | $deleteClause, | |
141 | ) | |
142 | ); | |
143 | } | |
144 | ||
145 | /** | |
d2e5d2ce | 146 | * Get all the groups the user has access to for the given operation. |
6a488035 | 147 | * |
b758c7d5 TO |
148 | * @param int $type |
149 | * The type of permission needed. | |
150 | * @param int $contactID | |
151 | * The contactID for whom the check is made. | |
fd31fa4c EM |
152 | * |
153 | * @param string $tableName | |
154 | * @param null $allGroups | |
155 | * @param null $includedGroups | |
6a488035 | 156 | * |
a6c01b45 CW |
157 | * @return array |
158 | * the ids of the groups for which the user has permissions | |
6a488035 TO |
159 | */ |
160 | public static function group( | |
161 | $type, | |
100b0ec6 TO |
162 | $contactID = NULL, |
163 | $tableName = 'civicrm_saved_search', | |
164 | $allGroups = NULL, | |
6a488035 TO |
165 | $includedGroups = NULL |
166 | ) { | |
167 | if ($contactID == NULL) { | |
168 | $session = CRM_Core_Session::singleton(); | |
169 | $contactID = $session->get('userID'); | |
170 | } | |
171 | ||
172 | if (!$contactID) { | |
173 | // anonymous user | |
174 | $contactID = 0; | |
175 | } | |
176 | ||
177 | return CRM_ACL_BAO_ACL::group($type, $contactID, $tableName, $allGroups, $includedGroups); | |
178 | } | |
179 | ||
180 | /** | |
100fef9d | 181 | * Check if the user has access to this group for operation $type |
6a488035 | 182 | * |
b758c7d5 TO |
183 | * @param int $type |
184 | * The type of permission needed. | |
100fef9d | 185 | * @param int $groupID |
b758c7d5 TO |
186 | * @param int $contactID |
187 | * The contactID for whom the check is made. | |
da6b46f4 EM |
188 | * @param string $tableName |
189 | * @param null $allGroups | |
190 | * @param null $includedGroups | |
191 | * @param bool $flush | |
6a488035 | 192 | * |
a6c01b45 CW |
193 | * @return array |
194 | * the ids of the groups for which the user has permissions | |
6a488035 TO |
195 | */ |
196 | public static function groupPermission( | |
197 | $type, | |
198 | $groupID, | |
100b0ec6 TO |
199 | $contactID = NULL, |
200 | $tableName = 'civicrm_saved_search', | |
201 | $allGroups = NULL, | |
90dee8d1 EM |
202 | $includedGroups = NULL, |
203 | $flush = FALSE | |
6a488035 | 204 | ) { |
6a488035 | 205 | |
90dee8d1 | 206 | static $cache = array(); |
b92e5777 | 207 | $groups = array(); |
90dee8d1 EM |
208 | //@todo this is pretty hacky!!! |
209 | //adding a way for unit tests to flush the cache | |
210 | if ($flush) { | |
211 | $cache = array(); | |
acb1052e | 212 | return NULL; |
90dee8d1 | 213 | } |
6a488035 TO |
214 | if (!$contactID) { |
215 | $session = CRM_Core_Session::singleton(); | |
216 | $contactID = NULL; | |
217 | if ($session->get('userID')) { | |
218 | $contactID = $session->get('userID'); | |
219 | } | |
220 | } | |
221 | ||
222 | $key = "{$tableName}_{$type}_{$contactID}"; | |
223 | if (array_key_exists($key, $cache)) { | |
224 | $groups = &$cache[$key]; | |
225 | } | |
226 | else { | |
227 | $groups = self::group($type, $contactID, $tableName, $allGroups, $includedGroups); | |
228 | $cache[$key] = $groups; | |
229 | } | |
230 | ||
231 | return in_array($groupID, $groups) ? TRUE : FALSE; | |
232 | } | |
96025800 | 233 | |
6a488035 | 234 | } |