projects / civicrm-core.git / blame
| Commit | Line | Data |
|---|---|---|
| 84fce21c TO |
1 | <?php |
| 2 | /* | |
| 3 | +--------------------------------------------------------------------+ | |
| bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
| 84fce21c | 5 | | | |
| bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
| 7 | | permitted exceptions and without any warranty. For full license | | |
| 8 | | and copyright information, see https://civicrm.org/licensing | | |
| 84fce21c TO |
9 | +--------------------------------------------------------------------+ |
| 10 | */ | |
| 11 | ||
| 12 | /** | |
| 13 | * | |
| 14 | * @package CRM | |
| ca5cec67 | 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
| 84fce21c TO |
16 | * $Id$ |
| 17 | * | |
| 18 | */ | |
| 19 | ||
| 20 | /** | |
| 21 | * | |
| 22 | */ | |
| 23 | class CRM_Core_Permission_Backdrop extends CRM_Core_Permission_DrupalBase { | |
| 24 | ||
| 25 | /** | |
| 26 | * Is this user someone with access for the entire system. | |
| 27 | * | |
| b67daa72 | 28 | * @var bool |
| 84fce21c TO |
29 | */ |
| 30 | protected $_viewAdminUser = FALSE; | |
| 31 | protected $_editAdminUser = FALSE; | |
| 32 | ||
| 33 | /** | |
| 34 | * Am in in view permission or edit permission? | |
| b67daa72 | 35 | * |
| 36 | * @var bool | |
| 84fce21c TO |
37 | */ |
| 38 | protected $_viewPermission = FALSE; | |
| 39 | protected $_editPermission = FALSE; | |
| 40 | ||
| 41 | /** | |
| 42 | * The current set of permissioned groups for the user. | |
| 43 | * | |
| 44 | * @var array | |
| 45 | */ | |
| 46 | protected $_viewPermissionedGroups; | |
| 47 | protected $_editPermissionedGroups; | |
| 48 | ||
| 84fce21c TO |
49 | /** |
| 50 | * Given a permission string, check for access requirements | |
| 51 | * | |
| 52 | * @param string $str | |
| 53 | * The permission to check. | |
| 54 | * | |
| 18be3201 | 55 | * @param int $userId |
| 84fce21c TO |
56 | * |
| 57 | * @return bool | |
| 58 | * true if yes, else false | |
| 59 | */ | |
| 18be3201 | 60 | public function check($str, $userId = NULL) { |
| be2fb01f | 61 | $str = $this->translatePermission($str, 'Drupal', [ |
| 84fce21c TO |
62 | 'view user account' => 'access user profiles', |
| 63 | 'administer users' => 'administer users', | |
| be2fb01f | 64 | ]); |
| 84fce21c TO |
65 | if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { |
| 66 | return FALSE; | |
| 67 | } | |
| 68 | if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
| 69 | return TRUE; | |
| 70 | } | |
| 71 | if (function_exists('user_access')) { | |
| 18be3201 CW |
72 | $account = NULL; |
| 73 | if ($userId) { | |
| 74 | $account = user_load($userId); | |
| 75 | } | |
| 76 | return user_access($str, $account); | |
| 84fce21c TO |
77 | } |
| 78 | return TRUE; | |
| 79 | } | |
| 80 | ||
| 81 | /** | |
| 82 | * Given a roles array, check for access requirements | |
| 83 | * | |
| 84 | * @param array $array | |
| 85 | * The roles to check. | |
| 86 | * | |
| 87 | * @return bool | |
| 88 | * true if yes, else false | |
| 89 | */ | |
| 90 | public function checkGroupRole($array) { | |
| 91 | if (function_exists('user_load') && isset($array)) { | |
| 92 | $user = user_load($GLOBALS['user']->uid); | |
| 93 | //if giver roles found in user roles - return true | |
| 94 | foreach ($array as $key => $value) { | |
| 95 | if (in_array($value, $user->roles)) { | |
| 96 | return TRUE; | |
| 97 | } | |
| 98 | } | |
| 99 | } | |
| 100 | return FALSE; | |
| 101 | } | |
| 102 | ||
| 103 | /** | |
| 104 | * @inheritDoc | |
| 105 | */ | |
| 106 | public function isModulePermissionSupported() { | |
| 107 | return TRUE; | |
| 108 | } | |
| 109 | ||
| 110 | /** | |
| 111 | * @inheritDoc | |
| 112 | */ | |
| 113 | public function upgradePermissions($permissions) { | |
| 114 | if (empty($permissions)) { | |
| 115 | throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing"); | |
| 116 | } | |
| 5c6ebf4c TO |
117 | // FIXME!!!! |
| 118 | /* | |
| 84fce21c | 119 | $query = db_delete('role_permission') |
| 5c6ebf4c TO |
120 | ->condition('module', 'civicrm') |
| 121 | ->condition('permission', array_keys($permissions), 'NOT IN'); | |
| 84fce21c | 122 | $query->execute(); |
| 5c6ebf4c | 123 | */ |
| 84fce21c TO |
124 | } |
| 125 | ||
| 126 | /** | |
| 127 | * Get all the contact emails for users that have a specific permission. | |
| 128 | * | |
| 129 | * @param string $permissionName | |
| 130 | * Name of the permission we are interested in. | |
| 131 | * | |
| 132 | * @return string | |
| 133 | * a comma separated list of email addresses | |
| 134 | */ | |
| 135 | public function permissionEmails($permissionName) { | |
| be2fb01f | 136 | static $_cache = []; |
| 84fce21c TO |
137 | |
| 138 | if (isset($_cache[$permissionName])) { | |
| 139 | return $_cache[$permissionName]; | |
| 140 | } | |
| 141 | ||
| 5c6ebf4c TO |
142 | // FIXME!!!! |
| 143 | /** | |
| 518fa0ee SL |
144 | * $uids = array(); |
| 145 | * $sql = " | |
| 146 | * SELECT {users}.uid, {role_permission}.permission | |
| 147 | * FROM {users} | |
| 148 | * JOIN {users_roles} | |
| 149 | * ON {users}.uid = {users_roles}.uid | |
| 150 | * JOIN {role_permission} | |
| 151 | * ON {role_permission}.rid = {users_roles}.rid | |
| 152 | * WHERE {role_permission}.permission = '{$permissionName}' | |
| 153 | * AND {users}.status = 1 | |
| 154 | * "; | |
| 155 | * | |
| 156 | * $result = db_query($sql); | |
| 157 | * foreach ($result as $record) { | |
| 158 | * $uids[] = $record->uid; | |
| 159 | * } | |
| 160 | * | |
| 161 | * $_cache[$permissionName] = self::getContactEmails($uids); | |
| 162 | * return $_cache[$permissionName]; | |
| 5c6ebf4c | 163 | */ |
| be2fb01f | 164 | return []; |
| 84fce21c TO |
165 | } |
| 166 | ||
| 167 | } |