[civicrm-core.git] / CRM / Core / Permission / Backdrop.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC https://civicrm.org/licensing
 */

/**
 *
 */
class CRM_Core_Permission_Backdrop extends CRM_Core_Permission_DrupalBase {

  /**
   * Is this user someone with access for the entire system.
   *
   * @var bool
   */
  protected $_viewAdminUser = FALSE;
  protected $_editAdminUser = FALSE;

  /**
   * Am in in view permission or edit permission?
   *
   * @var bool
   */
  protected $_viewPermission = FALSE;
  protected $_editPermission = FALSE;

  /**
   * The current set of permissioned groups for the user.
   *
   * @var array
   */
  protected $_viewPermissionedGroups;
  protected $_editPermissionedGroups;

  /**
   * Given a permission string, check for access requirements
   *
   * @param string $str
   *   The permission to check.
   *
   * @param int $userId
   *
   * @return bool
   *   true if yes, else false
   */
  public function check($str, $userId = NULL) {
    $str = $this->translatePermission($str, 'Drupal', [
      'view user account' => 'access user profiles',
      'administer users' => 'administer users',
    ]);
    if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
      return FALSE;
    }
    if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
      return TRUE;
    }
    if (function_exists('user_access')) {
      $account = NULL;
      if ($userId || $userId === 0) {
        $account = user_load($userId);
      }
      return user_access($str, $account);
    }
    return TRUE;
  }

  /**
   * Given a roles array, check for access requirements
   *
   * @param array $array
   *   The roles to check.
   *
   * @return bool
   *   true if yes, else false
   */
  public function checkGroupRole($array) {
    if (function_exists('user_load') && isset($array)) {
      $user = user_load($GLOBALS['user']->uid);
      //if giver roles found in user roles - return true
      foreach ($array as $key => $value) {
        if (in_array($value, $user->roles)) {
          return TRUE;
        }
      }
    }
    return FALSE;
  }

  /**
   * @inheritDoc
   */
  public function getAvailablePermissions() {
    // We want to list *only* Backdrop perms, so we'll *skip* Civi perms.
    $allCorePerms = \CRM_Core_Permission::basicPermissions(TRUE);

    $permissions = [];
    $modules = system_get_info('module');
    foreach ($modules as $moduleName => $module) {
      $prefix = isset($module['name']) ? ($module['name'] . ': ') : '';
      foreach (module_invoke($moduleName, 'permission') ?? [] as $permName => $perm) {
        if (isset($allCorePerms[$permName])) {
          continue;
        }

        $permissions["Drupal:$permName"] = [
          'title' => $prefix . strip_tags($perm['title']),
          'description' => $perm['description'] ?? NULL,
        ];
      }
    }
    return $permissions;
  }

  /**
   * @inheritDoc
   */
  public function isModulePermissionSupported() {
    return TRUE;
  }

  /**
   * @inheritDoc
   */
  public function upgradePermissions($permissions) {
    if (empty($permissions)) {
      throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
    }
    // FIXME!!!!
    /*
    $query = db_delete('role_permission')
    ->condition('module', 'civicrm')
    ->condition('permission', array_keys($permissions), 'NOT IN');
    $query->execute();
     */
  }

  /**
   * Get all the contact emails for users that have a specific permission.
   *
   * @param string $permissionName
   *   Name of the permission we are interested in.
   *
   * @return string
   *   a comma separated list of email addresses
   */
  public function permissionEmails($permissionName) {
    static $_cache = [];

    if (isset($_cache[$permissionName])) {
      return $_cache[$permissionName];
    }

    // FIXME!!!!
    /**
     * $uids = array();
     * $sql = "
     * SELECT {users}.uid, {role_permission}.permission
     * FROM {users}
     * JOIN {users_roles}
     * ON {users}.uid = {users_roles}.uid
     * JOIN {role_permission}
     * ON {role_permission}.rid = {users_roles}.rid
     * WHERE {role_permission}.permission = '{$permissionName}'
     * AND {users}.status = 1
     * ";
     *
     * $result = db_query($sql);
     * foreach ($result as $record) {
     * $uids[] = $record->uid;
     * }
     *
     * $_cache[$permissionName] = self::getContactEmails($uids);
     * return $_cache[$permissionName];
    */
    return [];
  }

}
Commit	Line	Data
84fce21c TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
bc77d7c0	4	\| Copyright CiviCRM LLC. All rights reserved. \|
84fce21c	5	\| \|
bc77d7c0 TO	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
84fce21c TO	9	+--------------------------------------------------------------------+
	10	*/
	11
	12	/**
	13	*
	14	* @package CRM
ca5cec67	15	* @copyright CiviCRM LLC https://civicrm.org/licensing
84fce21c TO	16	*/
	17
	18	/**
	19	*
	20	*/
	21	class CRM_Core_Permission_Backdrop extends CRM_Core_Permission_DrupalBase {
	22
	23	/**
	24	* Is this user someone with access for the entire system.
	25	*
b67daa72	26	* @var bool
84fce21c TO	27	*/
	28	protected $_viewAdminUser = FALSE;
	29	protected $_editAdminUser = FALSE;
	30
	31	/**
	32	* Am in in view permission or edit permission?
b67daa72	33	*
b67daa72	34	* @var bool
84fce21c TO	35	*/
	36	protected $_viewPermission = FALSE;
	37	protected $_editPermission = FALSE;
	38
	39	/**
	40	* The current set of permissioned groups for the user.
	41	*
	42	* @var array
	43	*/
	44	protected $_viewPermissionedGroups;
	45	protected $_editPermissionedGroups;
	46
84fce21c TO	47	/**
	48	* Given a permission string, check for access requirements
	49	*
	50	* @param string $str
	51	* The permission to check.
	52	*
18be3201	53	* @param int $userId
84fce21c TO	54	*
	55	* @return bool
	56	* true if yes, else false
	57	*/
18be3201	58	public function check($str, $userId = NULL) {
be2fb01f	59	$str = $this->translatePermission($str, 'Drupal', [
84fce21c TO	60	'view user account' => 'access user profiles',
84fce21c TO	61	'administer users' => 'administer users',
be2fb01f	62	]);
84fce21c TO	63	if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
	64	return FALSE;
	65	}
	66	if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
	67	return TRUE;
	68	}
	69	if (function_exists('user_access')) {
18be3201	70	$account = NULL;
ae6d2c8e	71	if ($userId \|\| $userId === 0) {
18be3201 CW	72	$account = user_load($userId);
	73	}
	74	return user_access($str, $account);
84fce21c TO	75	}
	76	return TRUE;
	77	}
	78
	79	/**
	80	* Given a roles array, check for access requirements
	81	*
	82	* @param array $array
	83	* The roles to check.
	84	*
	85	* @return bool
	86	* true if yes, else false
	87	*/
	88	public function checkGroupRole($array) {
	89	if (function_exists('user_load') && isset($array)) {
	90	$user = user_load($GLOBALS['user']->uid);
	91	//if giver roles found in user roles - return true
	92	foreach ($array as $key => $value) {
	93	if (in_array($value, $user->roles)) {
	94	return TRUE;
	95	}
	96	}
	97	}
	98	return FALSE;
	99	}
	100
0247a000 TO	101	/**
	102	* @inheritDoc
	103	*/
	104	public function getAvailablePermissions() {
	105	// We want to list only Backdrop perms, so we'll skip Civi perms.
	106	$allCorePerms = \CRM_Core_Permission::basicPermissions(TRUE);
	107
	108	$permissions = [];
	109	$modules = system_get_info('module');
	110	foreach ($modules as $moduleName => $module) {
	111	$prefix = isset($module['name']) ? ($module['name'] . ': ') : '';
5fba1c58	112	foreach (module_invoke($moduleName, 'permission') ?? [] as $permName => $perm) {
0247a000 TO	113	if (isset($allCorePerms[$permName])) {
	114	continue;
	115	}
	116
	117	$permissions["Drupal:$permName"] = [
	118	'title' => $prefix . strip_tags($perm['title']),
	119	'description' => $perm['description'] ?? NULL,
	120	];
	121	}
	122	}
	123	return $permissions;
	124	}
	125
84fce21c TO	126	/**
	127	* @inheritDoc
	128	*/
	129	public function isModulePermissionSupported() {
	130	return TRUE;
	131	}
	132
	133	/**
	134	* @inheritDoc
	135	*/
	136	public function upgradePermissions($permissions) {
	137	if (empty($permissions)) {
	138	throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
	139	}
5c6ebf4c TO	140	// FIXME!!!!
5c6ebf4c TO	141	/*
84fce21c	142	$query = db_delete('role_permission')
5c6ebf4c TO	143	->condition('module', 'civicrm')
5c6ebf4c TO	144	->condition('permission', array_keys($permissions), 'NOT IN');
84fce21c	145	$query->execute();
5c6ebf4c	146	*/
84fce21c TO	147	}
	148
	149	/**
	150	* Get all the contact emails for users that have a specific permission.
	151	*
	152	* @param string $permissionName
	153	* Name of the permission we are interested in.
	154	*
	155	* @return string
	156	* a comma separated list of email addresses
	157	*/
	158	public function permissionEmails($permissionName) {
be2fb01f	159	static $_cache = [];
84fce21c TO	160
	161	if (isset($_cache[$permissionName])) {
	162	return $_cache[$permissionName];
	163	}
	164
5c6ebf4c TO	165	// FIXME!!!!
5c6ebf4c TO	166	/**
518fa0ee SL	167	* $uids = array();
	168	* $sql = "
	169	* SELECT {users}.uid, {role_permission}.permission
	170	* FROM {users}
	171	* JOIN {users_roles}
	172	* ON {users}.uid = {users_roles}.uid
	173	* JOIN {role_permission}
	174	* ON {role_permission}.rid = {users_roles}.rid
	175	* WHERE {role_permission}.permission = '{$permissionName}'
	176	* AND {users}.status = 1
	177	* ";
	178	*
	179	* $result = db_query($sql);
	180	* foreach ($result as $record) {
	181	* $uids[] = $record->uid;
	182	* }
	183	*
	184	* $_cache[$permissionName] = self::getContactEmails($uids);
	185	* return $_cache[$permissionName];
5c6ebf4c	186	*/
be2fb01f	187	return [];
84fce21c TO	188	}
	189
	190	}