Commit | Line | Data |
---|---|---|
84fce21c TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
fee14197 | 4 | | CiviCRM version 5 | |
84fce21c | 5 | +--------------------------------------------------------------------+ |
f299f7db | 6 | | Copyright CiviCRM LLC (c) 2004-2020 | |
84fce21c TO |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
26 | */ | |
27 | ||
28 | /** | |
29 | * | |
30 | * @package CRM | |
f299f7db | 31 | * @copyright CiviCRM LLC (c) 2004-2020 |
84fce21c TO |
32 | * $Id$ |
33 | * | |
34 | */ | |
35 | ||
36 | /** | |
37 | * | |
38 | */ | |
39 | class CRM_Core_Permission_Backdrop extends CRM_Core_Permission_DrupalBase { | |
40 | ||
41 | /** | |
42 | * Is this user someone with access for the entire system. | |
43 | * | |
b67daa72 | 44 | * @var bool |
84fce21c TO |
45 | */ |
46 | protected $_viewAdminUser = FALSE; | |
47 | protected $_editAdminUser = FALSE; | |
48 | ||
49 | /** | |
50 | * Am in in view permission or edit permission? | |
b67daa72 | 51 | * |
52 | * @var bool | |
84fce21c TO |
53 | */ |
54 | protected $_viewPermission = FALSE; | |
55 | protected $_editPermission = FALSE; | |
56 | ||
57 | /** | |
58 | * The current set of permissioned groups for the user. | |
59 | * | |
60 | * @var array | |
61 | */ | |
62 | protected $_viewPermissionedGroups; | |
63 | protected $_editPermissionedGroups; | |
64 | ||
84fce21c TO |
65 | /** |
66 | * Given a permission string, check for access requirements | |
67 | * | |
68 | * @param string $str | |
69 | * The permission to check. | |
70 | * | |
18be3201 | 71 | * @param int $userId |
84fce21c TO |
72 | * |
73 | * @return bool | |
74 | * true if yes, else false | |
75 | */ | |
18be3201 | 76 | public function check($str, $userId = NULL) { |
be2fb01f | 77 | $str = $this->translatePermission($str, 'Drupal', [ |
84fce21c TO |
78 | 'view user account' => 'access user profiles', |
79 | 'administer users' => 'administer users', | |
be2fb01f | 80 | ]); |
84fce21c TO |
81 | if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { |
82 | return FALSE; | |
83 | } | |
84 | if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
85 | return TRUE; | |
86 | } | |
87 | if (function_exists('user_access')) { | |
18be3201 CW |
88 | $account = NULL; |
89 | if ($userId) { | |
90 | $account = user_load($userId); | |
91 | } | |
92 | return user_access($str, $account); | |
84fce21c TO |
93 | } |
94 | return TRUE; | |
95 | } | |
96 | ||
97 | /** | |
98 | * Given a roles array, check for access requirements | |
99 | * | |
100 | * @param array $array | |
101 | * The roles to check. | |
102 | * | |
103 | * @return bool | |
104 | * true if yes, else false | |
105 | */ | |
106 | public function checkGroupRole($array) { | |
107 | if (function_exists('user_load') && isset($array)) { | |
108 | $user = user_load($GLOBALS['user']->uid); | |
109 | //if giver roles found in user roles - return true | |
110 | foreach ($array as $key => $value) { | |
111 | if (in_array($value, $user->roles)) { | |
112 | return TRUE; | |
113 | } | |
114 | } | |
115 | } | |
116 | return FALSE; | |
117 | } | |
118 | ||
119 | /** | |
120 | * @inheritDoc | |
121 | */ | |
122 | public function isModulePermissionSupported() { | |
123 | return TRUE; | |
124 | } | |
125 | ||
126 | /** | |
127 | * @inheritDoc | |
128 | */ | |
129 | public function upgradePermissions($permissions) { | |
130 | if (empty($permissions)) { | |
131 | throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing"); | |
132 | } | |
5c6ebf4c TO |
133 | // FIXME!!!! |
134 | /* | |
84fce21c | 135 | $query = db_delete('role_permission') |
5c6ebf4c TO |
136 | ->condition('module', 'civicrm') |
137 | ->condition('permission', array_keys($permissions), 'NOT IN'); | |
84fce21c | 138 | $query->execute(); |
5c6ebf4c | 139 | */ |
84fce21c TO |
140 | } |
141 | ||
142 | /** | |
143 | * Get all the contact emails for users that have a specific permission. | |
144 | * | |
145 | * @param string $permissionName | |
146 | * Name of the permission we are interested in. | |
147 | * | |
148 | * @return string | |
149 | * a comma separated list of email addresses | |
150 | */ | |
151 | public function permissionEmails($permissionName) { | |
be2fb01f | 152 | static $_cache = []; |
84fce21c TO |
153 | |
154 | if (isset($_cache[$permissionName])) { | |
155 | return $_cache[$permissionName]; | |
156 | } | |
157 | ||
5c6ebf4c TO |
158 | // FIXME!!!! |
159 | /** | |
518fa0ee SL |
160 | * $uids = array(); |
161 | * $sql = " | |
162 | * SELECT {users}.uid, {role_permission}.permission | |
163 | * FROM {users} | |
164 | * JOIN {users_roles} | |
165 | * ON {users}.uid = {users_roles}.uid | |
166 | * JOIN {role_permission} | |
167 | * ON {role_permission}.rid = {users_roles}.rid | |
168 | * WHERE {role_permission}.permission = '{$permissionName}' | |
169 | * AND {users}.status = 1 | |
170 | * "; | |
171 | * | |
172 | * $result = db_query($sql); | |
173 | * foreach ($result as $record) { | |
174 | * $uids[] = $record->uid; | |
175 | * } | |
176 | * | |
177 | * $_cache[$permissionName] = self::getContactEmails($uids); | |
178 | * return $_cache[$permissionName]; | |
5c6ebf4c | 179 | */ |
be2fb01f | 180 | return []; |
84fce21c TO |
181 | } |
182 | ||
183 | } |