Commit | Line | Data |
---|---|---|
84fce21c TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
84fce21c | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
84fce21c TO |
9 | +--------------------------------------------------------------------+ |
10 | */ | |
11 | ||
12 | /** | |
13 | * | |
14 | * @package CRM | |
ca5cec67 | 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
84fce21c TO |
16 | */ |
17 | ||
18 | /** | |
19 | * | |
20 | */ | |
21 | class CRM_Core_Permission_Backdrop extends CRM_Core_Permission_DrupalBase { | |
22 | ||
23 | /** | |
24 | * Is this user someone with access for the entire system. | |
25 | * | |
b67daa72 | 26 | * @var bool |
84fce21c TO |
27 | */ |
28 | protected $_viewAdminUser = FALSE; | |
29 | protected $_editAdminUser = FALSE; | |
30 | ||
31 | /** | |
32 | * Am in in view permission or edit permission? | |
b67daa72 | 33 | * |
34 | * @var bool | |
84fce21c TO |
35 | */ |
36 | protected $_viewPermission = FALSE; | |
37 | protected $_editPermission = FALSE; | |
38 | ||
39 | /** | |
40 | * The current set of permissioned groups for the user. | |
41 | * | |
42 | * @var array | |
43 | */ | |
44 | protected $_viewPermissionedGroups; | |
45 | protected $_editPermissionedGroups; | |
46 | ||
84fce21c TO |
47 | /** |
48 | * Given a permission string, check for access requirements | |
49 | * | |
50 | * @param string $str | |
51 | * The permission to check. | |
52 | * | |
18be3201 | 53 | * @param int $userId |
84fce21c TO |
54 | * |
55 | * @return bool | |
56 | * true if yes, else false | |
57 | */ | |
18be3201 | 58 | public function check($str, $userId = NULL) { |
be2fb01f | 59 | $str = $this->translatePermission($str, 'Drupal', [ |
84fce21c TO |
60 | 'view user account' => 'access user profiles', |
61 | 'administer users' => 'administer users', | |
be2fb01f | 62 | ]); |
84fce21c TO |
63 | if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { |
64 | return FALSE; | |
65 | } | |
66 | if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
67 | return TRUE; | |
68 | } | |
69 | if (function_exists('user_access')) { | |
18be3201 CW |
70 | $account = NULL; |
71 | if ($userId) { | |
72 | $account = user_load($userId); | |
73 | } | |
74 | return user_access($str, $account); | |
84fce21c TO |
75 | } |
76 | return TRUE; | |
77 | } | |
78 | ||
79 | /** | |
80 | * Given a roles array, check for access requirements | |
81 | * | |
82 | * @param array $array | |
83 | * The roles to check. | |
84 | * | |
85 | * @return bool | |
86 | * true if yes, else false | |
87 | */ | |
88 | public function checkGroupRole($array) { | |
89 | if (function_exists('user_load') && isset($array)) { | |
90 | $user = user_load($GLOBALS['user']->uid); | |
91 | //if giver roles found in user roles - return true | |
92 | foreach ($array as $key => $value) { | |
93 | if (in_array($value, $user->roles)) { | |
94 | return TRUE; | |
95 | } | |
96 | } | |
97 | } | |
98 | return FALSE; | |
99 | } | |
100 | ||
101 | /** | |
102 | * @inheritDoc | |
103 | */ | |
104 | public function isModulePermissionSupported() { | |
105 | return TRUE; | |
106 | } | |
107 | ||
108 | /** | |
109 | * @inheritDoc | |
110 | */ | |
111 | public function upgradePermissions($permissions) { | |
112 | if (empty($permissions)) { | |
113 | throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing"); | |
114 | } | |
5c6ebf4c TO |
115 | // FIXME!!!! |
116 | /* | |
84fce21c | 117 | $query = db_delete('role_permission') |
5c6ebf4c TO |
118 | ->condition('module', 'civicrm') |
119 | ->condition('permission', array_keys($permissions), 'NOT IN'); | |
84fce21c | 120 | $query->execute(); |
5c6ebf4c | 121 | */ |
84fce21c TO |
122 | } |
123 | ||
124 | /** | |
125 | * Get all the contact emails for users that have a specific permission. | |
126 | * | |
127 | * @param string $permissionName | |
128 | * Name of the permission we are interested in. | |
129 | * | |
130 | * @return string | |
131 | * a comma separated list of email addresses | |
132 | */ | |
133 | public function permissionEmails($permissionName) { | |
be2fb01f | 134 | static $_cache = []; |
84fce21c TO |
135 | |
136 | if (isset($_cache[$permissionName])) { | |
137 | return $_cache[$permissionName]; | |
138 | } | |
139 | ||
5c6ebf4c TO |
140 | // FIXME!!!! |
141 | /** | |
518fa0ee SL |
142 | * $uids = array(); |
143 | * $sql = " | |
144 | * SELECT {users}.uid, {role_permission}.permission | |
145 | * FROM {users} | |
146 | * JOIN {users_roles} | |
147 | * ON {users}.uid = {users_roles}.uid | |
148 | * JOIN {role_permission} | |
149 | * ON {role_permission}.rid = {users_roles}.rid | |
150 | * WHERE {role_permission}.permission = '{$permissionName}' | |
151 | * AND {users}.status = 1 | |
152 | * "; | |
153 | * | |
154 | * $result = db_query($sql); | |
155 | * foreach ($result as $record) { | |
156 | * $uids[] = $record->uid; | |
157 | * } | |
158 | * | |
159 | * $_cache[$permissionName] = self::getContactEmails($uids); | |
160 | * return $_cache[$permissionName]; | |
5c6ebf4c | 161 | */ |
be2fb01f | 162 | return []; |
84fce21c TO |
163 | } |
164 | ||
165 | } |