[civicrm-core.git] / CRM / Core / Permission / Base.php

<?php
/*
 +--------------------------------------------------------------------+
 | CiviCRM version 4.4                                                |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2013                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License and the CiviCRM Licensing Exception along                  |
 | with this program; if not, contact CiviCRM LLC                     |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
*/

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC (c) 2004-2013
 * $Id$
 *
 */

/**
 *
 */
class CRM_Core_Permission_Base {

  /**
   * Translate permission
   *
   * @param string $name e.g. "administer CiviCRM", "cms:access user record", "Drupal:administer content", "Joomla:action:com_asset"
   * @param string $nativePrefix
   * @param array $map array($portableName => $nativeName)
   * @return NULL|string a permission name
   */
  public function translatePermission($perm, $nativePrefix, $map) {
    list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL);
    switch ($civiPrefix) {
      case $nativePrefix:
        return $name; // pass through
      case 'cms':
        return CRM_Utils_Array::value($name, $map, CRM_Core_Permission::ALWAYS_DENY_PERMISSION);
      case NULL:
        return $name;
      default:
        return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
    }
  }

  /**
   * get the current permission of this user
   *
   * @return string the permission of the user (edit or view or null)
   */
  public function getPermission() {
    return CRM_Core_Permission::EDIT;
  }

  /**
   * Get the permissioned where clause for the user
   *
   * @param int $type the type of permission needed
   * @param  array $tables (reference ) add the tables that are needed for the select clause
   * @param  array $whereTables (reference ) add the tables that are needed for the where clause
   *
   * @return string the group where clause for this user
   * @access public
   */
  public function whereClause($type, &$tables, &$whereTables) {
    return '( 1 )';
  }
  /**
   * Get the permissioned where clause for the user when trying to see groups
   *
   * @param int $type the type of permission needed
   * @param  array $tables (reference ) add the tables that are needed for the select clause
   * @param  array $whereTables (reference ) add the tables that are needed for the where clause
   *
   * @return string the group where clause for this user
   * @access public
   */
  public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
    $this->group();
    return $this->groupClause($type, $tables, $whereTables);
  }
  /**
   * Get all groups from database, filtered by permissions
   * for this user
   *
   * @param string $groupType     type of group(Access/Mailing)
   * @param boolen $excludeHidden exclude hidden groups.
   *
   * @access public
   *
   * @return array - array reference of all groups.
   *
   */
  public function group($groupType = NULL, $excludeHidden = TRUE) {
    return CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
  }

  /**
   * Get group clause for this user
   *
   * @param int $type the type of permission needed
   * @param  array $tables (reference ) add the tables that are needed for the select clause
   * @param  array $whereTables (reference ) add the tables that are needed for the where clause
   *
   * @return string the group where clause for this user
   * @access public
   */
  public function groupClause($type, &$tables, &$whereTables) {
    return ' (1) ';
  }

  /**
   * given a permission string, check for access requirements
   *
   * @param string $str the permission to check
   *
   * @return boolean true if yes, else false
   * @access public
   */

  function check($str) {
    //no default behaviour
  }

  /**
   * Given a roles array, check for access requirements
   *
   * @param array $array the roles to check
   *
   * @return boolean true if yes, else false
   * @access public
   */

  function checkGroupRole($array) {
    return FALSE;
  }

  /**
   * Get all the contact emails for users that have a specific permission
   *
   * @param string $permissionName name of the permission we are interested in
   *
   * @return string a comma separated list of email addresses
   */
  public function permissionEmails($permissionName) {
    CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
  }

  /**
   * Get all the contact emails for users that have a specific role
   *
   * @param string $roleName name of the role we are interested in
   *
   * @return string a comma separated list of email addresses
   */
  public function roleEmails($roleName) {
    CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
  }

  /**
   * Determine whether the permission store allows us to store
   * a list of permissions generated dynamically (eg by
   * hook_civicrm_permissions.)
   *
   * @return bool
   */
  public function isModulePermissionSupported() {
    return FALSE;
  }

  /**
   * Ensure that the CMS supports all the permissions defined by CiviCRM
   * and its extensions. If there are stale permissions, they should be
   * deleted. This is useful during module upgrade when the newer module
   * version has removed permission that were defined in the older version.
   *
   * @param array $permissions same format as CRM_Core_Permission::getCorePermissions().
   * @see CRM_Core_Permission::getCorePermissions
   */
  function upgradePermissions($permissions) {
    throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
  }

  /**
   * Get the permissions defined in the hook_civicrm_permission implementation
   * of the given module.
   *
   * Note: At time of writing, this is only used with native extension-modules, so
   * there's one, predictable calling convention (regardless of CMS).
   *
   * @return Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
   * @see CRM_Core_Permission::getCorePermissions
   */
  static function getModulePermissions($module) {
    $return_permissions = array();
    $fn_name = "{$module}_civicrm_permission";
    if (function_exists($fn_name)) {
      $module_permissions = array();
      $fn_name($module_permissions);
      $return_permissions = $module_permissions;
    }
    return $return_permissions;
  }

  /**
   * Get the permissions defined in the hook_civicrm_permission implementation
   * in all enabled CiviCRM module extensions.
   *
   * @return Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
   */
  function getAllModulePermissions() {
    $permissions = array();
    CRM_Utils_Hook::permission($permissions);
    return $permissions;
  }
}
Commit	Line	Data
6a488035 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
232624b1	4	\| CiviCRM version 4.4 \|
6a488035 TO	5	+--------------------------------------------------------------------+
	6	\| Copyright CiviCRM LLC (c) 2004-2013 \|
	7	+--------------------------------------------------------------------+
	8	\| This file is a part of CiviCRM. \|
	9	\| \|
	10	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	11	\| under the terms of the GNU Affero General Public License \|
	12	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	13	\| \|
	14	\| CiviCRM is distributed in the hope that it will be useful, but \|
	15	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	16	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	17	\| See the GNU Affero General Public License for more details. \|
	18	\| \|
	19	\| You should have received a copy of the GNU Affero General Public \|
	20	\| License and the CiviCRM Licensing Exception along \|
	21	\| with this program; if not, contact CiviCRM LLC \|
	22	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	23	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	24	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	25	+--------------------------------------------------------------------+
	26	*/
	27
	28	/**
	29	*
	30	* @package CRM
	31	* @copyright CiviCRM LLC (c) 2004-2013
	32	* $Id$
	33	*
	34	*/
	35
	36	/**
	37	*
	38	*/
	39	class CRM_Core_Permission_Base {
	40
085823c1 TO	41	/**
	42	* Translate permission
	43	*
	44	* @param string $name e.g. "administer CiviCRM", "cms:access user record", "Drupal:administer content", "Joomla:action:com_asset"
	45	* @param string $nativePrefix
	46	* @param array $map array($portableName => $nativeName)
	47	* @return NULL\|string a permission name
	48	*/
	49	public function translatePermission($perm, $nativePrefix, $map) {
	50	list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL);
	51	switch ($civiPrefix) {
	52	case $nativePrefix:
	53	return $name; // pass through
	54	case 'cms':
	55	return CRM_Utils_Array::value($name, $map, CRM_Core_Permission::ALWAYS_DENY_PERMISSION);
	56	case NULL:
	57	return $name;
	58	default:
	59	return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
	60	}
	61	}
	62
42762e35 DL	63	/**
	64	* get the current permission of this user
	65	*
	66	* @return string the permission of the user (edit or view or null)
	67	*/
	68	public function getPermission() {
	69	return CRM_Core_Permission::EDIT;
	70	}
	71
6a488035 TO	72	/**
	73	* Get the permissioned where clause for the user
	74	*
	75	* @param int $type the type of permission needed
	76	* @param array $tables (reference ) add the tables that are needed for the select clause
	77	* @param array $whereTables (reference ) add the tables that are needed for the where clause
	78	*
	79	* @return string the group where clause for this user
	80	* @access public
	81	*/
	82	public function whereClause($type, &$tables, &$whereTables) {
	83	return '( 1 )';
	84	}
	85	/**
	86	* Get the permissioned where clause for the user when trying to see groups
	87	*
	88	* @param int $type the type of permission needed
	89	* @param array $tables (reference ) add the tables that are needed for the select clause
	90	* @param array $whereTables (reference ) add the tables that are needed for the where clause
	91	*
	92	* @return string the group where clause for this user
	93	* @access public
	94	*/
	95	public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
	96	$this->group();
	97	return $this->groupClause($type, $tables, $whereTables);
	98	}
	99	/**
	100	* Get all groups from database, filtered by permissions
	101	* for this user
	102	*
	103	* @param string $groupType type of group(Access/Mailing)
	104	* @param boolen $excludeHidden exclude hidden groups.
	105	*
	106	* @access public
	107	*
	108	* @return array - array reference of all groups.
	109	*
	110	*/
	111	public function group($groupType = NULL, $excludeHidden = TRUE) {
42762e35	112	return CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
6a488035 TO	113	}
	114
	115	/**
42762e35	116	* Get group clause for this user
6a488035 TO	117	*
6a488035 TO	118	* @param int $type the type of permission needed
42762e35 DL	119	* @param array $tables (reference ) add the tables that are needed for the select clause
42762e35 DL	120	* @param array $whereTables (reference ) add the tables that are needed for the where clause
6a488035	121	*
42762e35	122	* @return string the group where clause for this user
6a488035 TO	123	* @access public
	124	*/
	125	public function groupClause($type, &$tables, &$whereTables) {
42762e35	126	return ' (1) ';
6a488035 TO	127	}
	128
	129	/**
	130	* given a permission string, check for access requirements
	131	*
	132	* @param string $str the permission to check
	133	*
	134	* @return boolean true if yes, else false
	135	* @access public
	136	*/
	137
	138	function check($str) {
42762e35	139	//no default behaviour
6a488035 TO	140	}
	141
	142	/**
	143	* Given a roles array, check for access requirements
	144	*
	145	* @param array $array the roles to check
	146	*
	147	* @return boolean true if yes, else false
	148	* @access public
	149	*/
42762e35	150
6a488035 TO	151	function checkGroupRole($array) {
	152	return FALSE;
	153	}
	154
	155	/**
	156	* Get all the contact emails for users that have a specific permission
	157	*
	158	* @param string $permissionName name of the permission we are interested in
	159	*
	160	* @return string a comma separated list of email addresses
	161	*/
	162	public function permissionEmails($permissionName) {
	163	CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
	164	}
	165
	166	/**
	167	* Get all the contact emails for users that have a specific role
	168	*
	169	* @param string $roleName name of the role we are interested in
	170	*
	171	* @return string a comma separated list of email addresses
	172	*/
	173	public function roleEmails($roleName) {
	174	CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
	175	}
	176
7fccad46 TO	177	/**
	178	* Determine whether the permission store allows us to store
	179	* a list of permissions generated dynamically (eg by
	180	* hook_civicrm_permissions.)
	181	*
	182	* @return bool
	183	*/
	184	public function isModulePermissionSupported() {
	185	return FALSE;
	186	}
	187
6a488035	188	/**
0d8fc497 TO	189	* Ensure that the CMS supports all the permissions defined by CiviCRM
	190	* and its extensions. If there are stale permissions, they should be
	191	* deleted. This is useful during module upgrade when the newer module
	192	* version has removed permission that were defined in the older version.
c4bc14ed	193	*
0d8fc497	194	* @param array $permissions same format as CRM_Core_Permission::getCorePermissions().
c4bc14ed	195	* @see CRM_Core_Permission::getCorePermissions
6a488035	196	*/
0d8fc497	197	function upgradePermissions($permissions) {
7fccad46	198	throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
6a488035 TO	199	}
	200
	201	/**
	202	* Get the permissions defined in the hook_civicrm_permission implementation
	203	* of the given module.
	204	*
789565bf TO	205	* Note: At time of writing, this is only used with native extension-modules, so
	206	* there's one, predictable calling convention (regardless of CMS).
	207	*
6a488035	208	* @return Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
b57fc2e3	209	* @see CRM_Core_Permission::getCorePermissions
6a488035 TO	210	*/
6a488035 TO	211	static function getModulePermissions($module) {
789565bf TO	212	$return_permissions = array();
	213	$fn_name = "{$module}_civicrm_permission";
	214	if (function_exists($fn_name)) {
	215	$module_permissions = array();
	216	$fn_name($module_permissions);
	217	$return_permissions = $module_permissions;
	218	}
	219	return $return_permissions;
6a488035 TO	220	}
	221
	222	/**
	223	* Get the permissions defined in the hook_civicrm_permission implementation
	224	* in all enabled CiviCRM module extensions.
	225	*
	226	* @return Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
	227	*/
	228	function getAllModulePermissions() {
	229	$permissions = array();
	230	CRM_Utils_Hook::permission($permissions);
	231	return $permissions;
	232	}
	233	}
	234