[civicrm-core.git] / CRM / Core / Permission / Base.php

<?php
/*
 +--------------------------------------------------------------------+
 | CiviCRM version 5                                                  |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2020                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License and the CiviCRM Licensing Exception along                  |
 | with this program; if not, contact CiviCRM LLC                     |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
 */

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC https://civicrm.org/licensing
 * $Id$
 *
 */

/**
 *
 */
class CRM_Core_Permission_Base {

  /**
   * permission mapping to stub check() calls
   * @var array
   */
  public $permissions = NULL;

  /**
   * Translate permission.
   *
   * @param string $perm
   *   Permission string e.g "administer CiviCRM", "cms:access user record", "Drupal:administer content",
   *   "Joomla:action:com_asset"
   *
   * @param string $nativePrefix
   * @param array $map
   *   Array($portableName => $nativeName).
   *
   * @return NULL|string
   *   a permission name
   */
  public function translatePermission($perm, $nativePrefix, $map) {
    list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL);
    switch ($civiPrefix) {
      case $nativePrefix:
        return $name;

      // pass through
      case 'cms':
        return CRM_Utils_Array::value($name, $map, CRM_Core_Permission::ALWAYS_DENY_PERMISSION);

      case NULL:
        return $name;

      default:
        return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
    }
  }

  /**
   * Get the current permission of this user.
   *
   * @return string
   *   the permission of the user (edit or view or null)
   */
  public function getPermission() {
    return CRM_Core_Permission::EDIT;
  }

  /**
   * Get the permissioned where clause for the user.
   *
   * @param int $type
   *   The type of permission needed.
   * @param array $tables
   *   (reference ) add the tables that are needed for the select clause.
   * @param array $whereTables
   *   (reference ) add the tables that are needed for the where clause.
   *
   * @return string
   *   the group where clause for this user
   */
  public function whereClause($type, &$tables, &$whereTables) {
    return '( 1 )';
  }

  /**
   * Get the permissioned where clause for the user when trying to see groups.
   *
   * @param int $type
   *   The type of permission needed.
   * @param array $tables
   *   (reference ) add the tables that are needed for the select clause.
   * @param array $whereTables
   *   (reference ) add the tables that are needed for the where clause.
   *
   * @return string
   *   the group where clause for this user
   */
  public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
    $this->group();
    return $this->groupClause($type, $tables, $whereTables);
  }

  /**
   * Get all groups from database, filtered by permissions
   * for this user
   *
   * @param string $groupType
   *   Type of group(Access/Mailing).
   * @param bool $excludeHidden
   *   exclude hidden groups.
   *
   *
   * @return array
   *   array reference of all groups.
   */
  public function group($groupType = NULL, $excludeHidden = TRUE) {
    return CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
  }

  /**
   * Get group clause for this user.
   *
   * @param int $type
   *   The type of permission needed.
   * @param array $tables
   *   (reference ) add the tables that are needed for the select clause.
   * @param array $whereTables
   *   (reference ) add the tables that are needed for the where clause.
   *
   * @return string
   *   the group where clause for this user
   */
  public function groupClause($type, &$tables, &$whereTables) {
    return ' (1) ';
  }

  /**
   * Given a permission string, check for access requirements
   *
   * @param string $str
   *   The permission to check.
   * @param int $userId
   *
   */
  public function check($str, $userId = NULL) {
    //no default behaviour
  }

  /**
   * Given a roles array, check for access requirements
   *
   * @param array $array
   *   The roles to check.
   *
   * @return bool
   *   true if yes, else false
   */
  public function checkGroupRole($array) {
    return FALSE;
  }

  /**
   * Get all the contact emails for users that have a specific permission.
   *
   * @param string $permissionName
   *   Name of the permission we are interested in.
   *
   */
  public function permissionEmails($permissionName) {
    CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
  }

  /**
   * Get all the contact emails for users that have a specific role.
   *
   * @param string $roleName
   *   Name of the role we are interested in.
   *
   */
  public function roleEmails($roleName) {
    CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
  }

  /**
   * Determine whether the permission store allows us to store
   * a list of permissions generated dynamically (eg by
   * hook_civicrm_permissions.)
   *
   * @return bool
   */
  public function isModulePermissionSupported() {
    return FALSE;
  }

  /**
   * Ensure that the CMS supports all the permissions defined by CiviCRM
   * and its extensions. If there are stale permissions, they should be
   * deleted. This is useful during module upgrade when the newer module
   * version has removed permission that were defined in the older version.
   *
   * @param array $permissions
   *   Same format as CRM_Core_Permission::getCorePermissions().
   *
   * @throws CRM_Core_Exception
   * @see CRM_Core_Permission::getCorePermissions
   */
  public function upgradePermissions($permissions) {
    throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
  }

  /**
   * Get the permissions defined in the hook_civicrm_permission implementation
   * of the given module.
   *
   * Note: At time of writing, this is only used with native extension-modules, so
   * there's one, predictable calling convention (regardless of CMS).
   *
   * @param $module
   *
   * @return array
   *   Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
   * @see CRM_Core_Permission::getCorePermissions
   */
  public static function getModulePermissions($module) {
    $return_permissions = [];
    $fn_name = "{$module}_civicrm_permission";
    if (function_exists($fn_name)) {
      $module_permissions = [];
      $fn_name($module_permissions);
      $return_permissions = $module_permissions;
    }
    return $return_permissions;
  }

  /**
   * Get the permissions defined in the hook_civicrm_permission implementation
   * in all enabled CiviCRM module extensions.
   *
   * @param bool $descriptions
   *
   * @return array
   *   Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
   */
  public function getAllModulePermissions($descriptions = FALSE) {
    $permissions = [];
    CRM_Utils_Hook::permission($permissions);

    if ($descriptions) {
      foreach ($permissions as $permission => $label) {
        $permissions[$permission] = (is_array($label)) ? $label : [$label];
      }
    }
    else {
      foreach ($permissions as $permission => $label) {
        $permissions[$permission] = (is_array($label)) ? array_shift($label) : $label;
      }
    }
    return $permissions;
  }

}
Commit	Line	Data
6a488035 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
fee14197	4	\| CiviCRM version 5 \|
6a488035	5	+--------------------------------------------------------------------+
f299f7db	6	\| Copyright CiviCRM LLC (c) 2004-2020 \|
6a488035 TO	7	+--------------------------------------------------------------------+
	8	\| This file is a part of CiviCRM. \|
	9	\| \|
	10	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	11	\| under the terms of the GNU Affero General Public License \|
	12	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	13	\| \|
	14	\| CiviCRM is distributed in the hope that it will be useful, but \|
	15	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	16	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	17	\| See the GNU Affero General Public License for more details. \|
	18	\| \|
	19	\| You should have received a copy of the GNU Affero General Public \|
	20	\| License and the CiviCRM Licensing Exception along \|
	21	\| with this program; if not, contact CiviCRM LLC \|
	22	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	23	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	24	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	25	+--------------------------------------------------------------------+
d25dd0ee	26	*/
6a488035 TO	27
	28	/**
	29	*
	30	* @package CRM
ca5cec67	31	* @copyright CiviCRM LLC https://civicrm.org/licensing
6a488035 TO	32	* $Id$
	33	*
	34	*/
	35
	36	/**
	37	*
	38	*/
	39	class CRM_Core_Permission_Base {
	40
518fa0ee SL	41	/**
	42	* permission mapping to stub check() calls
	43	* @var array
	44	*/
dcbec360 EM	45	public $permissions = NULL;
dcbec360 EM	46
085823c1	47	/**
d09edf64	48	* Translate permission.
085823c1	49	*
6ad55d91 EM	50	* @param string $perm
	51	* Permission string e.g "administer CiviCRM", "cms:access user record", "Drupal:administer content",
	52	* "Joomla:action:com_asset"
	53	*
085823c1	54	* @param string $nativePrefix
6a0b768e TO	55	* @param array $map
6a0b768e TO	56	* Array($portableName => $nativeName).
77b97be7	57	*
72b3a70c CW	58	* @return NULL\|string
72b3a70c CW	59	* a permission name
085823c1 TO	60	*/
	61	public function translatePermission($perm, $nativePrefix, $map) {
	62	list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL);
	63	switch ($civiPrefix) {
	64	case $nativePrefix:
2aa397bc TO	65	return $name;
	66
	67	// pass through
085823c1 TO	68	case 'cms':
085823c1 TO	69	return CRM_Utils_Array::value($name, $map, CRM_Core_Permission::ALWAYS_DENY_PERMISSION);
2aa397bc	70
085823c1 TO	71	case NULL:
085823c1 TO	72	return $name;
2aa397bc	73
085823c1 TO	74	default:
	75	return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
	76	}
	77	}
	78
42762e35	79	/**
d09edf64	80	* Get the current permission of this user.
42762e35	81	*
a6c01b45 CW	82	* @return string
a6c01b45 CW	83	* the permission of the user (edit or view or null)
42762e35 DL	84	*/
	85	public function getPermission() {
	86	return CRM_Core_Permission::EDIT;
	87	}
	88
6a488035	89	/**
d09edf64	90	* Get the permissioned where clause for the user.
6a488035	91	*
6a0b768e TO	92	* @param int $type
	93	* The type of permission needed.
	94	* @param array $tables
	95	* (reference ) add the tables that are needed for the select clause.
	96	* @param array $whereTables
	97	* (reference ) add the tables that are needed for the where clause.
6a488035	98	*
a6c01b45 CW	99	* @return string
a6c01b45 CW	100	* the group where clause for this user
6a488035 TO	101	*/
	102	public function whereClause($type, &$tables, &$whereTables) {
	103	return '( 1 )';
	104	}
353ffa53	105
6a488035	106	/**
d09edf64	107	* Get the permissioned where clause for the user when trying to see groups.
6a488035	108	*
6a0b768e TO	109	* @param int $type
	110	* The type of permission needed.
	111	* @param array $tables
	112	* (reference ) add the tables that are needed for the select clause.
	113	* @param array $whereTables
	114	* (reference ) add the tables that are needed for the where clause.
6a488035	115	*
a6c01b45 CW	116	* @return string
a6c01b45 CW	117	* the group where clause for this user
6a488035 TO	118	*/
	119	public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
	120	$this->group();
	121	return $this->groupClause($type, $tables, $whereTables);
	122	}
77b97be7	123
6a488035 TO	124	/**
	125	* Get all groups from database, filtered by permissions
	126	* for this user
	127	*
6a0b768e TO	128	* @param string $groupType
6a0b768e TO	129	* Type of group(Access/Mailing).
3f8d2862 CW	130	* @param bool $excludeHidden
3f8d2862 CW	131	* exclude hidden groups.
6a488035	132	*
6a488035	133	*
a6c01b45 CW	134	* @return array
a6c01b45 CW	135	* array reference of all groups.
6a488035 TO	136	*/
6a488035 TO	137	public function group($groupType = NULL, $excludeHidden = TRUE) {
42762e35	138	return CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
6a488035 TO	139	}
	140
	141	/**
d09edf64	142	* Get group clause for this user.
6a488035	143	*
6a0b768e TO	144	* @param int $type
	145	* The type of permission needed.
	146	* @param array $tables
	147	* (reference ) add the tables that are needed for the select clause.
	148	* @param array $whereTables
	149	* (reference ) add the tables that are needed for the where clause.
6a488035	150	*
a6c01b45 CW	151	* @return string
a6c01b45 CW	152	* the group where clause for this user
6a488035 TO	153	*/
6a488035 TO	154	public function groupClause($type, &$tables, &$whereTables) {
42762e35	155	return ' (1) ';
6a488035 TO	156	}
	157
	158	/**
100fef9d	159	* Given a permission string, check for access requirements
6a488035	160	*
6a0b768e TO	161	* @param string $str
6a0b768e TO	162	* The permission to check.
18be3201	163	* @param int $userId
6a488035	164	*
6a488035	165	*/
18be3201	166	public function check($str, $userId = NULL) {
42762e35	167	//no default behaviour
6a488035 TO	168	}
	169
	170	/**
	171	* Given a roles array, check for access requirements
	172	*
6a0b768e TO	173	* @param array $array
6a0b768e TO	174	* The roles to check.
6a488035	175	*
7c550ca0	176	* @return bool
a6c01b45	177	* true if yes, else false
6a488035	178	*/
00be9182	179	public function checkGroupRole($array) {
6a488035 TO	180	return FALSE;
	181	}
	182
	183	/**
d09edf64	184	* Get all the contact emails for users that have a specific permission.
6a488035	185	*
6a0b768e TO	186	* @param string $permissionName
6a0b768e TO	187	* Name of the permission we are interested in.
6a488035	188	*
6a488035 TO	189	*/
	190	public function permissionEmails($permissionName) {
	191	CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
	192	}
	193
	194	/**
d09edf64	195	* Get all the contact emails for users that have a specific role.
6a488035	196	*
6a0b768e TO	197	* @param string $roleName
6a0b768e TO	198	* Name of the role we are interested in.
6a488035	199	*
6a488035 TO	200	*/
	201	public function roleEmails($roleName) {
	202	CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
	203	}
	204
7fccad46 TO	205	/**
	206	* Determine whether the permission store allows us to store
	207	* a list of permissions generated dynamically (eg by
	208	* hook_civicrm_permissions.)
	209	*
	210	* @return bool
	211	*/
	212	public function isModulePermissionSupported() {
	213	return FALSE;
	214	}
	215
6a488035	216	/**
0d8fc497 TO	217	* Ensure that the CMS supports all the permissions defined by CiviCRM
	218	* and its extensions. If there are stale permissions, they should be
	219	* deleted. This is useful during module upgrade when the newer module
	220	* version has removed permission that were defined in the older version.
c4bc14ed	221	*
6a0b768e TO	222	* @param array $permissions
6a0b768e TO	223	* Same format as CRM_Core_Permission::getCorePermissions().
77b97be7 EM	224	*
77b97be7 EM	225	* @throws CRM_Core_Exception
c4bc14ed	226	* @see CRM_Core_Permission::getCorePermissions
6a488035	227	*/
00be9182	228	public function upgradePermissions($permissions) {
7fccad46	229	throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
6a488035 TO	230	}
	231
	232	/**
	233	* Get the permissions defined in the hook_civicrm_permission implementation
	234	* of the given module.
	235	*
789565bf TO	236	* Note: At time of writing, this is only used with native extension-modules, so
	237	* there's one, predictable calling convention (regardless of CMS).
	238	*
77b97be7 EM	239	* @param $module
77b97be7 EM	240	*
16b10e64 CW	241	* @return array
16b10e64 CW	242	* Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
b57fc2e3	243	* @see CRM_Core_Permission::getCorePermissions
6a488035	244	*/
00be9182	245	public static function getModulePermissions($module) {
be2fb01f	246	$return_permissions = [];
789565bf TO	247	$fn_name = "{$module}_civicrm_permission";
789565bf TO	248	if (function_exists($fn_name)) {
be2fb01f	249	$module_permissions = [];
789565bf TO	250	$fn_name($module_permissions);
	251	$return_permissions = $module_permissions;
	252	}
	253	return $return_permissions;
6a488035 TO	254	}
	255
	256	/**
	257	* Get the permissions defined in the hook_civicrm_permission implementation
	258	* in all enabled CiviCRM module extensions.
	259	*
54957108	260	* @param bool $descriptions
54957108	261	*
16b10e64 CW	262	* @return array
16b10e64 CW	263	* Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
6a488035	264	*/
f1db52b9	265	public function getAllModulePermissions($descriptions = FALSE) {
be2fb01f	266	$permissions = [];
6a488035	267	CRM_Utils_Hook::permission($permissions);
f1db52b9 AH	268
	269	if ($descriptions) {
	270	foreach ($permissions as $permission => $label) {
be2fb01f	271	$permissions[$permission] = (is_array($label)) ? $label : [$label];
f1db52b9 AH	272	}
	273	}
	274	else {
	275	foreach ($permissions as $permission => $label) {
	276	$permissions[$permission] = (is_array($label)) ? array_shift($label) : $label;
	277	}
	278	}
6a488035 TO	279	return $permissions;
6a488035 TO	280	}
96025800	281
6a488035	282	}