Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
7e9e8871 | 4 | | CiviCRM version 4.7 | |
6a488035 | 5 | +--------------------------------------------------------------------+ |
0f03f337 | 6 | | Copyright CiviCRM LLC (c) 2004-2017 | |
6a488035 TO |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
d25dd0ee | 26 | */ |
6a488035 TO |
27 | |
28 | /** | |
29 | * | |
30 | * @package CRM | |
0f03f337 | 31 | * @copyright CiviCRM LLC (c) 2004-2017 |
6a488035 TO |
32 | * $Id$ |
33 | * | |
34 | */ | |
35 | ||
36 | /** | |
37 | * | |
38 | */ | |
d3e86119 | 39 | class CRM_Core_Permission_Drupal extends CRM_Core_Permission_DrupalBase { |
6a488035 TO |
40 | |
41 | /** | |
d09edf64 | 42 | * Is this user someone with access for the entire system. |
6a488035 TO |
43 | * |
44 | * @var boolean | |
45 | */ | |
46 | protected $_viewAdminUser = FALSE; | |
47 | protected $_editAdminUser = FALSE; | |
48 | ||
49 | /** | |
100fef9d | 50 | * Am in in view permission or edit permission? |
6a488035 TO |
51 | * @var boolean |
52 | */ | |
53 | protected $_viewPermission = FALSE; | |
54 | protected $_editPermission = FALSE; | |
55 | ||
56 | /** | |
d09edf64 | 57 | * The current set of permissioned groups for the user. |
6a488035 TO |
58 | * |
59 | * @var array | |
60 | */ | |
61 | protected $_viewPermissionedGroups; | |
62 | protected $_editPermissionedGroups; | |
63 | ||
64 | ||
085823c1 | 65 | /** |
100fef9d | 66 | * Given a permission string, check for access requirements |
085823c1 | 67 | * |
6a0b768e TO |
68 | * @param string $str |
69 | * The permission to check. | |
085823c1 | 70 | * |
100fef9d | 71 | * @param int $contactID |
77b97be7 | 72 | * |
e7483cbe | 73 | * @return bool |
a6c01b45 | 74 | * true if yes, else false |
085823c1 | 75 | */ |
00be9182 | 76 | public function check($str, $contactID = NULL) { |
085823c1 TO |
77 | $str = $this->translatePermission($str, 'Drupal', array( |
78 | 'view user account' => 'access user profiles', | |
ccd74e76 | 79 | 'administer users' => 'administer users', |
085823c1 TO |
80 | )); |
81 | if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { | |
82 | return FALSE; | |
83 | } | |
84 | if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
85 | return TRUE; | |
86 | } | |
87 | if (function_exists('user_access')) { | |
88 | return user_access($str) ? TRUE : FALSE; | |
89 | } | |
90 | return TRUE; | |
91 | } | |
6a488035 TO |
92 | |
93 | /** | |
94 | * Given a roles array, check for access requirements | |
95 | * | |
6a0b768e TO |
96 | * @param array $array |
97 | * The roles to check. | |
6a488035 | 98 | * |
e7483cbe | 99 | * @return bool |
a6c01b45 | 100 | * true if yes, else false |
6a488035 | 101 | */ |
00be9182 | 102 | public function checkGroupRole($array) { |
6a488035 | 103 | if (function_exists('user_load') && isset($array)) { |
481a74f4 | 104 | $user = user_load($GLOBALS['user']->uid); |
6a488035 TO |
105 | //if giver roles found in user roles - return true |
106 | foreach ($array as $key => $value) { | |
107 | if (in_array($value, $user->roles)) { | |
108 | return TRUE; | |
109 | } | |
110 | } | |
111 | } | |
112 | return FALSE; | |
113 | } | |
114 | ||
7fccad46 | 115 | /** |
e7c15cb6 | 116 | * @inheritDoc |
7fccad46 TO |
117 | */ |
118 | public function isModulePermissionSupported() { | |
119 | return TRUE; | |
120 | } | |
121 | ||
6a488035 | 122 | /** |
e7c15cb6 | 123 | * @inheritDoc |
6a488035 | 124 | */ |
00be9182 | 125 | public function upgradePermissions($permissions) { |
0d8fc497 TO |
126 | if (empty($permissions)) { |
127 | throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing"); | |
6a488035 | 128 | } |
0d8fc497 TO |
129 | $query = db_delete('role_permission') |
130 | ->condition('module', 'civicrm') | |
131 | ->condition('permission', array_keys($permissions), 'NOT IN'); | |
6a488035 TO |
132 | $query->execute(); |
133 | } | |
d0c9a093 BS |
134 | |
135 | /** | |
d09edf64 | 136 | * Get all the contact emails for users that have a specific permission. |
d0c9a093 | 137 | * |
6a0b768e TO |
138 | * @param string $permissionName |
139 | * Name of the permission we are interested in. | |
d0c9a093 | 140 | * |
a6c01b45 CW |
141 | * @return string |
142 | * a comma separated list of email addresses | |
d0c9a093 BS |
143 | */ |
144 | public function permissionEmails($permissionName) { | |
145 | static $_cache = array(); | |
146 | ||
147 | if (isset($_cache[$permissionName])) { | |
148 | return $_cache[$permissionName]; | |
149 | } | |
150 | ||
151 | $uids = array(); | |
152 | $sql = " | |
153 | SELECT {users}.uid, {role_permission}.permission | |
154 | FROM {users} | |
155 | JOIN {users_roles} | |
156 | ON {users}.uid = {users_roles}.uid | |
157 | JOIN {role_permission} | |
158 | ON {role_permission}.rid = {users_roles}.rid | |
159 | WHERE {role_permission}.permission = '{$permissionName}' | |
160 | AND {users}.status = 1 | |
161 | "; | |
162 | ||
163 | $result = db_query($sql); | |
481a74f4 | 164 | foreach ($result as $record) { |
d0c9a093 BS |
165 | $uids[] = $record->uid; |
166 | } | |
167 | ||
168 | $_cache[$permissionName] = self::getContactEmails($uids); | |
169 | return $_cache[$permissionName]; | |
170 | } | |
96025800 | 171 | |
6a488035 | 172 | } |