Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
6a488035 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
6a488035 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
6a488035 TO |
11 | |
12 | /** | |
13 | * | |
14 | * @package CRM | |
ca5cec67 | 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
6a488035 TO |
16 | */ |
17 | ||
18 | /** | |
19 | * | |
20 | */ | |
d3e86119 | 21 | class CRM_Core_Permission_Drupal extends CRM_Core_Permission_DrupalBase { |
6a488035 TO |
22 | |
23 | /** | |
d09edf64 | 24 | * Is this user someone with access for the entire system. |
6a488035 | 25 | * |
b67daa72 | 26 | * @var bool |
6a488035 TO |
27 | */ |
28 | protected $_viewAdminUser = FALSE; | |
29 | protected $_editAdminUser = FALSE; | |
30 | ||
31 | /** | |
100fef9d | 32 | * Am in in view permission or edit permission? |
b67daa72 | 33 | * @var bool |
6a488035 TO |
34 | */ |
35 | protected $_viewPermission = FALSE; | |
36 | protected $_editPermission = FALSE; | |
37 | ||
38 | /** | |
d09edf64 | 39 | * The current set of permissioned groups for the user. |
6a488035 TO |
40 | * |
41 | * @var array | |
42 | */ | |
43 | protected $_viewPermissionedGroups; | |
44 | protected $_editPermissionedGroups; | |
45 | ||
085823c1 | 46 | /** |
100fef9d | 47 | * Given a permission string, check for access requirements |
085823c1 | 48 | * |
6a0b768e TO |
49 | * @param string $str |
50 | * The permission to check. | |
085823c1 | 51 | * |
18be3201 | 52 | * @param int $userId |
77b97be7 | 53 | * |
e7483cbe | 54 | * @return bool |
a6c01b45 | 55 | * true if yes, else false |
085823c1 | 56 | */ |
18be3201 | 57 | public function check($str, $userId = NULL) { |
be2fb01f | 58 | $str = $this->translatePermission($str, 'Drupal', [ |
085823c1 | 59 | 'view user account' => 'access user profiles', |
ccd74e76 | 60 | 'administer users' => 'administer users', |
be2fb01f | 61 | ]); |
085823c1 TO |
62 | if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { |
63 | return FALSE; | |
64 | } | |
65 | if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
66 | return TRUE; | |
67 | } | |
68 | if (function_exists('user_access')) { | |
18be3201 CW |
69 | $account = NULL; |
70 | if ($userId) { | |
71 | $account = user_load($userId); | |
72 | } | |
73 | return user_access($str, $account); | |
085823c1 TO |
74 | } |
75 | return TRUE; | |
76 | } | |
6a488035 TO |
77 | |
78 | /** | |
79 | * Given a roles array, check for access requirements | |
80 | * | |
6a0b768e TO |
81 | * @param array $array |
82 | * The roles to check. | |
6a488035 | 83 | * |
e7483cbe | 84 | * @return bool |
a6c01b45 | 85 | * true if yes, else false |
6a488035 | 86 | */ |
00be9182 | 87 | public function checkGroupRole($array) { |
6a488035 | 88 | if (function_exists('user_load') && isset($array)) { |
481a74f4 | 89 | $user = user_load($GLOBALS['user']->uid); |
6a488035 TO |
90 | //if giver roles found in user roles - return true |
91 | foreach ($array as $key => $value) { | |
92 | if (in_array($value, $user->roles)) { | |
93 | return TRUE; | |
94 | } | |
95 | } | |
96 | } | |
97 | return FALSE; | |
98 | } | |
99 | ||
7fccad46 | 100 | /** |
e7c15cb6 | 101 | * @inheritDoc |
7fccad46 TO |
102 | */ |
103 | public function isModulePermissionSupported() { | |
104 | return TRUE; | |
105 | } | |
106 | ||
6a488035 | 107 | /** |
e7c15cb6 | 108 | * @inheritDoc |
6a488035 | 109 | */ |
00be9182 | 110 | public function upgradePermissions($permissions) { |
0d8fc497 TO |
111 | if (empty($permissions)) { |
112 | throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing"); | |
6a488035 | 113 | } |
0d8fc497 TO |
114 | $query = db_delete('role_permission') |
115 | ->condition('module', 'civicrm') | |
116 | ->condition('permission', array_keys($permissions), 'NOT IN'); | |
6a488035 TO |
117 | $query->execute(); |
118 | } | |
d0c9a093 BS |
119 | |
120 | /** | |
d09edf64 | 121 | * Get all the contact emails for users that have a specific permission. |
d0c9a093 | 122 | * |
6a0b768e TO |
123 | * @param string $permissionName |
124 | * Name of the permission we are interested in. | |
d0c9a093 | 125 | * |
a6c01b45 CW |
126 | * @return string |
127 | * a comma separated list of email addresses | |
d0c9a093 BS |
128 | */ |
129 | public function permissionEmails($permissionName) { | |
be2fb01f | 130 | static $_cache = []; |
d0c9a093 BS |
131 | |
132 | if (isset($_cache[$permissionName])) { | |
133 | return $_cache[$permissionName]; | |
134 | } | |
135 | ||
be2fb01f | 136 | $uids = []; |
d0c9a093 BS |
137 | $sql = " |
138 | SELECT {users}.uid, {role_permission}.permission | |
139 | FROM {users} | |
140 | JOIN {users_roles} | |
141 | ON {users}.uid = {users_roles}.uid | |
142 | JOIN {role_permission} | |
143 | ON {role_permission}.rid = {users_roles}.rid | |
144 | WHERE {role_permission}.permission = '{$permissionName}' | |
145 | AND {users}.status = 1 | |
146 | "; | |
147 | ||
148 | $result = db_query($sql); | |
481a74f4 | 149 | foreach ($result as $record) { |
d0c9a093 BS |
150 | $uids[] = $record->uid; |
151 | } | |
152 | ||
153 | $_cache[$permissionName] = self::getContactEmails($uids); | |
154 | return $_cache[$permissionName]; | |
155 | } | |
96025800 | 156 | |
6a488035 | 157 | } |