Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
fee14197 | 4 | | CiviCRM version 5 | |
6a488035 | 5 | +--------------------------------------------------------------------+ |
f299f7db | 6 | | Copyright CiviCRM LLC (c) 2004-2020 | |
6a488035 TO |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
d25dd0ee | 26 | */ |
6a488035 TO |
27 | |
28 | /** | |
29 | * | |
30 | * @package CRM | |
f299f7db | 31 | * @copyright CiviCRM LLC (c) 2004-2020 |
6a488035 TO |
32 | * $Id$ |
33 | * | |
34 | */ | |
35 | ||
36 | /** | |
37 | * | |
38 | */ | |
39 | class CRM_Core_Permission_Drupal6 extends CRM_Core_Permission_DrupalBase { | |
40 | ||
41 | /** | |
d09edf64 | 42 | * Is this user someone with access for the entire system. |
6a488035 | 43 | * |
b67daa72 | 44 | * @var bool |
6a488035 TO |
45 | */ |
46 | protected $_viewAdminUser = FALSE; | |
47 | protected $_editAdminUser = FALSE; | |
48 | ||
49 | /** | |
100fef9d | 50 | * Am in in view permission or edit permission? |
b67daa72 | 51 | * @var bool |
6a488035 TO |
52 | */ |
53 | protected $_viewPermission = FALSE; | |
54 | protected $_editPermission = FALSE; | |
55 | ||
56 | /** | |
d09edf64 | 57 | * The current set of permissioned groups for the user. |
6a488035 TO |
58 | * |
59 | * @var array | |
60 | */ | |
61 | protected $_viewPermissionedGroups; | |
62 | protected $_editPermissionedGroups; | |
63 | ||
085823c1 | 64 | /** |
100fef9d | 65 | * Given a permission string, check for access requirements |
085823c1 | 66 | * |
6a0b768e TO |
67 | * @param string $str |
68 | * The permission to check. | |
085823c1 | 69 | * |
18be3201 | 70 | * @param int $userId |
77b97be7 | 71 | * |
317fceb4 | 72 | * @return bool |
a6c01b45 | 73 | * true if yes, else false |
085823c1 | 74 | */ |
18be3201 | 75 | public function check($str, $userId = NULL) { |
be2fb01f | 76 | $str = $this->translatePermission($str, 'Drupal6', [ |
085823c1 | 77 | 'view user account' => 'access user profiles', |
ccd74e76 | 78 | 'administer users' => 'administer users', |
be2fb01f | 79 | ]); |
085823c1 TO |
80 | if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { |
81 | return FALSE; | |
82 | } | |
83 | if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
84 | return TRUE; | |
85 | } | |
86 | if (function_exists('user_access')) { | |
18be3201 CW |
87 | $account = NULL; |
88 | if ($userId) { | |
89 | $account = user_load($userId); | |
90 | } | |
91 | return user_access($str, $account); | |
085823c1 TO |
92 | } |
93 | return TRUE; | |
94 | } | |
95 | ||
6a488035 TO |
96 | /** |
97 | * Given a roles array, check for access requirements | |
98 | * | |
6a0b768e TO |
99 | * @param array $array |
100 | * The roles to check. | |
6a488035 | 101 | * |
317fceb4 | 102 | * @return bool |
a6c01b45 | 103 | * true if yes, else false |
6a488035 | 104 | */ |
00be9182 | 105 | public function checkGroupRole($array) { |
6a488035 | 106 | if (function_exists('user_load') && isset($array)) { |
be2fb01f | 107 | $user = user_load(['uid' => $GLOBALS['user']->uid]); |
6a488035 TO |
108 | //if giver roles found in user roles - return true |
109 | foreach ($array as $key => $value) { | |
110 | if (in_array($value, $user->roles)) { | |
111 | return TRUE; | |
112 | } | |
113 | } | |
114 | } | |
115 | return FALSE; | |
116 | } | |
117 | ||
118 | /** | |
d09edf64 | 119 | * Get all the contact emails for users that have a specific role. |
6a488035 | 120 | * |
6a0b768e TO |
121 | * @param string $roleName |
122 | * Name of the role we are interested in. | |
6a488035 | 123 | * |
a6c01b45 CW |
124 | * @return string |
125 | * a comma separated list of email addresses | |
6a488035 TO |
126 | */ |
127 | public function roleEmails($roleName) { | |
be2fb01f | 128 | static $_cache = []; |
6a488035 TO |
129 | |
130 | if (isset($_cache[$roleName])) { | |
131 | return $_cache[$roleName]; | |
132 | } | |
133 | ||
be2fb01f | 134 | $uids = []; |
6a488035 TO |
135 | $sql = " |
136 | SELECT {users}.uid | |
137 | FROM {users} | |
138 | LEFT JOIN {users_roles} ON {users}.uid = {users_roles}.uid | |
139 | INNER JOIN {role} ON ( {role}.rid = {users_roles}.rid OR {role}.rid = 2 ) | |
140 | WHERE {role}. name LIKE '%%{$roleName}%%' | |
141 | AND {users}.status = 1 | |
142 | "; | |
143 | ||
144 | $query = db_query($sql); | |
145 | while ($result = db_fetch_object($query)) { | |
2aa397bc TO |
146 | $uids[] = $result->uid; |
147 | } | |
6a488035 TO |
148 | |
149 | $_cache[$roleName] = self::getContactEmails($uids); | |
150 | return $_cache[$roleName]; | |
151 | } | |
152 | ||
153 | /** | |
d09edf64 | 154 | * Get all the contact emails for users that have a specific permission. |
6a488035 | 155 | * |
6a0b768e TO |
156 | * @param string $permissionName |
157 | * Name of the permission we are interested in. | |
6a488035 | 158 | * |
a6c01b45 CW |
159 | * @return string |
160 | * a comma separated list of email addresses | |
6a488035 TO |
161 | */ |
162 | public function permissionEmails($permissionName) { | |
be2fb01f | 163 | static $_cache = []; |
6a488035 TO |
164 | |
165 | if (isset($_cache[$permissionName])) { | |
166 | return $_cache[$permissionName]; | |
167 | } | |
168 | ||
be2fb01f | 169 | $uids = []; |
6a488035 TO |
170 | $sql = " |
171 | SELECT {users}.uid, {permission}.perm | |
172 | FROM {users} | |
173 | LEFT JOIN {users_roles} ON {users}.uid = {users_roles}.uid | |
174 | INNER JOIN {permission} ON ( {permission}.rid = {users_roles}.rid OR {permission}.rid = 2 ) | |
175 | WHERE {permission}.perm LIKE '%%{$permissionName}%%' | |
176 | AND {users}.status = 1 | |
177 | "; | |
178 | ||
179 | $query = db_query($sql); | |
180 | while ($result = db_fetch_object($query)) { | |
2aa397bc TO |
181 | $uids[] = $result->uid; |
182 | } | |
6a488035 | 183 | |
2aa397bc TO |
184 | $_cache[$permissionName] = self::getContactEmails($uids); |
185 | return $_cache[$permissionName]; | |
6a488035 TO |
186 | } |
187 | ||
dea68872 | 188 | /** |
e7c15cb6 | 189 | * @inheritDoc |
dea68872 TO |
190 | */ |
191 | public function isModulePermissionSupported() { | |
192 | return TRUE; | |
193 | } | |
194 | ||
6a488035 | 195 | /** |
e7c15cb6 | 196 | * @inheritDoc |
6a488035 TO |
197 | * |
198 | * Does nothing in Drupal 6. | |
199 | */ | |
00be9182 | 200 | public function upgradePermissions($permissions) { |
dea68872 | 201 | // D6 allows us to be really lazy... things get cleaned up when the admin form is next submitted... |
6a488035 TO |
202 | } |
203 | ||
204 | /** | |
205 | * Get the permissions defined in the hook_civicrm_permission implementation | |
206 | * of the given module. | |
207 | * | |
da6b46f4 EM |
208 | * @param $module |
209 | * | |
16b10e64 CW |
210 | * @return array |
211 | * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions(). | |
6a488035 | 212 | */ |
00be9182 | 213 | public static function getModulePermissions($module) { |
be2fb01f | 214 | $return_permissions = []; |
6a488035 TO |
215 | $fn_name = "{$module}_civicrm_permission"; |
216 | if (function_exists($fn_name)) { | |
217 | $fn_name($return_permissions); | |
218 | } | |
219 | return $return_permissions; | |
220 | } | |
96025800 | 221 | |
6a488035 | 222 | } |