Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
6a488035 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
6a488035 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
6a488035 TO |
11 | |
12 | /** | |
13 | * | |
14 | * @package CRM | |
ca5cec67 | 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
6a488035 TO |
16 | * $Id$ |
17 | * | |
18 | */ | |
19 | ||
20 | /** | |
21 | * | |
22 | */ | |
23 | class CRM_Core_Permission_Drupal6 extends CRM_Core_Permission_DrupalBase { | |
24 | ||
25 | /** | |
d09edf64 | 26 | * Is this user someone with access for the entire system. |
6a488035 | 27 | * |
b67daa72 | 28 | * @var bool |
6a488035 TO |
29 | */ |
30 | protected $_viewAdminUser = FALSE; | |
31 | protected $_editAdminUser = FALSE; | |
32 | ||
33 | /** | |
100fef9d | 34 | * Am in in view permission or edit permission? |
b67daa72 | 35 | * @var bool |
6a488035 TO |
36 | */ |
37 | protected $_viewPermission = FALSE; | |
38 | protected $_editPermission = FALSE; | |
39 | ||
40 | /** | |
d09edf64 | 41 | * The current set of permissioned groups for the user. |
6a488035 TO |
42 | * |
43 | * @var array | |
44 | */ | |
45 | protected $_viewPermissionedGroups; | |
46 | protected $_editPermissionedGroups; | |
47 | ||
085823c1 | 48 | /** |
100fef9d | 49 | * Given a permission string, check for access requirements |
085823c1 | 50 | * |
6a0b768e TO |
51 | * @param string $str |
52 | * The permission to check. | |
085823c1 | 53 | * |
18be3201 | 54 | * @param int $userId |
77b97be7 | 55 | * |
317fceb4 | 56 | * @return bool |
a6c01b45 | 57 | * true if yes, else false |
085823c1 | 58 | */ |
18be3201 | 59 | public function check($str, $userId = NULL) { |
be2fb01f | 60 | $str = $this->translatePermission($str, 'Drupal6', [ |
085823c1 | 61 | 'view user account' => 'access user profiles', |
ccd74e76 | 62 | 'administer users' => 'administer users', |
be2fb01f | 63 | ]); |
085823c1 TO |
64 | if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { |
65 | return FALSE; | |
66 | } | |
67 | if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
68 | return TRUE; | |
69 | } | |
70 | if (function_exists('user_access')) { | |
18be3201 CW |
71 | $account = NULL; |
72 | if ($userId) { | |
73 | $account = user_load($userId); | |
74 | } | |
75 | return user_access($str, $account); | |
085823c1 TO |
76 | } |
77 | return TRUE; | |
78 | } | |
79 | ||
6a488035 TO |
80 | /** |
81 | * Given a roles array, check for access requirements | |
82 | * | |
6a0b768e TO |
83 | * @param array $array |
84 | * The roles to check. | |
6a488035 | 85 | * |
317fceb4 | 86 | * @return bool |
a6c01b45 | 87 | * true if yes, else false |
6a488035 | 88 | */ |
00be9182 | 89 | public function checkGroupRole($array) { |
6a488035 | 90 | if (function_exists('user_load') && isset($array)) { |
be2fb01f | 91 | $user = user_load(['uid' => $GLOBALS['user']->uid]); |
6a488035 TO |
92 | //if giver roles found in user roles - return true |
93 | foreach ($array as $key => $value) { | |
94 | if (in_array($value, $user->roles)) { | |
95 | return TRUE; | |
96 | } | |
97 | } | |
98 | } | |
99 | return FALSE; | |
100 | } | |
101 | ||
102 | /** | |
d09edf64 | 103 | * Get all the contact emails for users that have a specific role. |
6a488035 | 104 | * |
6a0b768e TO |
105 | * @param string $roleName |
106 | * Name of the role we are interested in. | |
6a488035 | 107 | * |
a6c01b45 CW |
108 | * @return string |
109 | * a comma separated list of email addresses | |
6a488035 TO |
110 | */ |
111 | public function roleEmails($roleName) { | |
be2fb01f | 112 | static $_cache = []; |
6a488035 TO |
113 | |
114 | if (isset($_cache[$roleName])) { | |
115 | return $_cache[$roleName]; | |
116 | } | |
117 | ||
be2fb01f | 118 | $uids = []; |
6a488035 TO |
119 | $sql = " |
120 | SELECT {users}.uid | |
121 | FROM {users} | |
122 | LEFT JOIN {users_roles} ON {users}.uid = {users_roles}.uid | |
123 | INNER JOIN {role} ON ( {role}.rid = {users_roles}.rid OR {role}.rid = 2 ) | |
124 | WHERE {role}. name LIKE '%%{$roleName}%%' | |
125 | AND {users}.status = 1 | |
126 | "; | |
127 | ||
128 | $query = db_query($sql); | |
129 | while ($result = db_fetch_object($query)) { | |
2aa397bc TO |
130 | $uids[] = $result->uid; |
131 | } | |
6a488035 TO |
132 | |
133 | $_cache[$roleName] = self::getContactEmails($uids); | |
134 | return $_cache[$roleName]; | |
135 | } | |
136 | ||
137 | /** | |
d09edf64 | 138 | * Get all the contact emails for users that have a specific permission. |
6a488035 | 139 | * |
6a0b768e TO |
140 | * @param string $permissionName |
141 | * Name of the permission we are interested in. | |
6a488035 | 142 | * |
a6c01b45 CW |
143 | * @return string |
144 | * a comma separated list of email addresses | |
6a488035 TO |
145 | */ |
146 | public function permissionEmails($permissionName) { | |
be2fb01f | 147 | static $_cache = []; |
6a488035 TO |
148 | |
149 | if (isset($_cache[$permissionName])) { | |
150 | return $_cache[$permissionName]; | |
151 | } | |
152 | ||
be2fb01f | 153 | $uids = []; |
6a488035 TO |
154 | $sql = " |
155 | SELECT {users}.uid, {permission}.perm | |
156 | FROM {users} | |
157 | LEFT JOIN {users_roles} ON {users}.uid = {users_roles}.uid | |
158 | INNER JOIN {permission} ON ( {permission}.rid = {users_roles}.rid OR {permission}.rid = 2 ) | |
159 | WHERE {permission}.perm LIKE '%%{$permissionName}%%' | |
160 | AND {users}.status = 1 | |
161 | "; | |
162 | ||
163 | $query = db_query($sql); | |
164 | while ($result = db_fetch_object($query)) { | |
2aa397bc TO |
165 | $uids[] = $result->uid; |
166 | } | |
6a488035 | 167 | |
2aa397bc TO |
168 | $_cache[$permissionName] = self::getContactEmails($uids); |
169 | return $_cache[$permissionName]; | |
6a488035 TO |
170 | } |
171 | ||
dea68872 | 172 | /** |
e7c15cb6 | 173 | * @inheritDoc |
dea68872 TO |
174 | */ |
175 | public function isModulePermissionSupported() { | |
176 | return TRUE; | |
177 | } | |
178 | ||
6a488035 | 179 | /** |
e7c15cb6 | 180 | * @inheritDoc |
6a488035 TO |
181 | * |
182 | * Does nothing in Drupal 6. | |
183 | */ | |
00be9182 | 184 | public function upgradePermissions($permissions) { |
dea68872 | 185 | // D6 allows us to be really lazy... things get cleaned up when the admin form is next submitted... |
6a488035 TO |
186 | } |
187 | ||
188 | /** | |
189 | * Get the permissions defined in the hook_civicrm_permission implementation | |
190 | * of the given module. | |
191 | * | |
da6b46f4 EM |
192 | * @param $module |
193 | * | |
16b10e64 CW |
194 | * @return array |
195 | * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions(). | |
6a488035 | 196 | */ |
00be9182 | 197 | public static function getModulePermissions($module) { |
be2fb01f | 198 | $return_permissions = []; |
6a488035 TO |
199 | $fn_name = "{$module}_civicrm_permission"; |
200 | if (function_exists($fn_name)) { | |
201 | $fn_name($return_permissions); | |
202 | } | |
203 | return $return_permissions; | |
204 | } | |
96025800 | 205 | |
6a488035 | 206 | } |