[civicrm-core.git] / CRM / Core / Permission / Drupal8.php

<?php
/*
 +--------------------------------------------------------------------+
 | CiviCRM version 5                                                  |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2018                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License and the CiviCRM Licensing Exception along                  |
 | with this program; if not, contact CiviCRM LLC                     |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
 */

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC (c) 2004-2018
 * $Id$
 *
 */

/**
 *
 */
class CRM_Core_Permission_Drupal8 extends CRM_Core_Permission_DrupalBase {
  /**
   * Given a permission string, check for access requirements
   *
   * @param string $str
   *   The permission to check.
   *
   * @param int $userId
   *
   * @return bool
   */
  public function check($str, $userId = NULL) {
    $str = $this->translatePermission($str, 'Drupal', array(
      'view user account' => 'access user profiles',
    ));

    if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
      return FALSE;
    }
    if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
      return TRUE;
    }
    $acct = $userId ? \Drupal\user\Entity\User::load($userId) : \Drupal::currentUser();
    return $acct->hasPermission($str);
  }

  /**
   * Get all the contact emails for users that have a specific permission.
   *
   * @param string $permissionName
   *   Name of the permission we are interested in.
   *
   * @return string
   *   a comma separated list of email addresses
   */
  public function permissionEmails($permissionName) {
    static $_cache = array();

    if (isset($_cache[$permissionName])) {
      return $_cache[$permissionName];
    }

    $role_ids = array_map(
      function (\Drupal\user\RoleInterface $role) {
        return $role->id();
      }, user_roles(TRUE, $permissionName)
    );
    $users = \Drupal::entityTypeManager()->getStorage('user')->loadByProperties(array('roles' => $role_ids));
    $uids = array_keys($users);

    $_cache[$permissionName] = self::getContactEmails($uids);
    return $_cache[$permissionName];
  }

  /**
   * @inheritDoc
   */
  public function upgradePermissions($permissions) {
    $civicrm_perms = array_keys(CRM_Core_Permission::getCorePermissions());
    if (empty($civicrm_perms)) {
      throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
    }

    $roles = user_roles(TRUE);
    foreach ($roles as $role) {
      foreach ($civicrm_perms as $permission) {
        $role->revokePermission($permission);
      }
    }
  }

}
Commit	Line	Data
d3e88312 EM	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
fee14197	4	\| CiviCRM version 5 \|
d3e88312	5	+--------------------------------------------------------------------+
8c9251b3	6	\| Copyright CiviCRM LLC (c) 2004-2018 \|
d3e88312 EM	7	+--------------------------------------------------------------------+
	8	\| This file is a part of CiviCRM. \|
	9	\| \|
	10	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	11	\| under the terms of the GNU Affero General Public License \|
	12	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	13	\| \|
	14	\| CiviCRM is distributed in the hope that it will be useful, but \|
	15	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	16	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	17	\| See the GNU Affero General Public License for more details. \|
	18	\| \|
	19	\| You should have received a copy of the GNU Affero General Public \|
	20	\| License and the CiviCRM Licensing Exception along \|
	21	\| with this program; if not, contact CiviCRM LLC \|
	22	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	23	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	24	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	25	+--------------------------------------------------------------------+
d25dd0ee	26	*/
d3e88312 EM	27
	28	/**
	29	*
	30	* @package CRM
8c9251b3	31	* @copyright CiviCRM LLC (c) 2004-2018
d3e88312 EM	32	* $Id$
	33	*
	34	*/
	35
	36	/**
	37	*
	38	*/
d3e86119	39	class CRM_Core_Permission_Drupal8 extends CRM_Core_Permission_DrupalBase {
68be1dfe EM	40	/**
	41	* Given a permission string, check for access requirements
	42	*
6a0b768e TO	43	* @param string $str
6a0b768e TO	44	* The permission to check.
68be1dfe	45	*
18be3201	46	* @param int $userId
decced8b	47	*
68be1dfe EM	48	* @return bool
68be1dfe EM	49	*/
18be3201	50	public function check($str, $userId = NULL) {
68be1dfe EM	51	$str = $this->translatePermission($str, 'Drupal', array(
	52	'view user account' => 'access user profiles',
	53	));
	54
	55	if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
	56	return FALSE;
	57	}
	58	if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
	59	return TRUE;
	60	}
18be3201 CW	61	$acct = $userId ? \Drupal\user\Entity\User::load($userId) : \Drupal::currentUser();
18be3201 CW	62	return $acct->hasPermission($str);
68be1dfe	63	}
96025800	64
40d5632a AS	65	/**
	66	* Get all the contact emails for users that have a specific permission.
	67	*
	68	* @param string $permissionName
	69	* Name of the permission we are interested in.
	70	*
	71	* @return string
	72	* a comma separated list of email addresses
	73	*/
	74	public function permissionEmails($permissionName) {
	75	static $_cache = array();
	76
	77	if (isset($_cache[$permissionName])) {
	78	return $_cache[$permissionName];
	79	}
	80
	81	$role_ids = array_map(
	82	function (\Drupal\user\RoleInterface $role) {
	83	return $role->id();
	84	}, user_roles(TRUE, $permissionName)
	85	);
	86	$users = \Drupal::entityTypeManager()->getStorage('user')->loadByProperties(array('roles' => $role_ids));
	87	$uids = array_keys($users);
	88
	89	$_cache[$permissionName] = self::getContactEmails($uids);
	90	return $_cache[$permissionName];
	91	}
	92
	93	/**
	94	* @inheritDoc
	95	*/
	96	public function upgradePermissions($permissions) {
	97	$civicrm_perms = array_keys(CRM_Core_Permission::getCorePermissions());
	98	if (empty($civicrm_perms)) {
	99	throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
	100	}
	101
	102	$roles = user_roles(TRUE);
	103	foreach ($roles as $role) {
	104	foreach ($civicrm_perms as $permission) {
	105	$role->revokePermission($permission);
	106	}
	107	}
	108	}
	109
68be1dfe	110	}