Commit | Line | Data |
---|---|---|
d3e88312 EM |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
d3e88312 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
d3e88312 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
d3e88312 EM |
11 | |
12 | /** | |
13 | * | |
14 | * @package CRM | |
ca5cec67 | 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
d3e88312 EM |
16 | */ |
17 | ||
18 | /** | |
19 | * | |
20 | */ | |
d3e86119 | 21 | class CRM_Core_Permission_Drupal8 extends CRM_Core_Permission_DrupalBase { |
518fa0ee | 22 | |
68be1dfe EM |
23 | /** |
24 | * Given a permission string, check for access requirements | |
25 | * | |
6a0b768e TO |
26 | * @param string $str |
27 | * The permission to check. | |
68be1dfe | 28 | * |
18be3201 | 29 | * @param int $userId |
decced8b | 30 | * |
68be1dfe EM |
31 | * @return bool |
32 | */ | |
18be3201 | 33 | public function check($str, $userId = NULL) { |
be2fb01f | 34 | $str = $this->translatePermission($str, 'Drupal', [ |
68be1dfe | 35 | 'view user account' => 'access user profiles', |
be2fb01f | 36 | ]); |
68be1dfe EM |
37 | |
38 | if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { | |
39 | return FALSE; | |
40 | } | |
41 | if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
42 | return TRUE; | |
43 | } | |
18be3201 CW |
44 | $acct = $userId ? \Drupal\user\Entity\User::load($userId) : \Drupal::currentUser(); |
45 | return $acct->hasPermission($str); | |
68be1dfe | 46 | } |
96025800 | 47 | |
0247a000 TO |
48 | /** |
49 | * Get the palette of available permissions in the CMS's user-management system. | |
50 | * | |
51 | * @return array | |
52 | * List of permissions, keyed by symbolic name. Each item may have fields: | |
53 | * - title: string | |
54 | * - description: string | |
55 | */ | |
56 | public function getAvailablePermissions() { | |
57 | // We want to list *only* Drupal perms, so we'll *skip* Civi perms. | |
58 | $allCorePerms = \CRM_Core_Permission::basicPermissions(TRUE); | |
59 | ||
60 | $dperms = \Drupal::service('user.permissions')->getPermissions(); | |
1cb44f12 | 61 | $modules = \Drupal::service('extension.list.module')->getAllInstalledInfo(); |
0247a000 TO |
62 | |
63 | $permissions = []; | |
64 | foreach ($dperms as $permName => $dperm) { | |
65 | if (isset($allCorePerms[$permName])) { | |
66 | continue; | |
67 | } | |
68 | ||
69 | $module = $modules[$dperm['provider']] ?? []; | |
70 | $prefix = isset($module['name']) ? ($module['name'] . ': ') : ''; | |
71 | $permissions["Drupal:$permName"] = [ | |
72 | 'title' => $prefix . strip_tags($dperm['title']), | |
73 | 'description' => $perm['description'] ?? NULL, | |
74 | ]; | |
75 | } | |
76 | ||
77 | return $permissions; | |
78 | } | |
79 | ||
40d5632a AS |
80 | /** |
81 | * Get all the contact emails for users that have a specific permission. | |
82 | * | |
83 | * @param string $permissionName | |
84 | * Name of the permission we are interested in. | |
85 | * | |
86 | * @return string | |
87 | * a comma separated list of email addresses | |
88 | */ | |
89 | public function permissionEmails($permissionName) { | |
be2fb01f | 90 | static $_cache = []; |
40d5632a AS |
91 | |
92 | if (isset($_cache[$permissionName])) { | |
93 | return $_cache[$permissionName]; | |
94 | } | |
95 | ||
96 | $role_ids = array_map( | |
97 | function (\Drupal\user\RoleInterface $role) { | |
98 | return $role->id(); | |
99 | }, user_roles(TRUE, $permissionName) | |
100 | ); | |
be2fb01f | 101 | $users = \Drupal::entityTypeManager()->getStorage('user')->loadByProperties(['roles' => $role_ids]); |
40d5632a AS |
102 | $uids = array_keys($users); |
103 | ||
104 | $_cache[$permissionName] = self::getContactEmails($uids); | |
105 | return $_cache[$permissionName]; | |
106 | } | |
107 | ||
108 | /** | |
109 | * @inheritDoc | |
110 | */ | |
111 | public function upgradePermissions($permissions) { | |
d2b6eac8 | 112 | // @todo - this should probably call getCoreAndComponentPermissions. |
40d5632a AS |
113 | $civicrm_perms = array_keys(CRM_Core_Permission::getCorePermissions()); |
114 | if (empty($civicrm_perms)) { | |
115 | throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing"); | |
116 | } | |
117 | ||
118 | $roles = user_roles(TRUE); | |
119 | foreach ($roles as $role) { | |
120 | foreach ($civicrm_perms as $permission) { | |
121 | $role->revokePermission($permission); | |
122 | } | |
123 | } | |
124 | } | |
125 | ||
d75af673 | 126 | /** |
127 | * Given a roles array, check user has at least one of those roles | |
128 | * | |
129 | * @param array $roles_to_check | |
130 | * The roles to check. An array indexed starting at 0, e.g. [0 => 'administrator'] | |
131 | * | |
132 | * @return bool | |
133 | * true if user has at least one of the roles, else false | |
134 | */ | |
135 | public function checkGroupRole($roles_to_check) { | |
136 | if (isset($roles_to_check)) { | |
137 | ||
138 | // This returns an array indexed starting at 0 of role machine names, e.g. | |
139 | // [ | |
140 | // 0 => 'authenticated', | |
141 | // 1 => 'administrator', | |
142 | // ] | |
143 | // or | |
144 | // [ 0 => 'anonymous' ] | |
145 | $user_roles = \Drupal::currentUser()->getRoles(); | |
146 | ||
147 | $roles_in_both = array_intersect($user_roles, $roles_to_check); | |
148 | return !empty($roles_in_both); | |
149 | } | |
150 | return FALSE; | |
151 | } | |
152 | ||
68be1dfe | 153 | } |