[civicrm-core.git] / CRM / Core / Permission / DrupalBase.php

<?php
/*
 +--------------------------------------------------------------------+
 | CiviCRM version 4.5                                                |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2014                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License and the CiviCRM Licensing Exception along                  |
 | with this program; if not, contact CiviCRM LLC                     |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
*/

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC (c) 2004-2014
 * $Id$
 *
 */

/**
 *
 */
class CRM_Core_Permission_DrupalBase extends CRM_Core_Permission_Base {

  /**
   * is this user someone with access for the entire system
   *
   * @var boolean
   */
  protected $_viewAdminUser = FALSE;
  protected $_editAdminUser = FALSE;

  /**
   * am in in view permission or edit permission?
   * @var boolean
   */
  protected $_viewPermission = FALSE;
  protected $_editPermission = FALSE;

  /**
   * the current set of permissioned groups for the user
   *
   * @var array
   */
  protected $_viewPermissionedGroups;
  protected $_editPermissionedGroups;

  /**
   * Get all groups from database, filtered by permissions
   * for this user
   *
   * @param string $groupType     type of group(Access/Mailing)
   * @param boolen $excludeHidden exclude hidden groups.
   *
   * @access public
   *
   * @return array - array reference of all groups.
   *
   */
  public function group($groupType = NULL, $excludeHidden = TRUE) {
    if (!isset($this->_viewPermissionedGroups)) {
      $this->_viewPermissionedGroups = $this->_editPermissionedGroups = array();
    }

    $groupKey = $groupType ? $groupType : 'all';

    if (!isset($this->_viewPermissionedGroups[$groupKey])) {
      $this->_viewPermissionedGroups[$groupKey] = $this->_editPermissionedGroups[$groupKey] = array();

      $groups = CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);

      if ($this->check('edit all contacts')) {
        // this is the most powerful permission, so we return
        // immediately rather than dilute it further
        $this->_editAdminUser = $this->_viewAdminUser = TRUE;
        $this->_editPermission = $this->_viewPermission = TRUE;
        $this->_editPermissionedGroups[$groupKey] = $groups;
        $this->_viewPermissionedGroups[$groupKey] = $groups;
        return $this->_viewPermissionedGroups[$groupKey];
      }
      elseif ($this->check('view all contacts')) {
        $this->_viewAdminUser = TRUE;
        $this->_viewPermission = TRUE;
        $this->_viewPermissionedGroups[$groupKey] = $groups;
      }


      $ids = CRM_ACL_API::group(CRM_Core_Permission::VIEW, NULL, 'civicrm_saved_search', $groups);
      if (!empty($ids)) {
        foreach (array_values($ids) as $id) {
          $title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
          $this->_viewPermissionedGroups[$groupKey][$id] = $title;
          $this->_viewPermission = TRUE;
        }
      }

      $ids = CRM_ACL_API::group(CRM_Core_Permission::EDIT, NULL, 'civicrm_saved_search', $groups);
      if (!empty($ids)) {
        foreach (array_values($ids) as $id) {
          $title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
          $this->_editPermissionedGroups[$groupKey][$id] = $title;
          $this->_viewPermissionedGroups[$groupKey][$id] = $title;
          $this->_editPermission = TRUE;
          $this->_viewPermission = TRUE;
        }
      }
    }

    return $this->_viewPermissionedGroups[$groupKey];
  }

  /**
   * Get group clause for this user. The group Clause filters the
   * list of groups that the user is permitted to see in a group listing.
   * For example it will filter both the list on the 'Manage Groups' page
   * and on the contact 'Groups' tab
   *
   * the aclGroup hook & configured ACLs contribute to this data.
   * If the contact is allowed to see all contacts the function will return  ( 1 )
   *
   * @todo the history of this function is that there was some confusion as to
   * whether it was filtering contacts or groups & some cruft may remain
   *
   * @param int $type the type of permission needed
   * @param  array $tables (reference) add the tables that are needed for the select clause
   * @param  array $whereTables (reference) add the tables that are needed for the where clause
   *
   * @return string the clause to add to the query retrieving viewable groups
   * @access public
   */
  public function groupClause($type, &$tables, &$whereTables) {
    if (!isset($this->_viewPermissionedGroups)) {
      $this->group();
    }

    // we basically get all the groups here
    $groupKey = 'all';
    if ($type == CRM_Core_Permission::EDIT) {
      if ($this->_editAdminUser) {
        $clause = ' ( 1 ) ';
      }
      elseif (empty($this->_editPermissionedGroups[$groupKey])) {
        $clause = ' ( 0 ) ';
      }
      else {
        $clauses = array();
        $groups = implode(', ', $this->_editPermissionedGroups[$groupKey]);
        $clauses[] = ' ( civicrm_group_contact.group_id IN ( ' . implode(', ', array_keys($this->_editPermissionedGroups[$groupKey])) . " ) AND civicrm_group_contact.status = 'Added' ) ";
        $tables['civicrm_group_contact'] = 1;
        $whereTables['civicrm_group_contact'] = 1;

        // foreach group that is potentially a saved search, add the saved search clause
        foreach (array_keys($this->_editPermissionedGroups[$groupKey]) as $id) {
          $group = new CRM_Contact_DAO_Group();
          $group->id = $id;
          if ($group->find(TRUE) && $group->saved_search_id) {
            $clause = CRM_Contact_BAO_SavedSearch::whereClause($group->saved_search_id,
                $tables,
                $whereTables
            );
            if (trim($clause)) {
              $clauses[] = $clause;
            }
          }
        }
        $clause = ' ( ' . implode(' OR ', $clauses) . ' ) ';
      }
    }
    else {
      if ($this->_viewAdminUser) {
        $clause = ' ( 1 ) ';
      }
      elseif (empty($this->_viewPermissionedGroups[$groupKey])) {
        $clause = ' ( 0 ) ';
      }
      else {
        $clauses = array();
        $groups = implode(', ', $this->_viewPermissionedGroups[$groupKey]);
        $clauses[] = ' civicrm_group.id IN (' . implode(', ', array_keys($this->_viewPermissionedGroups[$groupKey])) . " )  ";
        $tables['civicrm_group'] = 1;
        $whereTables['civicrm_group'] = 1;
        $clause = ' ( ' . implode(' OR ', $clauses) . ' ) ';
      }
    }

    return $clause;
  }

  /**
   * get the current permission of this user
   *
   * @return string the permission of the user (edit or view or null)
   */
  public function getPermission() {
    $this->group();

    if ($this->_editPermission) {
      return CRM_Core_Permission::EDIT;
    }
    elseif ($this->_viewPermission) {
      return CRM_Core_Permission::VIEW;
    }
    return NULL;
  }

  function getContactEmails($uids) {
    if (empty($uids)) {
      return '';
    }
    $uidString = implode(',', $uids);
    $sql = "
    SELECT     e.email
    FROM       civicrm_contact c
    INNER JOIN civicrm_email e     ON ( c.id = e.contact_id AND e.is_primary = 1 )
    INNER JOIN civicrm_uf_match uf ON ( c.id = uf.contact_id )
    WHERE      c.is_deceased = 0
    AND        c.is_deleted  = 0
    AND        uf.uf_id IN ( $uidString )
    ";

    $dao = CRM_Core_DAO::executeQuery($sql);

    $emails = array();
    while ($dao->fetch()) {
    $emails[] = $dao->email;
    }

    return implode(', ', $emails);
  }
}
Commit	Line	Data
6a488035 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
06b69b18	4	\| CiviCRM version 4.5 \|
6a488035	5	+--------------------------------------------------------------------+
06b69b18	6	\| Copyright CiviCRM LLC (c) 2004-2014 \|
6a488035 TO	7	+--------------------------------------------------------------------+
	8	\| This file is a part of CiviCRM. \|
	9	\| \|
	10	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	11	\| under the terms of the GNU Affero General Public License \|
	12	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	13	\| \|
	14	\| CiviCRM is distributed in the hope that it will be useful, but \|
	15	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	16	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	17	\| See the GNU Affero General Public License for more details. \|
	18	\| \|
	19	\| You should have received a copy of the GNU Affero General Public \|
	20	\| License and the CiviCRM Licensing Exception along \|
	21	\| with this program; if not, contact CiviCRM LLC \|
	22	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	23	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	24	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	25	+--------------------------------------------------------------------+
	26	*/
	27
	28	/**
	29	*
	30	* @package CRM
06b69b18	31	* @copyright CiviCRM LLC (c) 2004-2014
6a488035 TO	32	* $Id$
	33	*
	34	*/
	35
	36	/**
	37	*
	38	*/
	39	class CRM_Core_Permission_DrupalBase extends CRM_Core_Permission_Base {
42762e35 DL	40
	41	/**
	42	* is this user someone with access for the entire system
	43	*
	44	* @var boolean
	45	*/
	46	protected $_viewAdminUser = FALSE;
	47	protected $_editAdminUser = FALSE;
	48
	49	/**
	50	* am in in view permission or edit permission?
	51	* @var boolean
	52	*/
	53	protected $_viewPermission = FALSE;
	54	protected $_editPermission = FALSE;
	55
	56	/**
	57	* the current set of permissioned groups for the user
	58	*
	59	* @var array
	60	*/
	61	protected $_viewPermissionedGroups;
	62	protected $_editPermissionedGroups;
	63
	64	/**
	65	* Get all groups from database, filtered by permissions
	66	* for this user
	67	*
	68	* @param string $groupType type of group(Access/Mailing)
	69	* @param boolen $excludeHidden exclude hidden groups.
	70	*
	71	* @access public
	72	*
	73	* @return array - array reference of all groups.
	74	*
	75	*/
	76	public function group($groupType = NULL, $excludeHidden = TRUE) {
	77	if (!isset($this->_viewPermissionedGroups)) {
	78	$this->_viewPermissionedGroups = $this->_editPermissionedGroups = array();
	79	}
	80
	81	$groupKey = $groupType ? $groupType : 'all';
	82
	83	if (!isset($this->_viewPermissionedGroups[$groupKey])) {
	84	$this->_viewPermissionedGroups[$groupKey] = $this->_editPermissionedGroups[$groupKey] = array();
	85
	86	$groups = CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
	87
	88	if ($this->check('edit all contacts')) {
	89	// this is the most powerful permission, so we return
	90	// immediately rather than dilute it further
	91	$this->_editAdminUser = $this->_viewAdminUser = TRUE;
	92	$this->_editPermission = $this->_viewPermission = TRUE;
	93	$this->_editPermissionedGroups[$groupKey] = $groups;
	94	$this->_viewPermissionedGroups[$groupKey] = $groups;
	95	return $this->_viewPermissionedGroups[$groupKey];
	96	}
	97	elseif ($this->check('view all contacts')) {
	98	$this->_viewAdminUser = TRUE;
	99	$this->_viewPermission = TRUE;
	100	$this->_viewPermissionedGroups[$groupKey] = $groups;
	101	}
	102
	103
104	$ids = CRM_ACL_API::group(CRM_Core_Permission::VIEW, NULL, 'civicrm_saved_search', $groups);
105	if (!empty($ids)) {
106	foreach (array_values($ids) as $id) {
107	$title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
108	$this->_viewPermissionedGroups[$groupKey][$id] = $title;
109	$this->_viewPermission = TRUE;
110	}
111	}
112
113	$ids = CRM_ACL_API::group(CRM_Core_Permission::EDIT, NULL, 'civicrm_saved_search', $groups);
114	if (!empty($ids)) {
115	foreach (array_values($ids) as $id) {
116	$title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
117	$this->_editPermissionedGroups[$groupKey][$id] = $title;
118	$this->_viewPermissionedGroups[$groupKey][$id] = $title;
119	$this->_editPermission = TRUE;
120	$this->_viewPermission = TRUE;
121	}
122	}
123	}
124
125	return $this->_viewPermissionedGroups[$groupKey];
126	}
127
128	/**
129	* Get group clause for this user. The group Clause filters the
130	* list of groups that the user is permitted to see in a group listing.
131	* For example it will filter both the list on the 'Manage Groups' page
132	* and on the contact 'Groups' tab
133	*
134	* the aclGroup hook & configured ACLs contribute to this data.
135	* If the contact is allowed to see all contacts the function will return ( 1 )
136	*
137	* @todo the history of this function is that there was some confusion as to
138	* whether it was filtering contacts or groups & some cruft may remain
139	*
140	* @param int $type the type of permission needed
141	* @param array $tables (reference) add the tables that are needed for the select clause
142	* @param array $whereTables (reference) add the tables that are needed for the where clause
143	*
144	* @return string the clause to add to the query retrieving viewable groups
145	* @access public
146	*/
147	public function groupClause($type, &$tables, &$whereTables) {
148	if (!isset($this->_viewPermissionedGroups)) {
149	$this->group();
150	}
151
152	// we basically get all the groups here
153	$groupKey = 'all';
154	if ($type == CRM_Core_Permission::EDIT) {
155	if ($this->_editAdminUser) {
156	$clause = ' ( 1 ) ';
157	}
158	elseif (empty($this->_editPermissionedGroups[$groupKey])) {
159	$clause = ' ( 0 ) ';
160	}
161	else {
162	$clauses = array();
163	$groups = implode(', ', $this->_editPermissionedGroups[$groupKey]);
164	$clauses[] = ' ( civicrm_group_contact.group_id IN ( ' . implode(', ', array_keys($this->_editPermissionedGroups[$groupKey])) . " ) AND civicrm_group_contact.status = 'Added' ) ";
165	$tables['civicrm_group_contact'] = 1;
166	$whereTables['civicrm_group_contact'] = 1;
167
168	// foreach group that is potentially a saved search, add the saved search clause
169	foreach (array_keys($this->_editPermissionedGroups[$groupKey]) as $id) {
170	$group = new CRM_Contact_DAO_Group();
171	$group->id = $id;
172	if ($group->find(TRUE) && $group->saved_search_id) {
173	$clause = CRM_Contact_BAO_SavedSearch::whereClause($group->saved_search_id,
174	$tables,
175	$whereTables
176	);
177	if (trim($clause)) {
178	$clauses[] = $clause;
179	}
180	}
181	}
182	$clause = ' ( ' . implode(' OR ', $clauses) . ' ) ';
183	}
184	}
185	else {
186	if ($this->_viewAdminUser) {
187	$clause = ' ( 1 ) ';
188	}
189	elseif (empty($this->_viewPermissionedGroups[$groupKey])) {
190	$clause = ' ( 0 ) ';
191	}
192	else {
193	$clauses = array();
194	$groups = implode(', ', $this->_viewPermissionedGroups[$groupKey]);
195	$clauses[] = ' civicrm_group.id IN (' . implode(', ', array_keys($this->_viewPermissionedGroups[$groupKey])) . " ) ";
196	$tables['civicrm_group'] = 1;
197	$whereTables['civicrm_group'] = 1;
198	$clause = ' ( ' . implode(' OR ', $clauses) . ' ) ';
199	}
200	}
201
202	return $clause;
203	}
204
205	/**
206	* get the current permission of this user
207	*
208	* @return string the permission of the user (edit or view or null)
209	*/
210	public function getPermission() {
211	$this->group();
212
213	if ($this->_editPermission) {
214	return CRM_Core_Permission::EDIT;
215	}
216	elseif ($this->_viewPermission) {
217	return CRM_Core_Permission::VIEW;
218	}
219	return NULL;
220	}
221
222	function getContactEmails($uids) {
223	if (empty($uids)) {
224	return '';
225	}
226	$uidString = implode(',', $uids);
227	$sql = "
228	SELECT e.email
229	FROM civicrm_contact c
230	INNER JOIN civicrm_email e ON ( c.id = e.contact_id AND e.is_primary = 1 )
231	INNER JOIN civicrm_uf_match uf ON ( c.id = uf.contact_id )
232	WHERE c.is_deceased = 0
233	AND c.is_deleted = 0
234	AND uf.uf_id IN ( $uidString )
235	";
236
237	$dao = CRM_Core_DAO::executeQuery($sql);
238
239	$emails = array();
240	while ($dao->fetch()) {
241	$emails[] = $dao->email;
242	}
243
244	return implode(', ', $emails);
245	}
232624b1	246	}