Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
4 | | CiviCRM version 4.3 | | |
5 | +--------------------------------------------------------------------+ | |
6 | | Copyright CiviCRM LLC (c) 2004-2013 | | |
7 | +--------------------------------------------------------------------+ | |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
26 | */ | |
27 | ||
28 | /** | |
29 | * | |
30 | * @package CRM | |
31 | * @copyright CiviCRM LLC (c) 2004-2013 | |
32 | * $Id$ | |
33 | * | |
34 | */ | |
35 | ||
36 | /** | |
37 | * | |
38 | */ | |
39 | class CRM_Core_Permission_DrupalBase extends CRM_Core_Permission_Base { | |
40 | ||
41 | /** | |
42 | * is this user someone with access for the entire system | |
43 | * | |
44 | * @var boolean | |
45 | */ | |
46 | protected $_viewAdminUser = FALSE; | |
47 | protected $_editAdminUser = FALSE; | |
48 | ||
49 | /** | |
50 | * am in in view permission or edit permission? | |
51 | * @var boolean | |
52 | */ | |
53 | protected $_viewPermission = FALSE; | |
54 | protected $_editPermission = FALSE; | |
55 | ||
56 | /** | |
57 | * the current set of permissioned groups for the user | |
58 | * | |
59 | * @var array | |
60 | */ | |
61 | protected $_viewPermissionedGroups; | |
62 | protected $_editPermissionedGroups; | |
63 | ||
64 | /** | |
65 | * Get all groups from database, filtered by permissions | |
66 | * for this user | |
67 | * | |
68 | * @param string $groupType type of group(Access/Mailing) | |
69 | * @param boolen $excludeHidden exclude hidden groups. | |
70 | * | |
71 | * @access public | |
72 | * | |
73 | * @return array - array reference of all groups. | |
74 | * | |
75 | */ | |
76 | public function group($groupType = NULL, $excludeHidden = TRUE) { | |
77 | if (!isset($this->_viewPermissionedGroups)) { | |
78 | $this->_viewPermissionedGroups = $this->_editPermissionedGroups = array(); | |
79 | } | |
80 | ||
81 | $groupKey = $groupType ? $groupType : 'all'; | |
82 | ||
83 | if (!isset($this->_viewPermissionedGroups[$groupKey])) { | |
84 | $this->_viewPermissionedGroups[$groupKey] = $this->_editPermissionedGroups[$groupKey] = array(); | |
85 | ||
86 | $groups = CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden); | |
87 | ||
88 | if ($this->check('edit all contacts')) { | |
89 | // this is the most powerful permission, so we return | |
90 | // immediately rather than dilute it further | |
91 | $this->_editAdminUser = $this->_viewAdminUser = TRUE; | |
92 | $this->_editPermission = $this->_viewPermission = TRUE; | |
93 | $this->_editPermissionedGroups[$groupKey] = $groups; | |
94 | $this->_viewPermissionedGroups[$groupKey] = $groups; | |
95 | return $this->_viewPermissionedGroups[$groupKey]; | |
96 | } | |
97 | elseif ($this->check('view all contacts')) { | |
98 | $this->_viewAdminUser = TRUE; | |
99 | $this->_viewPermission = TRUE; | |
100 | $this->_viewPermissionedGroups[$groupKey] = $groups; | |
101 | } | |
102 | ||
103 | ||
104 | $ids = CRM_ACL_API::group(CRM_Core_Permission::VIEW, NULL, 'civicrm_saved_search', $groups); | |
105 | foreach (array_values($ids) as $id) { | |
106 | $title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title'); | |
107 | $this->_viewPermissionedGroups[$groupKey][$id] = $title; | |
108 | $this->_viewPermission = TRUE; | |
109 | } | |
110 | ||
111 | $ids = CRM_ACL_API::group(CRM_Core_Permission::EDIT, NULL, 'civicrm_saved_search', $groups); | |
112 | foreach (array_values($ids) as $id) { | |
113 | $title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title'); | |
114 | $this->_editPermissionedGroups[$groupKey][$id] = $title; | |
115 | $this->_viewPermissionedGroups[$groupKey][$id] = $title; | |
116 | $this->_editPermission = TRUE; | |
117 | $this->_viewPermission = TRUE; | |
118 | } | |
119 | } | |
120 | ||
121 | return $this->_viewPermissionedGroups[$groupKey]; | |
122 | } | |
123 | /** | |
124 | * Get group clause for this user | |
125 | * | |
126 | * @param int $type the type of permission needed | |
127 | * @param array $tables (reference ) add the tables that are needed for the select clause | |
128 | * @param array $whereTables (reference ) add the tables that are needed for the where clause | |
129 | * | |
130 | * @return string the group where clause for this user | |
131 | * @access public | |
132 | */ | |
133 | public function groupClause($type, &$tables, &$whereTables) { | |
134 | if (!isset($this->_viewPermissionedGroups)) { | |
135 | $this->group(); | |
136 | } | |
137 | ||
138 | // we basically get all the groups here | |
139 | $groupKey = 'all'; | |
140 | if ($type == CRM_Core_Permission::EDIT) { | |
141 | if ($this->_editAdminUser) { | |
142 | $clause = ' ( 1 ) '; | |
143 | } | |
144 | elseif (empty($this->_editPermissionedGroups[$groupKey])) { | |
145 | $clause = ' ( 0 ) '; | |
146 | } | |
147 | else { | |
148 | $clauses = array(); | |
149 | $groups = implode(', ', $this->_editPermissionedGroups[$groupKey]); | |
150 | $clauses[] = ' ( civicrm_group_contact.group_id IN ( ' . implode(', ', array_keys($this->_editPermissionedGroups[$groupKey])) . " ) AND civicrm_group_contact.status = 'Added' ) "; | |
151 | $tables['civicrm_group_contact'] = 1; | |
152 | $whereTables['civicrm_group_contact'] = 1; | |
153 | ||
154 | // foreach group that is potentially a saved search, add the saved search clause | |
155 | foreach (array_keys($this->_editPermissionedGroups[$groupKey]) as $id) { | |
156 | $group = new CRM_Contact_DAO_Group(); | |
157 | $group->id = $id; | |
158 | if ($group->find(TRUE) && $group->saved_search_id) { | |
159 | $clause = CRM_Contact_BAO_SavedSearch::whereClause($group->saved_search_id, | |
160 | $tables, | |
161 | $whereTables | |
162 | ); | |
163 | if (trim($clause)) { | |
164 | $clauses[] = $clause; | |
165 | } | |
166 | } | |
167 | } | |
168 | $clause = ' ( ' . implode(' OR ', $clauses) . ' ) '; | |
169 | } | |
170 | } | |
171 | else { | |
172 | if ($this->_viewAdminUser) { | |
173 | $clause = ' ( 1 ) '; | |
174 | } | |
175 | elseif (empty($this->_viewPermissionedGroups[$groupKey])) { | |
176 | $clause = ' ( 0 ) '; | |
177 | } | |
178 | else { | |
179 | $clauses = array(); | |
180 | $groups = implode(', ', $this->_viewPermissionedGroups[$groupKey]); | |
181 | $clauses[] = ' ( civicrm_group_contact.group_id IN (' . implode(', ', array_keys($this->_viewPermissionedGroups[$groupKey])) . " ) AND civicrm_group_contact.status = 'Added' ) "; | |
182 | $tables['civicrm_group_contact'] = 1; | |
183 | $whereTables['civicrm_group_contact'] = 1; | |
184 | $clause = ' ( ' . implode(' OR ', $clauses) . ' ) '; | |
185 | } | |
186 | } | |
187 | ||
188 | return $clause; | |
189 | } | |
190 | ||
191 | /** | |
192 | * get the current permission of this user | |
193 | * | |
194 | * @return string the permission of the user (edit or view or null) | |
195 | */ | |
196 | public function getPermission() { | |
197 | $this->group(); | |
198 | ||
199 | if ($this->_editPermission) { | |
200 | return CRM_Core_Permission::EDIT; | |
201 | } | |
202 | elseif ($this->_viewPermission) { | |
203 | return CRM_Core_Permission::VIEW; | |
204 | } | |
205 | return NULL; | |
206 | } | |
207 | ||
208 | /** | |
209 | * given a permission string, check for access requirements | |
210 | * | |
211 | * @param string $str the permission to check | |
212 | * | |
213 | * @return boolean true if yes, else false | |
214 | * @access public | |
215 | */ | |
216 | function check($str, $contactID = NULL) { | |
217 | if (function_exists('user_access')) { | |
218 | return user_access($str) ? TRUE : FALSE; | |
219 | } | |
220 | return TRUE; | |
221 | } | |
222 | ||
223 | function getContactEmails($uids) { | |
224 | if (empty($uids)) { | |
225 | return ''; | |
226 | } | |
227 | $uidString = implode(',', $uids); | |
228 | $sql = " | |
229 | SELECT e.email | |
230 | FROM civicrm_contact c | |
231 | INNER JOIN civicrm_email e ON ( c.id = e.contact_id AND e.is_primary = 1 ) | |
232 | INNER JOIN civicrm_uf_match uf ON ( c.id = uf.contact_id ) | |
233 | WHERE c.is_deceased = 0 | |
234 | AND c.is_deleted = 0 | |
235 | AND uf.uf_id IN ( $uidString ) | |
236 | "; | |
237 | ||
238 | $dao = CRM_Core_DAO::executeQuery($sql); | |
239 | ||
240 | $emails = array(); | |
241 | while ($dao->fetch()) { | |
242 | $emails[] = $dao->email; | |
243 | } | |
244 | ||
245 | return implode(', ', $emails); | |
246 | } | |
6a488035 | 247 | } |