Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
6a488035 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
6a488035 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
6a488035 TO |
11 | |
12 | /** | |
13 | * | |
14 | * @package CRM | |
ca5cec67 | 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
6a488035 TO |
16 | * $Id$ |
17 | * | |
18 | */ | |
19 | ||
20 | /** | |
21 | * | |
22 | */ | |
23 | class CRM_Core_Permission_DrupalBase extends CRM_Core_Permission_Base { | |
42762e35 DL |
24 | |
25 | /** | |
d09edf64 | 26 | * Is this user someone with access for the entire system. |
42762e35 | 27 | * |
b67daa72 | 28 | * @var bool |
42762e35 DL |
29 | */ |
30 | protected $_viewAdminUser = FALSE; | |
31 | protected $_editAdminUser = FALSE; | |
32 | ||
33 | /** | |
100fef9d | 34 | * Am in in view permission or edit permission? |
b67daa72 | 35 | * |
36 | * @var bool | |
42762e35 DL |
37 | */ |
38 | protected $_viewPermission = FALSE; | |
39 | protected $_editPermission = FALSE; | |
40 | ||
41 | /** | |
d09edf64 | 42 | * The current set of permissioned groups for the user. |
42762e35 DL |
43 | * |
44 | * @var array | |
45 | */ | |
46 | protected $_viewPermissionedGroups; | |
47 | protected $_editPermissionedGroups; | |
48 | ||
49 | /** | |
50 | * Get all groups from database, filtered by permissions | |
51 | * for this user | |
52 | * | |
6a0b768e TO |
53 | * @param string $groupType |
54 | * Type of group(Access/Mailing). | |
55 | * @param bool $excludeHidden | |
56 | * Exclude hidden groups. | |
42762e35 | 57 | * |
42762e35 | 58 | * |
a6c01b45 CW |
59 | * @return array |
60 | * array reference of all groups. | |
42762e35 DL |
61 | */ |
62 | public function group($groupType = NULL, $excludeHidden = TRUE) { | |
63 | if (!isset($this->_viewPermissionedGroups)) { | |
be2fb01f | 64 | $this->_viewPermissionedGroups = $this->_editPermissionedGroups = []; |
42762e35 DL |
65 | } |
66 | ||
67 | $groupKey = $groupType ? $groupType : 'all'; | |
68 | ||
69 | if (!isset($this->_viewPermissionedGroups[$groupKey])) { | |
be2fb01f | 70 | $this->_viewPermissionedGroups[$groupKey] = $this->_editPermissionedGroups[$groupKey] = []; |
42762e35 DL |
71 | |
72 | $groups = CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden); | |
73 | ||
74 | if ($this->check('edit all contacts')) { | |
75 | // this is the most powerful permission, so we return | |
76 | // immediately rather than dilute it further | |
77 | $this->_editAdminUser = $this->_viewAdminUser = TRUE; | |
78 | $this->_editPermission = $this->_viewPermission = TRUE; | |
79 | $this->_editPermissionedGroups[$groupKey] = $groups; | |
80 | $this->_viewPermissionedGroups[$groupKey] = $groups; | |
81 | return $this->_viewPermissionedGroups[$groupKey]; | |
82 | } | |
83 | elseif ($this->check('view all contacts')) { | |
84 | $this->_viewAdminUser = TRUE; | |
85 | $this->_viewPermission = TRUE; | |
86 | $this->_viewPermissionedGroups[$groupKey] = $groups; | |
87 | } | |
88 | ||
42762e35 DL |
89 | $ids = CRM_ACL_API::group(CRM_Core_Permission::VIEW, NULL, 'civicrm_saved_search', $groups); |
90 | if (!empty($ids)) { | |
91 | foreach (array_values($ids) as $id) { | |
92 | $title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title'); | |
93 | $this->_viewPermissionedGroups[$groupKey][$id] = $title; | |
94 | $this->_viewPermission = TRUE; | |
95 | } | |
96 | } | |
97 | ||
98 | $ids = CRM_ACL_API::group(CRM_Core_Permission::EDIT, NULL, 'civicrm_saved_search', $groups); | |
99 | if (!empty($ids)) { | |
100 | foreach (array_values($ids) as $id) { | |
101 | $title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title'); | |
102 | $this->_editPermissionedGroups[$groupKey][$id] = $title; | |
103 | $this->_viewPermissionedGroups[$groupKey][$id] = $title; | |
104 | $this->_editPermission = TRUE; | |
105 | $this->_viewPermission = TRUE; | |
106 | } | |
107 | } | |
108 | } | |
109 | ||
110 | return $this->_viewPermissionedGroups[$groupKey]; | |
111 | } | |
112 | ||
113 | /** | |
114 | * Get group clause for this user. The group Clause filters the | |
115 | * list of groups that the user is permitted to see in a group listing. | |
116 | * For example it will filter both the list on the 'Manage Groups' page | |
117 | * and on the contact 'Groups' tab | |
118 | * | |
119 | * the aclGroup hook & configured ACLs contribute to this data. | |
120 | * If the contact is allowed to see all contacts the function will return ( 1 ) | |
121 | * | |
122 | * @todo the history of this function is that there was some confusion as to | |
123 | * whether it was filtering contacts or groups & some cruft may remain | |
124 | * | |
6a0b768e TO |
125 | * @param int $type |
126 | * The type of permission needed. | |
127 | * @param array $tables | |
128 | * (reference) add the tables that are needed for the select clause. | |
129 | * @param array $whereTables | |
130 | * (reference) add the tables that are needed for the where clause. | |
42762e35 | 131 | * |
a6c01b45 CW |
132 | * @return string |
133 | * the clause to add to the query retrieving viewable groups | |
42762e35 DL |
134 | */ |
135 | public function groupClause($type, &$tables, &$whereTables) { | |
136 | if (!isset($this->_viewPermissionedGroups)) { | |
137 | $this->group(); | |
138 | } | |
139 | ||
140 | // we basically get all the groups here | |
141 | $groupKey = 'all'; | |
142 | if ($type == CRM_Core_Permission::EDIT) { | |
143 | if ($this->_editAdminUser) { | |
144 | $clause = ' ( 1 ) '; | |
145 | } | |
146 | elseif (empty($this->_editPermissionedGroups[$groupKey])) { | |
147 | $clause = ' ( 0 ) '; | |
148 | } | |
149 | else { | |
be2fb01f | 150 | $clauses = []; |
42762e35 DL |
151 | $groups = implode(', ', $this->_editPermissionedGroups[$groupKey]); |
152 | $clauses[] = ' ( civicrm_group_contact.group_id IN ( ' . implode(', ', array_keys($this->_editPermissionedGroups[$groupKey])) . " ) AND civicrm_group_contact.status = 'Added' ) "; | |
153 | $tables['civicrm_group_contact'] = 1; | |
154 | $whereTables['civicrm_group_contact'] = 1; | |
155 | ||
156 | // foreach group that is potentially a saved search, add the saved search clause | |
157 | foreach (array_keys($this->_editPermissionedGroups[$groupKey]) as $id) { | |
158 | $group = new CRM_Contact_DAO_Group(); | |
159 | $group->id = $id; | |
160 | if ($group->find(TRUE) && $group->saved_search_id) { | |
161 | $clause = CRM_Contact_BAO_SavedSearch::whereClause($group->saved_search_id, | |
353ffa53 TO |
162 | $tables, |
163 | $whereTables | |
42762e35 DL |
164 | ); |
165 | if (trim($clause)) { | |
166 | $clauses[] = $clause; | |
167 | } | |
168 | } | |
169 | } | |
170 | $clause = ' ( ' . implode(' OR ', $clauses) . ' ) '; | |
171 | } | |
172 | } | |
173 | else { | |
174 | if ($this->_viewAdminUser) { | |
175 | $clause = ' ( 1 ) '; | |
176 | } | |
177 | elseif (empty($this->_viewPermissionedGroups[$groupKey])) { | |
178 | $clause = ' ( 0 ) '; | |
179 | } | |
180 | else { | |
be2fb01f | 181 | $clauses = []; |
42762e35 DL |
182 | $groups = implode(', ', $this->_viewPermissionedGroups[$groupKey]); |
183 | $clauses[] = ' civicrm_group.id IN (' . implode(', ', array_keys($this->_viewPermissionedGroups[$groupKey])) . " ) "; | |
184 | $tables['civicrm_group'] = 1; | |
185 | $whereTables['civicrm_group'] = 1; | |
186 | $clause = ' ( ' . implode(' OR ', $clauses) . ' ) '; | |
187 | } | |
188 | } | |
189 | ||
190 | return $clause; | |
191 | } | |
192 | ||
193 | /** | |
d09edf64 | 194 | * Get the current permission of this user. |
42762e35 | 195 | * |
a6c01b45 CW |
196 | * @return string |
197 | * the permission of the user (edit or view or null) | |
42762e35 DL |
198 | */ |
199 | public function getPermission() { | |
200 | $this->group(); | |
201 | ||
202 | if ($this->_editPermission) { | |
203 | return CRM_Core_Permission::EDIT; | |
204 | } | |
205 | elseif ($this->_viewPermission) { | |
206 | return CRM_Core_Permission::VIEW; | |
207 | } | |
208 | return NULL; | |
209 | } | |
210 | ||
a0ee3941 EM |
211 | /** |
212 | * @param $uids | |
213 | * | |
214 | * @return string | |
215 | */ | |
00be9182 | 216 | public function getContactEmails($uids) { |
42762e35 DL |
217 | if (empty($uids)) { |
218 | return ''; | |
219 | } | |
220 | $uidString = implode(',', $uids); | |
221 | $sql = " | |
222 | SELECT e.email | |
223 | FROM civicrm_contact c | |
224 | INNER JOIN civicrm_email e ON ( c.id = e.contact_id AND e.is_primary = 1 ) | |
225 | INNER JOIN civicrm_uf_match uf ON ( c.id = uf.contact_id ) | |
226 | WHERE c.is_deceased = 0 | |
227 | AND c.is_deleted = 0 | |
228 | AND uf.uf_id IN ( $uidString ) | |
229 | "; | |
230 | ||
231 | $dao = CRM_Core_DAO::executeQuery($sql); | |
232 | ||
be2fb01f | 233 | $emails = []; |
42762e35 | 234 | while ($dao->fetch()) { |
2aa397bc | 235 | $emails[] = $dao->email; |
42762e35 DL |
236 | } |
237 | ||
238 | return implode(', ', $emails); | |
239 | } | |
68be1dfe EM |
240 | |
241 | /** | |
242 | * Given a roles array, check for access requirements | |
243 | * | |
6a0b768e TO |
244 | * @param array $array |
245 | * The roles to check. | |
68be1dfe | 246 | * |
c301f76e | 247 | * @return bool |
a6c01b45 | 248 | * true if yes, else false |
68be1dfe | 249 | */ |
00be9182 | 250 | public function checkGroupRole($array) { |
68be1dfe | 251 | if (function_exists('user_load') && isset($array)) { |
481a74f4 | 252 | $user = user_load($GLOBALS['user']->uid); |
68be1dfe EM |
253 | //if giver roles found in user roles - return true |
254 | foreach ($array as $key => $value) { | |
255 | if (in_array($value, $user->roles)) { | |
256 | return TRUE; | |
257 | } | |
258 | } | |
259 | } | |
260 | return FALSE; | |
261 | } | |
262 | ||
263 | /** | |
e7c15cb6 | 264 | * @inheritDoc |
68be1dfe EM |
265 | */ |
266 | public function isModulePermissionSupported() { | |
267 | return TRUE; | |
268 | } | |
269 | ||
270 | /** | |
d09edf64 | 271 | * Get all the contact emails for users that have a specific permission. |
68be1dfe | 272 | * |
6a0b768e TO |
273 | * @param string $permissionName |
274 | * Name of the permission we are interested in. | |
68be1dfe | 275 | * |
a6c01b45 CW |
276 | * @return string |
277 | * a comma separated list of email addresses | |
68be1dfe EM |
278 | */ |
279 | public function permissionEmails($permissionName) { | |
be2fb01f | 280 | static $_cache = []; |
68be1dfe EM |
281 | |
282 | if (isset($_cache[$permissionName])) { | |
283 | return $_cache[$permissionName]; | |
284 | } | |
285 | ||
be2fb01f | 286 | $uids = []; |
68be1dfe EM |
287 | $sql = " |
288 | SELECT {users}.uid, {role_permission}.permission | |
289 | FROM {users} | |
290 | JOIN {users_roles} | |
291 | ON {users}.uid = {users_roles}.uid | |
292 | JOIN {role_permission} | |
293 | ON {role_permission}.rid = {users_roles}.rid | |
294 | WHERE {role_permission}.permission = '{$permissionName}' | |
295 | AND {users}.status = 1 | |
296 | "; | |
297 | ||
298 | $result = db_query($sql); | |
481a74f4 | 299 | foreach ($result as $record) { |
68be1dfe EM |
300 | $uids[] = $record->uid; |
301 | } | |
302 | ||
303 | $_cache[$permissionName] = self::getContactEmails($uids); | |
304 | return $_cache[$permissionName]; | |
305 | } | |
306 | ||
307 | /** | |
e7c15cb6 | 308 | * @inheritDoc |
68be1dfe | 309 | */ |
00be9182 | 310 | public function upgradePermissions($permissions) { |
68be1dfe EM |
311 | if (empty($permissions)) { |
312 | throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing"); | |
313 | } | |
314 | $query = db_delete('role_permission') | |
315 | ->condition('module', 'civicrm') | |
316 | ->condition('permission', array_keys($permissions), 'NOT IN'); | |
317 | $query->execute(); | |
318 | } | |
96025800 | 319 | |
232624b1 | 320 | } |