Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
7e9e8871 | 4 | | CiviCRM version 4.7 | |
6a488035 | 5 | +--------------------------------------------------------------------+ |
0f03f337 | 6 | | Copyright CiviCRM LLC (c) 2004-2017 | |
6a488035 TO |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
d25dd0ee | 26 | */ |
6a488035 TO |
27 | |
28 | /** | |
29 | * | |
30 | * @package CRM | |
0f03f337 | 31 | * @copyright CiviCRM LLC (c) 2004-2017 |
6a488035 TO |
32 | * $Id$ |
33 | * | |
34 | */ | |
35 | ||
36 | /** | |
37 | * | |
38 | */ | |
39 | class CRM_Core_Permission_Joomla extends CRM_Core_Permission_Base { | |
40 | /** | |
100fef9d | 41 | * Given a permission string, check for access requirements |
6a488035 | 42 | * |
6a0b768e TO |
43 | * @param string $str |
44 | * The permission to check. | |
6a488035 | 45 | * |
c301f76e | 46 | * @return bool |
a6c01b45 | 47 | * true if yes, else false |
6a488035 | 48 | */ |
00be9182 | 49 | public function check($str) { |
6a488035 TO |
50 | $config = CRM_Core_Config::singleton(); |
51 | ||
cc222cb6 TO |
52 | $translated = $this->translateJoomlaPermission($str); |
53 | if ($translated === CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { | |
54 | return FALSE; | |
55 | } | |
56 | if ($translated === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
57 | return TRUE; | |
58 | } | |
59 | ||
6a488035 TO |
60 | // ensure that we are running in a joomla context |
61 | // we've not yet figured out how to bootstrap joomla, so we should | |
62 | // not execute hooks if joomla is not loaded | |
63 | if (defined('_JEXEC')) { | |
a386d65b | 64 | $user = JFactory::getUser(); |
906e5a45 | 65 | $api_key = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST'); |
d37cd2a2 | 66 | |
a386d65b | 67 | // If we are coming from REST we don't have a user but we do have the api_key for a user. |
906e5a45 | 68 | if ($user->id === 0 && !is_null($api_key)) { |
a386d65b EW |
69 | // This is a codeblock copied from /Civicrm/Utils/REST |
70 | $uid = NULL; | |
71 | if (!$uid) { | |
72 | $store = NULL; | |
d37cd2a2 | 73 | |
a386d65b | 74 | $contact_id = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key'); |
d37cd2a2 | 75 | |
a386d65b EW |
76 | if ($contact_id) { |
77 | $uid = CRM_Core_BAO_UFMatch::getUFId($contact_id); | |
78 | } | |
79 | $user = JFactory::getUser($uid); | |
d37cd2a2 EW |
80 | |
81 | } | |
82 | } | |
83 | ||
c50bc0a1 | 84 | return $user->authorise($translated[0], $translated[1]); |
d37cd2a2 | 85 | |
6a488035 TO |
86 | } |
87 | else { | |
d37cd2a2 | 88 | |
a386d65b | 89 | return FALSE; |
6a488035 TO |
90 | } |
91 | } | |
92 | ||
e5db5646 FG |
93 | public function isModulePermissionSupported() { |
94 | return TRUE; | |
95 | } | |
96 | ||
cc222cb6 | 97 | /** |
77b97be7 EM |
98 | * @param $perm |
99 | * | |
100 | * @internal param string $name e.g. "administer CiviCRM", "cms:access user record", "Drupal:administer content", "Joomla:example.action:com_some_asset" | |
cc222cb6 TO |
101 | * @return ALWAYS_DENY_PERMISSION|ALWAYS_ALLOW_PERMISSION|array(0 => $joomlaAction, 1 => $joomlaAsset) |
102 | */ | |
00be9182 | 103 | public function translateJoomlaPermission($perm) { |
cc222cb6 TO |
104 | if ($perm === CRM_Core_Permission::ALWAYS_DENY_PERMISSION || $perm === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { |
105 | return $perm; | |
106 | } | |
107 | ||
108 | list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL); | |
22e263ad | 109 | switch ($civiPrefix) { |
cc222cb6 TO |
110 | case 'Joomla': |
111 | return explode(':', $name); | |
2aa397bc | 112 | |
cc222cb6 TO |
113 | case 'cms': |
114 | // FIXME: This needn't be DENY, but we don't currently have any translations. | |
115 | return CRM_Core_Permission::ALWAYS_DENY_PERMISSION; | |
2aa397bc | 116 | |
cc222cb6 TO |
117 | case NULL: |
118 | return array('civicrm.' . CRM_Utils_String::munge(strtolower($name)), 'com_civicrm'); | |
2aa397bc | 119 | |
cc222cb6 TO |
120 | default: |
121 | return CRM_Core_Permission::ALWAYS_DENY_PERMISSION; | |
122 | } | |
123 | } | |
124 | ||
6a488035 TO |
125 | /** |
126 | * Given a roles array, check for access requirements | |
127 | * | |
6a0b768e TO |
128 | * @param array $array |
129 | * The roles to check. | |
6a488035 | 130 | * |
c301f76e | 131 | * @return bool |
a6c01b45 | 132 | * true if yes, else false |
6a488035 | 133 | */ |
00be9182 | 134 | public function checkGroupRole($array) { |
6a488035 TO |
135 | return FALSE; |
136 | } | |
96025800 | 137 | |
e5db5646 FG |
138 | /** |
139 | * @inheritDoc | |
140 | */ | |
141 | public function upgradePermissions($permissions) { | |
142 | $translatedPerms = array(); | |
b415fb17 FG |
143 | |
144 | // Flipping the $permissions array gives us just the raw names of the | |
145 | // permissions. The descriptions, etc., are irrelevant for the purposes of | |
146 | // this method. | |
e5db5646 FG |
147 | foreach (array_flip($permissions) as $perm) { |
148 | $translated = $this->translateJoomlaPermission($perm); | |
149 | $translatedPerms[] = $translated[0]; | |
150 | } | |
151 | ||
152 | $associations = $this->getUserGroupPermsAssociations(); | |
b415fb17 | 153 | $cmsPermsHaveGoneStale = FALSE; |
e5db5646 FG |
154 | foreach (array_keys(get_object_vars($associations)) as $permName) { |
155 | if (!in_array($permName, $translatedPerms)) { | |
156 | unset($associations->$permName); | |
b415fb17 | 157 | $cmsPermsHaveGoneStale = TRUE; |
e5db5646 FG |
158 | } |
159 | } | |
160 | ||
b415fb17 | 161 | if ($cmsPermsHaveGoneStale) { |
e5db5646 FG |
162 | $this->updateGroupPermsAssociations($associations); |
163 | } | |
164 | } | |
165 | ||
166 | /** | |
167 | * Fetches the associations between user groups and CiviCRM permissions. | |
168 | * | |
b415fb17 | 169 | * @see https://docs.joomla.org/Selecting_data_using_JDatabase |
f746881c | 170 | * @return object |
e5db5646 FG |
171 | * Properties of the object are Joomla-fied permission names. |
172 | */ | |
173 | private function getUserGroupPermsAssociations() { | |
e5db5646 | 174 | $db = JFactory::getDbo(); |
f746881c | 175 | $query = $db->getQuery(TRUE); |
e5db5646 | 176 | |
e5db5646 FG |
177 | $query |
178 | ->select($db->quoteName('rules')) | |
179 | ->from($db->quoteName('#__assets')) | |
180 | ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm')); | |
181 | ||
e5db5646 FG |
182 | $db->setQuery($query); |
183 | ||
76d556c7 FG |
184 | // Joomla gotcha: loadObject returns NULL in the case of no matches. |
185 | $result = $db->loadObject(); | |
186 | return $result ? json_decode($result->rules) : (object) array(); | |
e5db5646 FG |
187 | } |
188 | ||
189 | /** | |
190 | * Writes user-group/permissions associations back to Joomla. | |
191 | * | |
b415fb17 | 192 | * @see https://docs.joomla.org/Inserting,_Updating_and_Removing_data_using_JDatabase |
f746881c FG |
193 | * @param object $associations |
194 | * Same format as the return of | |
195 | * CRM_Core_Permission_Joomla->getUserGroupPermsAssociations(). | |
e5db5646 | 196 | */ |
a1f60f01 | 197 | private function updateGroupPermsAssociations($associations) { |
e5db5646 | 198 | $db = JFactory::getDbo(); |
f746881c | 199 | $query = $db->getQuery(TRUE); |
e5db5646 | 200 | |
e5db5646 FG |
201 | $query |
202 | ->update($db->quoteName('#__assets')) | |
203 | ->set($db->quoteName('rules') . ' = ' . $db->quote(json_encode($associations))) | |
204 | ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm')); | |
205 | ||
206 | $db->setQuery($query)->execute(); | |
207 | } | |
208 | ||
6a488035 | 209 | } |