Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
6a488035 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
6a488035 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
6a488035 TO |
11 | |
12 | /** | |
13 | * | |
14 | * @package CRM | |
ca5cec67 | 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
6a488035 TO |
16 | */ |
17 | ||
18 | /** | |
19 | * | |
20 | */ | |
21 | class CRM_Core_Permission_Joomla extends CRM_Core_Permission_Base { | |
518fa0ee | 22 | |
6a488035 | 23 | /** |
100fef9d | 24 | * Given a permission string, check for access requirements |
6a488035 | 25 | * |
6a0b768e TO |
26 | * @param string $str |
27 | * The permission to check. | |
18be3201 | 28 | * @param int $userId |
6a488035 | 29 | * |
c301f76e | 30 | * @return bool |
a6c01b45 | 31 | * true if yes, else false |
6a488035 | 32 | */ |
18be3201 | 33 | public function check($str, $userId = NULL) { |
6a488035 | 34 | $config = CRM_Core_Config::singleton(); |
18be3201 | 35 | // JFactory::getUser does strict type checking, so convert falesy values to NULL |
ae6d2c8e C |
36 | if ($userId === 0 || $userId === '0') { |
37 | $userId = 0; | |
38 | } | |
39 | elseif (!$userId) { | |
18be3201 CW |
40 | $userId = NULL; |
41 | } | |
6a488035 | 42 | |
cc222cb6 TO |
43 | $translated = $this->translateJoomlaPermission($str); |
44 | if ($translated === CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { | |
45 | return FALSE; | |
46 | } | |
47 | if ($translated === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
48 | return TRUE; | |
49 | } | |
50 | ||
6a488035 TO |
51 | // ensure that we are running in a joomla context |
52 | // we've not yet figured out how to bootstrap joomla, so we should | |
53 | // not execute hooks if joomla is not loaded | |
54 | if (defined('_JEXEC')) { | |
18be3201 | 55 | $user = JFactory::getUser($userId); |
906e5a45 | 56 | $api_key = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST'); |
d37cd2a2 | 57 | |
a386d65b | 58 | // If we are coming from REST we don't have a user but we do have the api_key for a user. |
906e5a45 | 59 | if ($user->id === 0 && !is_null($api_key)) { |
a386d65b EW |
60 | // This is a codeblock copied from /Civicrm/Utils/REST |
61 | $uid = NULL; | |
62 | if (!$uid) { | |
518fa0ee | 63 | $store = NULL; |
d37cd2a2 | 64 | |
a386d65b | 65 | $contact_id = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key'); |
d37cd2a2 | 66 | |
a386d65b EW |
67 | if ($contact_id) { |
68 | $uid = CRM_Core_BAO_UFMatch::getUFId($contact_id); | |
69 | } | |
70 | $user = JFactory::getUser($uid); | |
d37cd2a2 EW |
71 | |
72 | } | |
73 | } | |
74 | ||
c50bc0a1 | 75 | return $user->authorise($translated[0], $translated[1]); |
d37cd2a2 | 76 | |
6a488035 TO |
77 | } |
78 | else { | |
d37cd2a2 | 79 | |
a386d65b | 80 | return FALSE; |
6a488035 TO |
81 | } |
82 | } | |
83 | ||
e5db5646 FG |
84 | public function isModulePermissionSupported() { |
85 | return TRUE; | |
86 | } | |
87 | ||
cc222cb6 | 88 | /** |
77b97be7 EM |
89 | * @param $perm |
90 | * | |
91 | * @internal param string $name e.g. "administer CiviCRM", "cms:access user record", "Drupal:administer content", "Joomla:example.action:com_some_asset" | |
cc222cb6 TO |
92 | * @return ALWAYS_DENY_PERMISSION|ALWAYS_ALLOW_PERMISSION|array(0 => $joomlaAction, 1 => $joomlaAsset) |
93 | */ | |
00be9182 | 94 | public function translateJoomlaPermission($perm) { |
cc222cb6 TO |
95 | if ($perm === CRM_Core_Permission::ALWAYS_DENY_PERMISSION || $perm === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { |
96 | return $perm; | |
97 | } | |
98 | ||
99 | list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL); | |
22e263ad | 100 | switch ($civiPrefix) { |
cc222cb6 TO |
101 | case 'Joomla': |
102 | return explode(':', $name); | |
2aa397bc | 103 | |
cc222cb6 TO |
104 | case 'cms': |
105 | // FIXME: This needn't be DENY, but we don't currently have any translations. | |
106 | return CRM_Core_Permission::ALWAYS_DENY_PERMISSION; | |
2aa397bc | 107 | |
cc222cb6 | 108 | case NULL: |
be2fb01f | 109 | return ['civicrm.' . CRM_Utils_String::munge(strtolower($name)), 'com_civicrm']; |
2aa397bc | 110 | |
cc222cb6 TO |
111 | default: |
112 | return CRM_Core_Permission::ALWAYS_DENY_PERMISSION; | |
113 | } | |
114 | } | |
115 | ||
6a488035 TO |
116 | /** |
117 | * Given a roles array, check for access requirements | |
118 | * | |
6a0b768e TO |
119 | * @param array $array |
120 | * The roles to check. | |
6a488035 | 121 | * |
c301f76e | 122 | * @return bool |
a6c01b45 | 123 | * true if yes, else false |
6a488035 | 124 | */ |
00be9182 | 125 | public function checkGroupRole($array) { |
6a488035 TO |
126 | return FALSE; |
127 | } | |
96025800 | 128 | |
e5db5646 FG |
129 | /** |
130 | * @inheritDoc | |
131 | */ | |
132 | public function upgradePermissions($permissions) { | |
be2fb01f | 133 | $translatedPerms = []; |
b415fb17 FG |
134 | |
135 | // Flipping the $permissions array gives us just the raw names of the | |
136 | // permissions. The descriptions, etc., are irrelevant for the purposes of | |
137 | // this method. | |
e5db5646 FG |
138 | foreach (array_flip($permissions) as $perm) { |
139 | $translated = $this->translateJoomlaPermission($perm); | |
140 | $translatedPerms[] = $translated[0]; | |
141 | } | |
142 | ||
143 | $associations = $this->getUserGroupPermsAssociations(); | |
b415fb17 | 144 | $cmsPermsHaveGoneStale = FALSE; |
e5db5646 FG |
145 | foreach (array_keys(get_object_vars($associations)) as $permName) { |
146 | if (!in_array($permName, $translatedPerms)) { | |
147 | unset($associations->$permName); | |
b415fb17 | 148 | $cmsPermsHaveGoneStale = TRUE; |
e5db5646 FG |
149 | } |
150 | } | |
151 | ||
b415fb17 | 152 | if ($cmsPermsHaveGoneStale) { |
e5db5646 FG |
153 | $this->updateGroupPermsAssociations($associations); |
154 | } | |
155 | } | |
156 | ||
157 | /** | |
158 | * Fetches the associations between user groups and CiviCRM permissions. | |
159 | * | |
b415fb17 | 160 | * @see https://docs.joomla.org/Selecting_data_using_JDatabase |
f746881c | 161 | * @return object |
e5db5646 FG |
162 | * Properties of the object are Joomla-fied permission names. |
163 | */ | |
164 | private function getUserGroupPermsAssociations() { | |
e5db5646 | 165 | $db = JFactory::getDbo(); |
f746881c | 166 | $query = $db->getQuery(TRUE); |
e5db5646 | 167 | |
e5db5646 | 168 | $query |
518fa0ee SL |
169 | ->select($db->quoteName('rules')) |
170 | ->from($db->quoteName('#__assets')) | |
171 | ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm')); | |
e5db5646 | 172 | |
e5db5646 FG |
173 | $db->setQuery($query); |
174 | ||
76d556c7 FG |
175 | // Joomla gotcha: loadObject returns NULL in the case of no matches. |
176 | $result = $db->loadObject(); | |
be2fb01f | 177 | return $result ? json_decode($result->rules) : (object) []; |
e5db5646 FG |
178 | } |
179 | ||
180 | /** | |
181 | * Writes user-group/permissions associations back to Joomla. | |
182 | * | |
b415fb17 | 183 | * @see https://docs.joomla.org/Inserting,_Updating_and_Removing_data_using_JDatabase |
f746881c FG |
184 | * @param object $associations |
185 | * Same format as the return of | |
186 | * CRM_Core_Permission_Joomla->getUserGroupPermsAssociations(). | |
e5db5646 | 187 | */ |
a1f60f01 | 188 | private function updateGroupPermsAssociations($associations) { |
e5db5646 | 189 | $db = JFactory::getDbo(); |
f746881c | 190 | $query = $db->getQuery(TRUE); |
e5db5646 | 191 | |
e5db5646 | 192 | $query |
518fa0ee SL |
193 | ->update($db->quoteName('#__assets')) |
194 | ->set($db->quoteName('rules') . ' = ' . $db->quote(json_encode($associations))) | |
195 | ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm')); | |
e5db5646 FG |
196 | |
197 | $db->setQuery($query)->execute(); | |
198 | } | |
199 | ||
6a488035 | 200 | } |