Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
6a488035 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
6a488035 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
6a488035 TO |
11 | |
12 | /** | |
13 | * | |
14 | * @package CRM | |
ca5cec67 | 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
6a488035 TO |
16 | * $Id$ |
17 | * | |
18 | */ | |
19 | ||
20 | /** | |
21 | * | |
22 | */ | |
23 | class CRM_Core_Permission_Joomla extends CRM_Core_Permission_Base { | |
518fa0ee | 24 | |
6a488035 | 25 | /** |
100fef9d | 26 | * Given a permission string, check for access requirements |
6a488035 | 27 | * |
6a0b768e TO |
28 | * @param string $str |
29 | * The permission to check. | |
18be3201 | 30 | * @param int $userId |
6a488035 | 31 | * |
c301f76e | 32 | * @return bool |
a6c01b45 | 33 | * true if yes, else false |
6a488035 | 34 | */ |
18be3201 | 35 | public function check($str, $userId = NULL) { |
6a488035 | 36 | $config = CRM_Core_Config::singleton(); |
18be3201 CW |
37 | // JFactory::getUser does strict type checking, so convert falesy values to NULL |
38 | if (!$userId) { | |
39 | $userId = NULL; | |
40 | } | |
6a488035 | 41 | |
cc222cb6 TO |
42 | $translated = $this->translateJoomlaPermission($str); |
43 | if ($translated === CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { | |
44 | return FALSE; | |
45 | } | |
46 | if ($translated === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
47 | return TRUE; | |
48 | } | |
49 | ||
6a488035 TO |
50 | // ensure that we are running in a joomla context |
51 | // we've not yet figured out how to bootstrap joomla, so we should | |
52 | // not execute hooks if joomla is not loaded | |
53 | if (defined('_JEXEC')) { | |
18be3201 | 54 | $user = JFactory::getUser($userId); |
906e5a45 | 55 | $api_key = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST'); |
d37cd2a2 | 56 | |
a386d65b | 57 | // If we are coming from REST we don't have a user but we do have the api_key for a user. |
906e5a45 | 58 | if ($user->id === 0 && !is_null($api_key)) { |
a386d65b EW |
59 | // This is a codeblock copied from /Civicrm/Utils/REST |
60 | $uid = NULL; | |
61 | if (!$uid) { | |
518fa0ee | 62 | $store = NULL; |
d37cd2a2 | 63 | |
a386d65b | 64 | $contact_id = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key'); |
d37cd2a2 | 65 | |
a386d65b EW |
66 | if ($contact_id) { |
67 | $uid = CRM_Core_BAO_UFMatch::getUFId($contact_id); | |
68 | } | |
69 | $user = JFactory::getUser($uid); | |
d37cd2a2 EW |
70 | |
71 | } | |
72 | } | |
73 | ||
c50bc0a1 | 74 | return $user->authorise($translated[0], $translated[1]); |
d37cd2a2 | 75 | |
6a488035 TO |
76 | } |
77 | else { | |
d37cd2a2 | 78 | |
a386d65b | 79 | return FALSE; |
6a488035 TO |
80 | } |
81 | } | |
82 | ||
e5db5646 FG |
83 | public function isModulePermissionSupported() { |
84 | return TRUE; | |
85 | } | |
86 | ||
cc222cb6 | 87 | /** |
77b97be7 EM |
88 | * @param $perm |
89 | * | |
90 | * @internal param string $name e.g. "administer CiviCRM", "cms:access user record", "Drupal:administer content", "Joomla:example.action:com_some_asset" | |
cc222cb6 TO |
91 | * @return ALWAYS_DENY_PERMISSION|ALWAYS_ALLOW_PERMISSION|array(0 => $joomlaAction, 1 => $joomlaAsset) |
92 | */ | |
00be9182 | 93 | public function translateJoomlaPermission($perm) { |
cc222cb6 TO |
94 | if ($perm === CRM_Core_Permission::ALWAYS_DENY_PERMISSION || $perm === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { |
95 | return $perm; | |
96 | } | |
97 | ||
98 | list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL); | |
22e263ad | 99 | switch ($civiPrefix) { |
cc222cb6 TO |
100 | case 'Joomla': |
101 | return explode(':', $name); | |
2aa397bc | 102 | |
cc222cb6 TO |
103 | case 'cms': |
104 | // FIXME: This needn't be DENY, but we don't currently have any translations. | |
105 | return CRM_Core_Permission::ALWAYS_DENY_PERMISSION; | |
2aa397bc | 106 | |
cc222cb6 | 107 | case NULL: |
be2fb01f | 108 | return ['civicrm.' . CRM_Utils_String::munge(strtolower($name)), 'com_civicrm']; |
2aa397bc | 109 | |
cc222cb6 TO |
110 | default: |
111 | return CRM_Core_Permission::ALWAYS_DENY_PERMISSION; | |
112 | } | |
113 | } | |
114 | ||
6a488035 TO |
115 | /** |
116 | * Given a roles array, check for access requirements | |
117 | * | |
6a0b768e TO |
118 | * @param array $array |
119 | * The roles to check. | |
6a488035 | 120 | * |
c301f76e | 121 | * @return bool |
a6c01b45 | 122 | * true if yes, else false |
6a488035 | 123 | */ |
00be9182 | 124 | public function checkGroupRole($array) { |
6a488035 TO |
125 | return FALSE; |
126 | } | |
96025800 | 127 | |
e5db5646 FG |
128 | /** |
129 | * @inheritDoc | |
130 | */ | |
131 | public function upgradePermissions($permissions) { | |
be2fb01f | 132 | $translatedPerms = []; |
b415fb17 FG |
133 | |
134 | // Flipping the $permissions array gives us just the raw names of the | |
135 | // permissions. The descriptions, etc., are irrelevant for the purposes of | |
136 | // this method. | |
e5db5646 FG |
137 | foreach (array_flip($permissions) as $perm) { |
138 | $translated = $this->translateJoomlaPermission($perm); | |
139 | $translatedPerms[] = $translated[0]; | |
140 | } | |
141 | ||
142 | $associations = $this->getUserGroupPermsAssociations(); | |
b415fb17 | 143 | $cmsPermsHaveGoneStale = FALSE; |
e5db5646 FG |
144 | foreach (array_keys(get_object_vars($associations)) as $permName) { |
145 | if (!in_array($permName, $translatedPerms)) { | |
146 | unset($associations->$permName); | |
b415fb17 | 147 | $cmsPermsHaveGoneStale = TRUE; |
e5db5646 FG |
148 | } |
149 | } | |
150 | ||
b415fb17 | 151 | if ($cmsPermsHaveGoneStale) { |
e5db5646 FG |
152 | $this->updateGroupPermsAssociations($associations); |
153 | } | |
154 | } | |
155 | ||
156 | /** | |
157 | * Fetches the associations between user groups and CiviCRM permissions. | |
158 | * | |
b415fb17 | 159 | * @see https://docs.joomla.org/Selecting_data_using_JDatabase |
f746881c | 160 | * @return object |
e5db5646 FG |
161 | * Properties of the object are Joomla-fied permission names. |
162 | */ | |
163 | private function getUserGroupPermsAssociations() { | |
e5db5646 | 164 | $db = JFactory::getDbo(); |
f746881c | 165 | $query = $db->getQuery(TRUE); |
e5db5646 | 166 | |
e5db5646 | 167 | $query |
518fa0ee SL |
168 | ->select($db->quoteName('rules')) |
169 | ->from($db->quoteName('#__assets')) | |
170 | ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm')); | |
e5db5646 | 171 | |
e5db5646 FG |
172 | $db->setQuery($query); |
173 | ||
76d556c7 FG |
174 | // Joomla gotcha: loadObject returns NULL in the case of no matches. |
175 | $result = $db->loadObject(); | |
be2fb01f | 176 | return $result ? json_decode($result->rules) : (object) []; |
e5db5646 FG |
177 | } |
178 | ||
179 | /** | |
180 | * Writes user-group/permissions associations back to Joomla. | |
181 | * | |
b415fb17 | 182 | * @see https://docs.joomla.org/Inserting,_Updating_and_Removing_data_using_JDatabase |
f746881c FG |
183 | * @param object $associations |
184 | * Same format as the return of | |
185 | * CRM_Core_Permission_Joomla->getUserGroupPermsAssociations(). | |
e5db5646 | 186 | */ |
a1f60f01 | 187 | private function updateGroupPermsAssociations($associations) { |
e5db5646 | 188 | $db = JFactory::getDbo(); |
f746881c | 189 | $query = $db->getQuery(TRUE); |
e5db5646 | 190 | |
e5db5646 | 191 | $query |
518fa0ee SL |
192 | ->update($db->quoteName('#__assets')) |
193 | ->set($db->quoteName('rules') . ' = ' . $db->quote(json_encode($associations))) | |
194 | ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm')); | |
e5db5646 FG |
195 | |
196 | $db->setQuery($query)->execute(); | |
197 | } | |
198 | ||
6a488035 | 199 | } |