Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
39de6fd5 | 4 | | CiviCRM version 4.6 | |
6a488035 | 5 | +--------------------------------------------------------------------+ |
e7112fa7 | 6 | | Copyright CiviCRM LLC (c) 2004-2015 | |
6a488035 TO |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
d25dd0ee | 26 | */ |
6a488035 TO |
27 | |
28 | /** | |
29 | * | |
30 | * @package CRM | |
e7112fa7 | 31 | * @copyright CiviCRM LLC (c) 2004-2015 |
6a488035 TO |
32 | * $Id$ |
33 | * | |
34 | */ | |
35 | ||
36 | /** | |
37 | * | |
38 | */ | |
39 | class CRM_Core_Permission_Joomla extends CRM_Core_Permission_Base { | |
40 | /** | |
100fef9d | 41 | * Given a permission string, check for access requirements |
6a488035 | 42 | * |
6a0b768e TO |
43 | * @param string $str |
44 | * The permission to check. | |
6a488035 | 45 | * |
c301f76e | 46 | * @return bool |
a6c01b45 | 47 | * true if yes, else false |
6a488035 | 48 | */ |
00be9182 | 49 | public function check($str) { |
6a488035 TO |
50 | $config = CRM_Core_Config::singleton(); |
51 | ||
cc222cb6 TO |
52 | $translated = $this->translateJoomlaPermission($str); |
53 | if ($translated === CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { | |
54 | return FALSE; | |
55 | } | |
56 | if ($translated === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
57 | return TRUE; | |
58 | } | |
59 | ||
6a488035 TO |
60 | // ensure that we are running in a joomla context |
61 | // we've not yet figured out how to bootstrap joomla, so we should | |
62 | // not execute hooks if joomla is not loaded | |
63 | if (defined('_JEXEC')) { | |
a386d65b | 64 | $user = JFactory::getUser(); |
d37cd2a2 | 65 | |
a386d65b | 66 | // If we are coming from REST we don't have a user but we do have the api_key for a user. |
d37cd2a2 | 67 | if ($user->id === 0) { |
a386d65b EW |
68 | // This is a codeblock copied from /Civicrm/Utils/REST |
69 | $uid = NULL; | |
70 | if (!$uid) { | |
71 | $store = NULL; | |
72 | $api_key = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST'); | |
d37cd2a2 | 73 | |
a386d65b EW |
74 | if (empty($api_key)) { |
75 | return CRM_Utils_Rest::error("FATAL: mandatory param 'api_key' (user key) missing"); | |
76 | } | |
d37cd2a2 | 77 | |
a386d65b | 78 | $contact_id = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key'); |
d37cd2a2 | 79 | |
a386d65b EW |
80 | if ($contact_id) { |
81 | $uid = CRM_Core_BAO_UFMatch::getUFId($contact_id); | |
82 | } | |
83 | $user = JFactory::getUser($uid); | |
d37cd2a2 EW |
84 | |
85 | } | |
86 | } | |
87 | ||
c50bc0a1 | 88 | return $user->authorise($translated[0], $translated[1]); |
d37cd2a2 | 89 | |
6a488035 TO |
90 | } |
91 | else { | |
d37cd2a2 | 92 | |
a386d65b | 93 | return FALSE; |
6a488035 TO |
94 | } |
95 | } | |
96 | ||
cc222cb6 | 97 | /** |
77b97be7 EM |
98 | * @param $perm |
99 | * | |
100 | * @internal param string $name e.g. "administer CiviCRM", "cms:access user record", "Drupal:administer content", "Joomla:example.action:com_some_asset" | |
cc222cb6 TO |
101 | * @return ALWAYS_DENY_PERMISSION|ALWAYS_ALLOW_PERMISSION|array(0 => $joomlaAction, 1 => $joomlaAsset) |
102 | */ | |
00be9182 | 103 | public function translateJoomlaPermission($perm) { |
cc222cb6 TO |
104 | if ($perm === CRM_Core_Permission::ALWAYS_DENY_PERMISSION || $perm === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { |
105 | return $perm; | |
106 | } | |
107 | ||
108 | list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL); | |
22e263ad | 109 | switch ($civiPrefix) { |
cc222cb6 TO |
110 | case 'Joomla': |
111 | return explode(':', $name); | |
2aa397bc | 112 | |
cc222cb6 TO |
113 | case 'cms': |
114 | // FIXME: This needn't be DENY, but we don't currently have any translations. | |
115 | return CRM_Core_Permission::ALWAYS_DENY_PERMISSION; | |
2aa397bc | 116 | |
cc222cb6 TO |
117 | case NULL: |
118 | return array('civicrm.' . CRM_Utils_String::munge(strtolower($name)), 'com_civicrm'); | |
2aa397bc | 119 | |
cc222cb6 TO |
120 | default: |
121 | return CRM_Core_Permission::ALWAYS_DENY_PERMISSION; | |
122 | } | |
123 | } | |
124 | ||
6a488035 TO |
125 | /** |
126 | * Given a roles array, check for access requirements | |
127 | * | |
6a0b768e TO |
128 | * @param array $array |
129 | * The roles to check. | |
6a488035 | 130 | * |
c301f76e | 131 | * @return bool |
a6c01b45 | 132 | * true if yes, else false |
6a488035 | 133 | */ |
00be9182 | 134 | public function checkGroupRole($array) { |
6a488035 TO |
135 | return FALSE; |
136 | } | |
96025800 | 137 | |
6a488035 | 138 | } |