Commit | Line | Data |
---|---|---|
59735506 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
59735506 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
59735506 TO |
9 | +--------------------------------------------------------------------+ |
10 | */ | |
11 | ||
12 | /** | |
13 | * | |
14 | * @package CRM | |
ca5cec67 | 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
59735506 TO |
16 | */ |
17 | ||
18 | /** | |
19 | * This supplements the permissions of the CMS system, allowing us | |
20 | * to temporarily acknowledge permission grants for API keys. | |
21 | * | |
22 | * In normal usage, the class isn't even instantiated - it's only | |
23 | * used when processing certain API backends. | |
24 | */ | |
25 | class CRM_Core_Permission_Temp { | |
518fa0ee | 26 | public static $id = 0; |
59735506 TO |
27 | |
28 | /** | |
29 | * Array(int $grantId => array($perm)) | |
30 | * | |
31 | * @var array | |
32 | */ | |
33 | private $grants; | |
34 | ||
35 | /** | |
36 | * Array ($perm => 1); | |
37 | * @var array | |
38 | */ | |
39 | private $idx; | |
40 | ||
41 | /** | |
42 | * Grant permissions temporarily. | |
43 | * | |
44 | * @param string|array $perms | |
45 | * List of permissions to apply. | |
46 | * @return string|int | |
47 | * A handle for the grant. Useful for revoking later on. | |
48 | */ | |
49 | public function grant($perms) { | |
50 | $perms = (array) $perms; | |
51 | $id = self::$id++; | |
52 | $this->grants[$id] = $perms; | |
53 | $this->idx = $this->index($this->grants); | |
54 | return $id; | |
55 | } | |
56 | ||
57 | /** | |
58 | * Revoke a previously granted permission. | |
59 | * | |
60 | * @param string|int $id | |
61 | * The handle previously returned by grant(). | |
62 | */ | |
63 | public function revoke($id) { | |
64 | unset($this->grants[$id]); | |
65 | $this->idx = $this->index($this->grants); | |
66 | } | |
67 | ||
68 | /** | |
69 | * Determine if a permission has been granted. | |
70 | * | |
71 | * @param string $perm | |
72 | * The permission name (e.g. "view all contacts"). | |
73 | * @return bool | |
74 | */ | |
75 | public function check($perm) { | |
76 | return (isset($this->idx['administer CiviCRM']) || isset($this->idx[$perm])); | |
77 | } | |
78 | ||
79 | /** | |
80 | * Generate an optimized index of granted permissions. | |
81 | * | |
82 | * @param array $grants | |
83 | * Array(string $permName). | |
84 | * @return array | |
85 | * Array(string $permName => bool $granted). | |
86 | */ | |
87 | protected function index($grants) { | |
be2fb01f | 88 | $idx = []; |
59735506 TO |
89 | foreach ($grants as $grant) { |
90 | foreach ($grant as $perm) { | |
91 | $idx[$perm] = 1; | |
92 | } | |
93 | } | |
94 | return $idx; | |
95 | } | |
96 | ||
97 | } |