Commit | Line | Data |
---|---|---|
59735506 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
7e9e8871 | 4 | | CiviCRM version 4.7 | |
59735506 | 5 | +--------------------------------------------------------------------+ |
0f03f337 | 6 | | Copyright CiviCRM LLC (c) 2004-2017 | |
59735506 TO |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License and the CiviCRM Licensing Exception along | | |
21 | | with this program; if not, contact CiviCRM LLC | | |
22 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
23 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
25 | +--------------------------------------------------------------------+ | |
26 | */ | |
27 | ||
28 | /** | |
29 | * | |
30 | * @package CRM | |
0f03f337 | 31 | * @copyright CiviCRM LLC (c) 2004-2017 |
59735506 TO |
32 | * $Id$ |
33 | * | |
34 | */ | |
35 | ||
36 | /** | |
37 | * This supplements the permissions of the CMS system, allowing us | |
38 | * to temporarily acknowledge permission grants for API keys. | |
39 | * | |
40 | * In normal usage, the class isn't even instantiated - it's only | |
41 | * used when processing certain API backends. | |
42 | */ | |
43 | class CRM_Core_Permission_Temp { | |
44 | static $id = 0; | |
45 | ||
46 | /** | |
47 | * Array(int $grantId => array($perm)) | |
48 | * | |
49 | * @var array | |
50 | */ | |
51 | private $grants; | |
52 | ||
53 | /** | |
54 | * Array ($perm => 1); | |
55 | * @var array | |
56 | */ | |
57 | private $idx; | |
58 | ||
59 | /** | |
60 | * Grant permissions temporarily. | |
61 | * | |
62 | * @param string|array $perms | |
63 | * List of permissions to apply. | |
64 | * @return string|int | |
65 | * A handle for the grant. Useful for revoking later on. | |
66 | */ | |
67 | public function grant($perms) { | |
68 | $perms = (array) $perms; | |
69 | $id = self::$id++; | |
70 | $this->grants[$id] = $perms; | |
71 | $this->idx = $this->index($this->grants); | |
72 | return $id; | |
73 | } | |
74 | ||
75 | /** | |
76 | * Revoke a previously granted permission. | |
77 | * | |
78 | * @param string|int $id | |
79 | * The handle previously returned by grant(). | |
80 | */ | |
81 | public function revoke($id) { | |
82 | unset($this->grants[$id]); | |
83 | $this->idx = $this->index($this->grants); | |
84 | } | |
85 | ||
86 | /** | |
87 | * Determine if a permission has been granted. | |
88 | * | |
89 | * @param string $perm | |
90 | * The permission name (e.g. "view all contacts"). | |
91 | * @return bool | |
92 | */ | |
93 | public function check($perm) { | |
94 | return (isset($this->idx['administer CiviCRM']) || isset($this->idx[$perm])); | |
95 | } | |
96 | ||
97 | /** | |
98 | * Generate an optimized index of granted permissions. | |
99 | * | |
100 | * @param array $grants | |
101 | * Array(string $permName). | |
102 | * @return array | |
103 | * Array(string $permName => bool $granted). | |
104 | */ | |
105 | protected function index($grants) { | |
106 | $idx = array(); | |
107 | foreach ($grants as $grant) { | |
108 | foreach ($grant as $perm) { | |
109 | $idx[$perm] = 1; | |
110 | } | |
111 | } | |
112 | return $idx; | |
113 | } | |
114 | ||
115 | } |