[civicrm-core.git] / CRM / Core / Permission / Temp.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC https://civicrm.org/licensing
 * $Id$
 *
 */

/**
 * This supplements the permissions of the CMS system, allowing us
 * to temporarily acknowledge permission grants for API keys.
 *
 * In normal usage, the class isn't even instantiated - it's only
 * used when processing certain API backends.
 */
class CRM_Core_Permission_Temp {
  public static $id = 0;

  /**
   * Array(int $grantId => array($perm))
   *
   * @var array
   */
  private $grants;

  /**
   * Array ($perm => 1);
   * @var array
   */
  private $idx;

  /**
   * Grant permissions temporarily.
   *
   * @param string|array $perms
   *   List of permissions to apply.
   * @return string|int
   *   A handle for the grant. Useful for revoking later on.
   */
  public function grant($perms) {
    $perms = (array) $perms;
    $id = self::$id++;
    $this->grants[$id] = $perms;
    $this->idx = $this->index($this->grants);
    return $id;
  }

  /**
   * Revoke a previously granted permission.
   *
   * @param string|int $id
   *   The handle previously returned by grant().
   */
  public function revoke($id) {
    unset($this->grants[$id]);
    $this->idx = $this->index($this->grants);
  }

  /**
   * Determine if a permission has been granted.
   *
   * @param string $perm
   *   The permission name (e.g. "view all contacts").
   * @return bool
   */
  public function check($perm) {
    return (isset($this->idx['administer CiviCRM']) || isset($this->idx[$perm]));
  }

  /**
   * Generate an optimized index of granted permissions.
   *
   * @param array $grants
   *   Array(string $permName).
   * @return array
   *   Array(string $permName => bool $granted).
   */
  protected function index($grants) {
    $idx = [];
    foreach ($grants as $grant) {
      foreach ($grant as $perm) {
        $idx[$perm] = 1;
      }
    }
    return $idx;
  }

}
Commit	Line	Data
59735506 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
bc77d7c0	4	\| Copyright CiviCRM LLC. All rights reserved. \|
59735506	5	\| \|
bc77d7c0 TO	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
59735506 TO	9	+--------------------------------------------------------------------+
	10	*/
	11
	12	/**
	13	*
	14	* @package CRM
ca5cec67	15	* @copyright CiviCRM LLC https://civicrm.org/licensing
59735506 TO	16	* $Id$
	17	*
	18	*/
	19
	20	/**
	21	* This supplements the permissions of the CMS system, allowing us
	22	* to temporarily acknowledge permission grants for API keys.
	23	*
	24	* In normal usage, the class isn't even instantiated - it's only
	25	* used when processing certain API backends.
	26	*/
	27	class CRM_Core_Permission_Temp {
518fa0ee	28	public static $id = 0;
59735506 TO	29
	30	/**
	31	* Array(int $grantId => array($perm))
	32	*
	33	* @var array
	34	*/
	35	private $grants;
	36
	37	/**
	38	* Array ($perm => 1);
	39	* @var array
	40	*/
	41	private $idx;
	42
	43	/**
	44	* Grant permissions temporarily.
	45	*
	46	* @param string\|array $perms
	47	* List of permissions to apply.
	48	* @return string\|int
	49	* A handle for the grant. Useful for revoking later on.
	50	*/
	51	public function grant($perms) {
	52	$perms = (array) $perms;
	53	$id = self::$id++;
	54	$this->grants[$id] = $perms;
	55	$this->idx = $this->index($this->grants);
	56	return $id;
	57	}
	58
	59	/**
	60	* Revoke a previously granted permission.
	61	*
	62	* @param string\|int $id
	63	* The handle previously returned by grant().
	64	*/
	65	public function revoke($id) {
	66	unset($this->grants[$id]);
	67	$this->idx = $this->index($this->grants);
	68	}
	69
	70	/**
	71	* Determine if a permission has been granted.
	72	*
	73	* @param string $perm
	74	* The permission name (e.g. "view all contacts").
	75	* @return bool
	76	*/
	77	public function check($perm) {
	78	return (isset($this->idx['administer CiviCRM']) \|\| isset($this->idx[$perm]));
	79	}
	80
	81	/**
	82	* Generate an optimized index of granted permissions.
	83	*
	84	* @param array $grants
	85	* Array(string $permName).
	86	* @return array
	87	* Array(string $permName => bool $granted).
	88	*/
	89	protected function index($grants) {
be2fb01f	90	$idx = [];
59735506 TO	91	foreach ($grants as $grant) {
	92	foreach ($grant as $perm) {
	93	$idx[$perm] = 1;
	94	}
	95	}
	96	return $idx;
	97	}
	98
	99	}