Commit | Line | Data |
---|---|---|
59735506 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
59735506 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
59735506 TO |
9 | +--------------------------------------------------------------------+ |
10 | */ | |
11 | ||
12 | /** | |
13 | * | |
14 | * @package CRM | |
ca5cec67 | 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
59735506 TO |
16 | * $Id$ |
17 | * | |
18 | */ | |
19 | ||
20 | /** | |
21 | * This supplements the permissions of the CMS system, allowing us | |
22 | * to temporarily acknowledge permission grants for API keys. | |
23 | * | |
24 | * In normal usage, the class isn't even instantiated - it's only | |
25 | * used when processing certain API backends. | |
26 | */ | |
27 | class CRM_Core_Permission_Temp { | |
518fa0ee | 28 | public static $id = 0; |
59735506 TO |
29 | |
30 | /** | |
31 | * Array(int $grantId => array($perm)) | |
32 | * | |
33 | * @var array | |
34 | */ | |
35 | private $grants; | |
36 | ||
37 | /** | |
38 | * Array ($perm => 1); | |
39 | * @var array | |
40 | */ | |
41 | private $idx; | |
42 | ||
43 | /** | |
44 | * Grant permissions temporarily. | |
45 | * | |
46 | * @param string|array $perms | |
47 | * List of permissions to apply. | |
48 | * @return string|int | |
49 | * A handle for the grant. Useful for revoking later on. | |
50 | */ | |
51 | public function grant($perms) { | |
52 | $perms = (array) $perms; | |
53 | $id = self::$id++; | |
54 | $this->grants[$id] = $perms; | |
55 | $this->idx = $this->index($this->grants); | |
56 | return $id; | |
57 | } | |
58 | ||
59 | /** | |
60 | * Revoke a previously granted permission. | |
61 | * | |
62 | * @param string|int $id | |
63 | * The handle previously returned by grant(). | |
64 | */ | |
65 | public function revoke($id) { | |
66 | unset($this->grants[$id]); | |
67 | $this->idx = $this->index($this->grants); | |
68 | } | |
69 | ||
70 | /** | |
71 | * Determine if a permission has been granted. | |
72 | * | |
73 | * @param string $perm | |
74 | * The permission name (e.g. "view all contacts"). | |
75 | * @return bool | |
76 | */ | |
77 | public function check($perm) { | |
78 | return (isset($this->idx['administer CiviCRM']) || isset($this->idx[$perm])); | |
79 | } | |
80 | ||
81 | /** | |
82 | * Generate an optimized index of granted permissions. | |
83 | * | |
84 | * @param array $grants | |
85 | * Array(string $permName). | |
86 | * @return array | |
87 | * Array(string $permName => bool $granted). | |
88 | */ | |
89 | protected function index($grants) { | |
be2fb01f | 90 | $idx = []; |
59735506 TO |
91 | foreach ($grants as $grant) { |
92 | foreach ($grant as $perm) { | |
93 | $idx[$perm] = 1; | |
94 | } | |
95 | } | |
96 | return $idx; | |
97 | } | |
98 | ||
99 | } |