Commit | Line | Data |
---|---|---|
6a488035 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
6a488035 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
6a488035 | 9 | +--------------------------------------------------------------------+ |
d25dd0ee | 10 | */ |
6a488035 TO |
11 | |
12 | /** | |
13 | * | |
14 | * @package CRM | |
ca5cec67 | 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
6a488035 TO |
16 | */ |
17 | ||
18 | /** | |
19 | * | |
20 | */ | |
21 | class CRM_Core_Permission_WordPress extends CRM_Core_Permission_Base { | |
518fa0ee | 22 | |
6a488035 | 23 | /** |
100fef9d | 24 | * Given a permission string, check for access requirements |
6a488035 | 25 | * |
6a0b768e TO |
26 | * @param string $str |
27 | * The permission to check. | |
18be3201 | 28 | * @param int $userId |
6a488035 | 29 | * |
5c766a0b | 30 | * @return bool |
a6c01b45 | 31 | * true if yes, else false |
6a488035 | 32 | */ |
18be3201 | 33 | public function check($str, $userId = NULL) { |
cf39ce67 | 34 | // Generic cms 'administer users' role tranlates to users with the 'edit_users' capability' in WordPress |
be2fb01f | 35 | $str = $this->translatePermission($str, 'WordPress', [ |
20554149 | 36 | 'administer users' => 'edit_users', |
be2fb01f | 37 | ]); |
085823c1 TO |
38 | if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { |
39 | return FALSE; | |
40 | } | |
41 | if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { | |
42 | return TRUE; | |
43 | } | |
44 | ||
35da5d8d | 45 | // CRM-15629 |
26005452 | 46 | // During some extern/* calls we don't bootstrap CMS hence |
e401f13c | 47 | // below constants are not set. In such cases, we don't need to |
48 | // check permission, hence directly return TRUE | |
8b8897c8 | 49 | if (!defined('ABSPATH') || !defined('WPINC')) { |
35da5d8d KC |
50 | require_once 'CRM/Utils/System.php'; |
51 | CRM_Utils_System::loadBootStrap(); | |
52 | } | |
53 | ||
8518b09b TO |
54 | require_once ABSPATH . WPINC . '/pluggable.php'; |
55 | ||
6a488035 TO |
56 | // for administrators give them all permissions |
57 | if (!function_exists('current_user_can')) { | |
58 | return TRUE; | |
59 | } | |
60 | ||
18be3201 CW |
61 | $user = $userId ? get_userdata($userId) : wp_get_current_user(); |
62 | ||
ae6d2c8e | 63 | if ($userId !== 0 && ($user->has_cap('super admin') || $user->has_cap('administrator'))) { |
6a488035 TO |
64 | return TRUE; |
65 | } | |
66 | ||
67 | // Make string lowercase and convert spaces into underscore | |
629b3d4d | 68 | $str = CRM_Utils_String::munge(strtolower($str)); |
6a488035 | 69 | |
ae6d2c8e | 70 | if ($userId !== 0 && $user->exists()) { |
6a488035 | 71 | // Check whether the logged in user has the capabilitity |
18be3201 | 72 | if ($user->has_cap($str)) { |
6a488035 TO |
73 | return TRUE; |
74 | } | |
75 | } | |
76 | else { | |
77 | //check the capabilities of Anonymous user) | |
78 | $roleObj = new WP_Roles(); | |
3141ef88 ML |
79 | $anonObj = $roleObj->get_role('anonymous_user'); |
80 | if (!empty($anonObj->capabilities) && array_key_exists($str, $anonObj->capabilities)) { | |
6a488035 TO |
81 | return TRUE; |
82 | } | |
83 | } | |
84 | return FALSE; | |
85 | } | |
353ffa53 | 86 | |
0247a000 TO |
87 | /** |
88 | * @inheritDoc | |
89 | */ | |
90 | public function getAvailablePermissions() { | |
91 | // We want to list *only* WordPress perms, so we'll *skip* Civi perms. | |
92 | $mungedCorePerms = array_map( | |
93 | function($str) { | |
94 | return CRM_Utils_String::munge(strtolower($str)); | |
95 | }, | |
96 | array_keys(\CRM_Core_Permission::basicPermissions(TRUE)) | |
97 | ); | |
98 | ||
99 | // WP doesn't have an API to list all capabilities. However, we can discover a | |
100 | // pretty good list by inspecting the (super)admin roles. | |
101 | $wpCaps = []; | |
102 | foreach (wp_roles()->roles as $wpRole) { | |
103 | $wpCaps = array_unique(array_merge(array_keys($wpRole['capabilities']), $wpCaps)); | |
104 | } | |
105 | ||
106 | $permissions = []; | |
107 | foreach ($wpCaps as $wpCap) { | |
108 | if (!in_array($wpCap, $mungedCorePerms)) { | |
109 | $permissions["WordPress:$wpCap"] = [ | |
110 | 'title' => "WordPress: $wpCap", | |
111 | ]; | |
112 | } | |
113 | } | |
114 | return $permissions; | |
115 | } | |
116 | ||
73950aa0 | 117 | /** |
e7c15cb6 | 118 | * @inheritDoc |
73950aa0 | 119 | */ |
120 | public function isModulePermissionSupported() { | |
0d3d1f9d | 121 | return TRUE; |
73950aa0 | 122 | } |
0d3d1f9d | 123 | |
73950aa0 | 124 | /** |
e7c15cb6 | 125 | * @inheritDoc |
73950aa0 | 126 | */ |
00be9182 | 127 | public function upgradePermissions($permissions) { |
73950aa0 | 128 | } |
96025800 | 129 | |
6a488035 | 130 | } |