| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | CiviCRM version 5 | |
| 5 | +--------------------------------------------------------------------+ |
| 6 | | Copyright CiviCRM LLC (c) 2004-2018 | |
| 7 | +--------------------------------------------------------------------+ |
| 8 | | This file is a part of CiviCRM. | |
| 9 | | | |
| 10 | | CiviCRM is free software; you can copy, modify, and distribute it | |
| 11 | | under the terms of the GNU Affero General Public License | |
| 12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | |
| 13 | | | |
| 14 | | CiviCRM is distributed in the hope that it will be useful, but | |
| 15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
| 17 | | See the GNU Affero General Public License for more details. | |
| 18 | | | |
| 19 | | You should have received a copy of the GNU Affero General Public | |
| 20 | | License and the CiviCRM Licensing Exception along | |
| 21 | | with this program; if not, contact CiviCRM LLC | |
| 22 | | at info[AT]civicrm[DOT]org. If you have questions about the | |
| 23 | | GNU Affero General Public License or the licensing of CiviCRM, | |
| 24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | |
| 25 | +--------------------------------------------------------------------+ |
| 26 | */ |
| 27 | |
| 28 | /** |
| 29 | * |
| 30 | * @package CRM |
| 31 | * @copyright CiviCRM LLC (c) 2004-2018 |
| 32 | * $Id$ |
| 33 | * |
| 34 | */ |
| 35 | |
| 36 | /** |
| 37 | * |
| 38 | */ |
| 39 | class CRM_Core_Permission_Drupal8 extends CRM_Core_Permission_DrupalBase { |
| 40 | /** |
| 41 | * Given a permission string, check for access requirements |
| 42 | * |
| 43 | * @param string $str |
| 44 | * The permission to check. |
| 45 | * |
| 46 | * @param int $userId |
| 47 | * |
| 48 | * @return bool |
| 49 | */ |
| 50 | public function check($str, $userId = NULL) { |
| 51 | $str = $this->translatePermission($str, 'Drupal', array( |
| 52 | 'view user account' => 'access user profiles', |
| 53 | )); |
| 54 | |
| 55 | if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { |
| 56 | return FALSE; |
| 57 | } |
| 58 | if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { |
| 59 | return TRUE; |
| 60 | } |
| 61 | $acct = $userId ? \Drupal\user\Entity\User::load($userId) : \Drupal::currentUser(); |
| 62 | return $acct->hasPermission($str); |
| 63 | } |
| 64 | |
| 65 | /** |
| 66 | * Get all the contact emails for users that have a specific permission. |
| 67 | * |
| 68 | * @param string $permissionName |
| 69 | * Name of the permission we are interested in. |
| 70 | * |
| 71 | * @return string |
| 72 | * a comma separated list of email addresses |
| 73 | */ |
| 74 | public function permissionEmails($permissionName) { |
| 75 | static $_cache = array(); |
| 76 | |
| 77 | if (isset($_cache[$permissionName])) { |
| 78 | return $_cache[$permissionName]; |
| 79 | } |
| 80 | |
| 81 | $role_ids = array_map( |
| 82 | function (\Drupal\user\RoleInterface $role) { |
| 83 | return $role->id(); |
| 84 | }, user_roles(TRUE, $permissionName) |
| 85 | ); |
| 86 | $users = \Drupal::entityTypeManager()->getStorage('user')->loadByProperties(array('roles' => $role_ids)); |
| 87 | $uids = array_keys($users); |
| 88 | |
| 89 | $_cache[$permissionName] = self::getContactEmails($uids); |
| 90 | return $_cache[$permissionName]; |
| 91 | } |
| 92 | |
| 93 | /** |
| 94 | * @inheritDoc |
| 95 | */ |
| 96 | public function upgradePermissions($permissions) { |
| 97 | $civicrm_perms = array_keys(CRM_Core_Permission::getCorePermissions()); |
| 98 | if (empty($civicrm_perms)) { |
| 99 | throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing"); |
| 100 | } |
| 101 | |
| 102 | $roles = user_roles(TRUE); |
| 103 | foreach ($roles as $role) { |
| 104 | foreach ($civicrm_perms as $permission) { |
| 105 | $role->revokePermission($permission); |
| 106 | } |
| 107 | } |
| 108 | } |
| 109 | |
| 110 | } |