| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | CiviCRM version 4.7 | |
| 5 | +--------------------------------------------------------------------+ |
| 6 | | Copyright CiviCRM LLC (c) 2004-2015 | |
| 7 | +--------------------------------------------------------------------+ |
| 8 | | This file is a part of CiviCRM. | |
| 9 | | | |
| 10 | | CiviCRM is free software; you can copy, modify, and distribute it | |
| 11 | | under the terms of the GNU Affero General Public License | |
| 12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | |
| 13 | | | |
| 14 | | CiviCRM is distributed in the hope that it will be useful, but | |
| 15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
| 17 | | See the GNU Affero General Public License for more details. | |
| 18 | | | |
| 19 | | You should have received a copy of the GNU Affero General Public | |
| 20 | | License and the CiviCRM Licensing Exception along | |
| 21 | | with this program; if not, contact CiviCRM LLC | |
| 22 | | at info[AT]civicrm[DOT]org. If you have questions about the | |
| 23 | | GNU Affero General Public License or the licensing of CiviCRM, | |
| 24 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | |
| 25 | +--------------------------------------------------------------------+ |
| 26 | */ |
| 27 | |
| 28 | /** |
| 29 | * |
| 30 | * @package CRM |
| 31 | * @copyright CiviCRM LLC (c) 2004-2015 |
| 32 | * $Id$ |
| 33 | * |
| 34 | */ |
| 35 | |
| 36 | /** |
| 37 | * |
| 38 | */ |
| 39 | class CRM_Core_Permission_Joomla extends CRM_Core_Permission_Base { |
| 40 | /** |
| 41 | * Given a permission string, check for access requirements |
| 42 | * |
| 43 | * @param string $str |
| 44 | * The permission to check. |
| 45 | * |
| 46 | * @return bool |
| 47 | * true if yes, else false |
| 48 | */ |
| 49 | public function check($str) { |
| 50 | $config = CRM_Core_Config::singleton(); |
| 51 | |
| 52 | $translated = $this->translateJoomlaPermission($str); |
| 53 | if ($translated === CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { |
| 54 | return FALSE; |
| 55 | } |
| 56 | if ($translated === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { |
| 57 | return TRUE; |
| 58 | } |
| 59 | |
| 60 | // ensure that we are running in a joomla context |
| 61 | // we've not yet figured out how to bootstrap joomla, so we should |
| 62 | // not execute hooks if joomla is not loaded |
| 63 | if (defined('_JEXEC')) { |
| 64 | $user = JFactory::getUser(); |
| 65 | $api_key = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST'); |
| 66 | |
| 67 | // If we are coming from REST we don't have a user but we do have the api_key for a user. |
| 68 | if ($user->id === 0 && !is_null($api_key)) { |
| 69 | // This is a codeblock copied from /Civicrm/Utils/REST |
| 70 | $uid = NULL; |
| 71 | if (!$uid) { |
| 72 | $store = NULL; |
| 73 | |
| 74 | $contact_id = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key'); |
| 75 | |
| 76 | if ($contact_id) { |
| 77 | $uid = CRM_Core_BAO_UFMatch::getUFId($contact_id); |
| 78 | } |
| 79 | $user = JFactory::getUser($uid); |
| 80 | |
| 81 | } |
| 82 | } |
| 83 | |
| 84 | return $user->authorise($translated[0], $translated[1]); |
| 85 | |
| 86 | } |
| 87 | else { |
| 88 | |
| 89 | return FALSE; |
| 90 | } |
| 91 | } |
| 92 | |
| 93 | /** |
| 94 | * @param $perm |
| 95 | * |
| 96 | * @internal param string $name e.g. "administer CiviCRM", "cms:access user record", "Drupal:administer content", "Joomla:example.action:com_some_asset" |
| 97 | * @return ALWAYS_DENY_PERMISSION|ALWAYS_ALLOW_PERMISSION|array(0 => $joomlaAction, 1 => $joomlaAsset) |
| 98 | */ |
| 99 | public function translateJoomlaPermission($perm) { |
| 100 | if ($perm === CRM_Core_Permission::ALWAYS_DENY_PERMISSION || $perm === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { |
| 101 | return $perm; |
| 102 | } |
| 103 | |
| 104 | list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL); |
| 105 | switch ($civiPrefix) { |
| 106 | case 'Joomla': |
| 107 | return explode(':', $name); |
| 108 | |
| 109 | case 'cms': |
| 110 | // FIXME: This needn't be DENY, but we don't currently have any translations. |
| 111 | return CRM_Core_Permission::ALWAYS_DENY_PERMISSION; |
| 112 | |
| 113 | case NULL: |
| 114 | return array('civicrm.' . CRM_Utils_String::munge(strtolower($name)), 'com_civicrm'); |
| 115 | |
| 116 | default: |
| 117 | return CRM_Core_Permission::ALWAYS_DENY_PERMISSION; |
| 118 | } |
| 119 | } |
| 120 | |
| 121 | /** |
| 122 | * Given a roles array, check for access requirements |
| 123 | * |
| 124 | * @param array $array |
| 125 | * The roles to check. |
| 126 | * |
| 127 | * @return bool |
| 128 | * true if yes, else false |
| 129 | */ |
| 130 | public function checkGroupRole($array) { |
| 131 | return FALSE; |
| 132 | } |
| 133 | |
| 134 | } |