4 +--------------------------------------------------------------------+
5 | CiviCRM version 4.6 |
6 +--------------------------------------------------------------------+
7 | Copyright CiviCRM LLC (c) 2004-2014 |
8 +--------------------------------------------------------------------+
9 | This file is a part of CiviCRM. |
11 | CiviCRM is free software; you can copy, modify, and distribute it |
12 | under the terms of the GNU Affero General Public License |
13 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
15 | CiviCRM is distributed in the hope that it will be useful, but |
16 | WITHOUT ANY WARRANTY; without even the implied warranty of |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
18 | See the GNU Affero General Public License for more details. |
20 | You should have received a copy of the GNU Affero General Public |
21 | License and the CiviCRM Licensing Exception along |
22 | with this program; if not, contact CiviCRM LLC |
23 | at info[AT]civicrm[DOT]org. If you have questions about the |
24 | GNU Affero General Public License or the licensing of CiviCRM, |
25 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
26 +--------------------------------------------------------------------+
32 * @copyright CiviCRM LLC (c) 2004-2014
38 * This class provides the functionality to Grant access to CiviCRM components and other CiviCRM permissions.
40 class CRM_ACL_Form_WordPress_Permissions
extends CRM_Core_Form
{
43 * Build the form object
47 public function buildQuickForm() {
49 CRM_Utils_System
::setTitle('Wordpress Access Control');
51 // Get the core permissions array
52 $permissionsArray = self
::getPermissionArray();
54 // Get the wordpress roles, default capabilities and assign to the form
55 // TODO: Create a new wordpress role (Anonymous user) and define capabilities in Wordpress Access Control
57 if (!isset($wp_roles)) {
58 $wp_roles = new WP_Roles();
60 foreach ($wp_roles->role_names
as $role => $name) {
61 // Dont show the permissions options for administrator, as they have all permissions
62 if ($role !== 'administrator') {
63 $roleObj = $wp_roles->get_role($role);
64 if (!empty($roleObj->capabilities
)) {
65 foreach ($roleObj->capabilities
as $ckey => $cname) {
66 if (array_key_exists($ckey, $permissionsArray)) {
67 $elementName = $role . '[' . $ckey . ']';
68 $defaults[$elementName] = 1;
73 // Compose the checkbox array for each role, to assign to form
74 $rolePerms[$role] = $permissionsArray;
75 foreach ($rolePerms[$role] as $key => $value) {
76 $elementName = $role . '[' . $key . ']';
77 $this->add('checkbox', $elementName, $value);
79 $roles[$role] = $name;
83 $this->setDefaults($defaults);
85 $this->assign('rolePerms', $rolePerms);
86 $this->assign('roles', $roles);
102 * Process the form submission
106 public function postProcess() {
107 $params = $this->controller
->exportValues($this->_name
);
109 $permissionsArray = self
::getPermissionArray();
111 // Function to get Wordpress roles
113 if (!isset($wp_roles)) {
114 $wp_roles = new WP_Roles();
116 foreach ($wp_roles->role_names
as $role => $name) {
117 $roleObj = $wp_roles->get_role($role);
119 //Remove all civicrm capabilities for the role, as there may be some capabilities checkbox unticked
120 foreach ($permissionsArray as $key => $capability) {
121 $roleObj->remove_cap($key);
124 //Add the selected wordpress capabilities for the role
125 $rolePermissions = $params[$role];
126 if (!empty($rolePermissions)) {
127 foreach ($rolePermissions as $key => $capability) {
128 $roleObj->add_cap($key);
132 if ($role == 'anonymous_user') {
133 // Get the permissions into a format that matches what we get from WP
134 $allWarningPermissions = CRM_Core_Permission
::getAnonymousPermissionsWarnings();
135 foreach ($allWarningPermissions as $key => $permission) {
136 $allWarningPermissions[$key] = CRM_utils_String
::munge(strtolower($permission));
138 $warningPermissions = array_intersect($allWarningPermissions, array_keys($rolePermissions));
139 $warningPermissionNames = array();
140 foreach ($warningPermissions as $permission) {
141 $warningPermissionNames[$permission] = $permissionsArray[$permission];
143 if (!empty($warningPermissionNames)) {
144 CRM_Core_Session
::setStatus(
145 ts('The %1 role was assigned one or more permissions that may prove dangerous for users of that role to have. Please reconsider assigning %2 to them.', array(
146 1 => $wp_roles->role_names
[$role],
147 2 => implode(', ', $warningPermissionNames)
149 ts('Unsafe Permission Settings')
156 // Changed the 'access_civicrm_nav_link' capability in civicrm.php file
157 // But for some reason, if i remove 'Access CiviCRM' administrator and save, it is showing
158 // 'You do not have sufficient permissions to access this page'
159 // which should not happen for Super Admin and Administrators, as checking permissions for Super
160 // Admin and Administrators always gives TRUE
161 wp_civicrm_capability();
163 CRM_Core_Session
::setStatus("", ts('Wordpress Access Control Updated'), "success");
165 // rebuild the menus to comply with the new permisssions/capabilites
166 CRM_Core_Invoke
::rebuildMenuAndCaches();
168 CRM_Utils_System
::redirect('admin.php?page=CiviCRM&q=civicrm/admin/access&reset=1');
169 CRM_Utils_System
::civiExit();
173 * Get the core civicrm permissions array.
174 * This function should be shared from a similar one in
175 * distmaker/utils/joomlaxml.php
178 * civicrm permissions
180 public static function getPermissionArray() {
181 global $civicrm_root;
183 $permissions = CRM_Core_Permission
::basicPermissions();
185 $perms_array = array();
186 foreach ($permissions as $perm => $title) {
187 //order matters here, but we deal with that later
188 $perms_array[CRM_Utils_String
::munge(strtolower($perm))] = $title;