CRM/ACL/Form/WordPress/Permissions.php

   1 <?php
   2
   3 /*
   4   +--------------------------------------------------------------------+
   5   | CiviCRM version 4.6                                                |
   6   +--------------------------------------------------------------------+
   7   | Copyright CiviCRM LLC (c) 2004-2014                                |
   8   +--------------------------------------------------------------------+
   9   | This file is a part of CiviCRM.                                    |
  10   |                                                                    |
  11   | CiviCRM is free software; you can copy, modify, and distribute it  |
  12   | under the terms of the GNU Affero General Public License           |
  13   | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  14   |                                                                    |
  15   | CiviCRM is distributed in the hope that it will be useful, but     |
  16   | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  17   | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  18   | See the GNU Affero General Public License for more details.        |
  19   |                                                                    |
  20   | You should have received a copy of the GNU Affero General Public   |
  21   | License and the CiviCRM Licensing Exception along                  |
  22   | with this program; if not, contact CiviCRM LLC                     |
  23   | at info[AT]civicrm[DOT]org. If you have questions about the        |
  24   | GNU Affero General Public License or the licensing of CiviCRM,     |
  25   | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  26   +--------------------------------------------------------------------+
  27 */
  28
  29 /**
  30  *
  31  * @package CRM
  32  * @copyright CiviCRM LLC (c) 2004-2014
  33  * $Id$
  34  *
  35  */
  36
  37 /**
  38  * This class provides the functionality to Grant access to CiviCRM components and other CiviCRM permissions.
  39  */
  40 class CRM_ACL_Form_WordPress_Permissions extends CRM_Core_Form {
  41
  42   /**
  43    * Build the form object
  44    *
  45    * @return void
  46    */
  47   public function buildQuickForm() {
  48
  49     CRM_Utils_System::setTitle('Wordpress Access Control');
  50
  51     // Get the core permissions array
  52     $permissionsArray = self::getPermissionArray();
  53
  54     // Get the wordpress roles, default capabilities and assign to the form
  55     // TODO: Create a new wordpress role (Anonymous user) and define capabilities in Wordpress Access Control
  56     global $wp_roles;
  57     if (!isset($wp_roles)) {
  58       $wp_roles = new WP_Roles();
  59     }
  60     foreach ($wp_roles->role_names as $role => $name) {
  61       // Dont show the permissions options for administrator, as they have all permissions
  62       if ($role !== 'administrator') {
  63         $roleObj = $wp_roles->get_role($role);
  64         if (!empty($roleObj->capabilities)) {
  65           foreach ($roleObj->capabilities as $ckey => $cname) {
  66             if (array_key_exists($ckey, $permissionsArray)) {
  67               $elementName = $role . '[' . $ckey . ']';
  68               $defaults[$elementName] = 1;
  69             }
  70           }
  71         }
  72
  73         // Compose the checkbox array for each role, to assign to form
  74         $rolePerms[$role] = $permissionsArray;
  75         foreach ($rolePerms[$role] as $key => $value) {
  76           $elementName = $role . '[' . $key . ']';
  77           $this->add('checkbox', $elementName, $value);
  78         }
  79         $roles[$role] = $name;
  80       }
  81     }
  82
  83     $this->setDefaults($defaults);
  84
  85     $this->assign('rolePerms', $rolePerms);
  86     $this->assign('roles', $roles);
  87
  88     $this->addButtons(
  89       array(
  90         array(
  91           'type' => 'next',
  92           'name' => ts('Save'),
  93           'spacing' => '',
  94           'isDefault' => FALSE
  95         ),
  96       )
  97     );
  98
  99   }
 100
 101   /**
 102    * Process the form submission
 103    *
 104    * @return void
 105    */
 106   public function postProcess() {
 107     $params = $this->controller->exportValues($this->_name);
 108
 109     $permissionsArray = self::getPermissionArray();
 110
 111     // Function to get Wordpress roles
 112     global $wp_roles;
 113     if (!isset($wp_roles)) {
 114       $wp_roles = new WP_Roles();
 115     }
 116     foreach ($wp_roles->role_names as $role => $name) {
 117       $roleObj = $wp_roles->get_role($role);
 118
 119       //Remove all civicrm capabilities for the role, as there may be some capabilities checkbox unticked
 120       foreach ($permissionsArray as $key => $capability) {
 121         $roleObj->remove_cap($key);
 122       }
 123
 124       //Add the selected wordpress capabilities for the role
 125       $rolePermissions = $params[$role];
 126       if (!empty($rolePermissions)) {
 127         foreach ($rolePermissions as $key => $capability) {
 128           $roleObj->add_cap($key);
 129         }
 130       }
 131
 132       if ($role == 'anonymous_user') {
 133         // Get the permissions into a format that matches what we get from WP
 134         $allWarningPermissions = CRM_Core_Permission::getAnonymousPermissionsWarnings();
 135         foreach ($allWarningPermissions as $key => $permission) {
 136           $allWarningPermissions[$key] = CRM_utils_String::munge(strtolower($permission));
 137         }
 138         $warningPermissions = array_intersect($allWarningPermissions, array_keys($rolePermissions));
 139         $warningPermissionNames = array();
 140         foreach ($warningPermissions as $permission) {
 141           $warningPermissionNames[$permission] = $permissionsArray[$permission];
 142         }
 143         if (!empty($warningPermissionNames)) {
 144           CRM_Core_Session::setStatus(
 145             ts('The %1 role was assigned one or more permissions that may prove dangerous for users of that role to have. Please reconsider assigning %2 to them.', array(
 146                 1 => $wp_roles->role_names[$role],
 147                 2 => implode(', ', $warningPermissionNames)
 148               )),
 149             ts('Unsafe Permission Settings')
 150           );
 151         }
 152       }
 153     }
 154
 155     // FIXME
 156     // Changed the 'access_civicrm_nav_link' capability in civicrm.php file
 157     // But for some reason, if i remove 'Access CiviCRM' administrator and save, it is showing
 158     // 'You do not have sufficient permissions to access this page'
 159     // which should not happen for Super Admin and Administrators, as checking permissions for Super
 160     // Admin and Administrators always gives TRUE
 161     wp_civicrm_capability();
 162
 163     CRM_Core_Session::setStatus("", ts('Wordpress Access Control Updated'), "success");
 164
 165     // rebuild the menus to comply with the new permisssions/capabilites
 166     CRM_Core_Invoke::rebuildMenuAndCaches();
 167
 168     CRM_Utils_System::redirect('admin.php?page=CiviCRM&q=civicrm/admin/access&reset=1');
 169     CRM_Utils_System::civiExit();
 170   }
 171
 172   /**
 173    * Get the core civicrm permissions array.
 174    * This function should be shared from a similar one in
 175    * distmaker/utils/joomlaxml.php
 176    *
 177    * @return array
 178    *   civicrm permissions
 179    */
 180   public static function getPermissionArray() {
 181     global $civicrm_root;
 182
 183     $permissions = CRM_Core_Permission::basicPermissions();
 184
 185     $perms_array = array();
 186     foreach ($permissions as $perm => $title) {
 187       //order matters here, but we deal with that later
 188       $perms_array[CRM_Utils_String::munge(strtolower($perm))] = $title;
 189     }
 190
 191     return $perms_array;
 192   }
 193 }