4 +--------------------------------------------------------------------+
5 | CiviCRM version 4.6 |
6 +--------------------------------------------------------------------+
7 | Copyright CiviCRM LLC (c) 2004-2014 |
8 +--------------------------------------------------------------------+
9 | This file is a part of CiviCRM. |
11 | CiviCRM is free software; you can copy, modify, and distribute it |
12 | under the terms of the GNU Affero General Public License |
13 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
15 | CiviCRM is distributed in the hope that it will be useful, but |
16 | WITHOUT ANY WARRANTY; without even the implied warranty of |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
18 | See the GNU Affero General Public License for more details. |
20 | You should have received a copy of the GNU Affero General Public |
21 | License and the CiviCRM Licensing Exception along |
22 | with this program; if not, contact CiviCRM LLC |
23 | at info[AT]civicrm[DOT]org. If you have questions about the |
24 | GNU Affero General Public License or the licensing of CiviCRM, |
25 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
26 +--------------------------------------------------------------------+
32 * @copyright CiviCRM LLC (c) 2004-2014
38 * This class provides the functionality to Grant access to CiviCRM components and other CiviCRM permissions.
40 class CRM_ACL_Form_WordPress_Permissions
extends CRM_Core_Form
{
43 * Build the form object
48 function buildQuickForm( ) {
50 CRM_Utils_System
::setTitle( 'Wordpress Access Control' );
52 // Get the core permissions array
53 $permissionsArray = self
::getPermissionArray();
55 // Get the wordpress roles, default capabilities and assign to the form
56 // TODO: Create a new wordpress role (Anonymous user) and define capabilities in Wordpress Access Control
58 if (!isset($wp_roles)) {
59 $wp_roles = new WP_Roles();
61 foreach ( $wp_roles->role_names
as $role => $name ) {
62 // Dont show the permissions options for administrator, as they have all permissions
63 if ($role !== 'administrator') {
64 $roleObj = $wp_roles->get_role($role);
65 if (!empty($roleObj->capabilities
)) {
66 foreach ($roleObj->capabilities
as $ckey => $cname) {
67 if (array_key_exists($ckey , $permissionsArray)) {
68 $elementName = $role.'['.$ckey.']';
69 $defaults[$elementName] = 1;
74 // Compose the checkbox array for each role, to assign to form
75 $rolePerms[$role] = $permissionsArray;
76 foreach ( $rolePerms[$role] as $key => $value) {
77 $elementName = $role.'['.$key.']';
78 $this->add('checkbox' , $elementName , $value);
80 $roles[$role] = $name;
84 $this->setDefaults($defaults);
86 $this->assign('rolePerms', $rolePerms);
87 $this->assign('roles', $roles);
95 'isDefault' => false ),
102 * Process the form submission
107 public function postProcess() {
108 $params = $this->controller
->exportValues($this->_name
);
110 $permissionsArray = self
::getPermissionArray();
112 // Function to get Wordpress roles
114 if (!isset($wp_roles)) {
115 $wp_roles = new WP_Roles();
117 foreach ( $wp_roles->role_names
as $role => $name ) {
118 $roleObj = $wp_roles->get_role($role);
120 //Remove all civicrm capabilities for the role, as there may be some capabilities checkbox unticked
121 foreach ($permissionsArray as $key => $capability){
122 $roleObj->remove_cap($key);
125 //Add the selected wordpress capabilities for the role
126 $rolePermissions = $params[$role];
127 if (!empty($rolePermissions)) {
128 foreach ( $rolePermissions as $key => $capability ) {
129 $roleObj->add_cap($key);
133 if ($role == 'anonymous_user') {
134 // Get the permissions into a format that matches what we get from WP
135 $allWarningPermissions = CRM_Core_Permission
::getAnonymousPermissionsWarnings();
136 foreach ($allWarningPermissions as $key => $permission) {
137 $allWarningPermissions[$key] = CRM_utils_String
::munge(strtolower($permission));
139 $warningPermissions = array_intersect($allWarningPermissions, array_keys($rolePermissions));
140 $warningPermissionNames = array();
141 foreach ($warningPermissions as $permission) {
142 $warningPermissionNames[$permission] = $permissionsArray[$permission];
144 if (!empty($warningPermissionNames)) {
145 CRM_Core_Session
::setStatus(
146 ts('The %1 role was assigned one or more permissions that may prove dangerous for users of that role to have. Please reconsider assigning %2 to them.', array( 1 => $wp_roles->role_names
[$role], 2 => implode(', ', $warningPermissionNames))),
147 ts('Unsafe Permission Settings')
154 // Changed the 'access_civicrm_nav_link' capability in civicrm.php file
155 // But for some reason, if i remove 'Access CiviCRM' administrator and save, it is showing
156 // 'You do not have sufficient permissions to access this page'
157 // which should not happen for Super Admin and Administrators, as checking permissions for Super
158 // Admin and Administrators always gives TRUE
159 wp_civicrm_capability();
161 CRM_Core_Session
::setStatus("", ts('Wordpress Access Control Updated'), "success");
163 // rebuild the menus to comply with the new permisssions/capabilites
164 CRM_Core_Invoke
::rebuildMenuAndCaches( );
166 CRM_Utils_System
::redirect('admin.php?page=CiviCRM&q=civicrm/admin/access&reset=1');
167 CRM_Utils_System
::civiExit();
171 * Get the core civicrm permissions array.
172 * This function should be shared from a similar one in
173 * distmaker/utils/joomlaxml.php
176 * @return array civicrm permissions
178 static function getPermissionArray(){
179 global $civicrm_root;
181 $permissions = CRM_Core_Permission
::basicPermissions();
183 $perms_array = array();
184 foreach ($permissions as $perm => $title) {
185 //order matters here, but we deal with that later
186 $perms_array[CRM_Utils_String
::munge(strtolower($perm))] = $title;