CRM/ACL/Form/WordPress/Permissions.php

   1 <?php
   2
   3 /*
   4   +--------------------------------------------------------------------+
   5   | CiviCRM version 4.6                                                |
   6   +--------------------------------------------------------------------+
   7   | Copyright CiviCRM LLC (c) 2004-2014                                |
   8   +--------------------------------------------------------------------+
   9   | This file is a part of CiviCRM.                                    |
  10   |                                                                    |
  11   | CiviCRM is free software; you can copy, modify, and distribute it  |
  12   | under the terms of the GNU Affero General Public License           |
  13   | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  14   |                                                                    |
  15   | CiviCRM is distributed in the hope that it will be useful, but     |
  16   | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  17   | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  18   | See the GNU Affero General Public License for more details.        |
  19   |                                                                    |
  20   | You should have received a copy of the GNU Affero General Public   |
  21   | License and the CiviCRM Licensing Exception along                  |
  22   | with this program; if not, contact CiviCRM LLC                     |
  23   | at info[AT]civicrm[DOT]org. If you have questions about the        |
  24   | GNU Affero General Public License or the licensing of CiviCRM,     |
  25   | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  26   +--------------------------------------------------------------------+
  27 */
  28
  29 /**
  30  *
  31  * @package CRM
  32  * @copyright CiviCRM LLC (c) 2004-2014
  33  * $Id$
  34  *
  35  */
  36
  37 /**
  38  * This class provides the functionality to Grant access to CiviCRM components and other CiviCRM permissions.
  39  */
  40 class CRM_ACL_Form_WordPress_Permissions extends CRM_Core_Form {
  41
  42   /**
  43    * Build the form object
  44    *
  45    * @return void
  46    */
  47   public function buildQuickForm() {
  48
  49     CRM_Utils_System::setTitle('Wordpress Access Control');
  50
  51     // Get the core permissions array
  52     $permissionsArray = self::getPermissionArray();
  53
  54     // Get the wordpress roles, default capabilities and assign to the form
  55     // TODO: Create a new wordpress role (Anonymous user) and define capabilities in Wordpress Access Control
  56     global $wp_roles;
  57     if (!isset($wp_roles)) {
  58       $wp_roles = new WP_Roles();
  59     }
  60     foreach ($wp_roles->role_names as $role => $name) {
  61       // Dont show the permissions options for administrator, as they have all permissions
  62       if ($role !== 'administrator') {
  63         $roleObj = $wp_roles->get_role($role);
  64         if (!empty($roleObj->capabilities)) {
  65           foreach ($roleObj->capabilities as $ckey => $cname) {
  66             if (array_key_exists($ckey, $permissionsArray)) {
  67               $elementName = $role . '[' . $ckey . ']';
  68               $defaults[$elementName] = 1;
  69             }
  70           }
  71         }
  72
  73         // Compose the checkbox array for each role, to assign to form
  74         $rolePerms[$role] = $permissionsArray;
  75         foreach ($rolePerms[$role] as $key => $value) {
  76           $elementName = $role . '[' . $key . ']';
  77           $this->add('checkbox', $elementName, $value);
  78         }
  79         $roles[$role] = $name;
  80       }
  81     }
  82
  83     $this->setDefaults($defaults);
  84
  85     $this->assign('rolePerms', $rolePerms);
  86     $this->assign('roles', $roles);
  87
  88     $this->addButtons(
  89       array(
  90         array(
  91           'type'      => 'next',
  92           'name'      => ts('Save'),
  93           'spacing'   => '',
  94           'isDefault' => FALSE  ),
  95       )
  96     );
  97
  98   }
  99
 100   /**
 101    * Process the form submission
 102    *
 103    * @return void
 104    */
 105   public function postProcess() {
 106     $params = $this->controller->exportValues($this->_name);
 107
 108     $permissionsArray = self::getPermissionArray();
 109
 110     // Function to get Wordpress roles
 111     global $wp_roles;
 112     if (!isset($wp_roles)) {
 113       $wp_roles = new WP_Roles();
 114     }
 115     foreach ($wp_roles->role_names as $role => $name) {
 116       $roleObj = $wp_roles->get_role($role);
 117
 118       //Remove all civicrm capabilities for the role, as there may be some capabilities checkbox unticked
 119       foreach ($permissionsArray as $key => $capability) {
 120         $roleObj->remove_cap($key);
 121       }
 122
 123       //Add the selected wordpress capabilities for the role
 124       $rolePermissions = $params[$role];
 125       if (!empty($rolePermissions)) {
 126         foreach ($rolePermissions as $key => $capability) {
 127           $roleObj->add_cap($key);
 128         }
 129       }
 130
 131       if ($role == 'anonymous_user') {
 132         // Get the permissions into a format that matches what we get from WP
 133         $allWarningPermissions = CRM_Core_Permission::getAnonymousPermissionsWarnings();
 134         foreach ($allWarningPermissions as $key => $permission) {
 135           $allWarningPermissions[$key] = CRM_utils_String::munge(strtolower($permission));
 136         }
 137         $warningPermissions = array_intersect($allWarningPermissions, array_keys($rolePermissions));
 138         $warningPermissionNames = array();
 139         foreach ($warningPermissions as $permission) {
 140           $warningPermissionNames[$permission] = $permissionsArray[$permission];
 141         }
 142         if (!empty($warningPermissionNames)) {
 143           CRM_Core_Session::setStatus(
 144             ts('The %1 role was assigned one or more permissions that may prove dangerous for users of that role to have. Please reconsider assigning %2 to them.', array(1 => $wp_roles->role_names[$role], 2 => implode(', ', $warningPermissionNames))),
 145             ts('Unsafe Permission Settings')
 146           );
 147         }
 148       }
 149     }
 150
 151     // FIXME
 152     // Changed the 'access_civicrm_nav_link' capability in civicrm.php file
 153     // But for some reason, if i remove 'Access CiviCRM' administrator and save, it is showing
 154     // 'You do not have sufficient permissions to access this page'
 155     // which should not happen for Super Admin and Administrators, as checking permissions for Super
 156     // Admin and Administrators always gives TRUE
 157     wp_civicrm_capability();
 158
 159     CRM_Core_Session::setStatus("", ts('Wordpress Access Control Updated'), "success");
 160
 161     // rebuild the menus to comply with the new permisssions/capabilites
 162     CRM_Core_Invoke::rebuildMenuAndCaches();
 163
 164     CRM_Utils_System::redirect('admin.php?page=CiviCRM&q=civicrm/admin/access&reset=1');
 165     CRM_Utils_System::civiExit();
 166   }
 167
 168   /**
 169    * Get the core civicrm permissions array.
 170    * This function should be shared from a similar one in
 171    * distmaker/utils/joomlaxml.php
 172    *
 173    * @return array   civicrm permissions
 174    */
 175   public static function getPermissionArray() {
 176     global $civicrm_root;
 177
 178     $permissions = CRM_Core_Permission::basicPermissions();
 179
 180     $perms_array = array();
 181     foreach ($permissions as $perm => $title) {
 182       //order matters here, but we deal with that later
 183       $perms_array[CRM_Utils_String::munge(strtolower($perm))] = $title;
 184     }
 185
 186     return $perms_array;
 187   }
 188 }