4 +--------------------------------------------------------------------+
5 | CiviCRM version 4.6 |
6 +--------------------------------------------------------------------+
7 | Copyright CiviCRM LLC (c) 2004-2014 |
8 +--------------------------------------------------------------------+
9 | This file is a part of CiviCRM. |
11 | CiviCRM is free software; you can copy, modify, and distribute it |
12 | under the terms of the GNU Affero General Public License |
13 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
15 | CiviCRM is distributed in the hope that it will be useful, but |
16 | WITHOUT ANY WARRANTY; without even the implied warranty of |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
18 | See the GNU Affero General Public License for more details. |
20 | You should have received a copy of the GNU Affero General Public |
21 | License and the CiviCRM Licensing Exception along |
22 | with this program; if not, contact CiviCRM LLC |
23 | at info[AT]civicrm[DOT]org. If you have questions about the |
24 | GNU Affero General Public License or the licensing of CiviCRM, |
25 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
26 +--------------------------------------------------------------------+
32 * @copyright CiviCRM LLC (c) 2004-2014
38 * This class provides the functionality to Grant access to CiviCRM components and other CiviCRM permissions.
40 class CRM_ACL_Form_WordPress_Permissions
extends CRM_Core_Form
{
43 * Build the form object
47 public function buildQuickForm() {
49 CRM_Utils_System
::setTitle('Wordpress Access Control');
51 // Get the core permissions array
52 $permissionsArray = self
::getPermissionArray();
54 // Get the wordpress roles, default capabilities and assign to the form
55 // TODO: Create a new wordpress role (Anonymous user) and define capabilities in Wordpress Access Control
57 if (!isset($wp_roles)) {
58 $wp_roles = new WP_Roles();
60 foreach ($wp_roles->role_names
as $role => $name) {
61 // Dont show the permissions options for administrator, as they have all permissions
62 if ($role !== 'administrator') {
63 $roleObj = $wp_roles->get_role($role);
64 if (!empty($roleObj->capabilities
)) {
65 foreach ($roleObj->capabilities
as $ckey => $cname) {
66 if (array_key_exists($ckey, $permissionsArray)) {
67 $elementName = $role . '[' . $ckey . ']';
68 $defaults[$elementName] = 1;
73 // Compose the checkbox array for each role, to assign to form
74 $rolePerms[$role] = $permissionsArray;
75 foreach ($rolePerms[$role] as $key => $value) {
76 $elementName = $role . '[' . $key . ']';
77 $this->add('checkbox', $elementName, $value);
79 $roles[$role] = $name;
83 $this->setDefaults($defaults);
85 $this->assign('rolePerms', $rolePerms);
86 $this->assign('roles', $roles);
94 'isDefault' => FALSE ),
101 * Process the form submission
105 public function postProcess() {
106 $params = $this->controller
->exportValues($this->_name
);
108 $permissionsArray = self
::getPermissionArray();
110 // Function to get Wordpress roles
112 if (!isset($wp_roles)) {
113 $wp_roles = new WP_Roles();
115 foreach ($wp_roles->role_names
as $role => $name) {
116 $roleObj = $wp_roles->get_role($role);
118 //Remove all civicrm capabilities for the role, as there may be some capabilities checkbox unticked
119 foreach ($permissionsArray as $key => $capability) {
120 $roleObj->remove_cap($key);
123 //Add the selected wordpress capabilities for the role
124 $rolePermissions = $params[$role];
125 if (!empty($rolePermissions)) {
126 foreach ($rolePermissions as $key => $capability) {
127 $roleObj->add_cap($key);
131 if ($role == 'anonymous_user') {
132 // Get the permissions into a format that matches what we get from WP
133 $allWarningPermissions = CRM_Core_Permission
::getAnonymousPermissionsWarnings();
134 foreach ($allWarningPermissions as $key => $permission) {
135 $allWarningPermissions[$key] = CRM_utils_String
::munge(strtolower($permission));
137 $warningPermissions = array_intersect($allWarningPermissions, array_keys($rolePermissions));
138 $warningPermissionNames = array();
139 foreach ($warningPermissions as $permission) {
140 $warningPermissionNames[$permission] = $permissionsArray[$permission];
142 if (!empty($warningPermissionNames)) {
143 CRM_Core_Session
::setStatus(
144 ts('The %1 role was assigned one or more permissions that may prove dangerous for users of that role to have. Please reconsider assigning %2 to them.', array(1 => $wp_roles->role_names
[$role], 2 => implode(', ', $warningPermissionNames))),
145 ts('Unsafe Permission Settings')
152 // Changed the 'access_civicrm_nav_link' capability in civicrm.php file
153 // But for some reason, if i remove 'Access CiviCRM' administrator and save, it is showing
154 // 'You do not have sufficient permissions to access this page'
155 // which should not happen for Super Admin and Administrators, as checking permissions for Super
156 // Admin and Administrators always gives TRUE
157 wp_civicrm_capability();
159 CRM_Core_Session
::setStatus("", ts('Wordpress Access Control Updated'), "success");
161 // rebuild the menus to comply with the new permisssions/capabilites
162 CRM_Core_Invoke
::rebuildMenuAndCaches();
164 CRM_Utils_System
::redirect('admin.php?page=CiviCRM&q=civicrm/admin/access&reset=1');
165 CRM_Utils_System
::civiExit();
169 * Get the core civicrm permissions array.
170 * This function should be shared from a similar one in
171 * distmaker/utils/joomlaxml.php
173 * @return array civicrm permissions
175 public static function getPermissionArray() {
176 global $civicrm_root;
178 $permissions = CRM_Core_Permission
::basicPermissions();
180 $perms_array = array();
181 foreach ($permissions as $perm => $title) {
182 //order matters here, but we deal with that later
183 $perms_array[CRM_Utils_String
::munge(strtolower($perm))] = $title;