CRM/ACL/Form/WordPress/Permissions.php

   1 <?php
   2
   3 /*
   4   +--------------------------------------------------------------------+
   5   | CiviCRM version 4.5                                                |
   6   +--------------------------------------------------------------------+
   7   | Copyright CiviCRM LLC (c) 2004-2014                                |
   8   +--------------------------------------------------------------------+
   9   | This file is a part of CiviCRM.                                    |
  10   |                                                                    |
  11   | CiviCRM is free software; you can copy, modify, and distribute it  |
  12   | under the terms of the GNU Affero General Public License           |
  13   | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  14   |                                                                    |
  15   | CiviCRM is distributed in the hope that it will be useful, but     |
  16   | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  17   | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  18   | See the GNU Affero General Public License for more details.        |
  19   |                                                                    |
  20   | You should have received a copy of the GNU Affero General Public   |
  21   | License and the CiviCRM Licensing Exception along                  |
  22   | with this program; if not, contact CiviCRM LLC                     |
  23   | at info[AT]civicrm[DOT]org. If you have questions about the        |
  24   | GNU Affero General Public License or the licensing of CiviCRM,     |
  25   | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  26   +--------------------------------------------------------------------+
  27 */
  28
  29 /**
  30  *
  31  * @package CRM
  32  * @copyright CiviCRM LLC (c) 2004-2014
  33  * $Id$
  34  *
  35  */
  36
  37 /**
  38  * This class provides the functionality to Grant access to CiviCRM components and other CiviCRM permissions.
  39  */
  40 class CRM_ACL_Form_WordPress_Permissions extends CRM_Core_Form {
  41
  42   /**
  43    * Function to build the form
  44    *
  45    * @access public
  46    * @return void
  47    */
  48   function buildQuickForm( ) {
  49
  50     CRM_Utils_System::setTitle( 'Wordpress Access Control' );
  51
  52     // Get the core permissions array
  53     $permissionsArray = self::getPermissionArray();
  54
  55     // Get the wordpress roles, default capabilities and assign to the form
  56     // TODO: Create a new wordpress role (Anonymous user) and define capabilities in Wordpress Access Control
  57     global $wp_roles;
  58     if (!isset($wp_roles)) {
  59       $wp_roles = new WP_Roles();
  60     }
  61     foreach ( $wp_roles->role_names as $role => $name ) {
  62       // Dont show the permissions options for administrator, as they have all permissions
  63       if ($role !== 'administrator') {
  64         $roleObj = $wp_roles->get_role($role);
  65         if (!empty($roleObj->capabilities)) {
  66           foreach ($roleObj->capabilities as $ckey => $cname) {
  67             if (array_key_exists($ckey , $permissionsArray)) {
  68               $elementName = $role.'['.$ckey.']';
  69               $defaults[$elementName] = 1;
  70             }
  71           }
  72         }
  73
  74         // Compose the checkbox array for each role, to assign to form
  75         $rolePerms[$role] = $permissionsArray;
  76         foreach ( $rolePerms[$role] as $key => $value) {
  77           $elementName = $role.'['.$key.']';
  78           $this->add('checkbox' , $elementName , $value);
  79         }
  80         $roles[$role] = $name;
  81       }
  82     }
  83
  84     $this->setDefaults($defaults);
  85
  86     $this->assign('rolePerms', $rolePerms);
  87     $this->assign('roles', $roles);
  88
  89     $this->addButtons(
  90       array(
  91         array (
  92           'type'      => 'next',
  93           'name'      => ts('Save'),
  94           'spacing'   => '',
  95           'isDefault' => false   ),
  96       )
  97     );
  98
  99   }
 100
 101   /**
 102    * Function to process the form
 103    *
 104    * @access public
 105    * @return void
 106    */
 107   public function postProcess() {
 108     $params = $this->controller->exportValues($this->_name);
 109
 110     $permissionsArray = self::getPermissionArray();
 111
 112     // Function to get Wordpress roles
 113     global $wp_roles;
 114     if (!isset($wp_roles)) {
 115       $wp_roles = new WP_Roles();
 116     }
 117     foreach ( $wp_roles->role_names as $role => $name ) {
 118       $roleObj = $wp_roles->get_role($role);
 119
 120       //Remove all civicrm capabilities for the role, as there may be some capabilities checkbox unticked
 121       foreach ($permissionsArray as $key => $capability){
 122         $roleObj->remove_cap($key);
 123       }
 124
 125       //Add the selected wordpress capabilities for the role
 126       $rolePermissions = $params[$role];
 127       if (!empty($rolePermissions)) {
 128         foreach ( $rolePermissions as $key => $capability ) {
 129           $roleObj->add_cap($key);
 130         }
 131       }
 132
 133       if ($role == 'anonymous_user') {
 134         // Get the permissions into a format that matches what we get from WP
 135         $allWarningPermissions = CRM_Core_Permission::getAnonymousPermissionsWarnings();
 136         foreach ($allWarningPermissions  as $key => $permission) {
 137           $allWarningPermissions[$key] = CRM_utils_String::munge(strtolower($permission));
 138         }
 139         $warningPermissions = array_intersect($allWarningPermissions, array_keys($rolePermissions));
 140         $warningPermissionNames = array();
 141         foreach ($warningPermissions as $permission) {
 142           $warningPermissionNames[$permission] = $permissionsArray[$permission];
 143         }
 144         if (!empty($warningPermissionNames)) {
 145           CRM_Core_Session::setStatus(
 146             ts('The %1 role was assigned one or more permissions that may prove dangerous for users of that role to have. Please reconsider assigning %2 to them.', array( 1 => $wp_roles->role_names[$role], 2 => implode(', ', $warningPermissionNames))),
 147             ts('Unsafe Permission Settings')
 148           );
 149         }
 150       }
 151     }
 152
 153     // FIXME
 154     // Changed the 'access_civicrm_nav_link' capability in civicrm.php file
 155     // But for some reason, if i remove 'Access CiviCRM' administrator and save, it is showing
 156     // 'You do not have sufficient permissions to access this page'
 157     // which should not happen for Super Admin and Administrators, as checking permissions for Super
 158     // Admin and Administrators always gives TRUE
 159     wp_civicrm_capability();
 160
 161     CRM_Core_Session::setStatus("", ts('Wordpress Access Control Updated'), "success");
 162
 163     // rebuild the menus to comply with the new permisssions/capabilites
 164     CRM_Core_Invoke::rebuildMenuAndCaches( );
 165
 166     CRM_Utils_System::redirect('admin.php?page=CiviCRM&q=civicrm/admin/access&reset=1');
 167     CRM_Utils_System::civiExit();
 168   }
 169
 170   /**
 171    * Get the core civicrm permissions array.
 172    * This function should be shared from a similar one in
 173    * distmaker/utils/joomlaxml.php
 174    *
 175    * @access public
 176    * @return array   civicrm permissions
 177    */
 178   static function getPermissionArray(){
 179     global $civicrm_root;
 180
 181     $permissions = CRM_Core_Permission::basicPermissions();
 182
 183     $perms_array = array();
 184     foreach ($permissions as $perm => $title) {
 185       //order matters here, but we deal with that later
 186       $perms_array[CRM_Utils_String::munge(strtolower($perm))] = $title;
 187     }
 188
 189     return $perms_array;
 190   }
 191 }