CRM/ACL/Form/WordPress/Permissions.php

   1 <?php
   2 /*
   3   +--------------------------------------------------------------------+
   4   | CiviCRM version 4.6                                                |
   5   +--------------------------------------------------------------------+
   6   | Copyright CiviCRM LLC (c) 2004-2014                                |
   7   +--------------------------------------------------------------------+
   8   | This file is a part of CiviCRM.                                    |
   9   |                                                                    |
  10   | CiviCRM is free software; you can copy, modify, and distribute it  |
  11   | under the terms of the GNU Affero General Public License           |
  12   | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13   |                                                                    |
  14   | CiviCRM is distributed in the hope that it will be useful, but     |
  15   | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16   | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17   | See the GNU Affero General Public License for more details.        |
  18   |                                                                    |
  19   | You should have received a copy of the GNU Affero General Public   |
  20   | License and the CiviCRM Licensing Exception along                  |
  21   | with this program; if not, contact CiviCRM LLC                     |
  22   | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23   | GNU Affero General Public License or the licensing of CiviCRM,     |
  24   | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25   +--------------------------------------------------------------------+
  26  */
  27
  28 /**
  29  *
  30  * @package CRM
  31  * @copyright CiviCRM LLC (c) 2004-2014
  32  * $Id$
  33  *
  34  */
  35
  36 /**
  37  * This class provides the functionality to Grant access to CiviCRM components and other CiviCRM permissions.
  38  */
  39 class CRM_ACL_Form_WordPress_Permissions extends CRM_Core_Form {
  40
  41   /**
  42    * Build the form object
  43    *
  44    * @return void
  45    */
  46   public function buildQuickForm() {
  47
  48     CRM_Utils_System::setTitle('Wordpress Access Control');
  49
  50     // Get the core permissions array
  51     $permissionsArray = self::getPermissionArray();
  52
  53     // Get the wordpress roles, default capabilities and assign to the form
  54     // TODO: Create a new wordpress role (Anonymous user) and define capabilities in Wordpress Access Control
  55     global $wp_roles;
  56     if (!isset($wp_roles)) {
  57       $wp_roles = new WP_Roles();
  58     }
  59     foreach ($wp_roles->role_names as $role => $name) {
  60       // Dont show the permissions options for administrator, as they have all permissions
  61       if ($role !== 'administrator') {
  62         $roleObj = $wp_roles->get_role($role);
  63         if (!empty($roleObj->capabilities)) {
  64           foreach ($roleObj->capabilities as $ckey => $cname) {
  65             if (array_key_exists($ckey, $permissionsArray)) {
  66               $elementName = $role . '[' . $ckey . ']';
  67               $defaults[$elementName] = 1;
  68             }
  69           }
  70         }
  71
  72         // Compose the checkbox array for each role, to assign to form
  73         $rolePerms[$role] = $permissionsArray;
  74         foreach ($rolePerms[$role] as $key => $value) {
  75           $elementName = $role . '[' . $key . ']';
  76           $this->add('checkbox', $elementName, $value);
  77         }
  78         $roles[$role] = $name;
  79       }
  80     }
  81
  82     $this->setDefaults($defaults);
  83
  84     $this->assign('rolePerms', $rolePerms);
  85     $this->assign('roles', $roles);
  86
  87     $this->addButtons(
  88       array(
  89         array(
  90           'type' => 'next',
  91           'name' => ts('Save'),
  92           'spacing' => '',
  93           'isDefault' => FALSE,
  94         ),
  95       )
  96     );
  97
  98   }
  99
 100   /**
 101    * Process the form submission
 102    *
 103    * @return void
 104    */
 105   public function postProcess() {
 106     $params = $this->controller->exportValues($this->_name);
 107
 108     $permissionsArray = self::getPermissionArray();
 109
 110     // Function to get Wordpress roles
 111     global $wp_roles;
 112     if (!isset($wp_roles)) {
 113       $wp_roles = new WP_Roles();
 114     }
 115     foreach ($wp_roles->role_names as $role => $name) {
 116       $roleObj = $wp_roles->get_role($role);
 117
 118       //Remove all civicrm capabilities for the role, as there may be some capabilities checkbox unticked
 119       foreach ($permissionsArray as $key => $capability) {
 120         $roleObj->remove_cap($key);
 121       }
 122
 123       //Add the selected wordpress capabilities for the role
 124       $rolePermissions = $params[$role];
 125       if (!empty($rolePermissions)) {
 126         foreach ($rolePermissions as $key => $capability) {
 127           $roleObj->add_cap($key);
 128         }
 129       }
 130
 131       if ($role == 'anonymous_user') {
 132         // Get the permissions into a format that matches what we get from WP
 133         $allWarningPermissions = CRM_Core_Permission::getAnonymousPermissionsWarnings();
 134         foreach ($allWarningPermissions as $key => $permission) {
 135           $allWarningPermissions[$key] = CRM_utils_String::munge(strtolower($permission));
 136         }
 137         $warningPermissions = array_intersect($allWarningPermissions, array_keys($rolePermissions));
 138         $warningPermissionNames = array();
 139         foreach ($warningPermissions as $permission) {
 140           $warningPermissionNames[$permission] = $permissionsArray[$permission];
 141         }
 142         if (!empty($warningPermissionNames)) {
 143           CRM_Core_Session::setStatus(
 144             ts('The %1 role was assigned one or more permissions that may prove dangerous for users of that role to have. Please reconsider assigning %2 to them.', array(
 145                 1 => $wp_roles->role_names[$role],
 146                 2 => implode(', ', $warningPermissionNames),
 147               )),
 148             ts('Unsafe Permission Settings')
 149           );
 150         }
 151       }
 152     }
 153
 154     // FIXME
 155     // Changed the 'access_civicrm_nav_link' capability in civicrm.php file
 156     // But for some reason, if i remove 'Access CiviCRM' administrator and save, it is showing
 157     // 'You do not have sufficient permissions to access this page'
 158     // which should not happen for Super Admin and Administrators, as checking permissions for Super
 159     // Admin and Administrators always gives TRUE
 160     wp_civicrm_capability();
 161
 162     CRM_Core_Session::setStatus("", ts('Wordpress Access Control Updated'), "success");
 163
 164     // rebuild the menus to comply with the new permisssions/capabilites
 165     CRM_Core_Invoke::rebuildMenuAndCaches();
 166
 167     CRM_Utils_System::redirect('admin.php?page=CiviCRM&q=civicrm/admin/access&reset=1');
 168     CRM_Utils_System::civiExit();
 169   }
 170
 171   /**
 172    * Get the core civicrm permissions array.
 173    * This function should be shared from a similar one in
 174    * distmaker/utils/joomlaxml.php
 175    *
 176    * @return array
 177    *   civicrm permissions
 178    */
 179   public static function getPermissionArray() {
 180     global $civicrm_root;
 181
 182     $permissions = CRM_Core_Permission::basicPermissions();
 183
 184     $perms_array = array();
 185     foreach ($permissions as $perm => $title) {
 186       //order matters here, but we deal with that later
 187       $perms_array[CRM_Utils_String::munge(strtolower($perm))] = $title;
 188     }
 189
 190     return $perms_array;
 191   }
 192
 193 }