3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.6 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2014 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
31 * @copyright CiviCRM LLC (c) 2004-2014
37 * This class provides the functionality to Grant access to CiviCRM components and other CiviCRM permissions.
39 class CRM_ACL_Form_WordPress_Permissions
extends CRM_Core_Form
{
42 * Build the form object
46 public function buildQuickForm() {
48 CRM_Utils_System
::setTitle('Wordpress Access Control');
50 // Get the core permissions array
51 $permissionsArray = self
::getPermissionArray();
53 // Get the wordpress roles, default capabilities and assign to the form
54 // TODO: Create a new wordpress role (Anonymous user) and define capabilities in Wordpress Access Control
56 if (!isset($wp_roles)) {
57 $wp_roles = new WP_Roles();
59 foreach ($wp_roles->role_names
as $role => $name) {
60 // Dont show the permissions options for administrator, as they have all permissions
61 if ($role !== 'administrator') {
62 $roleObj = $wp_roles->get_role($role);
63 if (!empty($roleObj->capabilities
)) {
64 foreach ($roleObj->capabilities
as $ckey => $cname) {
65 if (array_key_exists($ckey, $permissionsArray)) {
66 $elementName = $role . '[' . $ckey . ']';
67 $defaults[$elementName] = 1;
72 // Compose the checkbox array for each role, to assign to form
73 $rolePerms[$role] = $permissionsArray;
74 foreach ($rolePerms[$role] as $key => $value) {
75 $elementName = $role . '[' . $key . ']';
76 $this->add('checkbox', $elementName, $value);
78 $roles[$role] = $name;
82 $this->setDefaults($defaults);
84 $this->assign('rolePerms', $rolePerms);
85 $this->assign('roles', $roles);
101 * Process the form submission
105 public function postProcess() {
106 $params = $this->controller
->exportValues($this->_name
);
108 $permissionsArray = self
::getPermissionArray();
110 // Function to get Wordpress roles
112 if (!isset($wp_roles)) {
113 $wp_roles = new WP_Roles();
115 foreach ($wp_roles->role_names
as $role => $name) {
116 $roleObj = $wp_roles->get_role($role);
118 //Remove all civicrm capabilities for the role, as there may be some capabilities checkbox unticked
119 foreach ($permissionsArray as $key => $capability) {
120 $roleObj->remove_cap($key);
123 //Add the selected wordpress capabilities for the role
124 $rolePermissions = $params[$role];
125 if (!empty($rolePermissions)) {
126 foreach ($rolePermissions as $key => $capability) {
127 $roleObj->add_cap($key);
131 if ($role == 'anonymous_user') {
132 // Get the permissions into a format that matches what we get from WP
133 $allWarningPermissions = CRM_Core_Permission
::getAnonymousPermissionsWarnings();
134 foreach ($allWarningPermissions as $key => $permission) {
135 $allWarningPermissions[$key] = CRM_utils_String
::munge(strtolower($permission));
137 $warningPermissions = array_intersect($allWarningPermissions, array_keys($rolePermissions));
138 $warningPermissionNames = array();
139 foreach ($warningPermissions as $permission) {
140 $warningPermissionNames[$permission] = $permissionsArray[$permission];
142 if (!empty($warningPermissionNames)) {
143 CRM_Core_Session
::setStatus(
144 ts('The %1 role was assigned one or more permissions that may prove dangerous for users of that role to have. Please reconsider assigning %2 to them.', array(
145 1 => $wp_roles->role_names
[$role],
146 2 => implode(', ', $warningPermissionNames),
148 ts('Unsafe Permission Settings')
155 // Changed the 'access_civicrm_nav_link' capability in civicrm.php file
156 // But for some reason, if i remove 'Access CiviCRM' administrator and save, it is showing
157 // 'You do not have sufficient permissions to access this page'
158 // which should not happen for Super Admin and Administrators, as checking permissions for Super
159 // Admin and Administrators always gives TRUE
160 wp_civicrm_capability();
162 CRM_Core_Session
::setStatus("", ts('Wordpress Access Control Updated'), "success");
164 // rebuild the menus to comply with the new permisssions/capabilites
165 CRM_Core_Invoke
::rebuildMenuAndCaches();
167 CRM_Utils_System
::redirect('admin.php?page=CiviCRM&q=civicrm/admin/access&reset=1');
168 CRM_Utils_System
::civiExit();
172 * Get the core civicrm permissions array.
173 * This function should be shared from a similar one in
174 * distmaker/utils/joomlaxml.php
177 * civicrm permissions
179 public static function getPermissionArray() {
180 global $civicrm_root;
182 $permissions = CRM_Core_Permission
::basicPermissions();
184 $perms_array = array();
185 foreach ($permissions as $perm => $title) {
186 //order matters here, but we deal with that later
187 $perms_array[CRM_Utils_String
::munge(strtolower($perm))] = $title;