3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
21 class CRM_Core_Permission_Base
{
24 * permission mapping to stub check() calls
27 public $permissions = NULL;
30 * Translate permission.
33 * Permission string e.g "administer CiviCRM", "cms:access user record", "Drupal:administer content",
34 * "Joomla:action:com_asset"
36 * @param string $nativePrefix
38 * Array($portableName => $nativeName).
43 public function translatePermission($perm, $nativePrefix, $map) {
44 list ($civiPrefix, $name) = CRM_Utils_String
::parsePrefix(':', $perm, NULL);
45 switch ($civiPrefix) {
51 return CRM_Utils_Array
::value($name, $map, CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
);
57 return CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
;
62 * Get the current permission of this user.
65 * the permission of the user (edit or view or null)
67 public function getPermission() {
68 return CRM_Core_Permission
::EDIT
;
72 * Get the permissioned where clause for the user.
75 * The type of permission needed.
76 * @param array $tables
77 * (reference ) add the tables that are needed for the select clause.
78 * @param array $whereTables
79 * (reference ) add the tables that are needed for the where clause.
82 * the group where clause for this user
84 public function whereClause($type, &$tables, &$whereTables) {
89 * Get the permissioned where clause for the user when trying to see groups.
92 * The type of permission needed.
93 * @param array $tables
94 * (reference ) add the tables that are needed for the select clause.
95 * @param array $whereTables
96 * (reference ) add the tables that are needed for the where clause.
99 * the group where clause for this user
101 public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
103 return $this->groupClause($type, $tables, $whereTables);
107 * Get all groups from database, filtered by permissions
110 * @param string $groupType
111 * Type of group(Access/Mailing).
112 * @param bool $excludeHidden
113 * exclude hidden groups.
117 * array reference of all groups.
119 public function group($groupType = NULL, $excludeHidden = TRUE) {
120 return CRM_Core_PseudoConstant
::allGroup($groupType, $excludeHidden);
124 * Get group clause for this user.
127 * The type of permission needed.
128 * @param array $tables
129 * (reference ) add the tables that are needed for the select clause.
130 * @param array $whereTables
131 * (reference ) add the tables that are needed for the where clause.
134 * the group where clause for this user
136 public function groupClause($type, &$tables, &$whereTables) {
141 * Given a permission string, check for access requirements
144 * The permission to check.
148 public function check($str, $userId = NULL) {
149 //no default behaviour
153 * Given a roles array, check for access requirements
155 * @param array $array
156 * The roles to check.
159 * true if yes, else false
161 public function checkGroupRole($array) {
166 * Get the palette of available permissions in the CMS's user-management system.
169 * List of permissions, keyed by symbolic name. Each item may have fields:
171 * - description: string
173 * The permission-name should correspond to the Civi notation used by
174 * 'CRM_Core_Permission::check()'. For CMS-specific permissions, these are
175 * translated names (eg "WordPress:list_users" or "Drupal:post comments").
177 * The list should include *only* CMS permissions. Exclude Civi-native permissions.
179 * @see \CRM_Core_Permission_Base::translatePermission()
181 public function getAvailablePermissions() {
186 * Get all the contact emails for users that have a specific permission.
188 * @param string $permissionName
189 * Name of the permission we are interested in.
191 * @throws CRM_Core_Exception.
193 public function permissionEmails($permissionName) {
194 throw new CRM_Core_Exception("this function only works in Drupal 6 at the moment");
198 * Get all the contact emails for users that have a specific role.
200 * @param string $roleName
201 * Name of the role we are interested in.
203 * @throws CRM_Core_Exception.
205 public function roleEmails($roleName) {
206 throw new CRM_Core_Exception("this function only works in Drupal 6 at the moment");
210 * Determine whether the permission store allows us to store
211 * a list of permissions generated dynamically (eg by
212 * hook_civicrm_permissions.)
216 public function isModulePermissionSupported() {
221 * Ensure that the CMS supports all the permissions defined by CiviCRM
222 * and its extensions. If there are stale permissions, they should be
223 * deleted. This is useful during module upgrade when the newer module
224 * version has removed permission that were defined in the older version.
226 * @param array $permissions
227 * Same format as CRM_Core_Permission::getCorePermissions().
229 * @throws CRM_Core_Exception
230 * @see CRM_Core_Permission::getCorePermissions
232 public function upgradePermissions($permissions) {
233 throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
237 * Get the permissions defined in the hook_civicrm_permission implementation
238 * of the given module.
240 * Note: At time of writing, this is only used with native extension-modules, so
241 * there's one, predictable calling convention (regardless of CMS).
246 * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
247 * @see CRM_Core_Permission::getCorePermissions
249 public static function getModulePermissions($module) {
250 $return_permissions = [];
251 $fn_name = "{$module}_civicrm_permission";
252 if (function_exists($fn_name)) {
253 $module_permissions = [];
254 $fn_name($module_permissions);
255 $return_permissions = $module_permissions;
257 return $return_permissions;
261 * Get the permissions defined in the hook_civicrm_permission implementation
262 * in all enabled CiviCRM module extensions.
264 * @param bool $descriptions
267 * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
269 public function getAllModulePermissions($descriptions = FALSE) {
271 CRM_Utils_Hook
::permission($permissions);
274 foreach ($permissions as $permission => $label) {
275 $permissions[$permission] = (is_array($label)) ?
$label : [$label];
279 foreach ($permissions as $permission => $label) {
280 $permissions[$permission] = (is_array($label)) ?
array_shift($label) : $label;