CRM/Core/Permission/Base.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | Copyright CiviCRM LLC. All rights reserved.                        |
   5  |                                                                    |
   6  | This work is published under the GNU AGPLv3 license with some      |
   7  | permitted exceptions and without any warranty. For full license    |
   8  | and copyright information, see https://civicrm.org/licensing       |
   9  +--------------------------------------------------------------------+
  10  */
  11
  12 /**
  13  *
  14  * @package CRM
  15  * @copyright CiviCRM LLC https://civicrm.org/licensing
  16  */
  17
  18 /**
  19  *
  20  */
  21 class CRM_Core_Permission_Base {
  22
  23   /**
  24    * permission mapping to stub check() calls
  25    * @var array
  26    */
  27   public $permissions = NULL;
  28
  29   /**
  30    * Translate permission.
  31    *
  32    * @param string $perm
  33    *   Permission string e.g "administer CiviCRM", "cms:access user record", "Drupal:administer content",
  34    *   "Joomla:action:com_asset"
  35    *
  36    * @param string $nativePrefix
  37    * @param array $map
  38    *   Array($portableName => $nativeName).
  39    *
  40    * @return NULL|string
  41    *   a permission name
  42    */
  43   public function translatePermission($perm, $nativePrefix, $map) {
  44     list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL);
  45     switch ($civiPrefix) {
  46       case $nativePrefix:
  47         return $name;
  48
  49       // pass through
  50       case 'cms':
  51         return CRM_Utils_Array::value($name, $map, CRM_Core_Permission::ALWAYS_DENY_PERMISSION);
  52
  53       case NULL:
  54         return $name;
  55
  56       default:
  57         return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
  58     }
  59   }
  60
  61   /**
  62    * Get the current permission of this user.
  63    *
  64    * @return string
  65    *   the permission of the user (edit or view or null)
  66    */
  67   public function getPermission() {
  68     return CRM_Core_Permission::EDIT;
  69   }
  70
  71   /**
  72    * Get the permissioned where clause for the user.
  73    *
  74    * @param int $type
  75    *   The type of permission needed.
  76    * @param array $tables
  77    *   (reference ) add the tables that are needed for the select clause.
  78    * @param array $whereTables
  79    *   (reference ) add the tables that are needed for the where clause.
  80    *
  81    * @return string
  82    *   the group where clause for this user
  83    */
  84   public function whereClause($type, &$tables, &$whereTables) {
  85     return '( 1 )';
  86   }
  87
  88   /**
  89    * Get the permissioned where clause for the user when trying to see groups.
  90    *
  91    * @param int $type
  92    *   The type of permission needed.
  93    * @param array $tables
  94    *   (reference ) add the tables that are needed for the select clause.
  95    * @param array $whereTables
  96    *   (reference ) add the tables that are needed for the where clause.
  97    *
  98    * @return string
  99    *   the group where clause for this user
 100    */
 101   public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
 102     $this->group();
 103     return $this->groupClause($type, $tables, $whereTables);
 104   }
 105
 106   /**
 107    * Get all groups from database, filtered by permissions
 108    * for this user
 109    *
 110    * @param string $groupType
 111    *   Type of group(Access/Mailing).
 112    * @param bool $excludeHidden
 113    *   exclude hidden groups.
 114    *
 115    *
 116    * @return array
 117    *   array reference of all groups.
 118    */
 119   public function group($groupType = NULL, $excludeHidden = TRUE) {
 120     return CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
 121   }
 122
 123   /**
 124    * Get group clause for this user.
 125    *
 126    * @param int $type
 127    *   The type of permission needed.
 128    * @param array $tables
 129    *   (reference ) add the tables that are needed for the select clause.
 130    * @param array $whereTables
 131    *   (reference ) add the tables that are needed for the where clause.
 132    *
 133    * @return string
 134    *   the group where clause for this user
 135    */
 136   public function groupClause($type, &$tables, &$whereTables) {
 137     return ' (1) ';
 138   }
 139
 140   /**
 141    * Given a permission string, check for access requirements
 142    *
 143    * @param string $str
 144    *   The permission to check.
 145    * @param int $userId
 146    *
 147    */
 148   public function check($str, $userId = NULL) {
 149     //no default behaviour
 150   }
 151
 152   /**
 153    * Given a roles array, check for access requirements
 154    *
 155    * @param array $array
 156    *   The roles to check.
 157    *
 158    * @return bool
 159    *   true if yes, else false
 160    */
 161   public function checkGroupRole($array) {
 162     return FALSE;
 163   }
 164
 165   /**
 166    * Get the palette of available permissions in the CMS's user-management system.
 167    *
 168    * @return array
 169    *   List of permissions, keyed by symbolic name. Each item may have fields:
 170    *     - title: string
 171    *     - description: string
 172    *
 173    *   The permission-name should correspond to the Civi notation used by
 174    *   'CRM_Core_Permission::check()'. For CMS-specific permissions, these are
 175    *   translated names (eg "WordPress:list_users" or "Drupal:post comments").
 176    *
 177    *   The list should include *only* CMS permissions. Exclude Civi-native permissions.
 178    *
 179    * @see \CRM_Core_Permission_Base::translatePermission()
 180    */
 181   public function getAvailablePermissions() {
 182     return [];
 183   }
 184
 185   /**
 186    * Get all the contact emails for users that have a specific permission.
 187    *
 188    * @param string $permissionName
 189    *   Name of the permission we are interested in.
 190    *
 191    * @throws CRM_Core_Exception.
 192    */
 193   public function permissionEmails($permissionName) {
 194     throw new CRM_Core_Exception("this function only works in Drupal 6 at the moment");
 195   }
 196
 197   /**
 198    * Get all the contact emails for users that have a specific role.
 199    *
 200    * @param string $roleName
 201    *   Name of the role we are interested in.
 202    *
 203    * @throws CRM_Core_Exception.
 204    */
 205   public function roleEmails($roleName) {
 206     throw new CRM_Core_Exception("this function only works in Drupal 6 at the moment");
 207   }
 208
 209   /**
 210    * Determine whether the permission store allows us to store
 211    * a list of permissions generated dynamically (eg by
 212    * hook_civicrm_permissions.)
 213    *
 214    * @return bool
 215    */
 216   public function isModulePermissionSupported() {
 217     return FALSE;
 218   }
 219
 220   /**
 221    * Ensure that the CMS supports all the permissions defined by CiviCRM
 222    * and its extensions. If there are stale permissions, they should be
 223    * deleted. This is useful during module upgrade when the newer module
 224    * version has removed permission that were defined in the older version.
 225    *
 226    * @param array $permissions
 227    *   Same format as CRM_Core_Permission::getCorePermissions().
 228    *
 229    * @throws CRM_Core_Exception
 230    * @see CRM_Core_Permission::getCorePermissions
 231    */
 232   public function upgradePermissions($permissions) {
 233     throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
 234   }
 235
 236   /**
 237    * Get the permissions defined in the hook_civicrm_permission implementation
 238    * of the given module.
 239    *
 240    * Note: At time of writing, this is only used with native extension-modules, so
 241    * there's one, predictable calling convention (regardless of CMS).
 242    *
 243    * @param $module
 244    *
 245    * @return array
 246    *   Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
 247    * @see CRM_Core_Permission::getCorePermissions
 248    */
 249   public static function getModulePermissions($module) {
 250     $return_permissions = [];
 251     $fn_name = "{$module}_civicrm_permission";
 252     if (function_exists($fn_name)) {
 253       $module_permissions = [];
 254       $fn_name($module_permissions);
 255       $return_permissions = $module_permissions;
 256     }
 257     return $return_permissions;
 258   }
 259
 260   /**
 261    * Get the permissions defined in the hook_civicrm_permission implementation
 262    * in all enabled CiviCRM module extensions.
 263    *
 264    * @param bool $descriptions
 265    *
 266    * @return array
 267    *   Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
 268    */
 269   public function getAllModulePermissions($descriptions = FALSE) {
 270     $permissions = [];
 271     CRM_Utils_Hook::permission($permissions);
 272
 273     if ($descriptions) {
 274       foreach ($permissions as $permission => $label) {
 275         $permissions[$permission] = (is_array($label)) ? $label : [$label];
 276       }
 277     }
 278     else {
 279       foreach ($permissions as $permission => $label) {
 280         $permissions[$permission] = (is_array($label)) ? array_shift($label) : $label;
 281       }
 282     }
 283     return $permissions;
 284   }
 285
 286 }