3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
23 class CRM_Core_Permission_Base
{
26 * permission mapping to stub check() calls
29 public $permissions = NULL;
32 * Translate permission.
35 * Permission string e.g "administer CiviCRM", "cms:access user record", "Drupal:administer content",
36 * "Joomla:action:com_asset"
38 * @param string $nativePrefix
40 * Array($portableName => $nativeName).
45 public function translatePermission($perm, $nativePrefix, $map) {
46 list ($civiPrefix, $name) = CRM_Utils_String
::parsePrefix(':', $perm, NULL);
47 switch ($civiPrefix) {
53 return CRM_Utils_Array
::value($name, $map, CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
);
59 return CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
;
64 * Get the current permission of this user.
67 * the permission of the user (edit or view or null)
69 public function getPermission() {
70 return CRM_Core_Permission
::EDIT
;
74 * Get the permissioned where clause for the user.
77 * The type of permission needed.
78 * @param array $tables
79 * (reference ) add the tables that are needed for the select clause.
80 * @param array $whereTables
81 * (reference ) add the tables that are needed for the where clause.
84 * the group where clause for this user
86 public function whereClause($type, &$tables, &$whereTables) {
91 * Get the permissioned where clause for the user when trying to see groups.
94 * The type of permission needed.
95 * @param array $tables
96 * (reference ) add the tables that are needed for the select clause.
97 * @param array $whereTables
98 * (reference ) add the tables that are needed for the where clause.
101 * the group where clause for this user
103 public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
105 return $this->groupClause($type, $tables, $whereTables);
109 * Get all groups from database, filtered by permissions
112 * @param string $groupType
113 * Type of group(Access/Mailing).
114 * @param bool $excludeHidden
115 * exclude hidden groups.
119 * array reference of all groups.
121 public function group($groupType = NULL, $excludeHidden = TRUE) {
122 return CRM_Core_PseudoConstant
::allGroup($groupType, $excludeHidden);
126 * Get group clause for this user.
129 * The type of permission needed.
130 * @param array $tables
131 * (reference ) add the tables that are needed for the select clause.
132 * @param array $whereTables
133 * (reference ) add the tables that are needed for the where clause.
136 * the group where clause for this user
138 public function groupClause($type, &$tables, &$whereTables) {
143 * Given a permission string, check for access requirements
146 * The permission to check.
150 public function check($str, $userId = NULL) {
151 //no default behaviour
155 * Given a roles array, check for access requirements
157 * @param array $array
158 * The roles to check.
161 * true if yes, else false
163 public function checkGroupRole($array) {
168 * Get all the contact emails for users that have a specific permission.
170 * @param string $permissionName
171 * Name of the permission we are interested in.
174 public function permissionEmails($permissionName) {
175 CRM_Core_Error
::fatal("this function only works in Drupal 6 at the moment");
179 * Get all the contact emails for users that have a specific role.
181 * @param string $roleName
182 * Name of the role we are interested in.
185 public function roleEmails($roleName) {
186 CRM_Core_Error
::fatal("this function only works in Drupal 6 at the moment");
190 * Determine whether the permission store allows us to store
191 * a list of permissions generated dynamically (eg by
192 * hook_civicrm_permissions.)
196 public function isModulePermissionSupported() {
201 * Ensure that the CMS supports all the permissions defined by CiviCRM
202 * and its extensions. If there are stale permissions, they should be
203 * deleted. This is useful during module upgrade when the newer module
204 * version has removed permission that were defined in the older version.
206 * @param array $permissions
207 * Same format as CRM_Core_Permission::getCorePermissions().
209 * @throws CRM_Core_Exception
210 * @see CRM_Core_Permission::getCorePermissions
212 public function upgradePermissions($permissions) {
213 throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
217 * Get the permissions defined in the hook_civicrm_permission implementation
218 * of the given module.
220 * Note: At time of writing, this is only used with native extension-modules, so
221 * there's one, predictable calling convention (regardless of CMS).
226 * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
227 * @see CRM_Core_Permission::getCorePermissions
229 public static function getModulePermissions($module) {
230 $return_permissions = [];
231 $fn_name = "{$module}_civicrm_permission";
232 if (function_exists($fn_name)) {
233 $module_permissions = [];
234 $fn_name($module_permissions);
235 $return_permissions = $module_permissions;
237 return $return_permissions;
241 * Get the permissions defined in the hook_civicrm_permission implementation
242 * in all enabled CiviCRM module extensions.
244 * @param bool $descriptions
247 * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
249 public function getAllModulePermissions($descriptions = FALSE) {
251 CRM_Utils_Hook
::permission($permissions);
254 foreach ($permissions as $permission => $label) {
255 $permissions[$permission] = (is_array($label)) ?
$label : [$label];
259 foreach ($permissions as $permission => $label) {
260 $permissions[$permission] = (is_array($label)) ?
array_shift($label) : $label;