CRM/Core/Permission/Base.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 5                                                  |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2018                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26  */
  27
  28 /**
  29  *
  30  * @package CRM
  31  * @copyright CiviCRM LLC (c) 2004-2018
  32  * $Id$
  33  *
  34  */
  35
  36 /**
  37  *
  38  */
  39 class CRM_Core_Permission_Base {
  40
  41   // permission mapping to stub check() calls
  42   public $permissions = NULL;
  43
  44   /**
  45    * Translate permission.
  46    *
  47    * @param string $perm
  48    *   Permission string e.g "administer CiviCRM", "cms:access user record", "Drupal:administer content",
  49    *   "Joomla:action:com_asset"
  50    *
  51    * @param string $nativePrefix
  52    * @param array $map
  53    *   Array($portableName => $nativeName).
  54    *
  55    * @return NULL|string
  56    *   a permission name
  57    */
  58   public function translatePermission($perm, $nativePrefix, $map) {
  59     list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL);
  60     switch ($civiPrefix) {
  61       case $nativePrefix:
  62         return $name;
  63
  64       // pass through
  65       case 'cms':
  66         return CRM_Utils_Array::value($name, $map, CRM_Core_Permission::ALWAYS_DENY_PERMISSION);
  67
  68       case NULL:
  69         return $name;
  70
  71       default:
  72         return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
  73     }
  74   }
  75
  76   /**
  77    * Get the current permission of this user.
  78    *
  79    * @return string
  80    *   the permission of the user (edit or view or null)
  81    */
  82   public function getPermission() {
  83     return CRM_Core_Permission::EDIT;
  84   }
  85
  86   /**
  87    * Get the permissioned where clause for the user.
  88    *
  89    * @param int $type
  90    *   The type of permission needed.
  91    * @param array $tables
  92    *   (reference ) add the tables that are needed for the select clause.
  93    * @param array $whereTables
  94    *   (reference ) add the tables that are needed for the where clause.
  95    *
  96    * @return string
  97    *   the group where clause for this user
  98    */
  99   public function whereClause($type, &$tables, &$whereTables) {
 100     return '( 1 )';
 101   }
 102
 103   /**
 104    * Get the permissioned where clause for the user when trying to see groups.
 105    *
 106    * @param int $type
 107    *   The type of permission needed.
 108    * @param array $tables
 109    *   (reference ) add the tables that are needed for the select clause.
 110    * @param array $whereTables
 111    *   (reference ) add the tables that are needed for the where clause.
 112    *
 113    * @return string
 114    *   the group where clause for this user
 115    */
 116   public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
 117     $this->group();
 118     return $this->groupClause($type, $tables, $whereTables);
 119   }
 120
 121   /**
 122    * Get all groups from database, filtered by permissions
 123    * for this user
 124    *
 125    * @param string $groupType
 126    *   Type of group(Access/Mailing).
 127    * @param bool $excludeHidden
 128    *   exclude hidden groups.
 129    *
 130    *
 131    * @return array
 132    *   array reference of all groups.
 133    */
 134   public function group($groupType = NULL, $excludeHidden = TRUE) {
 135     return CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
 136   }
 137
 138   /**
 139    * Get group clause for this user.
 140    *
 141    * @param int $type
 142    *   The type of permission needed.
 143    * @param array $tables
 144    *   (reference ) add the tables that are needed for the select clause.
 145    * @param array $whereTables
 146    *   (reference ) add the tables that are needed for the where clause.
 147    *
 148    * @return string
 149    *   the group where clause for this user
 150    */
 151   public function groupClause($type, &$tables, &$whereTables) {
 152     return ' (1) ';
 153   }
 154
 155   /**
 156    * Given a permission string, check for access requirements
 157    *
 158    * @param string $str
 159    *   The permission to check.
 160    * @param int $userId
 161    *
 162    */
 163   public function check($str, $userId = NULL) {
 164     //no default behaviour
 165   }
 166
 167   /**
 168    * Given a roles array, check for access requirements
 169    *
 170    * @param array $array
 171    *   The roles to check.
 172    *
 173    * @return bool
 174    *   true if yes, else false
 175    */
 176   public function checkGroupRole($array) {
 177     return FALSE;
 178   }
 179
 180   /**
 181    * Get all the contact emails for users that have a specific permission.
 182    *
 183    * @param string $permissionName
 184    *   Name of the permission we are interested in.
 185    *
 186    */
 187   public function permissionEmails($permissionName) {
 188     CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
 189   }
 190
 191   /**
 192    * Get all the contact emails for users that have a specific role.
 193    *
 194    * @param string $roleName
 195    *   Name of the role we are interested in.
 196    *
 197    */
 198   public function roleEmails($roleName) {
 199     CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
 200   }
 201
 202   /**
 203    * Determine whether the permission store allows us to store
 204    * a list of permissions generated dynamically (eg by
 205    * hook_civicrm_permissions.)
 206    *
 207    * @return bool
 208    */
 209   public function isModulePermissionSupported() {
 210     return FALSE;
 211   }
 212
 213   /**
 214    * Ensure that the CMS supports all the permissions defined by CiviCRM
 215    * and its extensions. If there are stale permissions, they should be
 216    * deleted. This is useful during module upgrade when the newer module
 217    * version has removed permission that were defined in the older version.
 218    *
 219    * @param array $permissions
 220    *   Same format as CRM_Core_Permission::getCorePermissions().
 221    *
 222    * @throws CRM_Core_Exception
 223    * @see CRM_Core_Permission::getCorePermissions
 224    */
 225   public function upgradePermissions($permissions) {
 226     throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
 227   }
 228
 229   /**
 230    * Get the permissions defined in the hook_civicrm_permission implementation
 231    * of the given module.
 232    *
 233    * Note: At time of writing, this is only used with native extension-modules, so
 234    * there's one, predictable calling convention (regardless of CMS).
 235    *
 236    * @param $module
 237    *
 238    * @return array
 239    *   Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
 240    * @see CRM_Core_Permission::getCorePermissions
 241    */
 242   public static function getModulePermissions($module) {
 243     $return_permissions = array();
 244     $fn_name = "{$module}_civicrm_permission";
 245     if (function_exists($fn_name)) {
 246       $module_permissions = array();
 247       $fn_name($module_permissions);
 248       $return_permissions = $module_permissions;
 249     }
 250     return $return_permissions;
 251   }
 252
 253   /**
 254    * Get the permissions defined in the hook_civicrm_permission implementation
 255    * in all enabled CiviCRM module extensions.
 256    *
 257    * @param bool $descriptions
 258    *
 259    * @return array
 260    *   Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
 261    */
 262   public function getAllModulePermissions($descriptions = FALSE) {
 263     $permissions = array();
 264     CRM_Utils_Hook::permission($permissions);
 265
 266     if ($descriptions) {
 267       foreach ($permissions as $permission => $label) {
 268         $permissions[$permission] = (is_array($label)) ? $label : array($label);
 269       }
 270     }
 271     else {
 272       foreach ($permissions as $permission => $label) {
 273         $permissions[$permission] = (is_array($label)) ? array_shift($label) : $label;
 274       }
 275     }
 276     return $permissions;
 277   }
 278
 279 }