CRM/Core/Permission/Base.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 5                                                  |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2019                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26  */
  27
  28 /**
  29  *
  30  * @package CRM
  31  * @copyright CiviCRM LLC (c) 2004-2019
  32  * $Id$
  33  *
  34  */
  35
  36 /**
  37  *
  38  */
  39 class CRM_Core_Permission_Base {
  40
  41   /**
  42    * permission mapping to stub check() calls
  43    * @var array
  44    */
  45   public $permissions = NULL;
  46
  47   /**
  48    * Translate permission.
  49    *
  50    * @param string $perm
  51    *   Permission string e.g "administer CiviCRM", "cms:access user record", "Drupal:administer content",
  52    *   "Joomla:action:com_asset"
  53    *
  54    * @param string $nativePrefix
  55    * @param array $map
  56    *   Array($portableName => $nativeName).
  57    *
  58    * @return NULL|string
  59    *   a permission name
  60    */
  61   public function translatePermission($perm, $nativePrefix, $map) {
  62     list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL);
  63     switch ($civiPrefix) {
  64       case $nativePrefix:
  65         return $name;
  66
  67       // pass through
  68       case 'cms':
  69         return CRM_Utils_Array::value($name, $map, CRM_Core_Permission::ALWAYS_DENY_PERMISSION);
  70
  71       case NULL:
  72         return $name;
  73
  74       default:
  75         return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
  76     }
  77   }
  78
  79   /**
  80    * Get the current permission of this user.
  81    *
  82    * @return string
  83    *   the permission of the user (edit or view or null)
  84    */
  85   public function getPermission() {
  86     return CRM_Core_Permission::EDIT;
  87   }
  88
  89   /**
  90    * Get the permissioned where clause for the user.
  91    *
  92    * @param int $type
  93    *   The type of permission needed.
  94    * @param array $tables
  95    *   (reference ) add the tables that are needed for the select clause.
  96    * @param array $whereTables
  97    *   (reference ) add the tables that are needed for the where clause.
  98    *
  99    * @return string
 100    *   the group where clause for this user
 101    */
 102   public function whereClause($type, &$tables, &$whereTables) {
 103     return '( 1 )';
 104   }
 105
 106   /**
 107    * Get the permissioned where clause for the user when trying to see groups.
 108    *
 109    * @param int $type
 110    *   The type of permission needed.
 111    * @param array $tables
 112    *   (reference ) add the tables that are needed for the select clause.
 113    * @param array $whereTables
 114    *   (reference ) add the tables that are needed for the where clause.
 115    *
 116    * @return string
 117    *   the group where clause for this user
 118    */
 119   public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
 120     $this->group();
 121     return $this->groupClause($type, $tables, $whereTables);
 122   }
 123
 124   /**
 125    * Get all groups from database, filtered by permissions
 126    * for this user
 127    *
 128    * @param string $groupType
 129    *   Type of group(Access/Mailing).
 130    * @param bool $excludeHidden
 131    *   exclude hidden groups.
 132    *
 133    *
 134    * @return array
 135    *   array reference of all groups.
 136    */
 137   public function group($groupType = NULL, $excludeHidden = TRUE) {
 138     return CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
 139   }
 140
 141   /**
 142    * Get group clause for this user.
 143    *
 144    * @param int $type
 145    *   The type of permission needed.
 146    * @param array $tables
 147    *   (reference ) add the tables that are needed for the select clause.
 148    * @param array $whereTables
 149    *   (reference ) add the tables that are needed for the where clause.
 150    *
 151    * @return string
 152    *   the group where clause for this user
 153    */
 154   public function groupClause($type, &$tables, &$whereTables) {
 155     return ' (1) ';
 156   }
 157
 158   /**
 159    * Given a permission string, check for access requirements
 160    *
 161    * @param string $str
 162    *   The permission to check.
 163    * @param int $userId
 164    *
 165    */
 166   public function check($str, $userId = NULL) {
 167     //no default behaviour
 168   }
 169
 170   /**
 171    * Given a roles array, check for access requirements
 172    *
 173    * @param array $array
 174    *   The roles to check.
 175    *
 176    * @return bool
 177    *   true if yes, else false
 178    */
 179   public function checkGroupRole($array) {
 180     return FALSE;
 181   }
 182
 183   /**
 184    * Get all the contact emails for users that have a specific permission.
 185    *
 186    * @param string $permissionName
 187    *   Name of the permission we are interested in.
 188    *
 189    */
 190   public function permissionEmails($permissionName) {
 191     CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
 192   }
 193
 194   /**
 195    * Get all the contact emails for users that have a specific role.
 196    *
 197    * @param string $roleName
 198    *   Name of the role we are interested in.
 199    *
 200    */
 201   public function roleEmails($roleName) {
 202     CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
 203   }
 204
 205   /**
 206    * Determine whether the permission store allows us to store
 207    * a list of permissions generated dynamically (eg by
 208    * hook_civicrm_permissions.)
 209    *
 210    * @return bool
 211    */
 212   public function isModulePermissionSupported() {
 213     return FALSE;
 214   }
 215
 216   /**
 217    * Ensure that the CMS supports all the permissions defined by CiviCRM
 218    * and its extensions. If there are stale permissions, they should be
 219    * deleted. This is useful during module upgrade when the newer module
 220    * version has removed permission that were defined in the older version.
 221    *
 222    * @param array $permissions
 223    *   Same format as CRM_Core_Permission::getCorePermissions().
 224    *
 225    * @throws CRM_Core_Exception
 226    * @see CRM_Core_Permission::getCorePermissions
 227    */
 228   public function upgradePermissions($permissions) {
 229     throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
 230   }
 231
 232   /**
 233    * Get the permissions defined in the hook_civicrm_permission implementation
 234    * of the given module.
 235    *
 236    * Note: At time of writing, this is only used with native extension-modules, so
 237    * there's one, predictable calling convention (regardless of CMS).
 238    *
 239    * @param $module
 240    *
 241    * @return array
 242    *   Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
 243    * @see CRM_Core_Permission::getCorePermissions
 244    */
 245   public static function getModulePermissions($module) {
 246     $return_permissions = [];
 247     $fn_name = "{$module}_civicrm_permission";
 248     if (function_exists($fn_name)) {
 249       $module_permissions = [];
 250       $fn_name($module_permissions);
 251       $return_permissions = $module_permissions;
 252     }
 253     return $return_permissions;
 254   }
 255
 256   /**
 257    * Get the permissions defined in the hook_civicrm_permission implementation
 258    * in all enabled CiviCRM module extensions.
 259    *
 260    * @param bool $descriptions
 261    *
 262    * @return array
 263    *   Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
 264    */
 265   public function getAllModulePermissions($descriptions = FALSE) {
 266     $permissions = [];
 267     CRM_Utils_Hook::permission($permissions);
 268
 269     if ($descriptions) {
 270       foreach ($permissions as $permission => $label) {
 271         $permissions[$permission] = (is_array($label)) ? $label : [$label];
 272       }
 273     }
 274     else {
 275       foreach ($permissions as $permission => $label) {
 276         $permissions[$permission] = (is_array($label)) ? array_shift($label) : $label;
 277       }
 278     }
 279     return $permissions;
 280   }
 281
 282 }