CRM/Core/Permission/Base.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 4.6                                                |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2014                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26 */
  27
  28 /**
  29  *
  30  * @package CRM
  31  * @copyright CiviCRM LLC (c) 2004-2014
  32  * $Id$
  33  *
  34  */
  35
  36 /**
  37  *
  38  */
  39 class CRM_Core_Permission_Base {
  40
  41   // permission mapping to stub check() calls
  42   public $permissions = NULL;
  43
  44   /**
  45    * Translate permission
  46    *
  47    * @param $perm
  48    * @param string $nativePrefix
  49    * @param array $map
  50    *   Array($portableName => $nativeName).
  51    *
  52    * @internal param string $name e.g. "administer CiviCRM", "cms:access user record", "Drupal:administer content", "Joomla:action:com_asset"
  53    * @return NULL|string a permission name
  54    */
  55   public function translatePermission($perm, $nativePrefix, $map) {
  56     list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL);
  57     switch ($civiPrefix) {
  58       case $nativePrefix:
  59         return $name; // pass through
  60       case 'cms':
  61         return CRM_Utils_Array::value($name, $map, CRM_Core_Permission::ALWAYS_DENY_PERMISSION);
  62       case NULL:
  63         return $name;
  64       default:
  65         return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
  66     }
  67   }
  68
  69   /**
  70    * Get the current permission of this user
  71    *
  72    * @return string the permission of the user (edit or view or null)
  73    */
  74   public function getPermission() {
  75     return CRM_Core_Permission::EDIT;
  76   }
  77
  78   /**
  79    * Get the permissioned where clause for the user
  80    *
  81    * @param int $type
  82    *   The type of permission needed.
  83    * @param array $tables
  84    *   (reference ) add the tables that are needed for the select clause.
  85    * @param array $whereTables
  86    *   (reference ) add the tables that are needed for the where clause.
  87    *
  88    * @return string the group where clause for this user
  89    */
  90   public function whereClause($type, &$tables, &$whereTables) {
  91     return '( 1 )';
  92   }
  93   /**
  94    * Get the permissioned where clause for the user when trying to see groups
  95    *
  96    * @param int $type
  97    *   The type of permission needed.
  98    * @param array $tables
  99    *   (reference ) add the tables that are needed for the select clause.
 100    * @param array $whereTables
 101    *   (reference ) add the tables that are needed for the where clause.
 102    *
 103    * @return string the group where clause for this user
 104    */
 105   public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
 106     $this->group();
 107     return $this->groupClause($type, $tables, $whereTables);
 108   }
 109
 110   /**
 111    * Get all groups from database, filtered by permissions
 112    * for this user
 113    *
 114    * @param string $groupType
 115    *   Type of group(Access/Mailing).
 116    * @param bool|\boolen $excludeHidden exclude hidden groups.
 117    *
 118    *
 119    * @return array - array reference of all groups.
 120    */
 121   public function group($groupType = NULL, $excludeHidden = TRUE) {
 122     return CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
 123   }
 124
 125   /**
 126    * Get group clause for this user
 127    *
 128    * @param int $type
 129    *   The type of permission needed.
 130    * @param array $tables
 131    *   (reference ) add the tables that are needed for the select clause.
 132    * @param array $whereTables
 133    *   (reference ) add the tables that are needed for the where clause.
 134    *
 135    * @return string the group where clause for this user
 136    */
 137   public function groupClause($type, &$tables, &$whereTables) {
 138     return ' (1) ';
 139   }
 140
 141   /**
 142    * Given a permission string, check for access requirements
 143    *
 144    * @param string $str
 145    *   The permission to check.
 146    *
 147    * @return boolean true if yes, else false
 148    */
 149
 150   public function check($str) {
 151     //no default behaviour
 152   }
 153
 154   /**
 155    * Given a roles array, check for access requirements
 156    *
 157    * @param array $array
 158    *   The roles to check.
 159    *
 160    * @return boolean true if yes, else false
 161    */
 162
 163   public function checkGroupRole($array) {
 164     return FALSE;
 165   }
 166
 167   /**
 168    * Get all the contact emails for users that have a specific permission
 169    *
 170    * @param string $permissionName
 171    *   Name of the permission we are interested in.
 172    *
 173    * @return string a comma separated list of email addresses
 174    */
 175   public function permissionEmails($permissionName) {
 176     CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
 177   }
 178
 179   /**
 180    * Get all the contact emails for users that have a specific role
 181    *
 182    * @param string $roleName
 183    *   Name of the role we are interested in.
 184    *
 185    * @return string a comma separated list of email addresses
 186    */
 187   public function roleEmails($roleName) {
 188     CRM_Core_Error::fatal("this function only works in Drupal 6 at the moment");
 189   }
 190
 191   /**
 192    * Determine whether the permission store allows us to store
 193    * a list of permissions generated dynamically (eg by
 194    * hook_civicrm_permissions.)
 195    *
 196    * @return bool
 197    */
 198   public function isModulePermissionSupported() {
 199     return FALSE;
 200   }
 201
 202   /**
 203    * Ensure that the CMS supports all the permissions defined by CiviCRM
 204    * and its extensions. If there are stale permissions, they should be
 205    * deleted. This is useful during module upgrade when the newer module
 206    * version has removed permission that were defined in the older version.
 207    *
 208    * @param array $permissions
 209    *   Same format as CRM_Core_Permission::getCorePermissions().
 210    *
 211    * @throws CRM_Core_Exception
 212    * @see CRM_Core_Permission::getCorePermissions
 213    */
 214   public function upgradePermissions($permissions) {
 215     throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
 216   }
 217
 218   /**
 219    * Get the permissions defined in the hook_civicrm_permission implementation
 220    * of the given module.
 221    *
 222    * Note: At time of writing, this is only used with native extension-modules, so
 223    * there's one, predictable calling convention (regardless of CMS).
 224    *
 225    * @param $module
 226    *
 227    * @return Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
 228    * @see CRM_Core_Permission::getCorePermissions
 229    */
 230   public static function getModulePermissions($module) {
 231     $return_permissions = array();
 232     $fn_name = "{$module}_civicrm_permission";
 233     if (function_exists($fn_name)) {
 234       $module_permissions = array();
 235       $fn_name($module_permissions);
 236       $return_permissions = $module_permissions;
 237     }
 238     return $return_permissions;
 239   }
 240
 241   /**
 242    * Get the permissions defined in the hook_civicrm_permission implementation
 243    * in all enabled CiviCRM module extensions.
 244    *
 245    * @return Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
 246    */
 247   public function getAllModulePermissions() {
 248     $permissions = array();
 249     CRM_Utils_Hook::permission($permissions);
 250     return $permissions;
 251   }
 252 }