3 +--------------------------------------------------------------------+
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2020 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
31 * @copyright CiviCRM LLC https://civicrm.org/licensing
39 class CRM_Core_Permission_Base
{
42 * permission mapping to stub check() calls
45 public $permissions = NULL;
48 * Translate permission.
51 * Permission string e.g "administer CiviCRM", "cms:access user record", "Drupal:administer content",
52 * "Joomla:action:com_asset"
54 * @param string $nativePrefix
56 * Array($portableName => $nativeName).
61 public function translatePermission($perm, $nativePrefix, $map) {
62 list ($civiPrefix, $name) = CRM_Utils_String
::parsePrefix(':', $perm, NULL);
63 switch ($civiPrefix) {
69 return CRM_Utils_Array
::value($name, $map, CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
);
75 return CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
;
80 * Get the current permission of this user.
83 * the permission of the user (edit or view or null)
85 public function getPermission() {
86 return CRM_Core_Permission
::EDIT
;
90 * Get the permissioned where clause for the user.
93 * The type of permission needed.
94 * @param array $tables
95 * (reference ) add the tables that are needed for the select clause.
96 * @param array $whereTables
97 * (reference ) add the tables that are needed for the where clause.
100 * the group where clause for this user
102 public function whereClause($type, &$tables, &$whereTables) {
107 * Get the permissioned where clause for the user when trying to see groups.
110 * The type of permission needed.
111 * @param array $tables
112 * (reference ) add the tables that are needed for the select clause.
113 * @param array $whereTables
114 * (reference ) add the tables that are needed for the where clause.
117 * the group where clause for this user
119 public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
121 return $this->groupClause($type, $tables, $whereTables);
125 * Get all groups from database, filtered by permissions
128 * @param string $groupType
129 * Type of group(Access/Mailing).
130 * @param bool $excludeHidden
131 * exclude hidden groups.
135 * array reference of all groups.
137 public function group($groupType = NULL, $excludeHidden = TRUE) {
138 return CRM_Core_PseudoConstant
::allGroup($groupType, $excludeHidden);
142 * Get group clause for this user.
145 * The type of permission needed.
146 * @param array $tables
147 * (reference ) add the tables that are needed for the select clause.
148 * @param array $whereTables
149 * (reference ) add the tables that are needed for the where clause.
152 * the group where clause for this user
154 public function groupClause($type, &$tables, &$whereTables) {
159 * Given a permission string, check for access requirements
162 * The permission to check.
166 public function check($str, $userId = NULL) {
167 //no default behaviour
171 * Given a roles array, check for access requirements
173 * @param array $array
174 * The roles to check.
177 * true if yes, else false
179 public function checkGroupRole($array) {
184 * Get all the contact emails for users that have a specific permission.
186 * @param string $permissionName
187 * Name of the permission we are interested in.
190 public function permissionEmails($permissionName) {
191 CRM_Core_Error
::fatal("this function only works in Drupal 6 at the moment");
195 * Get all the contact emails for users that have a specific role.
197 * @param string $roleName
198 * Name of the role we are interested in.
201 public function roleEmails($roleName) {
202 CRM_Core_Error
::fatal("this function only works in Drupal 6 at the moment");
206 * Determine whether the permission store allows us to store
207 * a list of permissions generated dynamically (eg by
208 * hook_civicrm_permissions.)
212 public function isModulePermissionSupported() {
217 * Ensure that the CMS supports all the permissions defined by CiviCRM
218 * and its extensions. If there are stale permissions, they should be
219 * deleted. This is useful during module upgrade when the newer module
220 * version has removed permission that were defined in the older version.
222 * @param array $permissions
223 * Same format as CRM_Core_Permission::getCorePermissions().
225 * @throws CRM_Core_Exception
226 * @see CRM_Core_Permission::getCorePermissions
228 public function upgradePermissions($permissions) {
229 throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
233 * Get the permissions defined in the hook_civicrm_permission implementation
234 * of the given module.
236 * Note: At time of writing, this is only used with native extension-modules, so
237 * there's one, predictable calling convention (regardless of CMS).
242 * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
243 * @see CRM_Core_Permission::getCorePermissions
245 public static function getModulePermissions($module) {
246 $return_permissions = [];
247 $fn_name = "{$module}_civicrm_permission";
248 if (function_exists($fn_name)) {
249 $module_permissions = [];
250 $fn_name($module_permissions);
251 $return_permissions = $module_permissions;
253 return $return_permissions;
257 * Get the permissions defined in the hook_civicrm_permission implementation
258 * in all enabled CiviCRM module extensions.
260 * @param bool $descriptions
263 * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
265 public function getAllModulePermissions($descriptions = FALSE) {
267 CRM_Utils_Hook
::permission($permissions);
270 foreach ($permissions as $permission => $label) {
271 $permissions[$permission] = (is_array($label)) ?
$label : [$label];
275 foreach ($permissions as $permission => $label) {
276 $permissions[$permission] = (is_array($label)) ?
array_shift($label) : $label;