projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch '5.26' of https://github.com/civicrm/civicrm-core
[civicrm-core.git] / CRM / Core / Permission / Base.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 *
14 * @package CRM
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
16 * $Id$
17 *
18 */
19
20 /**
21 *
22 */
23 class CRM_Core_Permission_Base {
24
25 /**
26 * permission mapping to stub check() calls
27 * @var array
28 */
29 public $permissions = NULL;
30
31 /**
32 * Translate permission.
33 *
34 * @param string $perm
35 * Permission string e.g "administer CiviCRM", "cms:access user record", "Drupal:administer content",
36 * "Joomla:action:com_asset"
37 *
38 * @param string $nativePrefix
39 * @param array $map
40 * Array($portableName => $nativeName).
41 *
42 * @return NULL|string
43 * a permission name
44 */
45 public function translatePermission($perm, $nativePrefix, $map) {
46 list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL);
47 switch ($civiPrefix) {
48 case $nativePrefix:
49 return $name;
50
51 // pass through
52 case 'cms':
53 return CRM_Utils_Array::value($name, $map, CRM_Core_Permission::ALWAYS_DENY_PERMISSION);
54
55 case NULL:
56 return $name;
57
58 default:
59 return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
60 }
61 }
62
63 /**
64 * Get the current permission of this user.
65 *
66 * @return string
67 * the permission of the user (edit or view or null)
68 */
69 public function getPermission() {
70 return CRM_Core_Permission::EDIT;
71 }
72
73 /**
74 * Get the permissioned where clause for the user.
75 *
76 * @param int $type
77 * The type of permission needed.
78 * @param array $tables
79 * (reference ) add the tables that are needed for the select clause.
80 * @param array $whereTables
81 * (reference ) add the tables that are needed for the where clause.
82 *
83 * @return string
84 * the group where clause for this user
85 */
86 public function whereClause($type, &$tables, &$whereTables) {
87 return '( 1 )';
88 }
89
90 /**
91 * Get the permissioned where clause for the user when trying to see groups.
92 *
93 * @param int $type
94 * The type of permission needed.
95 * @param array $tables
96 * (reference ) add the tables that are needed for the select clause.
97 * @param array $whereTables
98 * (reference ) add the tables that are needed for the where clause.
99 *
100 * @return string
101 * the group where clause for this user
102 */
103 public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
104 $this->group();
105 return $this->groupClause($type, $tables, $whereTables);
106 }
107
108 /**
109 * Get all groups from database, filtered by permissions
110 * for this user
111 *
112 * @param string $groupType
113 * Type of group(Access/Mailing).
114 * @param bool $excludeHidden
115 * exclude hidden groups.
116 *
117 *
118 * @return array
119 * array reference of all groups.
120 */
121 public function group($groupType = NULL, $excludeHidden = TRUE) {
122 return CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
123 }
124
125 /**
126 * Get group clause for this user.
127 *
128 * @param int $type
129 * The type of permission needed.
130 * @param array $tables
131 * (reference ) add the tables that are needed for the select clause.
132 * @param array $whereTables
133 * (reference ) add the tables that are needed for the where clause.
134 *
135 * @return string
136 * the group where clause for this user
137 */
138 public function groupClause($type, &$tables, &$whereTables) {
139 return ' (1) ';
140 }
141
142 /**
143 * Given a permission string, check for access requirements
144 *
145 * @param string $str
146 * The permission to check.
147 * @param int $userId
148 *
149 */
150 public function check($str, $userId = NULL) {
151 //no default behaviour
152 }
153
154 /**
155 * Given a roles array, check for access requirements
156 *
157 * @param array $array
158 * The roles to check.
159 *
160 * @return bool
161 * true if yes, else false
162 */
163 public function checkGroupRole($array) {
164 return FALSE;
165 }
166
167 /**
168 * Get all the contact emails for users that have a specific permission.
169 *
170 * @param string $permissionName
171 * Name of the permission we are interested in.
172 *
173 * @throws CRM_Core_Exception.
174 */
175 public function permissionEmails($permissionName) {
176 throw new CRM_Core_Exception("this function only works in Drupal 6 at the moment");
177 }
178
179 /**
180 * Get all the contact emails for users that have a specific role.
181 *
182 * @param string $roleName
183 * Name of the role we are interested in.
184 *
185 * @throws CRM_Core_Exception.
186 */
187 public function roleEmails($roleName) {
188 throw new CRM_Core_Exception("this function only works in Drupal 6 at the moment");
189 }
190
191 /**
192 * Determine whether the permission store allows us to store
193 * a list of permissions generated dynamically (eg by
194 * hook_civicrm_permissions.)
195 *
196 * @return bool
197 */
198 public function isModulePermissionSupported() {
199 return FALSE;
200 }
201
202 /**
203 * Ensure that the CMS supports all the permissions defined by CiviCRM
204 * and its extensions. If there are stale permissions, they should be
205 * deleted. This is useful during module upgrade when the newer module
206 * version has removed permission that were defined in the older version.
207 *
208 * @param array $permissions
209 * Same format as CRM_Core_Permission::getCorePermissions().
210 *
211 * @throws CRM_Core_Exception
212 * @see CRM_Core_Permission::getCorePermissions
213 */
214 public function upgradePermissions($permissions) {
215 throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
216 }
217
218 /**
219 * Get the permissions defined in the hook_civicrm_permission implementation
220 * of the given module.
221 *
222 * Note: At time of writing, this is only used with native extension-modules, so
223 * there's one, predictable calling convention (regardless of CMS).
224 *
225 * @param $module
226 *
227 * @return array
228 * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
229 * @see CRM_Core_Permission::getCorePermissions
230 */
231 public static function getModulePermissions($module) {
232 $return_permissions = [];
233 $fn_name = "{$module}_civicrm_permission";
234 if (function_exists($fn_name)) {
235 $module_permissions = [];
236 $fn_name($module_permissions);
237 $return_permissions = $module_permissions;
238 }
239 return $return_permissions;
240 }
241
242 /**
243 * Get the permissions defined in the hook_civicrm_permission implementation
244 * in all enabled CiviCRM module extensions.
245 *
246 * @param bool $descriptions
247 *
248 * @return array
249 * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
250 */
251 public function getAllModulePermissions($descriptions = FALSE) {
252 $permissions = [];
253 CRM_Utils_Hook::permission($permissions);
254
255 if ($descriptions) {
256 foreach ($permissions as $permission => $label) {
257 $permissions[$permission] = (is_array($label)) ? $label : [$label];
258 }
259 }
260 else {
261 foreach ($permissions as $permission => $label) {
262 $permissions[$permission] = (is_array($label)) ? array_shift($label) : $label;
263 }
264 }
265 return $permissions;
266 }
267
268 }