projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #18084 from civicrm/5.28
[civicrm-core.git] / CRM / Core / Permission / Base.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 *
14 * @package CRM
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
16 */
17
18 /**
19 *
20 */
21 class CRM_Core_Permission_Base {
22
23 /**
24 * permission mapping to stub check() calls
25 * @var array
26 */
27 public $permissions = NULL;
28
29 /**
30 * Translate permission.
31 *
32 * @param string $perm
33 * Permission string e.g "administer CiviCRM", "cms:access user record", "Drupal:administer content",
34 * "Joomla:action:com_asset"
35 *
36 * @param string $nativePrefix
37 * @param array $map
38 * Array($portableName => $nativeName).
39 *
40 * @return NULL|string
41 * a permission name
42 */
43 public function translatePermission($perm, $nativePrefix, $map) {
44 list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL);
45 switch ($civiPrefix) {
46 case $nativePrefix:
47 return $name;
48
49 // pass through
50 case 'cms':
51 return CRM_Utils_Array::value($name, $map, CRM_Core_Permission::ALWAYS_DENY_PERMISSION);
52
53 case NULL:
54 return $name;
55
56 default:
57 return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
58 }
59 }
60
61 /**
62 * Get the current permission of this user.
63 *
64 * @return string
65 * the permission of the user (edit or view or null)
66 */
67 public function getPermission() {
68 return CRM_Core_Permission::EDIT;
69 }
70
71 /**
72 * Get the permissioned where clause for the user.
73 *
74 * @param int $type
75 * The type of permission needed.
76 * @param array $tables
77 * (reference ) add the tables that are needed for the select clause.
78 * @param array $whereTables
79 * (reference ) add the tables that are needed for the where clause.
80 *
81 * @return string
82 * the group where clause for this user
83 */
84 public function whereClause($type, &$tables, &$whereTables) {
85 return '( 1 )';
86 }
87
88 /**
89 * Get the permissioned where clause for the user when trying to see groups.
90 *
91 * @param int $type
92 * The type of permission needed.
93 * @param array $tables
94 * (reference ) add the tables that are needed for the select clause.
95 * @param array $whereTables
96 * (reference ) add the tables that are needed for the where clause.
97 *
98 * @return string
99 * the group where clause for this user
100 */
101 public function getPermissionedStaticGroupClause($type, &$tables, &$whereTables) {
102 $this->group();
103 return $this->groupClause($type, $tables, $whereTables);
104 }
105
106 /**
107 * Get all groups from database, filtered by permissions
108 * for this user
109 *
110 * @param string $groupType
111 * Type of group(Access/Mailing).
112 * @param bool $excludeHidden
113 * exclude hidden groups.
114 *
115 *
116 * @return array
117 * array reference of all groups.
118 */
119 public function group($groupType = NULL, $excludeHidden = TRUE) {
120 return CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
121 }
122
123 /**
124 * Get group clause for this user.
125 *
126 * @param int $type
127 * The type of permission needed.
128 * @param array $tables
129 * (reference ) add the tables that are needed for the select clause.
130 * @param array $whereTables
131 * (reference ) add the tables that are needed for the where clause.
132 *
133 * @return string
134 * the group where clause for this user
135 */
136 public function groupClause($type, &$tables, &$whereTables) {
137 return ' (1) ';
138 }
139
140 /**
141 * Given a permission string, check for access requirements
142 *
143 * @param string $str
144 * The permission to check.
145 * @param int $userId
146 *
147 */
148 public function check($str, $userId = NULL) {
149 //no default behaviour
150 }
151
152 /**
153 * Given a roles array, check for access requirements
154 *
155 * @param array $array
156 * The roles to check.
157 *
158 * @return bool
159 * true if yes, else false
160 */
161 public function checkGroupRole($array) {
162 return FALSE;
163 }
164
165 /**
166 * Get all the contact emails for users that have a specific permission.
167 *
168 * @param string $permissionName
169 * Name of the permission we are interested in.
170 *
171 * @throws CRM_Core_Exception.
172 */
173 public function permissionEmails($permissionName) {
174 throw new CRM_Core_Exception("this function only works in Drupal 6 at the moment");
175 }
176
177 /**
178 * Get all the contact emails for users that have a specific role.
179 *
180 * @param string $roleName
181 * Name of the role we are interested in.
182 *
183 * @throws CRM_Core_Exception.
184 */
185 public function roleEmails($roleName) {
186 throw new CRM_Core_Exception("this function only works in Drupal 6 at the moment");
187 }
188
189 /**
190 * Determine whether the permission store allows us to store
191 * a list of permissions generated dynamically (eg by
192 * hook_civicrm_permissions.)
193 *
194 * @return bool
195 */
196 public function isModulePermissionSupported() {
197 return FALSE;
198 }
199
200 /**
201 * Ensure that the CMS supports all the permissions defined by CiviCRM
202 * and its extensions. If there are stale permissions, they should be
203 * deleted. This is useful during module upgrade when the newer module
204 * version has removed permission that were defined in the older version.
205 *
206 * @param array $permissions
207 * Same format as CRM_Core_Permission::getCorePermissions().
208 *
209 * @throws CRM_Core_Exception
210 * @see CRM_Core_Permission::getCorePermissions
211 */
212 public function upgradePermissions($permissions) {
213 throw new CRM_Core_Exception("Unimplemented method: CRM_Core_Permission_*::upgradePermissions");
214 }
215
216 /**
217 * Get the permissions defined in the hook_civicrm_permission implementation
218 * of the given module.
219 *
220 * Note: At time of writing, this is only used with native extension-modules, so
221 * there's one, predictable calling convention (regardless of CMS).
222 *
223 * @param $module
224 *
225 * @return array
226 * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
227 * @see CRM_Core_Permission::getCorePermissions
228 */
229 public static function getModulePermissions($module) {
230 $return_permissions = [];
231 $fn_name = "{$module}_civicrm_permission";
232 if (function_exists($fn_name)) {
233 $module_permissions = [];
234 $fn_name($module_permissions);
235 $return_permissions = $module_permissions;
236 }
237 return $return_permissions;
238 }
239
240 /**
241 * Get the permissions defined in the hook_civicrm_permission implementation
242 * in all enabled CiviCRM module extensions.
243 *
244 * @param bool $descriptions
245 *
246 * @return array
247 * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
248 */
249 public function getAllModulePermissions($descriptions = FALSE) {
250 $permissions = [];
251 CRM_Utils_Hook::permission($permissions);
252
253 if ($descriptions) {
254 foreach ($permissions as $permission => $label) {
255 $permissions[$permission] = (is_array($label)) ? $label : [$label];
256 }
257 }
258 else {
259 foreach ($permissions as $permission => $label) {
260 $permissions[$permission] = (is_array($label)) ? array_shift($label) : $label;
261 }
262 }
263 return $permissions;
264 }
265
266 }