CRM/Core/Permission/Drupal.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | Copyright CiviCRM LLC. All rights reserved.                        |
   5  |                                                                    |
   6  | This work is published under the GNU AGPLv3 license with some      |
   7  | permitted exceptions and without any warranty. For full license    |
   8  | and copyright information, see https://civicrm.org/licensing       |
   9  +--------------------------------------------------------------------+
  10  */
  11
  12 /**
  13  *
  14  * @package CRM
  15  * @copyright CiviCRM LLC https://civicrm.org/licensing
  16  */
  17
  18 /**
  19  *
  20  */
  21 class CRM_Core_Permission_Drupal extends CRM_Core_Permission_DrupalBase {
  22
  23   /**
  24    * Is this user someone with access for the entire system.
  25    *
  26    * @var bool
  27    */
  28   protected $_viewAdminUser = FALSE;
  29   protected $_editAdminUser = FALSE;
  30
  31   /**
  32    * Am in in view permission or edit permission?
  33    * @var bool
  34    */
  35   protected $_viewPermission = FALSE;
  36   protected $_editPermission = FALSE;
  37
  38   /**
  39    * The current set of permissioned groups for the user.
  40    *
  41    * @var array
  42    */
  43   protected $_viewPermissionedGroups;
  44   protected $_editPermissionedGroups;
  45
  46   /**
  47    * Given a permission string, check for access requirements
  48    *
  49    * @param string $str
  50    *   The permission to check.
  51    *
  52    * @param int $userId
  53    *
  54    * @return bool
  55    *   true if yes, else false
  56    */
  57   public function check($str, $userId = NULL) {
  58     $str = $this->translatePermission($str, 'Drupal', [
  59       'view user account' => 'access user profiles',
  60       'administer users' => 'administer users',
  61     ]);
  62     if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
  63       return FALSE;
  64     }
  65     if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
  66       return TRUE;
  67     }
  68     if (function_exists('user_access')) {
  69       $account = NULL;
  70       if ($userId) {
  71         $account = user_load($userId);
  72       }
  73       return user_access($str, $account);
  74     }
  75     return TRUE;
  76   }
  77
  78   /**
  79    * Given a roles array, check for access requirements
  80    *
  81    * @param array $array
  82    *   The roles to check.
  83    *
  84    * @return bool
  85    *   true if yes, else false
  86    */
  87   public function checkGroupRole($array) {
  88     if (function_exists('user_load') && isset($array)) {
  89       $user = user_load($GLOBALS['user']->uid);
  90       //if giver roles found in user roles - return true
  91       foreach ($array as $key => $value) {
  92         if (in_array($value, $user->roles)) {
  93           return TRUE;
  94         }
  95       }
  96     }
  97     return FALSE;
  98   }
  99
 100   /**
 101    * @inheritDoc
 102    */
 103   public function isModulePermissionSupported() {
 104     return TRUE;
 105   }
 106
 107   /**
 108    * @inheritDoc
 109    */
 110   public function upgradePermissions($permissions) {
 111     if (empty($permissions)) {
 112       throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
 113     }
 114     $query = db_delete('role_permission')
 115       ->condition('module', 'civicrm')
 116       ->condition('permission', array_keys($permissions), 'NOT IN');
 117     $query->execute();
 118   }
 119
 120   /**
 121    * Get all the contact emails for users that have a specific permission.
 122    *
 123    * @param string $permissionName
 124    *   Name of the permission we are interested in.
 125    *
 126    * @return string
 127    *   a comma separated list of email addresses
 128    */
 129   public function permissionEmails($permissionName) {
 130     static $_cache = [];
 131
 132     if (isset($_cache[$permissionName])) {
 133       return $_cache[$permissionName];
 134     }
 135
 136     $uids = [];
 137     $sql = "
 138       SELECT {users}.uid, {role_permission}.permission
 139       FROM {users}
 140       JOIN {users_roles}
 141         ON {users}.uid = {users_roles}.uid
 142       JOIN {role_permission}
 143         ON {role_permission}.rid = {users_roles}.rid
 144       WHERE {role_permission}.permission = '{$permissionName}'
 145         AND {users}.status = 1
 146     ";
 147
 148     $result = db_query($sql);
 149     foreach ($result as $record) {
 150       $uids[] = $record->uid;
 151     }
 152
 153     $_cache[$permissionName] = self::getContactEmails($uids);
 154     return $_cache[$permissionName];
 155   }
 156
 157 }