CRM/Core/Permission/Drupal.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 5                                                  |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2018                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26  */
  27
  28 /**
  29  *
  30  * @package CRM
  31  * @copyright CiviCRM LLC (c) 2004-2018
  32  * $Id$
  33  *
  34  */
  35
  36 /**
  37  *
  38  */
  39 class CRM_Core_Permission_Drupal extends CRM_Core_Permission_DrupalBase {
  40
  41   /**
  42    * Is this user someone with access for the entire system.
  43    *
  44    * @var boolean
  45    */
  46   protected $_viewAdminUser = FALSE;
  47   protected $_editAdminUser = FALSE;
  48
  49   /**
  50    * Am in in view permission or edit permission?
  51    * @var boolean
  52    */
  53   protected $_viewPermission = FALSE;
  54   protected $_editPermission = FALSE;
  55
  56   /**
  57    * The current set of permissioned groups for the user.
  58    *
  59    * @var array
  60    */
  61   protected $_viewPermissionedGroups;
  62   protected $_editPermissionedGroups;
  63
  64
  65   /**
  66    * Given a permission string, check for access requirements
  67    *
  68    * @param string $str
  69    *   The permission to check.
  70    *
  71    * @param int $contactID
  72    *
  73    * @return bool
  74    *   true if yes, else false
  75    */
  76   public function check($str, $contactID = NULL) {
  77     $str = $this->translatePermission($str, 'Drupal', array(
  78       'view user account' => 'access user profiles',
  79       'administer users' => 'administer users',
  80     ));
  81     if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
  82       return FALSE;
  83     }
  84     if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
  85       return TRUE;
  86     }
  87     if (function_exists('user_access')) {
  88       return user_access($str) ? TRUE : FALSE;
  89     }
  90     return TRUE;
  91   }
  92
  93   /**
  94    * Given a roles array, check for access requirements
  95    *
  96    * @param array $array
  97    *   The roles to check.
  98    *
  99    * @return bool
 100    *   true if yes, else false
 101    */
 102   public function checkGroupRole($array) {
 103     if (function_exists('user_load') && isset($array)) {
 104       $user = user_load($GLOBALS['user']->uid);
 105       //if giver roles found in user roles - return true
 106       foreach ($array as $key => $value) {
 107         if (in_array($value, $user->roles)) {
 108           return TRUE;
 109         }
 110       }
 111     }
 112     return FALSE;
 113   }
 114
 115   /**
 116    * @inheritDoc
 117    */
 118   public function isModulePermissionSupported() {
 119     return TRUE;
 120   }
 121
 122   /**
 123    * @inheritDoc
 124    */
 125   public function upgradePermissions($permissions) {
 126     if (empty($permissions)) {
 127       throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
 128     }
 129     $query = db_delete('role_permission')
 130       ->condition('module', 'civicrm')
 131       ->condition('permission', array_keys($permissions), 'NOT IN');
 132     $query->execute();
 133   }
 134
 135   /**
 136    * Get all the contact emails for users that have a specific permission.
 137    *
 138    * @param string $permissionName
 139    *   Name of the permission we are interested in.
 140    *
 141    * @return string
 142    *   a comma separated list of email addresses
 143    */
 144   public function permissionEmails($permissionName) {
 145     static $_cache = array();
 146
 147     if (isset($_cache[$permissionName])) {
 148       return $_cache[$permissionName];
 149     }
 150
 151     $uids = array();
 152     $sql = "
 153       SELECT {users}.uid, {role_permission}.permission
 154       FROM {users}
 155       JOIN {users_roles}
 156         ON {users}.uid = {users_roles}.uid
 157       JOIN {role_permission}
 158         ON {role_permission}.rid = {users_roles}.rid
 159       WHERE {role_permission}.permission = '{$permissionName}'
 160         AND {users}.status = 1
 161     ";
 162
 163     $result = db_query($sql);
 164     foreach ($result as $record) {
 165       $uids[] = $record->uid;
 166     }
 167
 168     $_cache[$permissionName] = self::getContactEmails($uids);
 169     return $_cache[$permissionName];
 170   }
 171
 172 }