projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #17953 from civicrm/5.28
[civicrm-core.git] / CRM / Core / Permission / Drupal6.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 *
14 * @package CRM
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
16 */
17
18 /**
19 *
20 */
21 class CRM_Core_Permission_Drupal6 extends CRM_Core_Permission_DrupalBase {
22
23 /**
24 * Is this user someone with access for the entire system.
25 *
26 * @var bool
27 */
28 protected $_viewAdminUser = FALSE;
29 protected $_editAdminUser = FALSE;
30
31 /**
32 * Am in in view permission or edit permission?
33 * @var bool
34 */
35 protected $_viewPermission = FALSE;
36 protected $_editPermission = FALSE;
37
38 /**
39 * The current set of permissioned groups for the user.
40 *
41 * @var array
42 */
43 protected $_viewPermissionedGroups;
44 protected $_editPermissionedGroups;
45
46 /**
47 * Given a permission string, check for access requirements
48 *
49 * @param string $str
50 * The permission to check.
51 *
52 * @param int $userId
53 *
54 * @return bool
55 * true if yes, else false
56 */
57 public function check($str, $userId = NULL) {
58 $str = $this->translatePermission($str, 'Drupal6', [
59 'view user account' => 'access user profiles',
60 'administer users' => 'administer users',
61 ]);
62 if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
63 return FALSE;
64 }
65 if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
66 return TRUE;
67 }
68 if (function_exists('user_access')) {
69 $account = NULL;
70 if ($userId) {
71 $account = user_load($userId);
72 }
73 return user_access($str, $account);
74 }
75 return TRUE;
76 }
77
78 /**
79 * Given a roles array, check for access requirements
80 *
81 * @param array $array
82 * The roles to check.
83 *
84 * @return bool
85 * true if yes, else false
86 */
87 public function checkGroupRole($array) {
88 if (function_exists('user_load') && isset($array)) {
89 $user = user_load(['uid' => $GLOBALS['user']->uid]);
90 //if giver roles found in user roles - return true
91 foreach ($array as $key => $value) {
92 if (in_array($value, $user->roles)) {
93 return TRUE;
94 }
95 }
96 }
97 return FALSE;
98 }
99
100 /**
101 * Get all the contact emails for users that have a specific role.
102 *
103 * @param string $roleName
104 * Name of the role we are interested in.
105 *
106 * @return string
107 * a comma separated list of email addresses
108 */
109 public function roleEmails($roleName) {
110 static $_cache = [];
111
112 if (isset($_cache[$roleName])) {
113 return $_cache[$roleName];
114 }
115
116 $uids = [];
117 $sql = "
118 SELECT {users}.uid
119 FROM {users}
120 LEFT JOIN {users_roles} ON {users}.uid = {users_roles}.uid
121 INNER JOIN {role} ON ( {role}.rid = {users_roles}.rid OR {role}.rid = 2 )
122 WHERE {role}. name LIKE '%%{$roleName}%%'
123 AND {users}.status = 1
124 ";
125
126 $query = db_query($sql);
127 while ($result = db_fetch_object($query)) {
128 $uids[] = $result->uid;
129 }
130
131 $_cache[$roleName] = self::getContactEmails($uids);
132 return $_cache[$roleName];
133 }
134
135 /**
136 * Get all the contact emails for users that have a specific permission.
137 *
138 * @param string $permissionName
139 * Name of the permission we are interested in.
140 *
141 * @return string
142 * a comma separated list of email addresses
143 */
144 public function permissionEmails($permissionName) {
145 static $_cache = [];
146
147 if (isset($_cache[$permissionName])) {
148 return $_cache[$permissionName];
149 }
150
151 $uids = [];
152 $sql = "
153 SELECT {users}.uid, {permission}.perm
154 FROM {users}
155 LEFT JOIN {users_roles} ON {users}.uid = {users_roles}.uid
156 INNER JOIN {permission} ON ( {permission}.rid = {users_roles}.rid OR {permission}.rid = 2 )
157 WHERE {permission}.perm LIKE '%%{$permissionName}%%'
158 AND {users}.status = 1
159 ";
160
161 $query = db_query($sql);
162 while ($result = db_fetch_object($query)) {
163 $uids[] = $result->uid;
164 }
165
166 $_cache[$permissionName] = self::getContactEmails($uids);
167 return $_cache[$permissionName];
168 }
169
170 /**
171 * @inheritDoc
172 */
173 public function isModulePermissionSupported() {
174 return TRUE;
175 }
176
177 /**
178 * @inheritDoc
179 *
180 * Does nothing in Drupal 6.
181 */
182 public function upgradePermissions($permissions) {
183 // D6 allows us to be really lazy... things get cleaned up when the admin form is next submitted...
184 }
185
186 /**
187 * Get the permissions defined in the hook_civicrm_permission implementation
188 * of the given module.
189 *
190 * @param $module
191 *
192 * @return array
193 * Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
194 */
195 public static function getModulePermissions($module) {
196 $return_permissions = [];
197 $fn_name = "{$module}_civicrm_permission";
198 if (function_exists($fn_name)) {
199 $fn_name($return_permissions);
200 }
201 return $return_permissions;
202 }
203
204 }