CRM/Core/Permission/Drupal6.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 5                                                  |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2019                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26  */
  27
  28 /**
  29  *
  30  * @package CRM
  31  * @copyright CiviCRM LLC (c) 2004-2019
  32  * $Id$
  33  *
  34  */
  35
  36 /**
  37  *
  38  */
  39 class CRM_Core_Permission_Drupal6 extends CRM_Core_Permission_DrupalBase {
  40
  41   /**
  42    * Is this user someone with access for the entire system.
  43    *
  44    * @var bool
  45    */
  46   protected $_viewAdminUser = FALSE;
  47   protected $_editAdminUser = FALSE;
  48
  49   /**
  50    * Am in in view permission or edit permission?
  51    * @var bool
  52    */
  53   protected $_viewPermission = FALSE;
  54   protected $_editPermission = FALSE;
  55
  56   /**
  57    * The current set of permissioned groups for the user.
  58    *
  59    * @var array
  60    */
  61   protected $_viewPermissionedGroups;
  62   protected $_editPermissionedGroups;
  63
  64   /**
  65    * Given a permission string, check for access requirements
  66    *
  67    * @param string $str
  68    *   The permission to check.
  69    *
  70    * @param int $userId
  71    *
  72    * @return bool
  73    *   true if yes, else false
  74    */
  75   public function check($str, $userId = NULL) {
  76     $str = $this->translatePermission($str, 'Drupal6', [
  77       'view user account' => 'access user profiles',
  78       'administer users' => 'administer users',
  79     ]);
  80     if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
  81       return FALSE;
  82     }
  83     if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
  84       return TRUE;
  85     }
  86     if (function_exists('user_access')) {
  87       $account = NULL;
  88       if ($userId) {
  89         $account = user_load($userId);
  90       }
  91       return user_access($str, $account);
  92     }
  93     return TRUE;
  94   }
  95
  96   /**
  97    * Given a roles array, check for access requirements
  98    *
  99    * @param array $array
 100    *   The roles to check.
 101    *
 102    * @return bool
 103    *   true if yes, else false
 104    */
 105   public function checkGroupRole($array) {
 106     if (function_exists('user_load') && isset($array)) {
 107       $user = user_load(['uid' => $GLOBALS['user']->uid]);
 108       //if giver roles found in user roles - return true
 109       foreach ($array as $key => $value) {
 110         if (in_array($value, $user->roles)) {
 111           return TRUE;
 112         }
 113       }
 114     }
 115     return FALSE;
 116   }
 117
 118   /**
 119    * Get all the contact emails for users that have a specific role.
 120    *
 121    * @param string $roleName
 122    *   Name of the role we are interested in.
 123    *
 124    * @return string
 125    *   a comma separated list of email addresses
 126    */
 127   public function roleEmails($roleName) {
 128     static $_cache = [];
 129
 130     if (isset($_cache[$roleName])) {
 131       return $_cache[$roleName];
 132     }
 133
 134     $uids = [];
 135     $sql = "
 136     SELECT     {users}.uid
 137     FROM       {users}
 138     LEFT  JOIN {users_roles} ON {users}.uid = {users_roles}.uid
 139     INNER JOIN {role}        ON ( {role}.rid = {users_roles}.rid OR {role}.rid = 2 )
 140     WHERE      {role}. name LIKE '%%{$roleName}%%'
 141     AND        {users}.status = 1
 142     ";
 143
 144     $query = db_query($sql);
 145     while ($result = db_fetch_object($query)) {
 146       $uids[] = $result->uid;
 147     }
 148
 149     $_cache[$roleName] = self::getContactEmails($uids);
 150     return $_cache[$roleName];
 151   }
 152
 153   /**
 154    * Get all the contact emails for users that have a specific permission.
 155    *
 156    * @param string $permissionName
 157    *   Name of the permission we are interested in.
 158    *
 159    * @return string
 160    *   a comma separated list of email addresses
 161    */
 162   public function permissionEmails($permissionName) {
 163     static $_cache = [];
 164
 165     if (isset($_cache[$permissionName])) {
 166       return $_cache[$permissionName];
 167     }
 168
 169     $uids = [];
 170     $sql = "
 171     SELECT     {users}.uid, {permission}.perm
 172     FROM       {users}
 173     LEFT  JOIN {users_roles} ON {users}.uid = {users_roles}.uid
 174     INNER JOIN {permission}  ON ( {permission}.rid = {users_roles}.rid OR {permission}.rid = 2 )
 175     WHERE      {permission}.perm LIKE '%%{$permissionName}%%'
 176     AND        {users}.status = 1
 177     ";
 178
 179     $query = db_query($sql);
 180     while ($result = db_fetch_object($query)) {
 181       $uids[] = $result->uid;
 182     }
 183
 184     $_cache[$permissionName] = self::getContactEmails($uids);
 185     return $_cache[$permissionName];
 186   }
 187
 188   /**
 189    * @inheritDoc
 190    */
 191   public function isModulePermissionSupported() {
 192     return TRUE;
 193   }
 194
 195   /**
 196    * @inheritDoc
 197    *
 198    * Does nothing in Drupal 6.
 199    */
 200   public function upgradePermissions($permissions) {
 201     // D6 allows us to be really lazy... things get cleaned up when the admin form is next submitted...
 202   }
 203
 204   /**
 205    * Get the permissions defined in the hook_civicrm_permission implementation
 206    * of the given module.
 207    *
 208    * @param $module
 209    *
 210    * @return array
 211    *   Array of permissions, in the same format as CRM_Core_Permission::getCorePermissions().
 212    */
 213   public static function getModulePermissions($module) {
 214     $return_permissions = [];
 215     $fn_name = "{$module}_civicrm_permission";
 216     if (function_exists($fn_name)) {
 217       $fn_name($return_permissions);
 218     }
 219     return $return_permissions;
 220   }
 221
 222 }