projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
CRM-21787: Keep up-to-date without running GenCode on all builds
[civicrm-core.git] / CRM / Core / Permission / Drupal8.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.7 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2017 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 *
30 * @package CRM
31 * @copyright CiviCRM LLC (c) 2004-2017
32 * $Id$
33 *
34 */
35
36 /**
37 *
38 */
39 class CRM_Core_Permission_Drupal8 extends CRM_Core_Permission_DrupalBase {
40 /**
41 * Given a permission string, check for access requirements
42 *
43 * @param string $str
44 * The permission to check.
45 *
46 * @param null $contactID
47 *
48 * @return bool
49 */
50 public function check($str, $contactID = NULL) {
51 $str = $this->translatePermission($str, 'Drupal', array(
52 'view user account' => 'access user profiles',
53 ));
54
55 if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
56 return FALSE;
57 }
58 if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
59 return TRUE;
60 }
61 return \Drupal::currentUser()->hasPermission($str);
62 }
63
64 /**
65 * Get all the contact emails for users that have a specific permission.
66 *
67 * @param string $permissionName
68 * Name of the permission we are interested in.
69 *
70 * @return string
71 * a comma separated list of email addresses
72 */
73 public function permissionEmails($permissionName) {
74 static $_cache = array();
75
76 if (isset($_cache[$permissionName])) {
77 return $_cache[$permissionName];
78 }
79
80 $role_ids = array_map(
81 function (\Drupal\user\RoleInterface $role) {
82 return $role->id();
83 }, user_roles(TRUE, $permissionName)
84 );
85 $users = \Drupal::entityTypeManager()->getStorage('user')->loadByProperties(array('roles' => $role_ids));
86 $uids = array_keys($users);
87
88 $_cache[$permissionName] = self::getContactEmails($uids);
89 return $_cache[$permissionName];
90 }
91
92 /**
93 * @inheritDoc
94 */
95 public function upgradePermissions($permissions) {
96 $civicrm_perms = array_keys(CRM_Core_Permission::getCorePermissions());
97 if (empty($civicrm_perms)) {
98 throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
99 }
100
101 $roles = user_roles(TRUE);
102 foreach ($roles as $role) {
103 foreach ($civicrm_perms as $permission) {
104 $role->revokePermission($permission);
105 }
106 }
107 }
108
109 }