CRM/Core/Permission/Drupal8.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | Copyright CiviCRM LLC. All rights reserved.                        |
   5  |                                                                    |
   6  | This work is published under the GNU AGPLv3 license with some      |
   7  | permitted exceptions and without any warranty. For full license    |
   8  | and copyright information, see https://civicrm.org/licensing       |
   9  +--------------------------------------------------------------------+
  10  */
  11
  12 /**
  13  *
  14  * @package CRM
  15  * @copyright CiviCRM LLC https://civicrm.org/licensing
  16  */
  17
  18 /**
  19  *
  20  */
  21 class CRM_Core_Permission_Drupal8 extends CRM_Core_Permission_DrupalBase {
  22
  23   /**
  24    * Given a permission string, check for access requirements
  25    *
  26    * @param string $str
  27    *   The permission to check.
  28    *
  29    * @param int $userId
  30    *
  31    * @return bool
  32    */
  33   public function check($str, $userId = NULL) {
  34     $str = $this->translatePermission($str, 'Drupal', [
  35       'view user account' => 'access user profiles',
  36     ]);
  37
  38     if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
  39       return FALSE;
  40     }
  41     if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
  42       return TRUE;
  43     }
  44     $acct = $userId ? \Drupal\user\Entity\User::load($userId) : \Drupal::currentUser();
  45     return $acct->hasPermission($str);
  46   }
  47
  48   /**
  49    * Get the palette of available permissions in the CMS's user-management system.
  50    *
  51    * @return array
  52    *   List of permissions, keyed by symbolic name. Each item may have fields:
  53    *     - title: string
  54    *     - description: string
  55    */
  56   public function getAvailablePermissions() {
  57     // We want to list *only* Drupal perms, so we'll *skip* Civi perms.
  58     $allCorePerms = \CRM_Core_Permission::basicPermissions(TRUE);
  59
  60     $dperms = \Drupal::service('user.permissions')->getPermissions();
  61     $modules = \Drupal::service('extension.list.module')->getAllInstalledInfo();
  62
  63     $permissions = [];
  64     foreach ($dperms as $permName => $dperm) {
  65       if (isset($allCorePerms[$permName])) {
  66         continue;
  67       }
  68
  69       $module = $modules[$dperm['provider']] ?? [];
  70       $prefix = isset($module['name']) ? ($module['name'] . ': ') : '';
  71       $permissions["Drupal:$permName"] = [
  72         'title' => $prefix . strip_tags($dperm['title']),
  73         'description' => $perm['description'] ?? NULL,
  74       ];
  75     }
  76
  77     return $permissions;
  78   }
  79
  80   /**
  81    * Get all the contact emails for users that have a specific permission.
  82    *
  83    * @param string $permissionName
  84    *   Name of the permission we are interested in.
  85    *
  86    * @return string
  87    *   a comma separated list of email addresses
  88    */
  89   public function permissionEmails($permissionName) {
  90     static $_cache = [];
  91
  92     if (isset($_cache[$permissionName])) {
  93       return $_cache[$permissionName];
  94     }
  95
  96     $role_ids = array_map(
  97       function (\Drupal\user\RoleInterface $role) {
  98         return $role->id();
  99       }, user_roles(TRUE, $permissionName)
 100     );
 101     $users = \Drupal::entityTypeManager()->getStorage('user')->loadByProperties(['roles' => $role_ids]);
 102     $uids = array_keys($users);
 103
 104     $_cache[$permissionName] = self::getContactEmails($uids);
 105     return $_cache[$permissionName];
 106   }
 107
 108   /**
 109    * @inheritDoc
 110    */
 111   public function upgradePermissions($permissions) {
 112     $civicrm_perms = array_keys(CRM_Core_Permission::getCorePermissions());
 113     if (empty($civicrm_perms)) {
 114       throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
 115     }
 116
 117     $roles = user_roles(TRUE);
 118     foreach ($roles as $role) {
 119       foreach ($civicrm_perms as $permission) {
 120         $role->revokePermission($permission);
 121       }
 122     }
 123   }
 124
 125   /**
 126    * Given a roles array, check user has at least one of those roles
 127    *
 128    * @param array $roles_to_check
 129    *   The roles to check. An array indexed starting at 0, e.g. [0 => 'administrator']
 130    *
 131    * @return bool
 132    *   true if user has at least one of the roles, else false
 133    */
 134   public function checkGroupRole($roles_to_check) {
 135     if (isset($roles_to_check)) {
 136
 137       // This returns an array indexed starting at 0 of role machine names, e.g.
 138       // [
 139       //   0 => 'authenticated',
 140       //   1 => 'administrator',
 141       // ]
 142       // or
 143       // [ 0 => 'anonymous' ]
 144       $user_roles = \Drupal::currentUser()->getRoles();
 145
 146       $roles_in_both = array_intersect($user_roles, $roles_to_check);
 147       return !empty($roles_in_both);
 148     }
 149     return FALSE;
 150   }
 151
 152 }