3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
21 class CRM_Core_Permission_Drupal8
extends CRM_Core_Permission_DrupalBase
{
24 * Given a permission string, check for access requirements
27 * The permission to check.
33 public function check($str, $userId = NULL) {
34 $str = $this->translatePermission($str, 'Drupal', [
35 'view user account' => 'access user profiles',
38 if ($str == CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
) {
41 if ($str == CRM_Core_Permission
::ALWAYS_ALLOW_PERMISSION
) {
44 $acct = $userId ? \Drupal\user\Entity\User
::load($userId) : \Drupal
::currentUser();
45 return $acct->hasPermission($str);
49 * Get all the contact emails for users that have a specific permission.
51 * @param string $permissionName
52 * Name of the permission we are interested in.
55 * a comma separated list of email addresses
57 public function permissionEmails($permissionName) {
60 if (isset($_cache[$permissionName])) {
61 return $_cache[$permissionName];
64 $role_ids = array_map(
65 function (\Drupal\user\RoleInterface
$role) {
67 }, user_roles(TRUE, $permissionName)
69 $users = \Drupal
::entityTypeManager()->getStorage('user')->loadByProperties(['roles' => $role_ids]);
70 $uids = array_keys($users);
72 $_cache[$permissionName] = self
::getContactEmails($uids);
73 return $_cache[$permissionName];
79 public function upgradePermissions($permissions) {
80 $civicrm_perms = array_keys(CRM_Core_Permission
::getCorePermissions());
81 if (empty($civicrm_perms)) {
82 throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
85 $roles = user_roles(TRUE);
86 foreach ($roles as $role) {
87 foreach ($civicrm_perms as $permission) {
88 $role->revokePermission($permission);
94 * Given a roles array, check user has at least one of those roles
96 * @param array $roles_to_check
97 * The roles to check. An array indexed starting at 0, e.g. [0 => 'administrator']
100 * true if user has at least one of the roles, else false
102 public function checkGroupRole($roles_to_check) {
103 if (isset($roles_to_check)) {
105 // This returns an array indexed starting at 0 of role machine names, e.g.
107 // 0 => 'authenticated',
108 // 1 => 'administrator',
111 // [ 0 => 'anonymous' ]
112 $user_roles = \Drupal
::currentUser()->getRoles();
114 $roles_in_both = array_intersect($user_roles, $roles_to_check);
115 return !empty($roles_in_both);