projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #13974 from eileenmcnaughton/array_format7
[civicrm-core.git] / CRM / Core / Permission / Drupal8.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | CiviCRM version 5 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2019 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
26 */
27
28 /**
29 *
30 * @package CRM
31 * @copyright CiviCRM LLC (c) 2004-2019
32 * $Id$
33 *
34 */
35
36 /**
37 *
38 */
39 class CRM_Core_Permission_Drupal8 extends CRM_Core_Permission_DrupalBase {
40 /**
41 * Given a permission string, check for access requirements
42 *
43 * @param string $str
44 * The permission to check.
45 *
46 * @param int $userId
47 *
48 * @return bool
49 */
50 public function check($str, $userId = NULL) {
51 $str = $this->translatePermission($str, 'Drupal', [
52 'view user account' => 'access user profiles',
53 ]);
54
55 if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
56 return FALSE;
57 }
58 if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
59 return TRUE;
60 }
61 $acct = $userId ? \Drupal\user\Entity\User::load($userId) : \Drupal::currentUser();
62 return $acct->hasPermission($str);
63 }
64
65 /**
66 * Get all the contact emails for users that have a specific permission.
67 *
68 * @param string $permissionName
69 * Name of the permission we are interested in.
70 *
71 * @return string
72 * a comma separated list of email addresses
73 */
74 public function permissionEmails($permissionName) {
75 static $_cache = [];
76
77 if (isset($_cache[$permissionName])) {
78 return $_cache[$permissionName];
79 }
80
81 $role_ids = array_map(
82 function (\Drupal\user\RoleInterface $role) {
83 return $role->id();
84 }, user_roles(TRUE, $permissionName)
85 );
86 $users = \Drupal::entityTypeManager()->getStorage('user')->loadByProperties(['roles' => $role_ids]);
87 $uids = array_keys($users);
88
89 $_cache[$permissionName] = self::getContactEmails($uids);
90 return $_cache[$permissionName];
91 }
92
93 /**
94 * @inheritDoc
95 */
96 public function upgradePermissions($permissions) {
97 $civicrm_perms = array_keys(CRM_Core_Permission::getCorePermissions());
98 if (empty($civicrm_perms)) {
99 throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
100 }
101
102 $roles = user_roles(TRUE);
103 foreach ($roles as $role) {
104 foreach ($civicrm_perms as $permission) {
105 $role->revokePermission($permission);
106 }
107 }
108 }
109
110 }