3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
21 class CRM_Core_Permission_Drupal8
extends CRM_Core_Permission_DrupalBase
{
24 * Given a permission string, check for access requirements
27 * The permission to check.
33 public function check($str, $userId = NULL) {
34 $str = $this->translatePermission($str, 'Drupal', [
35 'view user account' => 'access user profiles',
38 if ($str == CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
) {
41 if ($str == CRM_Core_Permission
::ALWAYS_ALLOW_PERMISSION
) {
44 $acct = $userId ? \Drupal\user\Entity\User
::load($userId) : \Drupal
::currentUser();
45 return $acct->hasPermission($str);
49 * Get the palette of available permissions in the CMS's user-management system.
52 * List of permissions, keyed by symbolic name. Each item may have fields:
54 * - description: string
56 public function getAvailablePermissions() {
57 // We want to list *only* Drupal perms, so we'll *skip* Civi perms.
58 $allCorePerms = \CRM_Core_Permission
::basicPermissions(TRUE);
60 $dperms = \Drupal
::service('user.permissions')->getPermissions();
61 $modules = \Drupal
::service('extension.list.module')->getAllInstalledInfo();
64 foreach ($dperms as $permName => $dperm) {
65 if (isset($allCorePerms[$permName])) {
69 $module = $modules[$dperm['provider']] ??
[];
70 $prefix = isset($module['name']) ?
($module['name'] . ': ') : '';
71 $permissions["Drupal:$permName"] = [
72 'title' => $prefix . strip_tags($dperm['title']),
73 'description' => $perm['description'] ??
NULL,
81 * Get all the contact emails for users that have a specific permission.
83 * @param string $permissionName
84 * Name of the permission we are interested in.
87 * a comma separated list of email addresses
89 public function permissionEmails($permissionName) {
92 if (isset($_cache[$permissionName])) {
93 return $_cache[$permissionName];
96 $role_ids = array_map(
97 function (\Drupal\user\RoleInterface
$role) {
99 }, user_roles(TRUE, $permissionName)
101 $users = \Drupal
::entityTypeManager()->getStorage('user')->loadByProperties(['roles' => $role_ids]);
102 $uids = array_keys($users);
104 $_cache[$permissionName] = self
::getContactEmails($uids);
105 return $_cache[$permissionName];
111 public function upgradePermissions($permissions) {
112 // @todo - this should probably call getCoreAndComponentPermissions.
113 $civicrm_perms = array_keys(CRM_Core_Permission
::getCorePermissions());
114 if (empty($civicrm_perms)) {
115 throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
118 $roles = user_roles(TRUE);
119 foreach ($roles as $role) {
120 foreach ($civicrm_perms as $permission) {
121 $role->revokePermission($permission);
127 * Given a roles array, check user has at least one of those roles
129 * @param array $roles_to_check
130 * The roles to check. An array indexed starting at 0, e.g. [0 => 'administrator']
133 * true if user has at least one of the roles, else false
135 public function checkGroupRole($roles_to_check) {
136 if (isset($roles_to_check)) {
138 // This returns an array indexed starting at 0 of role machine names, e.g.
140 // 0 => 'authenticated',
141 // 1 => 'administrator',
144 // [ 0 => 'anonymous' ]
145 $user_roles = \Drupal
::currentUser()->getRoles();
147 $roles_in_both = array_intersect($user_roles, $roles_to_check);
148 return !empty($roles_in_both);