3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
23 class CRM_Core_Permission_Drupal8
extends CRM_Core_Permission_DrupalBase
{
26 * Given a permission string, check for access requirements
29 * The permission to check.
35 public function check($str, $userId = NULL) {
36 $str = $this->translatePermission($str, 'Drupal', [
37 'view user account' => 'access user profiles',
40 if ($str == CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
) {
43 if ($str == CRM_Core_Permission
::ALWAYS_ALLOW_PERMISSION
) {
46 $acct = $userId ? \Drupal\user\Entity\User
::load($userId) : \Drupal
::currentUser();
47 return $acct->hasPermission($str);
51 * Get all the contact emails for users that have a specific permission.
53 * @param string $permissionName
54 * Name of the permission we are interested in.
57 * a comma separated list of email addresses
59 public function permissionEmails($permissionName) {
62 if (isset($_cache[$permissionName])) {
63 return $_cache[$permissionName];
66 $role_ids = array_map(
67 function (\Drupal\user\RoleInterface
$role) {
69 }, user_roles(TRUE, $permissionName)
71 $users = \Drupal
::entityTypeManager()->getStorage('user')->loadByProperties(['roles' => $role_ids]);
72 $uids = array_keys($users);
74 $_cache[$permissionName] = self
::getContactEmails($uids);
75 return $_cache[$permissionName];
81 public function upgradePermissions($permissions) {
82 $civicrm_perms = array_keys(CRM_Core_Permission
::getCorePermissions());
83 if (empty($civicrm_perms)) {
84 throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
87 $roles = user_roles(TRUE);
88 foreach ($roles as $role) {
89 foreach ($civicrm_perms as $permission) {
90 $role->revokePermission($permission);