CRM/Core/Permission/Drupal8.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | Copyright CiviCRM LLC. All rights reserved.                        |
   5  |                                                                    |
   6  | This work is published under the GNU AGPLv3 license with some      |
   7  | permitted exceptions and without any warranty. For full license    |
   8  | and copyright information, see https://civicrm.org/licensing       |
   9  +--------------------------------------------------------------------+
  10  */
  11
  12 /**
  13  *
  14  * @package CRM
  15  * @copyright CiviCRM LLC https://civicrm.org/licensing
  16  */
  17
  18 /**
  19  *
  20  */
  21 class CRM_Core_Permission_Drupal8 extends CRM_Core_Permission_DrupalBase {
  22
  23   /**
  24    * Given a permission string, check for access requirements
  25    *
  26    * @param string $str
  27    *   The permission to check.
  28    *
  29    * @param int $userId
  30    *
  31    * @return bool
  32    */
  33   public function check($str, $userId = NULL) {
  34     $str = $this->translatePermission($str, 'Drupal', [
  35       'view user account' => 'access user profiles',
  36     ]);
  37
  38     if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
  39       return FALSE;
  40     }
  41     if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
  42       return TRUE;
  43     }
  44     $acct = $userId ? \Drupal\user\Entity\User::load($userId) : \Drupal::currentUser();
  45     return $acct->hasPermission($str);
  46   }
  47
  48   /**
  49    * Get all the contact emails for users that have a specific permission.
  50    *
  51    * @param string $permissionName
  52    *   Name of the permission we are interested in.
  53    *
  54    * @return string
  55    *   a comma separated list of email addresses
  56    */
  57   public function permissionEmails($permissionName) {
  58     static $_cache = [];
  59
  60     if (isset($_cache[$permissionName])) {
  61       return $_cache[$permissionName];
  62     }
  63
  64     $role_ids = array_map(
  65       function (\Drupal\user\RoleInterface $role) {
  66         return $role->id();
  67       }, user_roles(TRUE, $permissionName)
  68     );
  69     $users = \Drupal::entityTypeManager()->getStorage('user')->loadByProperties(['roles' => $role_ids]);
  70     $uids = array_keys($users);
  71
  72     $_cache[$permissionName] = self::getContactEmails($uids);
  73     return $_cache[$permissionName];
  74   }
  75
  76   /**
  77    * @inheritDoc
  78    */
  79   public function upgradePermissions($permissions) {
  80     $civicrm_perms = array_keys(CRM_Core_Permission::getCorePermissions());
  81     if (empty($civicrm_perms)) {
  82       throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
  83     }
  84
  85     $roles = user_roles(TRUE);
  86     foreach ($roles as $role) {
  87       foreach ($civicrm_perms as $permission) {
  88         $role->revokePermission($permission);
  89       }
  90     }
  91   }
  92
  93   /**
  94    * Given a roles array, check user has at least one of those roles
  95    *
  96    * @param array $roles_to_check
  97    *   The roles to check. An array indexed starting at 0, e.g. [0 => 'administrator']
  98    *
  99    * @return bool
 100    *   true if user has at least one of the roles, else false
 101    */
 102   public function checkGroupRole($roles_to_check) {
 103     if (isset($roles_to_check)) {
 104
 105       // This returns an array indexed starting at 0 of role machine names, e.g.
 106       // [
 107       //   0 => 'authenticated',
 108       //   1 => 'administrator',
 109       // ]
 110       // or
 111       // [ 0 => 'anonymous' ]
 112       $user_roles = \Drupal::currentUser()->getRoles();
 113
 114       $roles_in_both = array_intersect($user_roles, $roles_to_check);
 115       return !empty($roles_in_both);
 116     }
 117     return FALSE;
 118   }
 119
 120 }