3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.6 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2015 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
31 * @copyright CiviCRM LLC (c) 2004-2015
39 class CRM_Core_Permission_DrupalBase
extends CRM_Core_Permission_Base
{
42 * Is this user someone with access for the entire system.
46 protected $_viewAdminUser = FALSE;
47 protected $_editAdminUser = FALSE;
50 * Am in in view permission or edit permission?
53 protected $_viewPermission = FALSE;
54 protected $_editPermission = FALSE;
57 * The current set of permissioned groups for the user.
61 protected $_viewPermissionedGroups;
62 protected $_editPermissionedGroups;
65 * Get all groups from database, filtered by permissions
68 * @param string $groupType
69 * Type of group(Access/Mailing).
70 * @param bool $excludeHidden
71 * Exclude hidden groups.
75 * array reference of all groups.
77 public function group($groupType = NULL, $excludeHidden = TRUE) {
78 if (!isset($this->_viewPermissionedGroups
)) {
79 $this->_viewPermissionedGroups
= $this->_editPermissionedGroups
= array();
82 $groupKey = $groupType ?
$groupType : 'all';
84 if (!isset($this->_viewPermissionedGroups
[$groupKey])) {
85 $this->_viewPermissionedGroups
[$groupKey] = $this->_editPermissionedGroups
[$groupKey] = array();
87 $groups = CRM_Core_PseudoConstant
::allGroup($groupType, $excludeHidden);
89 if ($this->check('edit all contacts')) {
90 // this is the most powerful permission, so we return
91 // immediately rather than dilute it further
92 $this->_editAdminUser
= $this->_viewAdminUser
= TRUE;
93 $this->_editPermission
= $this->_viewPermission
= TRUE;
94 $this->_editPermissionedGroups
[$groupKey] = $groups;
95 $this->_viewPermissionedGroups
[$groupKey] = $groups;
96 return $this->_viewPermissionedGroups
[$groupKey];
98 elseif ($this->check('view all contacts')) {
99 $this->_viewAdminUser
= TRUE;
100 $this->_viewPermission
= TRUE;
101 $this->_viewPermissionedGroups
[$groupKey] = $groups;
104 $ids = CRM_ACL_API
::group(CRM_Core_Permission
::VIEW
, NULL, 'civicrm_saved_search', $groups);
106 foreach (array_values($ids) as $id) {
107 $title = CRM_Core_DAO
::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
108 $this->_viewPermissionedGroups
[$groupKey][$id] = $title;
109 $this->_viewPermission
= TRUE;
113 $ids = CRM_ACL_API
::group(CRM_Core_Permission
::EDIT
, NULL, 'civicrm_saved_search', $groups);
115 foreach (array_values($ids) as $id) {
116 $title = CRM_Core_DAO
::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
117 $this->_editPermissionedGroups
[$groupKey][$id] = $title;
118 $this->_viewPermissionedGroups
[$groupKey][$id] = $title;
119 $this->_editPermission
= TRUE;
120 $this->_viewPermission
= TRUE;
125 return $this->_viewPermissionedGroups
[$groupKey];
129 * Get group clause for this user. The group Clause filters the
130 * list of groups that the user is permitted to see in a group listing.
131 * For example it will filter both the list on the 'Manage Groups' page
132 * and on the contact 'Groups' tab
134 * the aclGroup hook & configured ACLs contribute to this data.
135 * If the contact is allowed to see all contacts the function will return ( 1 )
137 * @todo the history of this function is that there was some confusion as to
138 * whether it was filtering contacts or groups & some cruft may remain
141 * The type of permission needed.
142 * @param array $tables
143 * (reference) add the tables that are needed for the select clause.
144 * @param array $whereTables
145 * (reference) add the tables that are needed for the where clause.
148 * the clause to add to the query retrieving viewable groups
150 public function groupClause($type, &$tables, &$whereTables) {
151 if (!isset($this->_viewPermissionedGroups
)) {
155 // we basically get all the groups here
157 if ($type == CRM_Core_Permission
::EDIT
) {
158 if ($this->_editAdminUser
) {
161 elseif (empty($this->_editPermissionedGroups
[$groupKey])) {
166 $groups = implode(', ', $this->_editPermissionedGroups
[$groupKey]);
167 $clauses[] = ' ( civicrm_group_contact.group_id IN ( ' . implode(', ', array_keys($this->_editPermissionedGroups
[$groupKey])) . " ) AND civicrm_group_contact.status = 'Added' ) ";
168 $tables['civicrm_group_contact'] = 1;
169 $whereTables['civicrm_group_contact'] = 1;
171 // foreach group that is potentially a saved search, add the saved search clause
172 foreach (array_keys($this->_editPermissionedGroups
[$groupKey]) as $id) {
173 $group = new CRM_Contact_DAO_Group();
175 if ($group->find(TRUE) && $group->saved_search_id
) {
176 $clause = CRM_Contact_BAO_SavedSearch
::whereClause($group->saved_search_id
,
181 $clauses[] = $clause;
185 $clause = ' ( ' . implode(' OR ', $clauses) . ' ) ';
189 if ($this->_viewAdminUser
) {
192 elseif (empty($this->_viewPermissionedGroups
[$groupKey])) {
197 $groups = implode(', ', $this->_viewPermissionedGroups
[$groupKey]);
198 $clauses[] = ' civicrm_group.id IN (' . implode(', ', array_keys($this->_viewPermissionedGroups
[$groupKey])) . " ) ";
199 $tables['civicrm_group'] = 1;
200 $whereTables['civicrm_group'] = 1;
201 $clause = ' ( ' . implode(' OR ', $clauses) . ' ) ';
209 * Get the current permission of this user.
212 * the permission of the user (edit or view or null)
214 public function getPermission() {
217 if ($this->_editPermission
) {
218 return CRM_Core_Permission
::EDIT
;
220 elseif ($this->_viewPermission
) {
221 return CRM_Core_Permission
::VIEW
;
231 public function getContactEmails($uids) {
235 $uidString = implode(',', $uids);
238 FROM civicrm_contact c
239 INNER JOIN civicrm_email e ON ( c.id = e.contact_id AND e.is_primary = 1 )
240 INNER JOIN civicrm_uf_match uf ON ( c.id = uf.contact_id )
241 WHERE c.is_deceased = 0
243 AND uf.uf_id IN ( $uidString )
246 $dao = CRM_Core_DAO
::executeQuery($sql);
249 while ($dao->fetch()) {
250 $emails[] = $dao->email
;
253 return implode(', ', $emails);
257 * Given a roles array, check for access requirements
259 * @param array $array
260 * The roles to check.
263 * true if yes, else false
265 public function checkGroupRole($array) {
266 if (function_exists('user_load') && isset($array)) {
267 $user = user_load($GLOBALS['user']->uid
);
268 //if giver roles found in user roles - return true
269 foreach ($array as $key => $value) {
270 if (in_array($value, $user->roles
)) {
281 public function isModulePermissionSupported() {
286 * Get all the contact emails for users that have a specific permission.
288 * @param string $permissionName
289 * Name of the permission we are interested in.
292 * a comma separated list of email addresses
294 public function permissionEmails($permissionName) {
295 static $_cache = array();
297 if (isset($_cache[$permissionName])) {
298 return $_cache[$permissionName];
303 SELECT {users}.uid, {role_permission}.permission
306 ON {users}.uid = {users_roles}.uid
307 JOIN {role_permission}
308 ON {role_permission}.rid = {users_roles}.rid
309 WHERE {role_permission}.permission = '{$permissionName}'
310 AND {users}.status = 1
313 $result = db_query($sql);
314 foreach ($result as $record) {
315 $uids[] = $record->uid
;
318 $_cache[$permissionName] = self
::getContactEmails($uids);
319 return $_cache[$permissionName];
325 public function upgradePermissions($permissions) {
326 if (empty($permissions)) {
327 throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing");
329 $query = db_delete('role_permission')
330 ->condition('module', 'civicrm')
331 ->condition('permission', array_keys($permissions), 'NOT IN');