CRM/Core/Permission/DrupalBase.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 4.3                                                |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2013                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26 */
  27
  28 /**
  29  *
  30  * @package CRM
  31  * @copyright CiviCRM LLC (c) 2004-2013
  32  * $Id$
  33  *
  34  */
  35
  36 /**
  37  *
  38  */
  39 class CRM_Core_Permission_DrupalBase extends CRM_Core_Permission_Base {
  40
  41   /**
  42    * is this user someone with access for the entire system
  43    *
  44    * @var boolean
  45    */
  46   protected $_viewAdminUser = FALSE;
  47   protected $_editAdminUser = FALSE;
  48
  49   /**
  50    * am in in view permission or edit permission?
  51    * @var boolean
  52    */
  53   protected $_viewPermission = FALSE;
  54   protected $_editPermission = FALSE;
  55
  56   /**
  57    * the current set of permissioned groups for the user
  58    *
  59    * @var array
  60    */
  61   protected $_viewPermissionedGroups;
  62   protected $_editPermissionedGroups;
  63
  64   /**
  65    * Get all groups from database, filtered by permissions
  66    * for this user
  67    *
  68    * @param string $groupType     type of group(Access/Mailing)
  69    * @param boolen $excludeHidden exclude hidden groups.
  70    *
  71    * @access public
  72    *
  73    * @return array - array reference of all groups.
  74    *
  75    */
  76   public function group($groupType = NULL, $excludeHidden = TRUE) {
  77     if (!isset($this->_viewPermissionedGroups)) {
  78       $this->_viewPermissionedGroups = $this->_editPermissionedGroups = array();
  79     }
  80
  81     $groupKey = $groupType ? $groupType : 'all';
  82
  83     if (!isset($this->_viewPermissionedGroups[$groupKey])) {
  84       $this->_viewPermissionedGroups[$groupKey] = $this->_editPermissionedGroups[$groupKey] = array();
  85
  86       $groups = CRM_Core_PseudoConstant::allGroup($groupType, $excludeHidden);
  87
  88       if ($this->check('edit all contacts')) {
  89         // this is the most powerful permission, so we return
  90         // immediately rather than dilute it further
  91         $this->_editAdminUser = $this->_viewAdminUser = TRUE;
  92         $this->_editPermission = $this->_viewPermission = TRUE;
  93         $this->_editPermissionedGroups[$groupKey] = $groups;
  94         $this->_viewPermissionedGroups[$groupKey] = $groups;
  95         return $this->_viewPermissionedGroups[$groupKey];
  96       }
  97       elseif ($this->check('view all contacts')) {
  98         $this->_viewAdminUser = TRUE;
  99         $this->_viewPermission = TRUE;
 100         $this->_viewPermissionedGroups[$groupKey] = $groups;
 101       }
 102
 103
 104       $ids = CRM_ACL_API::group(CRM_Core_Permission::VIEW, NULL, 'civicrm_saved_search', $groups);
 105       foreach (array_values($ids) as $id) {
 106         $title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
 107         $this->_viewPermissionedGroups[$groupKey][$id] = $title;
 108         $this->_viewPermission = TRUE;
 109       }
 110
 111       $ids = CRM_ACL_API::group(CRM_Core_Permission::EDIT, NULL, 'civicrm_saved_search', $groups);
 112       foreach (array_values($ids) as $id) {
 113         $title = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Group', $id, 'title');
 114         $this->_editPermissionedGroups[$groupKey][$id] = $title;
 115         $this->_viewPermissionedGroups[$groupKey][$id] = $title;
 116         $this->_editPermission = TRUE;
 117         $this->_viewPermission = TRUE;
 118       }
 119     }
 120
 121     return $this->_viewPermissionedGroups[$groupKey];
 122   }
 123   /**
 124    * Get group clause for this user
 125    *
 126    * @param int $type the type of permission needed
 127    * @param  array $tables (reference ) add the tables that are needed for the select clause
 128    * @param  array $whereTables (reference ) add the tables that are needed for the where clause
 129    *
 130    * @return string the group where clause for this user
 131    * @access public
 132    */
 133   public function groupClause($type, &$tables, &$whereTables) {
 134     if (!isset($this->_viewPermissionedGroups)) {
 135       $this->group();
 136     }
 137
 138     // we basically get all the groups here
 139     $groupKey = 'all';
 140     if ($type == CRM_Core_Permission::EDIT) {
 141       if ($this->_editAdminUser) {
 142         $clause = ' ( 1 ) ';
 143       }
 144       elseif (empty($this->_editPermissionedGroups[$groupKey])) {
 145         $clause = ' ( 0 ) ';
 146       }
 147       else {
 148         $clauses = array();
 149         $groups = implode(', ', $this->_editPermissionedGroups[$groupKey]);
 150         $clauses[] = ' ( civicrm_group_contact.group_id IN ( ' . implode(', ', array_keys($this->_editPermissionedGroups[$groupKey])) . " ) AND civicrm_group_contact.status = 'Added' ) ";
 151         $tables['civicrm_group_contact'] = 1;
 152         $whereTables['civicrm_group_contact'] = 1;
 153
 154         // foreach group that is potentially a saved search, add the saved search clause
 155         foreach (array_keys($this->_editPermissionedGroups[$groupKey]) as $id) {
 156           $group = new CRM_Contact_DAO_Group();
 157           $group->id = $id;
 158           if ($group->find(TRUE) && $group->saved_search_id) {
 159             $clause = CRM_Contact_BAO_SavedSearch::whereClause($group->saved_search_id,
 160                 $tables,
 161                 $whereTables
 162             );
 163             if (trim($clause)) {
 164               $clauses[] = $clause;
 165             }
 166           }
 167         }
 168         $clause = ' ( ' . implode(' OR ', $clauses) . ' ) ';
 169       }
 170     }
 171     else {
 172       if ($this->_viewAdminUser) {
 173         $clause = ' ( 1 ) ';
 174       }
 175       elseif (empty($this->_viewPermissionedGroups[$groupKey])) {
 176         $clause = ' ( 0 ) ';
 177       }
 178       else {
 179         $clauses = array();
 180         $groups = implode(', ', $this->_viewPermissionedGroups[$groupKey]);
 181         $clauses[] = ' ( civicrm_group_contact.group_id IN (' . implode(', ', array_keys($this->_viewPermissionedGroups[$groupKey])) . " ) AND civicrm_group_contact.status = 'Added' ) ";
 182         $tables['civicrm_group_contact'] = 1;
 183         $whereTables['civicrm_group_contact'] = 1;
 184         $clause = ' ( ' . implode(' OR ', $clauses) . ' ) ';
 185       }
 186     }
 187
 188     return $clause;
 189   }
 190
 191   /**
 192    * get the current permission of this user
 193    *
 194    * @return string the permission of the user (edit or view or null)
 195    */
 196   public function getPermission() {
 197     $this->group();
 198
 199     if ($this->_editPermission) {
 200       return CRM_Core_Permission::EDIT;
 201     }
 202     elseif ($this->_viewPermission) {
 203       return CRM_Core_Permission::VIEW;
 204     }
 205     return NULL;
 206   }
 207
 208   /**
 209    * given a permission string, check for access requirements
 210    *
 211    * @param string $str the permission to check
 212    *
 213    * @return boolean true if yes, else false
 214    * @access public
 215    */
 216   function check($str, $contactID = NULL) {
 217     if (function_exists('user_access')) {
 218       return user_access($str) ? TRUE : FALSE;
 219     }
 220     return TRUE;
 221   }
 222
 223   function getContactEmails($uids) {
 224     if (empty($uids)) {
 225       return '';
 226     }
 227     $uidString = implode(',', $uids);
 228     $sql = "
 229     SELECT     e.email
 230     FROM       civicrm_contact c
 231     INNER JOIN civicrm_email e     ON ( c.id = e.contact_id AND e.is_primary = 1 )
 232     INNER JOIN civicrm_uf_match uf ON ( c.id = uf.contact_id )
 233     WHERE      c.is_deceased = 0
 234     AND        c.is_deleted  = 0
 235     AND        uf.uf_id IN ( $uidString )
 236     ";
 237
 238     $dao = CRM_Core_DAO::executeQuery($sql);
 239
 240     $emails = array();
 241     while ($dao->fetch()) {
 242     $emails[] = $dao->email;
 243     }
 244
 245     return implode(', ', $emails);
 246   }
 247 }