3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.7 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2017 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
31 * @copyright CiviCRM LLC (c) 2004-2017
39 class CRM_Core_Permission_Joomla
extends CRM_Core_Permission_Base
{
41 * Given a permission string, check for access requirements
44 * The permission to check.
47 * true if yes, else false
49 public function check($str) {
50 $config = CRM_Core_Config
::singleton();
52 $translated = $this->translateJoomlaPermission($str);
53 if ($translated === CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
) {
56 if ($translated === CRM_Core_Permission
::ALWAYS_ALLOW_PERMISSION
) {
60 // ensure that we are running in a joomla context
61 // we've not yet figured out how to bootstrap joomla, so we should
62 // not execute hooks if joomla is not loaded
63 if (defined('_JEXEC')) {
64 $user = JFactory
::getUser();
65 $api_key = CRM_Utils_Request
::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST');
67 // If we are coming from REST we don't have a user but we do have the api_key for a user.
68 if ($user->id
=== 0 && !is_null($api_key)) {
69 // This is a codeblock copied from /Civicrm/Utils/REST
74 $contact_id = CRM_Core_DAO
::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key');
77 $uid = CRM_Core_BAO_UFMatch
::getUFId($contact_id);
79 $user = JFactory
::getUser($uid);
84 return $user->authorise($translated[0], $translated[1]);
93 public function isModulePermissionSupported() {
100 * @internal param string $name e.g. "administer CiviCRM", "cms:access user record", "Drupal:administer content", "Joomla:example.action:com_some_asset"
101 * @return ALWAYS_DENY_PERMISSION|ALWAYS_ALLOW_PERMISSION|array(0 => $joomlaAction, 1 => $joomlaAsset)
103 public function translateJoomlaPermission($perm) {
104 if ($perm === CRM_Core_Permission
::ALWAYS_DENY_PERMISSION ||
$perm === CRM_Core_Permission
::ALWAYS_ALLOW_PERMISSION
) {
108 list ($civiPrefix, $name) = CRM_Utils_String
::parsePrefix(':', $perm, NULL);
109 switch ($civiPrefix) {
111 return explode(':', $name);
114 // FIXME: This needn't be DENY, but we don't currently have any translations.
115 return CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
;
118 return array('civicrm.' . CRM_Utils_String
::munge(strtolower($name)), 'com_civicrm');
121 return CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
;
126 * Given a roles array, check for access requirements
128 * @param array $array
129 * The roles to check.
132 * true if yes, else false
134 public function checkGroupRole($array) {
141 public function upgradePermissions($permissions) {
142 $translatedPerms = array();
144 // Flipping the $permissions array gives us just the raw names of the
145 // permissions. The descriptions, etc., are irrelevant for the purposes of
147 foreach (array_flip($permissions) as $perm) {
148 $translated = $this->translateJoomlaPermission($perm);
149 $translatedPerms[] = $translated[0];
152 $associations = $this->getUserGroupPermsAssociations();
153 $cmsPermsHaveGoneStale = FALSE;
154 foreach (array_keys(get_object_vars($associations)) as $permName) {
155 if (!in_array($permName, $translatedPerms)) {
156 unset($associations->$permName);
157 $cmsPermsHaveGoneStale = TRUE;
161 if ($cmsPermsHaveGoneStale) {
162 $this->updateGroupPermsAssociations($associations);
167 * Fetches the associations between user groups and CiviCRM permissions.
169 * @see https://docs.joomla.org/Selecting_data_using_JDatabase
171 * Properties of the object are Joomla-fied permission names.
173 private function getUserGroupPermsAssociations() {
174 $db = JFactory
::getDbo();
175 $query = $db->getQuery(TRUE);
178 ->select($db->quoteName('rules'))
179 ->from($db->quoteName('#__assets'))
180 ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm'));
182 $db->setQuery($query);
184 // Joomla gotcha: loadObject returns NULL in the case of no matches.
185 $result = $db->loadObject();
186 return $result ?
json_decode($result->rules
) : (object) array();
190 * Writes user-group/permissions associations back to Joomla.
192 * @see https://docs.joomla.org/Inserting,_Updating_and_Removing_data_using_JDatabase
193 * @param object $associations
194 * Same format as the return of
195 * CRM_Core_Permission_Joomla->getUserGroupPermsAssociations().
197 private function updateGroupPermsAssociations($associations) {
198 $db = JFactory
::getDbo();
199 $query = $db->getQuery(TRUE);
202 ->update($db->quoteName('#__assets'))
203 ->set($db->quoteName('rules') . ' = ' . $db->quote(json_encode($associations)))
204 ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm'));
206 $db->setQuery($query)->execute();