3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
21 class CRM_Core_Permission_Joomla
extends CRM_Core_Permission_Base
{
24 * Given a permission string, check for access requirements
27 * The permission to check.
31 * true if yes, else false
33 public function check($str, $userId = NULL) {
34 $config = CRM_Core_Config
::singleton();
35 // JFactory::getUser does strict type checking, so convert falesy values to NULL
36 if ($userId === 0 ||
$userId === '0') {
43 $translated = $this->translateJoomlaPermission($str);
44 if ($translated === CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
) {
47 if ($translated === CRM_Core_Permission
::ALWAYS_ALLOW_PERMISSION
) {
51 // ensure that we are running in a joomla context
52 // we've not yet figured out how to bootstrap joomla, so we should
53 // not execute hooks if joomla is not loaded
54 if (defined('_JEXEC')) {
55 $user = JFactory
::getUser($userId);
56 $api_key = CRM_Utils_Request
::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST');
58 // If we are coming from REST we don't have a user but we do have the api_key for a user.
59 if ($user->id
=== 0 && !is_null($api_key)) {
60 // This is a codeblock copied from /Civicrm/Utils/REST
65 $contact_id = CRM_Core_DAO
::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key');
68 $uid = CRM_Core_BAO_UFMatch
::getUFId($contact_id);
70 $user = JFactory
::getUser($uid);
75 return $user->authorise($translated[0], $translated[1]);
84 public function isModulePermissionSupported() {
91 * @internal param string $name e.g. "administer CiviCRM", "cms:access user record", "Drupal:administer content", "Joomla:example.action:com_some_asset"
92 * @return ALWAYS_DENY_PERMISSION|ALWAYS_ALLOW_PERMISSION|array(0 => $joomlaAction, 1 => $joomlaAsset)
94 public function translateJoomlaPermission($perm) {
95 if ($perm === CRM_Core_Permission
::ALWAYS_DENY_PERMISSION ||
$perm === CRM_Core_Permission
::ALWAYS_ALLOW_PERMISSION
) {
99 list ($civiPrefix, $name) = CRM_Utils_String
::parsePrefix(':', $perm, NULL);
100 switch ($civiPrefix) {
102 return explode(':', $name);
105 // FIXME: This needn't be DENY, but we don't currently have any translations.
106 return CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
;
109 return ['civicrm.' . CRM_Utils_String
::munge(strtolower($name)), 'com_civicrm'];
112 return CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
;
117 * Given a roles array, check for access requirements
119 * @param array $array
120 * The roles to check.
123 * true if yes, else false
125 public function checkGroupRole($array) {
132 public function upgradePermissions($permissions) {
133 $translatedPerms = [];
135 // Flipping the $permissions array gives us just the raw names of the
136 // permissions. The descriptions, etc., are irrelevant for the purposes of
138 foreach (array_flip($permissions) as $perm) {
139 $translated = $this->translateJoomlaPermission($perm);
140 $translatedPerms[] = $translated[0];
143 $associations = $this->getUserGroupPermsAssociations();
144 $cmsPermsHaveGoneStale = FALSE;
145 foreach (array_keys(get_object_vars($associations)) as $permName) {
146 if (!in_array($permName, $translatedPerms)) {
147 unset($associations->$permName);
148 $cmsPermsHaveGoneStale = TRUE;
152 if ($cmsPermsHaveGoneStale) {
153 $this->updateGroupPermsAssociations($associations);
158 * Fetches the associations between user groups and CiviCRM permissions.
160 * @see https://docs.joomla.org/Selecting_data_using_JDatabase
162 * Properties of the object are Joomla-fied permission names.
164 private function getUserGroupPermsAssociations() {
165 $db = JFactory
::getDbo();
166 $query = $db->getQuery(TRUE);
169 ->select($db->quoteName('rules'))
170 ->from($db->quoteName('#__assets'))
171 ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm'));
173 $db->setQuery($query);
175 // Joomla gotcha: loadObject returns NULL in the case of no matches.
176 $result = $db->loadObject();
177 return $result ?
json_decode($result->rules
) : (object) [];
181 * Writes user-group/permissions associations back to Joomla.
183 * @see https://docs.joomla.org/Inserting,_Updating_and_Removing_data_using_JDatabase
184 * @param object $associations
185 * Same format as the return of
186 * CRM_Core_Permission_Joomla->getUserGroupPermsAssociations().
188 private function updateGroupPermsAssociations($associations) {
189 $db = JFactory
::getDbo();
190 $query = $db->getQuery(TRUE);
193 ->update($db->quoteName('#__assets'))
194 ->set($db->quoteName('rules') . ' = ' . $db->quote(json_encode($associations)))
195 ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm'));
197 $db->setQuery($query)->execute();