projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #20471 from eileenmcnaughton/schema
[civicrm-core.git] / CRM / Core / Permission / Joomla.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 *
14 * @package CRM
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
16 */
17
18 /**
19 *
20 */
21 class CRM_Core_Permission_Joomla extends CRM_Core_Permission_Base {
22
23 /**
24 * Given a permission string, check for access requirements
25 *
26 * @param string $str
27 * The permission to check.
28 * @param int $userId
29 *
30 * @return bool
31 * true if yes, else false
32 */
33 public function check($str, $userId = NULL) {
34 $config = CRM_Core_Config::singleton();
35 // JFactory::getUser does strict type checking, so convert falesy values to NULL
36 if (!$userId) {
37 $userId = NULL;
38 }
39
40 $translated = $this->translateJoomlaPermission($str);
41 if ($translated === CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
42 return FALSE;
43 }
44 if ($translated === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
45 return TRUE;
46 }
47
48 // ensure that we are running in a joomla context
49 // we've not yet figured out how to bootstrap joomla, so we should
50 // not execute hooks if joomla is not loaded
51 if (defined('_JEXEC')) {
52 $user = JFactory::getUser($userId);
53 $api_key = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST');
54
55 // If we are coming from REST we don't have a user but we do have the api_key for a user.
56 if ($user->id === 0 && !is_null($api_key)) {
57 // This is a codeblock copied from /Civicrm/Utils/REST
58 $uid = NULL;
59 if (!$uid) {
60 $store = NULL;
61
62 $contact_id = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key');
63
64 if ($contact_id) {
65 $uid = CRM_Core_BAO_UFMatch::getUFId($contact_id);
66 }
67 $user = JFactory::getUser($uid);
68
69 }
70 }
71
72 return $user->authorise($translated[0], $translated[1]);
73
74 }
75 else {
76
77 return FALSE;
78 }
79 }
80
81 public function isModulePermissionSupported() {
82 return TRUE;
83 }
84
85 /**
86 * @param $perm
87 *
88 * @internal param string $name e.g. "administer CiviCRM", "cms:access user record", "Drupal:administer content", "Joomla:example.action:com_some_asset"
89 * @return ALWAYS_DENY_PERMISSION|ALWAYS_ALLOW_PERMISSION|array(0 => $joomlaAction, 1 => $joomlaAsset)
90 */
91 public function translateJoomlaPermission($perm) {
92 if ($perm === CRM_Core_Permission::ALWAYS_DENY_PERMISSION || $perm === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
93 return $perm;
94 }
95
96 list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL);
97 switch ($civiPrefix) {
98 case 'Joomla':
99 return explode(':', $name);
100
101 case 'cms':
102 // FIXME: This needn't be DENY, but we don't currently have any translations.
103 return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
104
105 case NULL:
106 return ['civicrm.' . CRM_Utils_String::munge(strtolower($name)), 'com_civicrm'];
107
108 default:
109 return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
110 }
111 }
112
113 /**
114 * Given a roles array, check for access requirements
115 *
116 * @param array $array
117 * The roles to check.
118 *
119 * @return bool
120 * true if yes, else false
121 */
122 public function checkGroupRole($array) {
123 return FALSE;
124 }
125
126 /**
127 * @inheritDoc
128 */
129 public function upgradePermissions($permissions) {
130 $translatedPerms = [];
131
132 // Flipping the $permissions array gives us just the raw names of the
133 // permissions. The descriptions, etc., are irrelevant for the purposes of
134 // this method.
135 foreach (array_flip($permissions) as $perm) {
136 $translated = $this->translateJoomlaPermission($perm);
137 $translatedPerms[] = $translated[0];
138 }
139
140 $associations = $this->getUserGroupPermsAssociations();
141 $cmsPermsHaveGoneStale = FALSE;
142 foreach (array_keys(get_object_vars($associations)) as $permName) {
143 if (!in_array($permName, $translatedPerms)) {
144 unset($associations->$permName);
145 $cmsPermsHaveGoneStale = TRUE;
146 }
147 }
148
149 if ($cmsPermsHaveGoneStale) {
150 $this->updateGroupPermsAssociations($associations);
151 }
152 }
153
154 /**
155 * Fetches the associations between user groups and CiviCRM permissions.
156 *
157 * @see https://docs.joomla.org/Selecting_data_using_JDatabase
158 * @return object
159 * Properties of the object are Joomla-fied permission names.
160 */
161 private function getUserGroupPermsAssociations() {
162 $db = JFactory::getDbo();
163 $query = $db->getQuery(TRUE);
164
165 $query
166 ->select($db->quoteName('rules'))
167 ->from($db->quoteName('#__assets'))
168 ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm'));
169
170 $db->setQuery($query);
171
172 // Joomla gotcha: loadObject returns NULL in the case of no matches.
173 $result = $db->loadObject();
174 return $result ? json_decode($result->rules) : (object) [];
175 }
176
177 /**
178 * Writes user-group/permissions associations back to Joomla.
179 *
180 * @see https://docs.joomla.org/Inserting,_Updating_and_Removing_data_using_JDatabase
181 * @param object $associations
182 * Same format as the return of
183 * CRM_Core_Permission_Joomla->getUserGroupPermsAssociations().
184 */
185 private function updateGroupPermsAssociations($associations) {
186 $db = JFactory::getDbo();
187 $query = $db->getQuery(TRUE);
188
189 $query
190 ->update($db->quoteName('#__assets'))
191 ->set($db->quoteName('rules') . ' = ' . $db->quote(json_encode($associations)))
192 ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm'));
193
194 $db->setQuery($query)->execute();
195 }
196
197 }