projects / civicrm-core.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
CRM - Cleanup boolean expressions
[civicrm-core.git] / CRM / Core / Permission / Joomla.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 *
14 * @package CRM
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
16 * $Id$
17 *
18 */
19
20 /**
21 *
22 */
23 class CRM_Core_Permission_Joomla extends CRM_Core_Permission_Base {
24
25 /**
26 * Given a permission string, check for access requirements
27 *
28 * @param string $str
29 * The permission to check.
30 * @param int $userId
31 *
32 * @return bool
33 * true if yes, else false
34 */
35 public function check($str, $userId = NULL) {
36 $config = CRM_Core_Config::singleton();
37 // JFactory::getUser does strict type checking, so convert falesy values to NULL
38 if (!$userId) {
39 $userId = NULL;
40 }
41
42 $translated = $this->translateJoomlaPermission($str);
43 if ($translated === CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
44 return FALSE;
45 }
46 if ($translated === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
47 return TRUE;
48 }
49
50 // ensure that we are running in a joomla context
51 // we've not yet figured out how to bootstrap joomla, so we should
52 // not execute hooks if joomla is not loaded
53 if (defined('_JEXEC')) {
54 $user = JFactory::getUser($userId);
55 $api_key = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST');
56
57 // If we are coming from REST we don't have a user but we do have the api_key for a user.
58 if ($user->id === 0 && !is_null($api_key)) {
59 // This is a codeblock copied from /Civicrm/Utils/REST
60 $uid = NULL;
61 if (!$uid) {
62 $store = NULL;
63
64 $contact_id = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact', $api_key, 'id', 'api_key');
65
66 if ($contact_id) {
67 $uid = CRM_Core_BAO_UFMatch::getUFId($contact_id);
68 }
69 $user = JFactory::getUser($uid);
70
71 }
72 }
73
74 return $user->authorise($translated[0], $translated[1]);
75
76 }
77 else {
78
79 return FALSE;
80 }
81 }
82
83 public function isModulePermissionSupported() {
84 return TRUE;
85 }
86
87 /**
88 * @param $perm
89 *
90 * @internal param string $name e.g. "administer CiviCRM", "cms:access user record", "Drupal:administer content", "Joomla:example.action:com_some_asset"
91 * @return ALWAYS_DENY_PERMISSION|ALWAYS_ALLOW_PERMISSION|array(0 => $joomlaAction, 1 => $joomlaAsset)
92 */
93 public function translateJoomlaPermission($perm) {
94 if ($perm === CRM_Core_Permission::ALWAYS_DENY_PERMISSION || $perm === CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
95 return $perm;
96 }
97
98 list ($civiPrefix, $name) = CRM_Utils_String::parsePrefix(':', $perm, NULL);
99 switch ($civiPrefix) {
100 case 'Joomla':
101 return explode(':', $name);
102
103 case 'cms':
104 // FIXME: This needn't be DENY, but we don't currently have any translations.
105 return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
106
107 case NULL:
108 return ['civicrm.' . CRM_Utils_String::munge(strtolower($name)), 'com_civicrm'];
109
110 default:
111 return CRM_Core_Permission::ALWAYS_DENY_PERMISSION;
112 }
113 }
114
115 /**
116 * Given a roles array, check for access requirements
117 *
118 * @param array $array
119 * The roles to check.
120 *
121 * @return bool
122 * true if yes, else false
123 */
124 public function checkGroupRole($array) {
125 return FALSE;
126 }
127
128 /**
129 * @inheritDoc
130 */
131 public function upgradePermissions($permissions) {
132 $translatedPerms = [];
133
134 // Flipping the $permissions array gives us just the raw names of the
135 // permissions. The descriptions, etc., are irrelevant for the purposes of
136 // this method.
137 foreach (array_flip($permissions) as $perm) {
138 $translated = $this->translateJoomlaPermission($perm);
139 $translatedPerms[] = $translated[0];
140 }
141
142 $associations = $this->getUserGroupPermsAssociations();
143 $cmsPermsHaveGoneStale = FALSE;
144 foreach (array_keys(get_object_vars($associations)) as $permName) {
145 if (!in_array($permName, $translatedPerms)) {
146 unset($associations->$permName);
147 $cmsPermsHaveGoneStale = TRUE;
148 }
149 }
150
151 if ($cmsPermsHaveGoneStale) {
152 $this->updateGroupPermsAssociations($associations);
153 }
154 }
155
156 /**
157 * Fetches the associations between user groups and CiviCRM permissions.
158 *
159 * @see https://docs.joomla.org/Selecting_data_using_JDatabase
160 * @return object
161 * Properties of the object are Joomla-fied permission names.
162 */
163 private function getUserGroupPermsAssociations() {
164 $db = JFactory::getDbo();
165 $query = $db->getQuery(TRUE);
166
167 $query
168 ->select($db->quoteName('rules'))
169 ->from($db->quoteName('#__assets'))
170 ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm'));
171
172 $db->setQuery($query);
173
174 // Joomla gotcha: loadObject returns NULL in the case of no matches.
175 $result = $db->loadObject();
176 return $result ? json_decode($result->rules) : (object) [];
177 }
178
179 /**
180 * Writes user-group/permissions associations back to Joomla.
181 *
182 * @see https://docs.joomla.org/Inserting,_Updating_and_Removing_data_using_JDatabase
183 * @param object $associations
184 * Same format as the return of
185 * CRM_Core_Permission_Joomla->getUserGroupPermsAssociations().
186 */
187 private function updateGroupPermsAssociations($associations) {
188 $db = JFactory::getDbo();
189 $query = $db->getQuery(TRUE);
190
191 $query
192 ->update($db->quoteName('#__assets'))
193 ->set($db->quoteName('rules') . ' = ' . $db->quote(json_encode($associations)))
194 ->where($db->quoteName('name') . ' = ' . $db->quote('com_civicrm'));
195
196 $db->setQuery($query)->execute();
197 }
198
199 }