CRM/Core/Permission/WordPress.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | Copyright CiviCRM LLC. All rights reserved.                        |
   5  |                                                                    |
   6  | This work is published under the GNU AGPLv3 license with some      |
   7  | permitted exceptions and without any warranty. For full license    |
   8  | and copyright information, see https://civicrm.org/licensing       |
   9  +--------------------------------------------------------------------+
  10  */
  11
  12 /**
  13  *
  14  * @package CRM
  15  * @copyright CiviCRM LLC https://civicrm.org/licensing
  16  * $Id$
  17  *
  18  */
  19
  20 /**
  21  *
  22  */
  23 class CRM_Core_Permission_WordPress extends CRM_Core_Permission_Base {
  24
  25   /**
  26    * Given a permission string, check for access requirements
  27    *
  28    * @param string $str
  29    *   The permission to check.
  30    * @param int $userId
  31    *
  32    * @return bool
  33    *   true if yes, else false
  34    */
  35   public function check($str, $userId = NULL) {
  36     // Generic cms 'administer users' role tranlates to users with the 'edit_users' capability' in WordPress
  37     $str = $this->translatePermission($str, 'WordPress', [
  38       'administer users' => 'edit_users',
  39     ]);
  40     if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
  41       return FALSE;
  42     }
  43     if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
  44       return TRUE;
  45     }
  46
  47     // CRM-15629
  48     // During some extern/* calls we don't bootstrap CMS hence
  49     // below constants are not set. In such cases, we don't need to
  50     // check permission, hence directly return TRUE
  51     if (!defined('ABSPATH') || !defined('WPINC')) {
  52       require_once 'CRM/Utils/System.php';
  53       CRM_Utils_System::loadBootStrap();
  54     }
  55
  56     require_once ABSPATH . WPINC . '/pluggable.php';
  57
  58     // for administrators give them all permissions
  59     if (!function_exists('current_user_can')) {
  60       return TRUE;
  61     }
  62
  63     $user = $userId ? get_userdata($userId) : wp_get_current_user();
  64
  65     if ($user->has_cap('super admin') || $user->has_cap('administrator')) {
  66       return TRUE;
  67     }
  68
  69     // Make string lowercase and convert spaces into underscore
  70     $str = CRM_Utils_String::munge(strtolower($str));
  71
  72     if ($user->exists()) {
  73       // Check whether the logged in user has the capabilitity
  74       if ($user->has_cap($str)) {
  75         return TRUE;
  76       }
  77     }
  78     else {
  79       //check the capabilities of Anonymous user)
  80       $roleObj = new WP_Roles();
  81       if (
  82         $roleObj->get_role('anonymous_user') != NULL &&
  83         array_key_exists($str, $roleObj->get_role('anonymous_user')->capabilities)
  84       ) {
  85         return TRUE;
  86       }
  87     }
  88     return FALSE;
  89   }
  90
  91   /**
  92    * @inheritDoc
  93    */
  94   public function isModulePermissionSupported() {
  95     return TRUE;
  96   }
  97
  98   /**
  99    * @inheritDoc
 100    */
 101   public function upgradePermissions($permissions) {
 102   }
 103
 104 }