CRM/Core/Permission/WordPress.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | Copyright CiviCRM LLC. All rights reserved.                        |
   5  |                                                                    |
   6  | This work is published under the GNU AGPLv3 license with some      |
   7  | permitted exceptions and without any warranty. For full license    |
   8  | and copyright information, see https://civicrm.org/licensing       |
   9  +--------------------------------------------------------------------+
  10  */
  11
  12 /**
  13  *
  14  * @package CRM
  15  * @copyright CiviCRM LLC https://civicrm.org/licensing
  16  */
  17
  18 /**
  19  *
  20  */
  21 class CRM_Core_Permission_WordPress extends CRM_Core_Permission_Base {
  22
  23   /**
  24    * Given a permission string, check for access requirements
  25    *
  26    * @param string $str
  27    *   The permission to check.
  28    * @param int $userId
  29    *
  30    * @return bool
  31    *   true if yes, else false
  32    */
  33   public function check($str, $userId = NULL) {
  34     // Generic cms 'administer users' role tranlates to users with the 'edit_users' capability' in WordPress
  35     $str = $this->translatePermission($str, 'WordPress', [
  36       'administer users' => 'edit_users',
  37     ]);
  38     if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
  39       return FALSE;
  40     }
  41     if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
  42       return TRUE;
  43     }
  44
  45     // CRM-15629
  46     // During some extern/* calls we don't bootstrap CMS hence
  47     // below constants are not set. In such cases, we don't need to
  48     // check permission, hence directly return TRUE
  49     if (!defined('ABSPATH') || !defined('WPINC')) {
  50       require_once 'CRM/Utils/System.php';
  51       CRM_Utils_System::loadBootStrap();
  52     }
  53
  54     require_once ABSPATH . WPINC . '/pluggable.php';
  55
  56     // for administrators give them all permissions
  57     if (!function_exists('current_user_can')) {
  58       return TRUE;
  59     }
  60
  61     $user = $userId ? get_userdata($userId) : wp_get_current_user();
  62
  63     if ($user->has_cap('super admin') || $user->has_cap('administrator')) {
  64       return TRUE;
  65     }
  66
  67     // Make string lowercase and convert spaces into underscore
  68     $str = CRM_Utils_String::munge(strtolower($str));
  69
  70     if ($user->exists()) {
  71       // Check whether the logged in user has the capabilitity
  72       if ($user->has_cap($str)) {
  73         return TRUE;
  74       }
  75     }
  76     else {
  77       //check the capabilities of Anonymous user)
  78       $roleObj = new WP_Roles();
  79       if (
  80         $roleObj->get_role('anonymous_user') != NULL &&
  81         array_key_exists($str, $roleObj->get_role('anonymous_user')->capabilities)
  82       ) {
  83         return TRUE;
  84       }
  85     }
  86     return FALSE;
  87   }
  88
  89   /**
  90    * @inheritDoc
  91    */
  92   public function isModulePermissionSupported() {
  93     return TRUE;
  94   }
  95
  96   /**
  97    * @inheritDoc
  98    */
  99   public function upgradePermissions($permissions) {
 100   }
 101
 102 }