/**
* Given a permission string or array, check for access requirements
- * @param mixed $permissions
+ * @param string|array $permissions
* The permission to check as an array or string -see examples.
- * arrays
+ *
+ * @param int $contactId
+ * Contact id to check permissions for. Defaults to current logged-in user.
*
* Ex 1
*
* @return bool
* true if yes, else false
*/
- public static function check($permissions) {
+ public static function check($permissions, $contactId = NULL) {
$permissions = (array) $permissions;
+ $userId = NULL;
+ if ($contactId) {
+ $userId = CRM_Core_BAO_UFMatch::getUFId($contactId);
+ }
+ /** @var CRM_Core_Permission_Temp $tempPerm */
$tempPerm = CRM_Core_Config::singleton()->userPermissionTemp;
foreach ($permissions as $permission) {
if (is_array($permission)) {
foreach ($permission as $orPerm) {
- if (self::check($orPerm)) {
+ if (self::check($orPerm, $contactId)) {
//one of our 'or' permissions has succeeded - stop checking this permission
return TRUE;
}
}
else {
// This is an individual permission
- $granted = CRM_Core_Config::singleton()->userPermissionClass->check($permission);
+ $granted = CRM_Core_Config::singleton()->userPermissionClass->check($permission, $userId);
// Call the permission_check hook to permit dynamic escalation (CRM-19256)
CRM_Utils_Hook::permission_check($permission, $granted);
if (
* @param string $str
* The permission to check.
*
- * @param int $contactID
+ * @param int $userId
*
* @return bool
* true if yes, else false
*/
- public function check($str, $contactID = NULL) {
+ public function check($str, $userId = NULL) {
$str = $this->translatePermission($str, 'Drupal', array(
'view user account' => 'access user profiles',
'administer users' => 'administer users',
return TRUE;
}
if (function_exists('user_access')) {
- return user_access($str) ? TRUE : FALSE;
+ $account = NULL;
+ if ($userId) {
+ $account = user_load($userId);
+ }
+ return user_access($str, $account);
}
return TRUE;
}
*
* @param string $str
* The permission to check.
+ * @param int $userId
*
*/
- public function check($str) {
+ public function check($str, $userId = NULL) {
//no default behaviour
}
* @param string $str
* The permission to check.
*
- * @param int $contactID
+ * @param int $userId
*
* @return bool
* true if yes, else false
*/
- public function check($str, $contactID = NULL) {
+ public function check($str, $userId = NULL) {
$str = $this->translatePermission($str, 'Drupal', array(
'view user account' => 'access user profiles',
'administer users' => 'administer users',
return TRUE;
}
if (function_exists('user_access')) {
- return user_access($str) ? TRUE : FALSE;
+ $account = NULL;
+ if ($userId) {
+ $account = user_load($userId);
+ }
+ return user_access($str, $account);
}
return TRUE;
}
* @param string $str
* The permission to check.
*
- * @param int $contactID
+ * @param int $userId
*
* @return bool
* true if yes, else false
*/
- public function check($str, $contactID = NULL) {
+ public function check($str, $userId = NULL) {
$str = $this->translatePermission($str, 'Drupal6', array(
'view user account' => 'access user profiles',
'administer users' => 'administer users',
return TRUE;
}
if (function_exists('user_access')) {
- return user_access($str) ? TRUE : FALSE;
+ $account = NULL;
+ if ($userId) {
+ $account = user_load($userId);
+ }
+ return user_access($str, $account);
}
return TRUE;
}
* @param string $str
* The permission to check.
*
- * @param null $contactID
+ * @param int $userId
*
* @return bool
*/
- public function check($str, $contactID = NULL) {
+ public function check($str, $userId = NULL) {
$str = $this->translatePermission($str, 'Drupal', array(
'view user account' => 'access user profiles',
));
if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
return TRUE;
}
- return \Drupal::currentUser()->hasPermission($str);
+ $acct = $userId ? \Drupal\user\Entity\User::load($userId) : \Drupal::currentUser();
+ return $acct->hasPermission($str);
}
/**
*
* @param string $str
* The permission to check.
+ * @param int $userId
*
* @return bool
* true if yes, else false
*/
- public function check($str) {
+ public function check($str, $userId = NULL) {
$config = CRM_Core_Config::singleton();
+ // JFactory::getUser does strict type checking, so convert falesy values to NULL
+ if (!$userId) {
+ $userId = NULL;
+ }
$translated = $this->translateJoomlaPermission($str);
if ($translated === CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
// we've not yet figured out how to bootstrap joomla, so we should
// not execute hooks if joomla is not loaded
if (defined('_JEXEC')) {
- $user = JFactory::getUser();
+ $user = JFactory::getUser($userId);
$api_key = CRM_Utils_Request::retrieve('api_key', 'String', $store, FALSE, NULL, 'REQUEST');
// If we are coming from REST we don't have a user but we do have the api_key for a user.
*
* @param string $str
* The permission to check.
+ * @param int $userId
*
* @return bool
* true if yes, else false
*/
- public function check($str) {
+ public function check($str, $userId = NULL) {
return TRUE;
}
*
* @param string $str
* The permission to check.
+ * @param int $userId
*
* @return bool
* true if yes, else false
*/
- public function check($str) {
+ public function check($str, $userId = NULL) {
if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
return FALSE;
}
*
* @param string $str
* The permission to check.
+ * @param int $userId
*
* @return bool
* true if yes, else false
*/
- public function check($str) {
+ public function check($str, $userId = NULL) {
// Generic cms 'administer users' role tranlates to users with the 'edit_users' capability' in WordPress
$str = $this->translatePermission($str, 'WordPress', array(
'administer users' => 'edit_users',
return TRUE;
}
- if (current_user_can('super admin') || current_user_can('administrator')) {
+ $user = $userId ? get_userdata($userId) : wp_get_current_user();
+
+ if ($user->has_cap('super admin') || $user->has_cap('administrator')) {
return TRUE;
}
// Make string lowercase and convert spaces into underscore
$str = CRM_Utils_String::munge(strtolower($str));
- if (is_user_logged_in()) {
+ if ($user->exists()) {
// Check whether the logged in user has the capabilitity
- if (current_user_can($str)) {
+ if ($user->has_cap($str)) {
return TRUE;
}
}
projects / civicrm-core.git / commitdiff