--- /dev/null
+<?php
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+class CRM_Standaloneusers_BAO_Role extends CRM_Standaloneusers_DAO_Role {
+
+ /**
+ * Create a new Role based on array-data
+ *
+ * @param array $params key-value pairs
+ * @return CRM_Standaloneusers_DAO_Role|NULL
+ *
+ public static function create($params) {
+ $className = 'CRM_Standaloneusers_DAO_Role';
+ $entityName = 'Role';
+ $hook = empty($params['id']) ? 'create' : 'edit';
+
+ CRM_Utils_Hook::pre($hook, $entityName, CRM_Utils_Array::value('id', $params), $params);
+ $instance = new $className();
+ $instance->copyValues($params);
+ $instance->save();
+ CRM_Utils_Hook::post($hook, $entityName, $instance->id, $instance);
+
+ return $instance;
+ } */
+
+}
--- /dev/null
+<?php
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+class CRM_Standaloneusers_BAO_RolePermission extends CRM_Standaloneusers_DAO_RolePermission {
+
+ /**
+ * Create a new RolePermission based on array-data
+ *
+ * @param array $params key-value pairs
+ * @return CRM_Standaloneusers_DAO_RolePermission|NULL
+ *
+ public static function create($params) {
+ $className = 'CRM_Standaloneusers_DAO_RolePermission';
+ $entityName = 'RolePermission';
+ $hook = empty($params['id']) ? 'create' : 'edit';
+
+ CRM_Utils_Hook::pre($hook, $entityName, CRM_Utils_Array::value('id', $params), $params);
+ $instance = new $className();
+ $instance->copyValues($params);
+ $instance->save();
+ CRM_Utils_Hook::post($hook, $entityName, $instance->id, $instance);
+
+ return $instance;
+ } */
+
+}
--- /dev/null
+<?php
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+class CRM_Standaloneusers_BAO_User extends CRM_Standaloneusers_DAO_User {
+
+ /**
+ * Create a new User based on array-data
+ *
+ * @param array $params key-value pairs
+ * @return CRM_Standaloneusers_DAO_User|NULL
+ *
+ public static function create($params) {
+ $className = 'CRM_Standaloneusers_DAO_User';
+ $entityName = 'User';
+ $hook = empty($params['id']) ? 'create' : 'edit';
+
+ CRM_Utils_Hook::pre($hook, $entityName, CRM_Utils_Array::value('id', $params), $params);
+ $instance = new $className();
+ $instance->copyValues($params);
+ $instance->save();
+ CRM_Utils_Hook::post($hook, $entityName, $instance->id, $instance);
+
+ return $instance;
+ } */
+
+}
--- /dev/null
+<?php
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+class CRM_Standaloneusers_BAO_UserRole extends CRM_Standaloneusers_DAO_UserRole {
+
+ /**
+ * Create a new UserRole based on array-data
+ *
+ * @param array $params key-value pairs
+ * @return CRM_Standaloneusers_DAO_UserRole|NULL
+ *
+ public static function create($params) {
+ $className = 'CRM_Standaloneusers_DAO_UserRole';
+ $entityName = 'UserRole';
+ $hook = empty($params['id']) ? 'create' : 'edit';
+
+ CRM_Utils_Hook::pre($hook, $entityName, CRM_Utils_Array::value('id', $params), $params);
+ $instance = new $className();
+ $instance->copyValues($params);
+ $instance->save();
+ CRM_Utils_Hook::post($hook, $entityName, $instance->id, $instance);
+
+ return $instance;
+ } */
+
+}
--- /dev/null
+<?php
+
+/**
+ * @package CRM
+ * @copyright CiviCRM LLC https://civicrm.org/licensing
+ *
+ * Generated from standaloneusers/xml/schema/CRM/Standaloneusers/Role.xml
+ * DO NOT EDIT. Generated by CRM_Core_CodeGen
+ * (GenCodeChecksum:f9203d75619187e85a6db2ce88d0b30b)
+ */
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+/**
+ * Database access object for the Role entity.
+ */
+class CRM_Standaloneusers_DAO_Role extends CRM_Core_DAO {
+ const EXT = E::LONG_NAME;
+ const TABLE_ADDED = '';
+
+ /**
+ * Static instance to hold the table name.
+ *
+ * @var string
+ */
+ public static $_tableName = 'civicrm_role';
+
+ /**
+ * Should CiviCRM log any modifications to this table in the civicrm_log table.
+ *
+ * @var bool
+ */
+ public static $_log = TRUE;
+
+ /**
+ * Unique Role ID
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $id;
+
+ /**
+ * @var string
+ * (SQL type: varchar(64))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $name;
+
+ /**
+ * Class constructor.
+ */
+ public function __construct() {
+ $this->__table = 'civicrm_role';
+ parent::__construct();
+ }
+
+ /**
+ * Returns localized title of this entity.
+ *
+ * @param bool $plural
+ * Whether to return the plural version of the title.
+ */
+ public static function getEntityTitle($plural = FALSE) {
+ return $plural ? E::ts('Roles') : E::ts('Role');
+ }
+
+ /**
+ * Returns all the column names of this table
+ *
+ * @return array
+ */
+ public static function &fields() {
+ if (!isset(Civi::$statics[__CLASS__]['fields'])) {
+ Civi::$statics[__CLASS__]['fields'] = [
+ 'id' => [
+ 'name' => 'id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('Unique Role ID'),
+ 'required' => TRUE,
+ 'where' => 'civicrm_role.id',
+ 'table_name' => 'civicrm_role',
+ 'entity' => 'Role',
+ 'bao' => 'CRM_Standaloneusers_DAO_Role',
+ 'localizable' => 0,
+ 'html' => [
+ 'type' => 'Number',
+ ],
+ 'readonly' => TRUE,
+ 'add' => NULL,
+ ],
+ 'name' => [
+ 'name' => 'name',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Name'),
+ 'required' => TRUE,
+ 'maxlength' => 64,
+ 'size' => CRM_Utils_Type::BIG,
+ 'where' => 'civicrm_role.name',
+ 'table_name' => 'civicrm_role',
+ 'entity' => 'Role',
+ 'bao' => 'CRM_Standaloneusers_DAO_Role',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ ];
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'fields_callback', Civi::$statics[__CLASS__]['fields']);
+ }
+ return Civi::$statics[__CLASS__]['fields'];
+ }
+
+ /**
+ * Return a mapping from field-name to the corresponding key (as used in fields()).
+ *
+ * @return array
+ * Array(string $name => string $uniqueName).
+ */
+ public static function &fieldKeys() {
+ if (!isset(Civi::$statics[__CLASS__]['fieldKeys'])) {
+ Civi::$statics[__CLASS__]['fieldKeys'] = array_flip(CRM_Utils_Array::collect('name', self::fields()));
+ }
+ return Civi::$statics[__CLASS__]['fieldKeys'];
+ }
+
+ /**
+ * Returns the names of this table
+ *
+ * @return string
+ */
+ public static function getTableName() {
+ return self::$_tableName;
+ }
+
+ /**
+ * Returns if this table needs to be logged
+ *
+ * @return bool
+ */
+ public function getLog() {
+ return self::$_log;
+ }
+
+ /**
+ * Returns the list of fields that can be imported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &import($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getImports(__CLASS__, 'role', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of fields that can be exported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &export($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getExports(__CLASS__, 'role', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of indices
+ *
+ * @param bool $localize
+ *
+ * @return array
+ */
+ public static function indices($localize = TRUE) {
+ $indices = [
+ 'index_name' => [
+ 'name' => 'index_name',
+ 'field' => [
+ 0 => 'name',
+ ],
+ 'localizable' => FALSE,
+ 'unique' => TRUE,
+ 'sig' => 'civicrm_role::1::name',
+ ],
+ ];
+ return ($localize && !empty($indices)) ? CRM_Core_DAO_AllCoreTables::multilingualize(__CLASS__, $indices) : $indices;
+ }
+
+}
--- /dev/null
+<?php
+
+/**
+ * @package CRM
+ * @copyright CiviCRM LLC https://civicrm.org/licensing
+ *
+ * Generated from standaloneusers/xml/schema/CRM/Standaloneusers/RolePermission.xml
+ * DO NOT EDIT. Generated by CRM_Core_CodeGen
+ * (GenCodeChecksum:212bcca5de5d35a0542f2e1df14de8bd)
+ */
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+/**
+ * Database access object for the RolePermission entity.
+ */
+class CRM_Standaloneusers_DAO_RolePermission extends CRM_Core_DAO {
+ const EXT = E::LONG_NAME;
+ const TABLE_ADDED = '';
+
+ /**
+ * Static instance to hold the table name.
+ *
+ * @var string
+ */
+ public static $_tableName = 'civicrm_role_permission';
+
+ /**
+ * Should CiviCRM log any modifications to this table in the civicrm_log table.
+ *
+ * @var bool
+ */
+ public static $_log = TRUE;
+
+ /**
+ * Unique RolePermission ID
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $id;
+
+ /**
+ * FK to Role
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $role_id;
+
+ /**
+ * A single permission granted to this role
+ *
+ * @var string
+ * (SQL type: varchar(60))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $permission;
+
+ /**
+ * Class constructor.
+ */
+ public function __construct() {
+ $this->__table = 'civicrm_role_permission';
+ parent::__construct();
+ }
+
+ /**
+ * Returns localized title of this entity.
+ *
+ * @param bool $plural
+ * Whether to return the plural version of the title.
+ */
+ public static function getEntityTitle($plural = FALSE) {
+ return $plural ? E::ts('Role Permissions') : E::ts('Role Permission');
+ }
+
+ /**
+ * Returns foreign keys and entity references.
+ *
+ * @return array
+ * [CRM_Core_Reference_Interface]
+ */
+ public static function getReferenceColumns() {
+ if (!isset(Civi::$statics[__CLASS__]['links'])) {
+ Civi::$statics[__CLASS__]['links'] = static::createReferenceColumns(__CLASS__);
+ Civi::$statics[__CLASS__]['links'][] = new CRM_Core_Reference_Basic(self::getTableName(), 'role_id', 'civicrm_role', 'id');
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'links_callback', Civi::$statics[__CLASS__]['links']);
+ }
+ return Civi::$statics[__CLASS__]['links'];
+ }
+
+ /**
+ * Returns all the column names of this table
+ *
+ * @return array
+ */
+ public static function &fields() {
+ if (!isset(Civi::$statics[__CLASS__]['fields'])) {
+ Civi::$statics[__CLASS__]['fields'] = [
+ 'id' => [
+ 'name' => 'id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('Unique RolePermission ID'),
+ 'required' => TRUE,
+ 'where' => 'civicrm_role_permission.id',
+ 'table_name' => 'civicrm_role_permission',
+ 'entity' => 'RolePermission',
+ 'bao' => 'CRM_Standaloneusers_DAO_RolePermission',
+ 'localizable' => 0,
+ 'html' => [
+ 'type' => 'Number',
+ ],
+ 'readonly' => TRUE,
+ 'add' => NULL,
+ ],
+ 'role_id' => [
+ 'name' => 'role_id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('FK to Role'),
+ 'where' => 'civicrm_role_permission.role_id',
+ 'table_name' => 'civicrm_role_permission',
+ 'entity' => 'RolePermission',
+ 'bao' => 'CRM_Standaloneusers_DAO_RolePermission',
+ 'localizable' => 0,
+ 'FKClassName' => 'CRM_Standaloneusers_DAO_Role',
+ 'add' => NULL,
+ ],
+ 'permission' => [
+ 'name' => 'permission',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Permission'),
+ 'description' => E::ts('A single permission granted to this role'),
+ 'required' => TRUE,
+ 'maxlength' => 60,
+ 'size' => CRM_Utils_Type::BIG,
+ 'where' => 'civicrm_role_permission.permission',
+ 'table_name' => 'civicrm_role_permission',
+ 'entity' => 'RolePermission',
+ 'bao' => 'CRM_Standaloneusers_DAO_RolePermission',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ ];
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'fields_callback', Civi::$statics[__CLASS__]['fields']);
+ }
+ return Civi::$statics[__CLASS__]['fields'];
+ }
+
+ /**
+ * Return a mapping from field-name to the corresponding key (as used in fields()).
+ *
+ * @return array
+ * Array(string $name => string $uniqueName).
+ */
+ public static function &fieldKeys() {
+ if (!isset(Civi::$statics[__CLASS__]['fieldKeys'])) {
+ Civi::$statics[__CLASS__]['fieldKeys'] = array_flip(CRM_Utils_Array::collect('name', self::fields()));
+ }
+ return Civi::$statics[__CLASS__]['fieldKeys'];
+ }
+
+ /**
+ * Returns the names of this table
+ *
+ * @return string
+ */
+ public static function getTableName() {
+ return self::$_tableName;
+ }
+
+ /**
+ * Returns if this table needs to be logged
+ *
+ * @return bool
+ */
+ public function getLog() {
+ return self::$_log;
+ }
+
+ /**
+ * Returns the list of fields that can be imported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &import($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getImports(__CLASS__, 'role_permission', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of fields that can be exported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &export($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getExports(__CLASS__, 'role_permission', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of indices
+ *
+ * @param bool $localize
+ *
+ * @return array
+ */
+ public static function indices($localize = TRUE) {
+ $indices = [];
+ return ($localize && !empty($indices)) ? CRM_Core_DAO_AllCoreTables::multilingualize(__CLASS__, $indices) : $indices;
+ }
+
+}
--- /dev/null
+<?php
+
+/**
+ * @package CRM
+ * @copyright CiviCRM LLC https://civicrm.org/licensing
+ *
+ * Generated from standaloneusers/xml/schema/CRM/Standaloneusers/User.xml
+ * DO NOT EDIT. Generated by CRM_Core_CodeGen
+ * (GenCodeChecksum:5a36926dd2c3d68eb325cc1f10961b29)
+ */
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+/**
+ * Database access object for the User entity.
+ */
+class CRM_Standaloneusers_DAO_User extends CRM_Core_DAO {
+ const EXT = E::LONG_NAME;
+ const TABLE_ADDED = '';
+
+ /**
+ * Static instance to hold the table name.
+ *
+ * @var string
+ */
+ public static $_tableName = 'civicrm_user';
+
+ /**
+ * Field to show when displaying a record.
+ *
+ * @var string
+ */
+ public static $_labelField = 'username';
+
+ /**
+ * Should CiviCRM log any modifications to this table in the civicrm_log table.
+ *
+ * @var bool
+ */
+ public static $_log = TRUE;
+
+ /**
+ * Unique User ID
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $id;
+
+ /**
+ * FK to Contact
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $contact_id;
+
+ /**
+ * @var string
+ * (SQL type: varchar(60))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $username;
+
+ /**
+ * Hashed password
+ *
+ * @var string
+ * (SQL type: varchar(128))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $password;
+
+ /**
+ * Email (e.g. for password resets)
+ *
+ * @var string
+ * (SQL type: varchar(255))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $email;
+
+ /**
+ * @var string|null
+ * (SQL type: timestamp)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $when_created;
+
+ /**
+ * @var string|null
+ * (SQL type: timestamp)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $when_last_accessed;
+
+ /**
+ * @var string|null
+ * (SQL type: timestamp)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $when_updated;
+
+ /**
+ * @var bool|string
+ * (SQL type: tinyint)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $is_active;
+
+ /**
+ * User's timezone
+ *
+ * @var string
+ * (SQL type: varchar(32))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $timezone;
+
+ /**
+ * User's language
+ *
+ * @var string
+ * (SQL type: varchar(12))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $language;
+
+ /**
+ * Class constructor.
+ */
+ public function __construct() {
+ $this->__table = 'civicrm_user';
+ parent::__construct();
+ }
+
+ /**
+ * Returns localized title of this entity.
+ *
+ * @param bool $plural
+ * Whether to return the plural version of the title.
+ */
+ public static function getEntityTitle($plural = FALSE) {
+ return $plural ? E::ts('Users') : E::ts('User');
+ }
+
+ /**
+ * Returns foreign keys and entity references.
+ *
+ * @return array
+ * [CRM_Core_Reference_Interface]
+ */
+ public static function getReferenceColumns() {
+ if (!isset(Civi::$statics[__CLASS__]['links'])) {
+ Civi::$statics[__CLASS__]['links'] = static::createReferenceColumns(__CLASS__);
+ Civi::$statics[__CLASS__]['links'][] = new CRM_Core_Reference_Basic(self::getTableName(), 'contact_id', 'civicrm_contact', 'id');
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'links_callback', Civi::$statics[__CLASS__]['links']);
+ }
+ return Civi::$statics[__CLASS__]['links'];
+ }
+
+ /**
+ * Returns all the column names of this table
+ *
+ * @return array
+ */
+ public static function &fields() {
+ if (!isset(Civi::$statics[__CLASS__]['fields'])) {
+ Civi::$statics[__CLASS__]['fields'] = [
+ 'id' => [
+ 'name' => 'id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('Unique User ID'),
+ 'required' => TRUE,
+ 'where' => 'civicrm_user.id',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'html' => [
+ 'type' => 'Number',
+ ],
+ 'readonly' => TRUE,
+ 'add' => NULL,
+ ],
+ 'contact_id' => [
+ 'name' => 'contact_id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('FK to Contact'),
+ 'where' => 'civicrm_user.contact_id',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'FKClassName' => 'CRM_Contact_DAO_Contact',
+ 'add' => NULL,
+ ],
+ 'username' => [
+ 'name' => 'username',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Username'),
+ 'required' => TRUE,
+ 'maxlength' => 60,
+ 'size' => CRM_Utils_Type::BIG,
+ 'where' => 'civicrm_user.username',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'password' => [
+ 'name' => 'password',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Password'),
+ 'description' => E::ts('Hashed password'),
+ 'required' => TRUE,
+ 'maxlength' => 128,
+ 'size' => CRM_Utils_Type::HUGE,
+ 'where' => 'civicrm_user.password',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'email' => [
+ 'name' => 'email',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Email'),
+ 'description' => E::ts('Email (e.g. for password resets)'),
+ 'required' => TRUE,
+ 'maxlength' => 255,
+ 'size' => CRM_Utils_Type::HUGE,
+ 'where' => 'civicrm_user.email',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'when_created' => [
+ 'name' => 'when_created',
+ 'type' => CRM_Utils_Type::T_TIMESTAMP,
+ 'title' => E::ts('When Created'),
+ 'where' => 'civicrm_user.when_created',
+ 'default' => 'CURRENT_TIMESTAMP',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'when_last_accessed' => [
+ 'name' => 'when_last_accessed',
+ 'type' => CRM_Utils_Type::T_TIMESTAMP,
+ 'title' => E::ts('When Last Accessed'),
+ 'where' => 'civicrm_user.when_last_accessed',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'when_updated' => [
+ 'name' => 'when_updated',
+ 'type' => CRM_Utils_Type::T_TIMESTAMP,
+ 'title' => E::ts('When Updated'),
+ 'where' => 'civicrm_user.when_updated',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'is_active' => [
+ 'name' => 'is_active',
+ 'type' => CRM_Utils_Type::T_BOOLEAN,
+ 'required' => TRUE,
+ 'where' => 'civicrm_user.is_active',
+ 'default' => '1',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'timezone' => [
+ 'name' => 'timezone',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Timezone'),
+ 'description' => E::ts('User\'s timezone'),
+ 'required' => FALSE,
+ 'maxlength' => 32,
+ 'size' => CRM_Utils_Type::MEDIUM,
+ 'where' => 'civicrm_user.timezone',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'language' => [
+ 'name' => 'language',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Language'),
+ 'description' => E::ts('User\'s language'),
+ 'required' => FALSE,
+ 'maxlength' => 12,
+ 'size' => CRM_Utils_Type::TWELVE,
+ 'where' => 'civicrm_user.language',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ ];
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'fields_callback', Civi::$statics[__CLASS__]['fields']);
+ }
+ return Civi::$statics[__CLASS__]['fields'];
+ }
+
+ /**
+ * Return a mapping from field-name to the corresponding key (as used in fields()).
+ *
+ * @return array
+ * Array(string $name => string $uniqueName).
+ */
+ public static function &fieldKeys() {
+ if (!isset(Civi::$statics[__CLASS__]['fieldKeys'])) {
+ Civi::$statics[__CLASS__]['fieldKeys'] = array_flip(CRM_Utils_Array::collect('name', self::fields()));
+ }
+ return Civi::$statics[__CLASS__]['fieldKeys'];
+ }
+
+ /**
+ * Returns the names of this table
+ *
+ * @return string
+ */
+ public static function getTableName() {
+ return self::$_tableName;
+ }
+
+ /**
+ * Returns if this table needs to be logged
+ *
+ * @return bool
+ */
+ public function getLog() {
+ return self::$_log;
+ }
+
+ /**
+ * Returns the list of fields that can be imported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &import($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getImports(__CLASS__, 'user', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of fields that can be exported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &export($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getExports(__CLASS__, 'user', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of indices
+ *
+ * @param bool $localize
+ *
+ * @return array
+ */
+ public static function indices($localize = TRUE) {
+ $indices = [
+ 'index_username' => [
+ 'name' => 'index_username',
+ 'field' => [
+ 0 => 'username',
+ ],
+ 'localizable' => FALSE,
+ 'unique' => TRUE,
+ 'sig' => 'civicrm_user::1::username',
+ ],
+ ];
+ return ($localize && !empty($indices)) ? CRM_Core_DAO_AllCoreTables::multilingualize(__CLASS__, $indices) : $indices;
+ }
+
+}
--- /dev/null
+<?php
+
+/**
+ * @package CRM
+ * @copyright CiviCRM LLC https://civicrm.org/licensing
+ *
+ * Generated from standaloneusers/xml/schema/CRM/Standaloneusers/UserRole.xml
+ * DO NOT EDIT. Generated by CRM_Core_CodeGen
+ * (GenCodeChecksum:5d4248ccad5a9831f1b0f5bd38a758de)
+ */
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+/**
+ * Database access object for the UserRole entity.
+ */
+class CRM_Standaloneusers_DAO_UserRole extends CRM_Core_DAO {
+ const EXT = E::LONG_NAME;
+ const TABLE_ADDED = '';
+
+ /**
+ * Static instance to hold the table name.
+ *
+ * @var string
+ */
+ public static $_tableName = 'civicrm_user_role';
+
+ /**
+ * Should CiviCRM log any modifications to this table in the civicrm_log table.
+ *
+ * @var bool
+ */
+ public static $_log = TRUE;
+
+ /**
+ * Unique UserRole ID
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $id;
+
+ /**
+ * FK to User
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $user_id;
+
+ /**
+ * FK to role
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $role_id;
+
+ /**
+ * Class constructor.
+ */
+ public function __construct() {
+ $this->__table = 'civicrm_user_role';
+ parent::__construct();
+ }
+
+ /**
+ * Returns localized title of this entity.
+ *
+ * @param bool $plural
+ * Whether to return the plural version of the title.
+ */
+ public static function getEntityTitle($plural = FALSE) {
+ return $plural ? E::ts('User Roles') : E::ts('User Role');
+ }
+
+ /**
+ * Returns foreign keys and entity references.
+ *
+ * @return array
+ * [CRM_Core_Reference_Interface]
+ */
+ public static function getReferenceColumns() {
+ if (!isset(Civi::$statics[__CLASS__]['links'])) {
+ Civi::$statics[__CLASS__]['links'] = static::createReferenceColumns(__CLASS__);
+ Civi::$statics[__CLASS__]['links'][] = new CRM_Core_Reference_Basic(self::getTableName(), 'user_id', 'civicrm_user', 'id');
+ Civi::$statics[__CLASS__]['links'][] = new CRM_Core_Reference_Basic(self::getTableName(), 'role_id', 'civicrm_role', 'id');
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'links_callback', Civi::$statics[__CLASS__]['links']);
+ }
+ return Civi::$statics[__CLASS__]['links'];
+ }
+
+ /**
+ * Returns all the column names of this table
+ *
+ * @return array
+ */
+ public static function &fields() {
+ if (!isset(Civi::$statics[__CLASS__]['fields'])) {
+ Civi::$statics[__CLASS__]['fields'] = [
+ 'id' => [
+ 'name' => 'id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('Unique UserRole ID'),
+ 'required' => TRUE,
+ 'where' => 'civicrm_user_role.id',
+ 'table_name' => 'civicrm_user_role',
+ 'entity' => 'UserRole',
+ 'bao' => 'CRM_Standaloneusers_DAO_UserRole',
+ 'localizable' => 0,
+ 'html' => [
+ 'type' => 'Number',
+ ],
+ 'readonly' => TRUE,
+ 'add' => NULL,
+ ],
+ 'user_id' => [
+ 'name' => 'user_id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('FK to User'),
+ 'where' => 'civicrm_user_role.user_id',
+ 'table_name' => 'civicrm_user_role',
+ 'entity' => 'UserRole',
+ 'bao' => 'CRM_Standaloneusers_DAO_UserRole',
+ 'localizable' => 0,
+ 'FKClassName' => 'CRM_Standaloneusers_DAO_User',
+ 'add' => NULL,
+ ],
+ 'role_id' => [
+ 'name' => 'role_id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('FK to role'),
+ 'where' => 'civicrm_user_role.role_id',
+ 'table_name' => 'civicrm_user_role',
+ 'entity' => 'UserRole',
+ 'bao' => 'CRM_Standaloneusers_DAO_UserRole',
+ 'localizable' => 0,
+ 'FKClassName' => 'CRM_Standaloneusers_DAO_Role',
+ 'add' => NULL,
+ ],
+ ];
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'fields_callback', Civi::$statics[__CLASS__]['fields']);
+ }
+ return Civi::$statics[__CLASS__]['fields'];
+ }
+
+ /**
+ * Return a mapping from field-name to the corresponding key (as used in fields()).
+ *
+ * @return array
+ * Array(string $name => string $uniqueName).
+ */
+ public static function &fieldKeys() {
+ if (!isset(Civi::$statics[__CLASS__]['fieldKeys'])) {
+ Civi::$statics[__CLASS__]['fieldKeys'] = array_flip(CRM_Utils_Array::collect('name', self::fields()));
+ }
+ return Civi::$statics[__CLASS__]['fieldKeys'];
+ }
+
+ /**
+ * Returns the names of this table
+ *
+ * @return string
+ */
+ public static function getTableName() {
+ return self::$_tableName;
+ }
+
+ /**
+ * Returns if this table needs to be logged
+ *
+ * @return bool
+ */
+ public function getLog() {
+ return self::$_log;
+ }
+
+ /**
+ * Returns the list of fields that can be imported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &import($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getImports(__CLASS__, 'user_role', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of fields that can be exported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &export($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getExports(__CLASS__, 'user_role', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of indices
+ *
+ * @param bool $localize
+ *
+ * @return array
+ */
+ public static function indices($localize = TRUE) {
+ $indices = [
+ 'index_user_role' => [
+ 'name' => 'index_user_role',
+ 'field' => [
+ 0 => 'user_id',
+ 1 => 'role_id',
+ ],
+ 'localizable' => FALSE,
+ 'sig' => 'civicrm_user_role::0::user_id::role_id',
+ ],
+ ];
+ return ($localize && !empty($indices)) ? CRM_Core_DAO_AllCoreTables::multilingualize(__CLASS__, $indices) : $indices;
+ }
+
+}
--- /dev/null
+<?php
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+class CRM_Standaloneusers_Page_Login extends CRM_Core_Page {
+
+ public function run() {
+ // // Example: Set the page-title dynamically; alternatively, declare a static title in xml/Menu/*.xml
+ // CRM_Utils_System::setTitle(E::ts('Login'));
+ //
+ // // Example: Assign a variable for use in a template
+ // $this->assign('currentTime', date('Y-m-d H:i:s'));
+ $this->assign('logoUrl', E::url('images/civicrm-logo.png'));
+
+ parent::run();
+ }
+
+}
--- /dev/null
+<?php
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+/**
+ * Collection of upgrade steps.
+ */
+class CRM_Standaloneusers_Upgrader extends CRM_Extension_Upgrader_Base {
+
+ // By convention, functions that look like "function upgrade_NNNN()" are
+ // upgrade tasks. They are executed in order (like Drupal's hook_update_N).
+
+ /**
+ * Example: Run an external SQL script when the module is installed.
+ *
+ public function install() {
+ $this->executeSqlFile('sql/myinstall.sql');
+ }
+
+ /**
+ * Example: Work with entities usually not available during the install step.
+ *
+ * This method can be used for any post-install tasks. For example, if a step
+ * of your installation depends on accessing an entity that is itself
+ * created during the installation (e.g., a setting or a managed entity), do
+ * so here to avoid order of operation problems.
+ */
+ public function postInstall() {
+
+ $users = \Civi\Api4\User::get(FALSE)->selectRowCount()->execute()->countMatched();
+ if ($users == 0) {
+
+ CRM_Core_DAO::executeQuery('DELETE FROM civicrm_uf_match');
+
+ // Create an admin contact.
+ $contactID = \Civi\Api4\Contact::create(FALSE)
+ ->setValues([
+ 'contact_type' => 'Individual',
+ 'first_name' => 'Standalone',
+ 'last_name' => 'Admin',
+ ])
+ ->execute()->first()['id'];
+ $dummyEmail = 'admin@localhost.localdomain';
+
+ // Create user
+ $config = \CRM_Core_Config::singleton();
+ $originalUFPermission = $config->userPermissionClass;
+ $originalUF = $config->userSystem;
+ $config->userPermissionClass = new \CRM_Core_Permission_Standalone();
+ $config->userSystem = new \CRM_Utils_System_Standalone();
+ $password = substr(base64_encode(random_bytes(8)), 0, 12);
+ $params = [
+ 'cms_name' => 'admin',
+ 'cms_pass' => $password,
+ 'notify' => FALSE,
+ $dummyEmail => $dummyEmail,
+ 'contactID' => $contactID,
+ ];
+ $userID = \CRM_Core_BAO_CMSUser::create($params, $dummyEmail);
+ $config->userPermissionClass = $originalUFPermission;
+ $config->userSystem = $originalUF;
+
+ // Create Role
+ $roleID = \Civi\Api4\Role::create(FALSE)->setValues(['name' => 'Administrator'])->execute()->first()['id'];
+
+ // Assign role to user
+ \Civi\Api4\UserRole::create(FALSE)->setValues(['role_id' => $roleID, 'user_id' => $userID])->execute();
+
+ // Create permissions for role
+ // @todo I expect there's a better way than this; this doesn't even bring in all the permissions.
+ $records = [['permission' => 'authenticate with password']];
+ foreach (array_keys(\CRM_Core_Permission::getCorePermissions()) as $permission) {
+ $records[] = ['permission' => $permission];
+ }
+ \Civi\Api4\RolePermission::save(FALSE)
+ ->setDefaults(['role_id' => $roleID])
+ ->setRecords($records)
+ ->execute();
+
+ $message = "Created New admin User $userID and contact $contactID with password $password and ALL permissions.";
+ \Civi::log()->notice($message);
+ if (php_sapi_name() === 'cli') {
+ print $message . "\n";
+ }
+ else {
+ $authx = new \Civi\Authx\Standalone();
+ $authx->loginSession($userID);
+ CRM_Core_Session::setStatus($message . " You are logged in!", 'Standalone installed', 'alert');
+ }
+ }
+ }
+
+ /**
+ * Example: Run an external SQL script when the module is uninstalled.
+ */
+ // public function uninstall() {
+ // $this->executeSqlFile('sql/myuninstall.sql');
+ // }
+
+ /**
+ * Example: Run a simple query when a module is enabled.
+ */
+ // public function enable() {
+ // CRM_Core_DAO::executeQuery('UPDATE foo SET is_active = 1 WHERE bar = "whiz"');
+ // }
+
+ /**
+ * Example: Run a simple query when a module is disabled.
+ */
+ // public function disable() {
+ // CRM_Core_DAO::executeQuery('UPDATE foo SET is_active = 0 WHERE bar = "whiz"');
+ // }
+
+ /**
+ * Example: Run a couple simple queries.
+ *
+ * @return TRUE on success
+ * @throws Exception
+ */
+ // public function upgrade_4200(): bool {
+ // $this->ctx->log->info('Applying update 4200');
+ // CRM_Core_DAO::executeQuery('UPDATE foo SET bar = "whiz"');
+ // CRM_Core_DAO::executeQuery('DELETE FROM bang WHERE willy = wonka(2)');
+ // return TRUE;
+ // }
+
+
+ /**
+ * Example: Run an external SQL script.
+ *
+ * @return TRUE on success
+ * @throws Exception
+ */
+ // public function upgrade_4201(): bool {
+ // $this->ctx->log->info('Applying update 4201');
+ // // this path is relative to the extension base dir
+ // $this->executeSqlFile('sql/upgrade_4201.sql');
+ // return TRUE;
+ // }
+
+
+ /**
+ * Example: Run a slow upgrade process by breaking it up into smaller chunk.
+ *
+ * @return TRUE on success
+ * @throws Exception
+ */
+ // public function upgrade_4202(): bool {
+ // $this->ctx->log->info('Planning update 4202'); // PEAR Log interface
+
+ // $this->addTask(E::ts('Process first step'), 'processPart1', $arg1, $arg2);
+ // $this->addTask(E::ts('Process second step'), 'processPart2', $arg3, $arg4);
+ // $this->addTask(E::ts('Process second step'), 'processPart3', $arg5);
+ // return TRUE;
+ // }
+ // public function processPart1($arg1, $arg2) { sleep(10); return TRUE; }
+ // public function processPart2($arg3, $arg4) { sleep(10); return TRUE; }
+ // public function processPart3($arg5) { sleep(10); return TRUE; }
+
+ /**
+ * Example: Run an upgrade with a query that touches many (potentially
+ * millions) of records by breaking it up into smaller chunks.
+ *
+ * @return TRUE on success
+ * @throws Exception
+ */
+ // public function upgrade_4203(): bool {
+ // $this->ctx->log->info('Planning update 4203'); // PEAR Log interface
+
+ // $minId = CRM_Core_DAO::singleValueQuery('SELECT coalesce(min(id),0) FROM civicrm_contribution');
+ // $maxId = CRM_Core_DAO::singleValueQuery('SELECT coalesce(max(id),0) FROM civicrm_contribution');
+ // for ($startId = $minId; $startId <= $maxId; $startId += self::BATCH_SIZE) {
+ // $endId = $startId + self::BATCH_SIZE - 1;
+ // $title = E::ts('Upgrade Batch (%1 => %2)', array(
+ // 1 => $startId,
+ // 2 => $endId,
+ // ));
+ // $sql = '
+ // UPDATE civicrm_contribution SET foobar = whiz(wonky()+wanker)
+ // WHERE id BETWEEN %1 and %2
+ // ';
+ // $params = array(
+ // 1 => array($startId, 'Integer'),
+ // 2 => array($endId, 'Integer'),
+ // );
+ // $this->addTask($title, 'executeSql', $sql, $params);
+ // }
+ // return TRUE;
+ // }
+
+}
--- /dev/null
+<?php
+namespace Civi\Api4;
+
+/**
+ * Role entity.
+ *
+ * Provided by the Standalone Users extension.
+ *
+ * @package Civi\Api4
+ */
+class Role extends Generic\DAOEntity {
+
+}
--- /dev/null
+<?php
+namespace Civi\Api4;
+
+/**
+ * RolePermission entity.
+ *
+ * Provided by the Standalone Users extension.
+ *
+ * @package Civi\Api4
+ */
+class RolePermission extends Generic\DAOEntity {
+
+}
--- /dev/null
+<?php
+namespace Civi\Api4;
+
+/**
+ * User entity.
+ *
+ * Provided by the Standalone Users extension.
+ *
+ * @package Civi\Api4
+ */
+class User extends Generic\DAOEntity {
+
+}
--- /dev/null
+<?php
+namespace Civi\Api4;
+
+/**
+ * UserRole entity.
+ *
+ * Provided by the Standalone Users extension.
+ *
+ * @package Civi\Api4
+ */
+class UserRole extends Generic\DAOEntity {
+
+}
--- /dev/null
+<?php
+/*
+ +--------------------------------------------------------------------+
+ | Copyright CiviCRM LLC. All rights reserved. |
+ | |
+ | This work is published under the GNU AGPLv3 license with some |
+ | permitted exceptions and without any warranty. For full license |
+ | and copyright information, see https://civicrm.org/licensing |
+ +--------------------------------------------------------------------+
+ */
+
+namespace Civi\Authx;
+
+use Civi\Standalone\Security;
+
+class Standalone implements AuthxInterface {
+
+ /**
+ * @inheritDoc
+ */
+ public function checkPassword(string $username, string $password) {
+ $security = Security::singleton();
+ $user = $security->loadUserByName($username);
+ return $security->checkPassword($password, $user['password'] ?? '') ? $user['id'] : NULL;
+ }
+
+ /**
+ * @inheritDoc
+ */
+ public function loginSession($userId) {
+ $this->loginStateless($userId);
+
+ $session = \CRM_Core_Session::singleton();
+ $session->set('ufId', $userId);
+
+ // Identify the contact
+ $contactID = civicrm_api3('UFMatch', 'get', [
+ 'sequential' => 1,
+ 'return' => ['contact_id'],
+ 'uf_id' => $userId
+ ])['values'][0]['contact_id'] ?? NULL;
+ // Confusingly, Civi stores it's *Contact* ID as *userId* on the session.
+ $session->set('userId', $contactID);
+ }
+
+ /**
+ * @inheritDoc
+ */
+ public function logoutSession() {
+ \CRM_Core_Session::singleton()->reset();
+ }
+
+ /**
+ * @inheritDoc
+ */
+ public function loginStateless($userId) {
+ global $loggedInUserId;
+ $loggedInUserId = $userId;
+ }
+
+ /**
+ * @inheritDoc
+ */
+ public function getCurrentUserId() {
+ global $loggedInUserId;
+ if (empty($loggedInUserId) && session_status() === PHP_SESSION_ACTIVE) {
+ $loggedInUserId = \CRM_Core_Session::singleton()->get('ufId');
+ }
+ return $loggedInUserId;
+ }
+
+}
--- /dev/null
+<?php
+namespace Civi\Standalone;
+
+use CRM_Core_Session;
+
+/**
+ * This is a single home for security related functions for Civi Standalone.
+ *
+ * Things may yet move around in the codebase; at the time of writing this helps
+ * keep core PRs to a minimum.
+ *
+ */
+class Security {
+
+ public const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+
+ public static $minHashCount = 7;
+ public static $maxHashCount = 30;
+ public static $hashLength = 55;
+ public static $hashMethod = 'sha512';
+
+
+ /**
+ * @return static
+ */
+ public static function singleton() {
+ if (!isset(\Civi::$statics[__METHOD__])) {
+ \Civi::$statics[__METHOD__] = new static();
+ }
+ return \Civi::$statics[__METHOD__];
+ }
+
+ /**
+ * Check whether a password matches a hashed version.
+ */
+ public function checkPassword(string $plaintextPassword, string $storedHashedPassword): bool {
+ $type = substr($storedHashedPassword, 0, 3);
+ switch ($type) {
+ case '$S$':
+ // A normal Drupal 7 password.
+ $hash = $this->_password_crypt(static::$hashMethod, $plaintextPassword, $storedHashedPassword);
+ break;
+ default:
+ // Invalid password
+ return FALSE;
+ }
+ return hash_equals($storedHashedPassword, $hash);
+ }
+
+ /**
+ * CRM_Core_Permission_Standalone::check() delegates here.
+ *
+ * @param string $str
+ * The permission to check.
+ *
+ * @param int $userID
+ * It is unclear if this typehint is true: The Drupal version has a default NULL!
+ *
+ * @return bool
+ * true if yes, else false
+ */
+ public function checkPermission(\CRM_Core_Permission_Standalone $permissionObject, string $permissionName, $userID) {
+
+ // I think null means the current logged-in user
+ $userID = $userID ?? $this->getLoggedInUfID();
+
+ if (!$userID) {
+ // permissions for anonymous user. @todo
+ return FALSE;
+ }
+
+ // @todo handle anonymous permissions!
+ // No permissions yet; load them now.
+ $found = \Civi\Api4\RolePermission::get(FALSE)
+ ->selectRowCount()
+ ->addJoin('UserRole AS user_role', 'INNER',
+ ['role_id', '=', 'user_role.role_id'],
+ ['user_role.user_id', '=', $userID])
+ ->addWhere('permission', '=', $permissionName)
+ ->execute()->countMatched();
+ return (bool) $found;
+ }
+
+ /**
+ */
+ public function getUserIDFromUsername(string $username): ?int {
+ return \Civi\Api4\User::get(FALSE)
+ ->addWhere('username', '=', $username)
+ ->execute()
+ ->single()['id'] ?? NULL;
+ }
+
+ /**
+ * Load an active user by username.
+ *
+ * @return array|bool FALSE if not found.
+ */
+ public function loadUserByName(string $username) {
+ $user = \Civi\Api4\User::get(FALSE)
+ ->addWhere('username', '=', $username)
+ ->addWhere('is_active', '=', TRUE)
+ ->execute()->first() ?? [];
+ if ($user) {
+ return $user;
+ }
+ return FALSE;
+ }
+
+ /**
+ * Load an active user by internal user ID.
+ *
+ * @return array|bool FALSE if not found.
+ */
+ public function loadUserByID(int $userID) {
+ $user = \Civi\Api4\User::get(FALSE)
+ ->addWhere('id', '=', $userID)
+ ->addWhere('is_active', '=', TRUE)
+ ->execute()->first() ?? [];
+ if ($user) {
+ return $user;
+ }
+ return FALSE;
+ }
+
+ /**
+ */
+ public function logoutUser() {
+ // @todo
+ }
+
+ /**
+ * Create a user in the CMS.
+ *
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ *
+ * @param array $params keys:
+ * - 'cms_name'
+ * - 'cms_pass' plaintext password
+ * - 'notify' boolean
+ * @param string $mail
+ * Email id for cms user.
+ *
+ * @return int|bool
+ * uid if user was created, false otherwise
+ */
+ public function createUser(&$params, $mail) {
+ try {
+ // Q. should this be in the api for User.create?
+ $hashedPassword = $this->_password_crypt(static::$hashMethod, $params['cms_pass'], $this->_password_generate_salt());
+
+ $userID = \Civi\Api4\User::create(FALSE)
+ ->addValue('username', $params['cms_name'])
+ ->addValue('email', $mail)
+ ->addValue('password', $hashedPassword)
+ ->execute()->single()['id'];
+ }
+ catch (\Exception $e) {
+ \Civi::log()->warning("Failed to create user '$mail': " . $e->getMessage());
+ return FALSE;
+ }
+
+ // @todo This is what Drupal does, but it's unclear why.
+ // I think it assumes we want to be logged in as this contact, and as there's no uf match, it's not in civi.
+ // But I'm not sure if we are always becomming this user; I'm not sure waht calls this function.
+ // CRM_Core_Config::singleton()->inCiviCRM = FALSE;
+
+ return (int) $userID;
+ }
+
+ /**
+ * Update a user's email
+ *
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ */
+ public function updateCMSName($ufID, $email) {
+ \Civi\Api4\User::update(FALSE)
+ ->addWhere('id', '=', $ufID)
+ ->addValue('email', $email)
+ ->execute();
+ }
+
+ /**
+ * Authenticate the user against the CMS db.
+ *
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ *
+ * @param string $name
+ * The user name.
+ * @param string $password
+ * The password for the above user.
+ * @param bool $loadCMSBootstrap
+ * Load cms bootstrap?.
+ * @param string $realPath
+ * Filename of script
+ *
+ * @return array|bool
+ * [contactID, ufID, unique string] else false if no auth
+ * @throws \CRM_Core_Exception.
+ */
+ public function authenticate($name, $password, $loadCMSBootstrap = FALSE, $realPath = NULL) {
+
+ // this comment + session lines: copied from Drupal's implementation in case it's important...
+ /* Before we do any loading, let's start the session and write to it.
+ * We typically call authenticate only when we need to bootstrap the CMS
+ * directly via Civi and hence bypass the normal CMS auth and bootstrap
+ * process typically done in CLI and cron scripts. See: CRM-12648
+ */
+ $session = CRM_Core_Session::singleton();
+ $session->set('civicrmInitSession', TRUE);
+
+ $user = $this->loadUserByName($name);
+
+ if (!$this->checkPassword($password, $user['password'] ?? '')) {
+ return FALSE;
+ }
+
+ // Note: random_int is more appropriate for cryptographical use than mt_rand
+ // The long number is the max 32 bit value.
+ return [$user['contact_id'], $user['id'], random_int(0, 2147483647)];
+ }
+
+ /**
+ * Currently only used by CRM_Utils_System_Standalone::loadBootstrap
+ */
+ public function loginAuthenticatedUserRecord(array $user, bool $withSession) {
+ $authX = new \Civi\Authx\Standalone();
+ if ($withSession) {
+ $authX->loginSession($user['id']);
+ }
+ else {
+ $authX->loginStateless($user['id']);
+ }
+ }
+
+ /**
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ */
+ public function isUserLoggedIn(): bool {
+ return !empty($this->getLoggedInUfID());
+ }
+
+ public function getCurrentLanguage() {
+ // @todo
+ \Civi::log()->debug('CRM_Utils_System_Standalone::getCurrentLanguage: not implemented');
+ return NULL;
+ }
+
+ /**
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ */
+ public function getLoggedInUfID(): ?int {
+ $authX = new \Civi\Authx\Standalone();
+ return $authX->getCurrentUserId();
+ }
+
+ /**
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ */
+ public function languageNegotiationURL($url, $addLanguagePart = TRUE, $removeLanguagePart = FALSE) {
+ // @todo
+ return $url;
+ }
+
+ /**
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ * Return the CMS-specific url for its permissions page
+ * @return array
+ */
+ public function getCMSPermissionsUrlParams() {
+ return ['ufAccessURL' => '/fixme/standalone/permissions/url/params'];
+ }
+
+ /**
+ * Since our User entity contains a FK to a contact, it's not possible for a User to exist without a contact.
+ *
+ * @todo review this (what if contact is deleted?)
+ */
+ public function synchronizeUsers() {
+
+ $userCount = \Civi\Api4\User::get(FALSE)->selectRowCount()->execute()->countMatched();
+ return [
+ 'contactCount' => $userCount,
+ 'contactMatching' => $userCount,
+ 'contactCreated' => 0,
+ ];
+ }
+
+ /**
+ * This is taken from Drupal 7.91
+ *
+ * Hash a password using a secure stretched hash.
+ *
+ * By using a salt and repeated hashing the password is "stretched". Its
+ * security is increased because it becomes much more computationally costly
+ * for an attacker to try to break the hash by brute-force computation of the
+ * hashes of a large number of plain-text words or strings to find a match.
+ *
+ * @param $algo
+ * The string name of a hashing algorithm usable by hash(), like 'sha256'.
+ * @param $password
+ * Plain-text password up to 512 bytes (128 to 512 UTF-8 characters) to hash.
+ * @param $setting
+ * An existing hash or the output of _password_generate_salt(). Must be
+ * at least 12 characters (the settings and salt).
+ *
+ * @return
+ * A string containing the hashed password (and salt) or FALSE on failure.
+ * The return string will be truncated at DRUPAL_HASH_LENGTH characters max.
+ */
+ public function _password_crypt($algo, $password, $setting) {
+ // Prevent DoS attacks by refusing to hash large passwords.
+ if (strlen($password) > 512) {
+ return FALSE;
+ }
+ // The first 12 characters of an existing hash are its setting string.
+ $setting = substr($setting, 0, 12);
+
+ if ($setting[0] != '$' || $setting[2] != '$') {
+ return FALSE;
+ }
+
+ $count_log2 = strpos(self::ITOA64, $setting[3]);
+
+ // Hashes may be imported from elsewhere, so we allow != DRUPAL_HASH_COUNT
+ if ($count_log2 < self::$minHashCount || $count_log2 > self::$maxHashCount) {
+ return FALSE;
+ }
+ $salt = substr($setting, 4, 8);
+ // Hashes must have an 8 character salt.
+ if (strlen($salt) != 8) {
+ return FALSE;
+ }
+
+ // Convert the base 2 logarithm into an integer.
+ $count = 1 << $count_log2;
+ $hash = hash($algo, $password, TRUE);
+ do {
+ $hash = hash($algo, $hash . $password, TRUE);
+ } while (--$count);
+
+ $len = strlen($hash);
+ $output = $setting . $this->_password_base64_encode($hash, $len);
+ // _password_base64_encode() of a 16 byte MD5 will always be 22 characters.
+ // _password_base64_encode() of a 64 byte sha512 will always be 86 characters.
+ $expected = 12 + ceil((8 * $len) / 6);
+ return (strlen($output) == $expected) ? substr($output, 0, self::$hashLength) : FALSE;
+ }
+
+ /**
+ * This is taken from Drupal 7.91
+ *
+ * Generates a random base 64-encoded salt prefixed with settings for the hash.
+ *
+ * Proper use of salts may defeat a number of attacks, including:
+ * - The ability to try candidate passwords against multiple hashes at once.
+ * - The ability to use pre-hashed lists of candidate passwords.
+ * - The ability to determine whether two users have the same (or different)
+ * password without actually having to guess one of the passwords.
+ *
+ * @param $count_log2
+ * Integer that determines the number of iterations used in the hashing
+ * process. A larger value is more secure, but takes more time to complete.
+ *
+ * @return
+ * A 12 character string containing the iteration count and a random salt.
+ */
+ public function _password_generate_salt($count_log2 = NULL) {
+
+ // Standalone: D7 has this stored as a CMS variable setting.
+ // @todo use global setting that can be changed in civicrm.settings.php
+ // For now, we just pick a value half way between our hard-coded min and max.
+ if ($count_log2 === NULL) {
+ $count_log2 = (int) ((static::$maxHashCount + static::$minHashCount)/2);
+ }
+ $output = '$S$';
+ // Ensure that $count_log2 is within set bounds.
+ $count_log2 = max(static::$minHashCount, min(static::$maxHashCount, $count_log2));
+ // We encode the final log2 iteration count in base 64.
+ $output .= self::ITOA64[$count_log2];
+ // 6 bytes is the standard salt for a portable phpass hash.
+ $output .= $this->_password_base64_encode(random_bytes(6), 6);
+ return $output;
+ }
+
+
+ /**
+ * This is taken from Drupal 7.91
+ *
+ * Encodes bytes into printable base 64 using the *nix standard from crypt().
+ *
+ * @param $input
+ * The string containing bytes to encode.
+ * @param $count
+ * The number of characters (bytes) to encode.
+ *
+ * @return
+ * Encoded string
+ */
+ public function _password_base64_encode($input, $count) {
+ $output = '';
+ $i = 0;
+ $itoa64 = self::ITOA64;
+ do {
+ $value = ord($input[$i++]);
+ $output .= $itoa64[$value & 0x3f];
+ if ($i < $count) {
+ $value |= ord($input[$i]) << 8;
+ }
+ $output .= $itoa64[($value >> 6) & 0x3f];
+ if ($i++ >= $count) {
+ break;
+ }
+ if ($i < $count) {
+ $value |= ord($input[$i]) << 16;
+ }
+ $output .= $itoa64[($value >> 12) & 0x3f];
+ if ($i++ >= $count) {
+ break;
+ }
+ $output .= $itoa64[($value >> 18) & 0x3f];
+ } while ($i < $count);
+
+ return $output;
+ }
+}
--- /dev/null
+Package: standaloneusers
+Copyright (C) 2022, Rich Lott / Artful Robot <code.commits@artfulrobot.uk>
+Licensed under the GNU Affero Public License 3.0 (below).
+
+-------------------------------------------------------------------------------
+
+ GNU AFFERO GENERAL PUBLIC LICENSE
+ Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+ A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate. Many developers of free software are heartened and
+encouraged by the resulting cooperation. However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+ The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community. It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server. Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+ An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals. This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU Affero General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Remote Network Interaction; Use with the GNU General Public License.
+
+ Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software. This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time. Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source. For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code. There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<http://www.gnu.org/licenses/>.
--- /dev/null
+# Users, Roles, Permissions for Standalone CiviCRM
+
+**⚠️ Do not use this extension if you have CiviCRM installed the normal way (e.g. on Drupal, WordPress, Joomla, Backdrop...)!**
+
+This is only for people running [CiviCRM Standalone](https://github.com/civicrm/civicrm-standalone/) which is currently highly experimental, insecure and definitely NOT for production use!
+
+Normally, CiviCRM sits atop a CMS which provides role-based authentication: users can login, users are granted different roles, roles are granted different permissions. But standalone doesn't have these structures and relies on this extension for them.
+
+The extension is licensed under [AGPL-3.0](LICENSE.txt).
+
+## Requirements
+
+* PHP v7.4+
+* CiviCRM (standalone)
+
+
+## Getting started
+
+First, get standalone set up - e.g. you can see the admin interface up and running.
+
+Next configure AuthX from **Administer » System Settings » Authentication**. You'll need to add **User Password** to the **Acceptable credentials (HTTP Session Login) select. And hit Save.
+
+Now you can install this extension from the command line. (Clone this repo into web/upload/ext/ then enable it with `cv en standaloneusers`).
+
+On install, an account is created, user `admin`, and the password is printed on the console. The admin user is granted all permissions.
+
+Now if you try to load your site it should fail: you've got no access rights.
+
+At this stage, because you're moving from a system that had no concept of users to one that does, you'll need to clear your browser cookies for the site, otherwise login will get confused (You may see a "session already active" authx error.)
+
+Done that? Then head to `/civicrm/login`, enter your credentials and hopefully you're now back in the admin interface!
+
+
+
+## Conventions
+
+From the `Civi\Auth\Standalone` class, the User.id is stored in the global `$loggedInUserId` and when there's a session, under the key `ufId`.
--- /dev/null
+<div af-fieldset="">
+ <div class="af-markup">
+ <div class="help">
+ </div>
+ </div>
+ <crm-search-display-table search-name="Administer_Users" display-name="Users_Table"></crm-search-display-table>
+</div>
+
--- /dev/null
+{
+ "type": "search",
+ "title": "Users",
+ "description": "Administer users",
+ "icon": "fa-list-alt",
+ "server_route": "civicrm/admin/users",
+ "permission": "access CiviCRM"
+}
+
--- /dev/null
+<?xml version="1.0"?>
+<extension key="standaloneusers" type="module">
+ <file>standaloneusers</file>
+ <name>Standalone Users</name>
+ <description>Provides user management, roles, permissions for standalone CiviCRM.</description>
+ <license>AGPL-3.0</license>
+ <maintainer>
+ <author>Rich Lott / Artful Robot</author>
+ <email>code.commits@artfulrobot.uk</email>
+ </maintainer>
+ <urls>
+ <url desc="Main Extension Page">http://FIXME</url>
+ <url desc="Documentation">http://FIXME</url>
+ <url desc="Support">http://FIXME</url>
+ <url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
+ </urls>
+ <releaseDate>2022-11-11</releaseDate>
+ <version>1.0</version>
+ <develStage>alpha</develStage>
+ <compatibility>
+ <ver>5.38</ver>
+ </compatibility>
+ <requires>
+ <ext>org.civicrm.search_kit</ext>
+ <ext>authx</ext>
+ <ext>org.civicrm.afform</ext>
+ </requires>
+ <comments>Don't enable this on a standard CMS-based install!</comments>
+ <classloader>
+ <psr4 prefix="Civi\" path="Civi"/>
+ <psr0 prefix="CRM_" path="."/>
+ </classloader>
+ <civix>
+ <namespace>CRM/Standaloneusers</namespace>
+ <format>22.12.1</format>
+ <angularModule>crmStandaloneusers</angularModule>
+ </civix>
+ <mixins>
+ <mixin>mgd-php@1.0.0</mixin>
+ <mixin>setting-php@1.0.0</mixin>
+ <mixin>menu-xml@1.0.0</mixin>
+ </mixins>
+ <upgrader>CRM_Standaloneusers_Upgrader</upgrader>
+</extension>
--- /dev/null
+<?php
+
+/**
+ * Auto-register "xml/Menu/*.xml" files.
+ *
+ * @mixinName menu-xml
+ * @mixinVersion 1.0.0
+ *
+ * @param CRM_Extension_MixInfo $mixInfo
+ * On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ * @param \CRM_Extension_BootCache $bootCache
+ * On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ */
+return function ($mixInfo, $bootCache) {
+
+ /**
+ * @param \Civi\Core\Event\GenericHookEvent $e
+ * @see CRM_Utils_Hook::xmlMenu()
+ */
+ Civi::dispatcher()->addListener('hook_civicrm_xmlMenu', function ($e) use ($mixInfo) {
+ if (!$mixInfo->isActive()) {
+ return;
+ }
+
+ $files = (array) glob($mixInfo->getPath('xml/Menu/*.xml'));
+ foreach ($files as $file) {
+ $e->files[] = $file;
+ }
+ });
+
+};
--- /dev/null
+<?php
+
+/**
+ * Auto-register "**.mgd.php" files.
+ *
+ * @mixinName mgd-php
+ * @mixinVersion 1.0.0
+ *
+ * @param CRM_Extension_MixInfo $mixInfo
+ * On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ * @param \CRM_Extension_BootCache $bootCache
+ * On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ */
+return function ($mixInfo, $bootCache) {
+
+ /**
+ * @param \Civi\Core\Event\GenericHookEvent $e
+ * @see CRM_Utils_Hook::managed()
+ */
+ Civi::dispatcher()->addListener('hook_civicrm_managed', function ($event) use ($mixInfo) {
+ // When deactivating on a polyfill/pre-mixin system, listeners may not cleanup automatically.
+ if (!$mixInfo->isActive()) {
+ return;
+ }
+
+ $mgdFiles = CRM_Utils_File::findFiles($mixInfo->getPath(), '*.mgd.php');
+ sort($mgdFiles);
+ foreach ($mgdFiles as $file) {
+ $es = include $file;
+ foreach ($es as $e) {
+ if (empty($e['module'])) {
+ $e['module'] = $mixInfo->longName;
+ }
+ if (empty($e['params']['version'])) {
+ $e['params']['version'] = '3';
+ }
+ $event->entities[] = $e;
+ }
+ }
+ });
+
+};
--- /dev/null
+<?php
+
+/**
+ * When deploying on systems that lack mixin support, fake it.
+ *
+ * @mixinFile polyfill.php
+ *
+ * This polyfill does some (persnickity) deduplication, but it doesn't allow upgrades or shipping replacements in core.
+ *
+ * Note: The polyfill.php is designed to be copied into extensions for interoperability. Consequently, this file is
+ * not used 'live' by `civicrm-core`. However, the file does need a canonical home, and it's convenient to keep it
+ * adjacent to the actual mixin files.
+ *
+ * @param string $longName
+ * @param string $shortName
+ * @param string $basePath
+ */
+return function ($longName, $shortName, $basePath) {
+ // Construct imitations of the mixin services. These cannot work as well (e.g. with respect to
+ // number of file-reads, deduping, upgrading)... but they should be OK for a few months while
+ // the mixin services become available.
+
+ // List of active mixins; deduped by version
+ $mixinVers = [];
+ foreach ((array) glob($basePath . '/mixin/*.mixin.php') as $f) {
+ [$name, $ver] = explode('@', substr(basename($f), 0, -10));
+ if (!isset($mixinVers[$name]) || version_compare($ver, $mixinVers[$name], '>')) {
+ $mixinVers[$name] = $ver;
+ }
+ }
+ $mixins = [];
+ foreach ($mixinVers as $name => $ver) {
+ $mixins[] = "$name@$ver";
+ }
+
+ // Imitate CRM_Extension_MixInfo.
+ $mixInfo = new class() {
+
+ /**
+ * @var string
+ */
+ public $longName;
+
+ /**
+ * @var string
+ */
+ public $shortName;
+
+ public $_basePath;
+
+ public function getPath($file = NULL) {
+ return $this->_basePath . ($file === NULL ? '' : (DIRECTORY_SEPARATOR . $file));
+ }
+
+ public function isActive() {
+ return \CRM_Extension_System::singleton()->getMapper()->isActiveModule($this->shortName);
+ }
+
+ };
+ $mixInfo->longName = $longName;
+ $mixInfo->shortName = $shortName;
+ $mixInfo->_basePath = $basePath;
+
+ // Imitate CRM_Extension_BootCache.
+ $bootCache = new class() {
+
+ public function define($name, $callback) {
+ $envId = \CRM_Core_Config_Runtime::getId();
+ $oldExtCachePath = \Civi::paths()->getPath("[civicrm.compile]/CachedExtLoader.{$envId}.php");
+ $stat = stat($oldExtCachePath);
+ $file = Civi::paths()->getPath('[civicrm.compile]/CachedMixin.' . md5($name . ($stat['mtime'] ?? 0)) . '.php');
+ if (file_exists($file)) {
+ return include $file;
+ }
+ else {
+ $data = $callback();
+ file_put_contents($file, '<' . "?php\nreturn " . var_export($data, 1) . ';');
+ return $data;
+ }
+ }
+
+ };
+
+ // Imitate CRM_Extension_MixinLoader::run()
+ // Parse all live mixins before trying to scan any classes.
+ global $_CIVIX_MIXIN_POLYFILL;
+ foreach ($mixins as $mixin) {
+ // If the exact same mixin is defined by multiple exts, just use the first one.
+ if (!isset($_CIVIX_MIXIN_POLYFILL[$mixin])) {
+ $_CIVIX_MIXIN_POLYFILL[$mixin] = include_once $basePath . '/mixin/' . $mixin . '.mixin.php';
+ }
+ }
+ foreach ($mixins as $mixin) {
+ // If there's trickery about installs/uninstalls/resets, then we may need to register a second time.
+ if (!isset(\Civi::$statics[__FUNCTION__][$mixin])) {
+ \Civi::$statics[__FUNCTION__][$mixin] = 1;
+ $func = $_CIVIX_MIXIN_POLYFILL[$mixin];
+ $func($mixInfo, $bootCache);
+ }
+ }
+};
--- /dev/null
+<?php
+
+/**
+ * Auto-register "settings/*.setting.php" files.
+ *
+ * @mixinName setting-php
+ * @mixinVersion 1.0.0
+ *
+ * @param CRM_Extension_MixInfo $mixInfo
+ * On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ * @param \CRM_Extension_BootCache $bootCache
+ * On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ */
+return function ($mixInfo, $bootCache) {
+
+ /**
+ * @param \Civi\Core\Event\GenericHookEvent $e
+ * @see CRM_Utils_Hook::alterSettingsFolders()
+ */
+ Civi::dispatcher()->addListener('hook_civicrm_alterSettingsFolders', function ($e) use ($mixInfo) {
+ // When deactivating on a polyfill/pre-mixin system, listeners may not cleanup automatically.
+ if (!$mixInfo->isActive()) {
+ return;
+ }
+
+ $settingsDir = $mixInfo->getPath('settings');
+ if (!in_array($settingsDir, $e->settingsFolders) && is_dir($settingsDir)) {
+ $e->settingsFolders[] = $settingsDir;
+ }
+ });
+
+};
--- /dev/null
+<?xml version="1.0"?>
+<phpunit backupGlobals="false" backupStaticAttributes="false" colors="true" convertErrorsToExceptions="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" convertDeprecationsToExceptions="true" processIsolation="false" stopOnFailure="false" cacheResult="false" bootstrap="tests/phpunit/bootstrap.php">
+ <testsuites>
+ <testsuite name="My Test Suite">
+ <directory>./tests/phpunit</directory>
+ </testsuite>
+ </testsuites>
+ <filter>
+ <whitelist>
+ <directory suffix=".php">./</directory>
+ </whitelist>
+ </filter>
+ <listeners>
+ <listener class="Civi\Test\CiviTestListener">
+ <arguments/>
+ </listener>
+ </listeners>
+</phpunit>
--- /dev/null
+-- +--------------------------------------------------------------------+
+-- | Copyright CiviCRM LLC. All rights reserved. |
+-- | |
+-- | This work is published under the GNU AGPLv3 license with some |
+-- | permitted exceptions and without any warranty. For full license |
+-- | and copyright information, see https://civicrm.org/licensing |
+-- +--------------------------------------------------------------------+
+--
+-- Generated from schema.tpl
+-- DO NOT EDIT. Generated by CRM_Core_CodeGen
+--
+-- /*******************************************************
+-- *
+-- * Clean up the existing tables - this section generated from drop.tpl
+-- *
+-- *******************************************************/
+
+SET FOREIGN_KEY_CHECKS=0;
+
+DROP TABLE IF EXISTS `civicrm_user_role`;
+DROP TABLE IF EXISTS `civicrm_user`;
+DROP TABLE IF EXISTS `civicrm_role_permission`;
+DROP TABLE IF EXISTS `civicrm_role`;
+
+SET FOREIGN_KEY_CHECKS=1;
+-- /*******************************************************
+-- *
+-- * Create new tables
+-- *
+-- *******************************************************/
+
+-- /*******************************************************
+-- *
+-- * civicrm_role
+-- *
+-- * Permissions are assigned to roles which are assigned to users
+-- *
+-- *******************************************************/
+CREATE TABLE `civicrm_role` (
+ `id` int unsigned NOT NULL AUTO_INCREMENT COMMENT 'Unique Role ID',
+ `name` varchar(64) NOT NULL,
+ PRIMARY KEY (`id`),
+ UNIQUE INDEX `index_name`(name)
+)
+ENGINE=InnoDB;
+
+-- /*******************************************************
+-- *
+-- * civicrm_role_permission
+-- *
+-- * Assigns permissions to roles
+-- *
+-- *******************************************************/
+CREATE TABLE `civicrm_role_permission` (
+ `id` int unsigned NOT NULL AUTO_INCREMENT COMMENT 'Unique RolePermission ID',
+ `role_id` int unsigned COMMENT 'FK to Role',
+ `permission` varchar(60) NOT NULL COMMENT 'A single permission granted to this role',
+ PRIMARY KEY (`id`),
+ CONSTRAINT FK_civicrm_role_permission_role_id FOREIGN KEY (`role_id`) REFERENCES `civicrm_role`(`id`) ON DELETE CASCADE
+)
+ENGINE=InnoDB;
+
+-- /*******************************************************
+-- *
+-- * civicrm_user
+-- *
+-- * A standalone user account
+-- *
+-- *******************************************************/
+CREATE TABLE `civicrm_user` (
+ `id` int unsigned NOT NULL AUTO_INCREMENT COMMENT 'Unique User ID',
+ `contact_id` int unsigned COMMENT 'FK to Contact',
+ `username` varchar(60) NOT NULL,
+ `password` varchar(128) NOT NULL COMMENT 'Hashed password',
+ `email` varchar(255) NOT NULL COMMENT 'Email (e.g. for password resets)',
+ `when_created` timestamp DEFAULT CURRENT_TIMESTAMP,
+ `when_last_accessed` timestamp NULL,
+ `when_updated` timestamp NULL,
+ `is_active` tinyint NOT NULL DEFAULT 1,
+ `timezone` varchar(32) NULL COMMENT 'User\'s timezone',
+ `language` varchar(12) NULL COMMENT 'User\'s language',
+ PRIMARY KEY (`id`),
+ UNIQUE INDEX `index_username`(username),
+ CONSTRAINT FK_civicrm_user_contact_id FOREIGN KEY (`contact_id`) REFERENCES `civicrm_contact`(`id`) ON DELETE CASCADE
+)
+ENGINE=InnoDB;
+
+-- /*******************************************************
+-- *
+-- * civicrm_user_role
+-- *
+-- * Assigns Roles to Users
+-- *
+-- *******************************************************/
+CREATE TABLE `civicrm_user_role` (
+ `id` int unsigned NOT NULL AUTO_INCREMENT COMMENT 'Unique UserRole ID',
+ `user_id` int unsigned COMMENT 'FK to User',
+ `role_id` int unsigned COMMENT 'FK to role',
+ PRIMARY KEY (`id`),
+ INDEX `index_user_role`(user_id, role_id),
+ CONSTRAINT FK_civicrm_user_role_user_id FOREIGN KEY (`user_id`) REFERENCES `civicrm_user`(`id`) ON DELETE CASCADE,
+ CONSTRAINT FK_civicrm_user_role_role_id FOREIGN KEY (`role_id`) REFERENCES `civicrm_role`(`id`) ON DELETE CASCADE
+)
+ENGINE=InnoDB;
--- /dev/null
+-- +--------------------------------------------------------------------+
+-- | Copyright CiviCRM LLC. All rights reserved. |
+-- | |
+-- | This work is published under the GNU AGPLv3 license with some |
+-- | permitted exceptions and without any warranty. For full license |
+-- | and copyright information, see https://civicrm.org/licensing |
+-- +--------------------------------------------------------------------+
+--
+-- Generated from drop.tpl
+-- DO NOT EDIT. Generated by CRM_Core_CodeGen
+---- /*******************************************************
+-- *
+-- * Clean up the existing tables-- *
+-- *******************************************************/
+
+SET FOREIGN_KEY_CHECKS=0;
+
+DROP TABLE IF EXISTS `civicrm_user_role`;
+DROP TABLE IF EXISTS `civicrm_user`;
+DROP TABLE IF EXISTS `civicrm_role_permission`;
+DROP TABLE IF EXISTS `civicrm_role`;
+
+SET FOREIGN_KEY_CHECKS=1;
\ No newline at end of file
--- /dev/null
+<?php
+
+// AUTO-GENERATED FILE -- Civix may overwrite any changes made to this file
+
+/**
+ * The ExtensionUtil class provides small stubs for accessing resources of this
+ * extension.
+ */
+class CRM_Standaloneusers_ExtensionUtil {
+ const SHORT_NAME = 'standaloneusers';
+ const LONG_NAME = 'standaloneusers';
+ const CLASS_PREFIX = 'CRM_Standaloneusers';
+
+ /**
+ * Translate a string using the extension's domain.
+ *
+ * If the extension doesn't have a specific translation
+ * for the string, fallback to the default translations.
+ *
+ * @param string $text
+ * Canonical message text (generally en_US).
+ * @param array $params
+ * @return string
+ * Translated text.
+ * @see ts
+ */
+ public static function ts($text, $params = []): string {
+ if (!array_key_exists('domain', $params)) {
+ $params['domain'] = [self::LONG_NAME, NULL];
+ }
+ return ts($text, $params);
+ }
+
+ /**
+ * Get the URL of a resource file (in this extension).
+ *
+ * @param string|NULL $file
+ * Ex: NULL.
+ * Ex: 'css/foo.css'.
+ * @return string
+ * Ex: 'http://example.org/sites/default/ext/org.example.foo'.
+ * Ex: 'http://example.org/sites/default/ext/org.example.foo/css/foo.css'.
+ */
+ public static function url($file = NULL): string {
+ if ($file === NULL) {
+ return rtrim(CRM_Core_Resources::singleton()->getUrl(self::LONG_NAME), '/');
+ }
+ return CRM_Core_Resources::singleton()->getUrl(self::LONG_NAME, $file);
+ }
+
+ /**
+ * Get the path of a resource file (in this extension).
+ *
+ * @param string|NULL $file
+ * Ex: NULL.
+ * Ex: 'css/foo.css'.
+ * @return string
+ * Ex: '/var/www/example.org/sites/default/ext/org.example.foo'.
+ * Ex: '/var/www/example.org/sites/default/ext/org.example.foo/css/foo.css'.
+ */
+ public static function path($file = NULL) {
+ // return CRM_Core_Resources::singleton()->getPath(self::LONG_NAME, $file);
+ return __DIR__ . ($file === NULL ? '' : (DIRECTORY_SEPARATOR . $file));
+ }
+
+ /**
+ * Get the name of a class within this extension.
+ *
+ * @param string $suffix
+ * Ex: 'Page_HelloWorld' or 'Page\\HelloWorld'.
+ * @return string
+ * Ex: 'CRM_Foo_Page_HelloWorld'.
+ */
+ public static function findClass($suffix) {
+ return self::CLASS_PREFIX . '_' . str_replace('\\', '_', $suffix);
+ }
+
+}
+
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+function _standaloneusers_civix_mixin_polyfill() {
+ if (!class_exists('CRM_Extension_MixInfo')) {
+ $polyfill = __DIR__ . '/mixin/polyfill.php';
+ (require $polyfill)(E::LONG_NAME, E::SHORT_NAME, E::path());
+ }
+}
+
+/**
+ * (Delegated) Implements hook_civicrm_config().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_config
+ */
+function _standaloneusers_civix_civicrm_config(&$config = NULL) {
+ static $configured = FALSE;
+ if ($configured) {
+ return;
+ }
+ $configured = TRUE;
+
+ $template = CRM_Core_Smarty::singleton();
+
+ $extRoot = __DIR__ . DIRECTORY_SEPARATOR;
+ $extDir = $extRoot . 'templates';
+
+ if (is_array($template->template_dir)) {
+ array_unshift($template->template_dir, $extDir);
+ }
+ else {
+ $template->template_dir = [$extDir, $template->template_dir];
+ }
+
+ $include_path = $extRoot . PATH_SEPARATOR . get_include_path();
+ set_include_path($include_path);
+ _standaloneusers_civix_mixin_polyfill();
+}
+
+/**
+ * Implements hook_civicrm_install().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_install
+ */
+function _standaloneusers_civix_civicrm_install() {
+ _standaloneusers_civix_civicrm_config();
+ _standaloneusers_civix_mixin_polyfill();
+}
+
+/**
+ * (Delegated) Implements hook_civicrm_enable().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_enable
+ */
+function _standaloneusers_civix_civicrm_enable(): void {
+ _standaloneusers_civix_civicrm_config();
+ _standaloneusers_civix_mixin_polyfill();
+}
+
+/**
+ * Inserts a navigation menu item at a given place in the hierarchy.
+ *
+ * @param array $menu - menu hierarchy
+ * @param string $path - path to parent of this item, e.g. 'my_extension/submenu'
+ * 'Mailing', or 'Administer/System Settings'
+ * @param array $item - the item to insert (parent/child attributes will be
+ * filled for you)
+ *
+ * @return bool
+ */
+function _standaloneusers_civix_insert_navigation_menu(&$menu, $path, $item) {
+ // If we are done going down the path, insert menu
+ if (empty($path)) {
+ $menu[] = [
+ 'attributes' => array_merge([
+ 'label' => CRM_Utils_Array::value('name', $item),
+ 'active' => 1,
+ ], $item),
+ ];
+ return TRUE;
+ }
+ else {
+ // Find an recurse into the next level down
+ $found = FALSE;
+ $path = explode('/', $path);
+ $first = array_shift($path);
+ foreach ($menu as $key => &$entry) {
+ if ($entry['attributes']['name'] == $first) {
+ if (!isset($entry['child'])) {
+ $entry['child'] = [];
+ }
+ $found = _standaloneusers_civix_insert_navigation_menu($entry['child'], implode('/', $path), $item);
+ }
+ }
+ return $found;
+ }
+}
+
+/**
+ * (Delegated) Implements hook_civicrm_navigationMenu().
+ */
+function _standaloneusers_civix_navigationMenu(&$nodes) {
+ if (!is_callable(['CRM_Core_BAO_Navigation', 'fixNavigationMenu'])) {
+ _standaloneusers_civix_fixNavigationMenu($nodes);
+ }
+}
+
+/**
+ * Given a navigation menu, generate navIDs for any items which are
+ * missing them.
+ */
+function _standaloneusers_civix_fixNavigationMenu(&$nodes) {
+ $maxNavID = 1;
+ array_walk_recursive($nodes, function($item, $key) use (&$maxNavID) {
+ if ($key === 'navID') {
+ $maxNavID = max($maxNavID, $item);
+ }
+ });
+ _standaloneusers_civix_fixNavigationMenuItems($nodes, $maxNavID, NULL);
+}
+
+function _standaloneusers_civix_fixNavigationMenuItems(&$nodes, &$maxNavID, $parentID) {
+ $origKeys = array_keys($nodes);
+ foreach ($origKeys as $origKey) {
+ if (!isset($nodes[$origKey]['attributes']['parentID']) && $parentID !== NULL) {
+ $nodes[$origKey]['attributes']['parentID'] = $parentID;
+ }
+ // If no navID, then assign navID and fix key.
+ if (!isset($nodes[$origKey]['attributes']['navID'])) {
+ $newKey = ++$maxNavID;
+ $nodes[$origKey]['attributes']['navID'] = $newKey;
+ $nodes[$newKey] = $nodes[$origKey];
+ unset($nodes[$origKey]);
+ $origKey = $newKey;
+ }
+ if (isset($nodes[$origKey]['child']) && is_array($nodes[$origKey]['child'])) {
+ _standaloneusers_civix_fixNavigationMenuItems($nodes[$origKey]['child'], $maxNavID, $nodes[$origKey]['attributes']['navID']);
+ }
+ }
+}
+
+/**
+ * (Delegated) Implements hook_civicrm_entityTypes().
+ *
+ * Find any *.entityType.php files, merge their content, and return.
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
+ */
+function _standaloneusers_civix_civicrm_entityTypes(&$entityTypes) {
+ $entityTypes = array_merge($entityTypes, [
+ 'CRM_Standaloneusers_DAO_Role' => [
+ 'name' => 'Role',
+ 'class' => 'CRM_Standaloneusers_DAO_Role',
+ 'table' => 'civicrm_role',
+ ],
+ 'CRM_Standaloneusers_DAO_RolePermission' => [
+ 'name' => 'RolePermission',
+ 'class' => 'CRM_Standaloneusers_DAO_RolePermission',
+ 'table' => 'civicrm_role_permission',
+ ],
+ 'CRM_Standaloneusers_DAO_User' => [
+ 'name' => 'User',
+ 'class' => 'CRM_Standaloneusers_DAO_User',
+ 'table' => 'civicrm_user',
+ ],
+ 'CRM_Standaloneusers_DAO_UserRole' => [
+ 'name' => 'UserRole',
+ 'class' => 'CRM_Standaloneusers_DAO_UserRole',
+ 'table' => 'civicrm_user_role',
+ ],
+ ]);
+}
--- /dev/null
+<?php
+
+require_once 'standaloneusers.civix.php';
+// phpcs:disable
+use CRM_Standaloneusers_ExtensionUtil as E;
+// phpcs:enable
+
+/**
+ * Implements hook_civicrm_config().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_config/
+ */
+function standaloneusers_civicrm_config(&$config) {
+ _standaloneusers_civix_civicrm_config($config);
+}
+
+/**
+ * Implements hook_civicrm_install().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_install
+ */
+function standaloneusers_civicrm_install() {
+ _standaloneusers_civix_civicrm_install();
+}
+
+/**
+ * Implements hook_civicrm_enable().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_enable
+ */
+function standaloneusers_civicrm_enable() {
+ _standaloneusers_civix_civicrm_enable();
+}
+
+/**
+ * Implements hook_civicrm_entityTypes().
+ *
+ * Declare entity types provided by this module.
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
+ */
+function standaloneusers_civicrm_entityTypes(&$entityTypes) {
+ _standaloneusers_civix_civicrm_entityTypes($entityTypes);
+}
+
+// --- Functions below this ship commented out. Uncomment as required. ---
+
+/**
+ * Implements hook_civicrm_preProcess().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_preProcess
+ */
+//function standaloneusers_civicrm_preProcess($formName, &$form) {
+//
+//}
+
+/**
+ * Implements hook_civicrm_navigationMenu().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_navigationMenu
+ */
+function standaloneusers_civicrm_navigationMenu(&$menu) {
+ _standalineusers_addUserMenus($menu);
+}
+
+function _standalineusers_addUserMenus(&$menu) {
+ _standaloneusers_civix_insert_navigation_menu($menu, 'Administer/Users and Permissions', [
+ 'label' => E::ts('Users'),
+ 'name' => 'admin_users',
+ 'url' => 'civicrm/search#/display/Users/Users',
+ 'permission' => 'access CiviCRM',
+ 'operator' => 'OR',
+ 'separator' => 0,
+ 'weight' => 0,
+ ]);
+ _standaloneusers_civix_navigationMenu($menu);
+}
--- /dev/null
+<style>
+{literal}
+/***Structure****
+ Variables (comment out your subtheme)
+ - Finsbury Park
+ - Jerry Seinfeld
+ - Shoreditch (soon)
+ - Aah (soon)
+ Resets
+ Base
+****************/
+
+/***************
+ Variables
+****************/
+
+/* Finsbury Park
+
+:root {
+ --roundness: 0.25rem;
+ --font-family: -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans, Ubuntu,Cantarell,"Helvetica Neue",Helvetica,Arial,sans-serif,"Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
+ --text-colour: #000;
+ --text-size: 0.9rem;
+ --error-colour: #aa0c0c;
+ --label-colour: #000;
+ --background-colour: #ededed;
+ --box-border: 1px #cdcdcd solid;
+ --box-padding: 2rem 1.75rem;
+ --box-shadow: none;
+ --box-roundness: 0.25rem;
+ --box-background: #fff;
+ --input-border: 1px solid #ccc;
+ --input-padding: 0.5rem;
+ --input-shadow: inset 0 1px 1px rgba(0,0,0,.075);
+ --button-border: 1px solid #bbb;
+ --button-shadow: 0 1px 2px rgba(0,0,0,0.05);
+ --button-padding: 5px 15px;
+ --button-text-colour: #3e3e3e;
+ --button-background: #f0f0f0;
+}
+
+/* Shoreditch
+
+:root {
+ --roundness: 2px;
+ --font-family: "Open Sans","Helvetica Neue",Helvetica,Arial,sans-serif;
+ --text-colour: #232429;
+ --text-size: 0.9rem;
+ --error-colour: #cf3458;
+ --label-colour: #464354;
+ --background-colour: #f3f6f7;
+ --box-border: 0 transparent solid;
+ --box-padding: 20px;
+ --box-shadow: 0 3px 18px 0 rgba(48,40,40,0.25);
+ --box-roundness: 2px;
+ --box-background: #fff;
+ --input-border: 1px solid #c2cfd8;
+ --input-padding: 5px 10px;
+ --input-shadow: inset 0 0 3px 0 rgba(0,0,0,0.2);
+ --button-border: 0 solid transparent;
+ --button-shadow: none;
+ --button-padding: 8px 28px;
+ --button-text-colour: #fff;
+ --button-background: #0071bd;
+}
+
+/* Aah */
+
+:root {
+ --roundness: 3px;
+ --font-family: Lato,Helvetica,Arial,sans-serif;
+ --text-colour: #222;
+ --text-size: 0.9rem;
+ --error-colour: #a00;
+ --label-colour: #464354;
+ --background-colour: rgb(242,242,237);
+ --box-border: 0 transparent solid;
+ --box-padding: 1.6rem;
+ --box-shadow: none;
+ --box-roundness: 0;
+ --box-background: #fff;
+ --input-border: 1px solid rgba(0,0,0,.2);
+ --input-padding: 5px 10px;
+ --input-shadow: inset 0 0 3px 0 rgba(0,0,0,0.2);
+ --button-border: 0 solid transparent;
+ --button-shadow: 0 0 6px rgba(0,0,0,.2);
+ --button-padding: .4rem 1.6rem;
+ --button-text-colour: #fff;
+ --button-background: #2c98ed;
+}
+
+/* Ffresh
+
+:root {
+ --roundness: 2rem;
+ --font-family: Lato,Helvetica,Arial,sans-serif;
+ --text-colour: #222;
+ --text-size: 1rem;
+ --error-colour: #a00;
+ --label-colour: #464354;
+ --background-colour: #2c98ed;
+ --box-border: 0 transparent solid;
+ --box-padding: 1.6rem;
+ --box-shadow: 0 0 10px 0 rgba(0,0,0,0.2);
+ --box-roundness: 1.75rem;
+ --box-background: #fff;
+ --input-border: 2px solid #2c98ed;
+ --input-padding: 0.75rem;
+ --input-shadow: none;
+ --button-border: 0 solid transparent;
+ --button-shadow: none;
+ --button-padding: 0.75rem 2rem;
+ --button-text-colour: #fff;
+ --button-background: #2c98ed;
+}
+
+/***************
+ Base
+****************/
+
+body {
+ background-color: var(--background-colour);
+ font-family: var(--font-family);
+ color: var(--text-colour);
+ font-size: var(--text-size);
+}
+#crm-container.standalone-entry * {
+ box-sizing: border-box;
+}
+a {
+ text-decoration: none;
+ font-size: 90%;
+}
+a:hover, a:focus {
+ text-decoration: underline;
+}
+.flex {
+ display: flex;
+ justify-content: space-between;
+ align-items: center;
+}
+
+/***************
+ UI Elements
+****************/
+
+#crm-container.standalone-entry .mid-block {
+ margin: 0;
+ background-color: var(--box-background);
+ border: var(--box-border);
+ border-radius: var(--box-roundness);
+ padding: var(--box-padding);
+ box-shadow: var(--box-shadow);
+}
+#crm-container.standalone-entry img {
+ width: 100%;
+ max-width: 400px;
+ margin-bottom: 2rem;
+}
+#crm-container.standalone-entry label {
+ display: inline-block;
+ max-width: 100%;
+ margin-bottom: 5px;
+ font-weight: 700;
+ color: var(--label-colour);
+}
+#crm-container.standalone-entry input {
+ display: block;
+ width: 100%;
+ color: #555;
+ background-color: #fff;
+ background-image: none;
+ margin-bottom: 0.75rem;
+ padding: var(--input-padding);
+ font-size: var(--text-size);
+ border-radius: var(--roundness);
+ border: var(--input-border);
+ box-shadow: var(--input-shadow);
+}
+#crm-container.standalone-entry input:focus,
+#crm-container.standalone-entry input:focus-visible {
+ border: 1px solid #66afe9;
+}
+#crm-container.standalone-entry .btn {
+ display: inline-block;
+ margin-bottom: 0;
+ text-align: center;
+ vertical-align: middle;
+ touch-action: manipulation;
+ cursor: pointer;
+ background-image: none;
+ font-size: var(--text-size);
+ background-color: var(--button-background);
+ color: var(--button-text-colour);
+ border: var(--button-border);
+ padding: var(--button-padding);
+ border-radius: var(--roundness);
+ font-family: var(--font-family);
+ box-shadow: var(--button-shadow);
+}
+#crm-container.standalone-entry .btn:hover,
+#crm-container.standalone-entry .btn:focus {
+ filter: brightness(80%);
+}
+#crm-container.standalone-entry .float-right {
+ float: right;
+ font-size: 90%;
+ margin-top: 0.2rem;
+}
+#crm-container.standalone-entry .form-alert {
+ color: var(--error-colour);
+ margin: 1rem 0;
+}
+@media (min-width: 768px) {
+ #crm-container.standalone-entry {
+ width: 60vw;
+ margin: 20vh auto 0;
+ }
+}
+@media (min-width: 960px) {
+ #crm-container.standalone-entry {
+ width: 30vw;
+ }
+}
+{/literal}
+</style>
+
+<div id="crm-container" class="crm-container standalone-entry">
+ <div class="mid-block">
+ <img src="{$logoUrl}" alt="logo for CiviCRM, with an intersecting blue and green triangle">
+ <form>
+ <div>
+ <label for="exampleInputEmail1" class="form-label">Username</label>
+ <input type="email" class="form-control" id="usernameInput" aria-describedby="emailHelp">
+ </div>
+ <div>
+ <label for="exampleInputPassword1" class="form-label">Password</label>
+ <input type="password" class="form-control" id="passwordInput">
+ </div>
+ <div id="error" style="display:none;" class="form-alert">Your username and password do not match</div>
+ <div class="flex"><button id="loginSubmit" type="submit" class="btn btn-secondary crm-button">Submit</button><a href="request.html">Forgotten password?</a></div>
+ </form>
+ </div>
+</div>
+{literal}
+<script>
+document.addEventListener('DOMContentLoaded', () => {
+ const submitBtn = document.getElementById('loginSubmit'),
+ username = document.getElementById('usernameInput'),
+ password = document.getElementById('passwordInput');
+
+ submitBtn.addEventListener('click', e => {
+ e.preventDefault();
+
+ fetch(CRM.url("civicrm/authx/login"), {
+ method: 'POST',
+ headers: {
+ 'Content-Type': 'application/x-www-form-urlencoded'
+ },
+ //body: '_authx=Basic ' + btoa(encodeURIComponent(`${username.value}:${password.value}`))
+ body: '_authx=Basic ' + encodeURIComponent(btoa(`${username.value}:${password.value}`))
+ })
+ .then(response => response.json()) // <<<---note this
+ .then(data => {
+ console.log(data);
+ window.location = '/civicrm/';
+ });
+ });
+});
+
+/* (function($) { */
+/* var request = new XMLHttpRequest(); */
+/* request.open("POST", ); */
+/* request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); */
+/* request.responseType = "json"; */
+/* request.onreadystatechange = function() { */
+/* console.log(request.response); */
+/* if (request.readyState == 4) { */
+/* if (request.status == 200) { */
+/* if (request.response.user_id > 0) { */
+/* window.location.href = "/civicrm?reset=1"; */
+/* } else { */
+/* // probably won't ever be here? */
+/* alert("Success but fail because ???"); */
+/* console.log(request.response); */
+/* } */
+/* } else { */
+/* // todo - send errors back to the form via whatever forms framework we'll be using */
+/* alert("Fail with status code " + request.status + " " + request.statusText); */
+/* console.log(request.response); */
+/* } */
+/* } */
+/* }; */
+/* var data = '_authx=Basic ' + btoa(encodeURIComponent($('#username').val()) + ':' + $('#password').val()); */
+/* request.send(data); */
+/* }); */
+</script>
+{/literal}
--- /dev/null
+<?php
+namespace Civi\Standalone;
+
+use CRM_Standaloneusers_ExtensionUtil as E;
+use Civi\Test\CiviEnvBuilder;
+use Civi\Test\HeadlessInterface;
+use Civi\Core\HookInterface;
+use Civi\Test\TransactionalInterface;
+use Civi\Standalone\Security;
+
+/**
+ * FIXME - Add test description.
+ *
+ * Tips:
+ * - With HookInterface, you may implement CiviCRM hooks directly in the test class.
+ * Simply create corresponding functions (e.g. "hook_civicrm_post(...)" or similar).
+ * - With TransactionalInterface, any data changes made by setUp() or test****() functions will
+ * rollback automatically -- as long as you don't manipulate schema or truncate tables.
+ * If this test needs to manipulate schema or truncate tables, then either:
+ * a. Do all that using setupHeadless() and Civi\Test.
+ * b. Disable TransactionalInterface, and handle all setup/teardown yourself.
+ *
+ * @group headless
+ */
+class SecurityTest extends \PHPUnit\Framework\TestCase implements HeadlessInterface, HookInterface, TransactionalInterface {
+
+ protected $originalUF;
+ protected $originalUFPermission;
+ protected $contactID;
+ protected $userID;
+ /**
+ * Setup used when HeadlessInterface is implemented.
+ *
+ * Civi\Test has many helpers, like install(), uninstall(), sql(), and sqlFile().
+ *
+ * @link https://github.com/civicrm/org.civicrm.testapalooza/blob/master/civi-test.md
+ *
+ * @return \Civi\Test\CiviEnvBuilder
+ *
+ * @throws \CRM_Extension_Exception_ParseException
+ */
+ public function setUpHeadless(): CiviEnvBuilder {
+ return \Civi\Test::headless()
+ ->install(['authx','org.civicrm.search_kit', 'org.civicrm.afform', 'standaloneusers'])
+ // ->installMe(__DIR__) This causes failure, so we do ↑
+ ->apply(FALSE);
+ }
+
+ public function setUp():void {
+ parent::setUp();
+ }
+
+ public function tearDown():void {
+ $this->switchBackFromOurUFClasses(TRUE);
+ parent::tearDown();
+ }
+
+ public function testCreateUser():void {
+ list($contactID, $userID, $security) = $this->createFixtureContactAndUser();
+
+ $user = \Civi\Api4\User::get(FALSE)
+ ->addSelect('*', 'uf_match.*')
+ ->addWhere('id', '=', $userID)
+ ->addJoin('UFMatch AS uf_match', 'INNER', ['uf_match.uf_id', '=', 'id'])
+ ->execute()->single();
+
+ $this->assertEquals('user_one', $user['username']);
+ $this->assertEquals('user_one@example.org', $user['email']);
+ $this->assertStringStartsWith('$', $user['password']);
+
+ $this->assertTrue($security->checkPassword('secret1', $user['password']));
+ $this->assertFalse($security->checkPassword('some other password', $user['password']));
+ }
+
+ public function testPerms() {
+ list($contactID, $userID, $security) = $this->createFixtureContactAndUser();
+ // Create role,
+ $roleID = \Civi\Api4\Role::create(FALSE)
+ ->setValues([ 'name' => 'staff' ]) ->execute()->first()['id'];
+ $this->assertGreaterThan(0, $roleID);
+
+ // Assign role to user
+ \Civi\Api4\UserRole::create(FALSE)
+ ->setValues(['user_id' => $userID, 'role_id' => $roleID])->execute();
+
+ // Assign some permissions to the role.
+ \Civi\Api4\RolePermission::save(FALSE)
+ ->setDefaults(['role_id' => $roleID])
+ ->setRecords([
+ // Master control for access to the main CiviCRM backend and API. Give to trusted roles only.
+ ['permission' => 'access CiviCRM'],
+ // Perform all tasks in the Administer CiviCRM control panel and Import Contacts
+ // ['permission' => 'administer CiviCRM'],
+ ['permission' => 'view all contacts'],
+ ['permission' => 'add contacts'],
+ ['permission' => 'edit all contacts'],
+ ])
+ ->execute();
+
+ $this->switchToOurUFClasses();
+ foreach (['access CiviCRM', 'view all contacts', 'add contacts', 'edit all contacts'] as $allowed) {
+ $this->assertTrue(\CRM_Core_Permission::check([$allowed], $contactID), "Should have '$allowed' permission but don't");
+ }
+ foreach (['administer CiviCRM', 'access uploaded files'] as $notAllowed) {
+ $this->assertFalse(\CRM_Core_Permission::check([$notAllowed], $contactID), "Should NOT have '$allowed' permission but do");
+ }
+ $this->switchBackFromOurUFClasses();
+ }
+
+ protected function switchToOurUFClasses() {
+ if (!empty($this->originalUFPermission)) {
+ throw new \RuntimeException("are you calling switchToOurUFClasses twice?");
+ }
+ $this->originalUFPermission = \CRM_Core_Config::singleton()->userPermissionClass;
+ $this->originalUF = \CRM_Core_Config::singleton()->userSystem;
+ \CRM_Core_Config::singleton()->userPermissionClass = new \CRM_Core_Permission_Standalone();
+ \CRM_Core_Config::singleton()->userSystem = new \CRM_Utils_System_Standalone();
+ }
+
+ protected function switchBackFromOurUFClasses($justInCase = FALSE) {
+ if (!$justInCase && empty($this->originalUFPermission)) {
+ throw new \RuntimeException("are you calling switchBackFromOurUFClasses() twice?");
+ }
+ \CRM_Core_Config::singleton()->userPermissionClass = $this->originalUFPermission;
+ \CRM_Core_Config::singleton()->userSystem = $this->originalUF;
+ $this->originalUFPermission = $this->originalUF = NULL;
+ }
+
+ public function createFixtureContactAndUser(): array {
+
+ $contactID = \Civi\Api4\Contact::create(FALSE)
+ ->setValues([
+ 'contact_type' => 'Individual',
+ 'display_name' => 'Admin McDemo',
+ ])->execute()->first()['id'];
+
+ $security = Security::singleton();
+ $params = ['cms_name' => 'user_one', 'cms_pass' => 'secret1', 'notify' => FALSE, 'contactID' => $contactID, 'user_one@example.org' => 'user_one@example.org'];
+
+ $this->switchToOurUFClasses();
+ $userID = \CRM_Core_BAO_CMSUser::create($params, 'user_one@example.org');
+ $this->switchBackFromOurUFClasses();
+
+ $this->assertGreaterThan(0, $userID);
+ $this->contactID = $contactID;
+ $this->userID = $userID;
+ return [$contactID, $userID, $security];
+ }
+
+
+}
--- /dev/null
+<?php
+
+ini_set('memory_limit', '2G');
+
+// phpcs:disable
+eval(cv('php:boot --level=classloader', 'phpcode'));
+// phpcs:enable
+// Allow autoloading of PHPUnit helper classes in this extension.
+$loader = new \Composer\Autoload\ClassLoader();
+$loader->add('CRM_', [__DIR__ . '/../..', __DIR__]);
+$loader->addPsr4('Civi\\', [__DIR__ . '/../../Civi', __DIR__ . '/Civi']);
+$loader->add('api_', [__DIR__ . '/../..', __DIR__]);
+$loader->addPsr4('api\\', [__DIR__ . '/../../api', __DIR__ . '/api']);
+
+$loader->register();
+
+/**
+ * Call the "cv" command.
+ *
+ * @param string $cmd
+ * The rest of the command to send.
+ * @param string $decode
+ * Ex: 'json' or 'phpcode'.
+ * @return mixed
+ * Response output (if the command executed normally).
+ * For 'raw' or 'phpcode', this will be a string. For 'json', it could be any JSON value.
+ * @throws \RuntimeException
+ * If the command terminates abnormally.
+ */
+function cv(string $cmd, string $decode = 'json') {
+ $cmd = 'cv ' . $cmd;
+ $descriptorSpec = [0 => ['pipe', 'r'], 1 => ['pipe', 'w'], 2 => STDERR];
+ $oldOutput = getenv('CV_OUTPUT');
+ putenv('CV_OUTPUT=json');
+
+ // Execute `cv` in the original folder. This is a work-around for
+ // phpunit/codeception, which seem to manipulate PWD.
+ $cmd = sprintf('cd %s; %s', escapeshellarg(getenv('PWD')), $cmd);
+
+ $process = proc_open($cmd, $descriptorSpec, $pipes, __DIR__);
+ putenv("CV_OUTPUT=$oldOutput");
+ fclose($pipes[0]);
+ $result = stream_get_contents($pipes[1]);
+ fclose($pipes[1]);
+ if (proc_close($process) !== 0) {
+ throw new RuntimeException("Command failed ($cmd):\n$result");
+ }
+ switch ($decode) {
+ case 'raw':
+ return $result;
+
+ case 'phpcode':
+ // If the last output is /*PHPCODE*/, then we managed to complete execution.
+ if (substr(trim($result), 0, 12) !== '/*BEGINPHP*/' || substr(trim($result), -10) !== '/*ENDPHP*/') {
+ throw new \RuntimeException("Command failed ($cmd):\n$result");
+ }
+ return $result;
+
+ case 'json':
+ return json_decode($result, 1);
+
+ default:
+ throw new RuntimeException("Bad decoder format ($decode)");
+ }
+}
--- /dev/null
+<?xml version="1.0"?>
+<menu>
+ <item>
+ <path>civicrm/login</path>
+ <page_callback>CRM_Standaloneusers_Page_Login</page_callback>
+ <title>Login</title>
+ <access_arguments>*always allow*</access_arguments>
+ </item>
+</menu>
--- /dev/null
+<?php
+// This file declares a new entity type. For more details, see "hook_civicrm_entityTypes" at:
+// https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
+return [
+ [
+ 'name' => 'Role',
+ 'class' => 'CRM_Standaloneusers_DAO_Role',
+ 'table' => 'civicrm_role',
+ ],
+];
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1" ?>
+
+<table>
+ <base>CRM/Standaloneusers</base>
+ <class>Role</class>
+ <name>civicrm_role</name>
+ <comment>Permissions are assigned to roles which are assigned to users</comment>
+ <log>true</log>
+ <searchField>name</searchField>
+
+ <field>
+ <name>id</name>
+ <type>int unsigned</type>
+ <required>true</required>
+ <comment>Unique Role ID</comment>
+ <html>
+ <type>Number</type>
+ </html>
+ </field>
+ <primaryKey>
+ <name>id</name>
+ <autoincrement>true</autoincrement>
+ </primaryKey>
+
+ <field>
+ <name>name</name>
+ <type>varchar</type>
+ <required>true</required>
+ <length>64</length>
+ </field>
+ <index>
+ <name>UI_name</name>
+ <unique>true</unique>
+ <fieldName>name</fieldName>
+ </index>
+
+</table>
--- /dev/null
+<?php
+// This file declares a new entity type. For more details, see "hook_civicrm_entityTypes" at:
+// https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
+return [
+ [
+ 'name' => 'RolePermission',
+ 'class' => 'CRM_Standaloneusers_DAO_RolePermission',
+ 'table' => 'civicrm_role_permission',
+ ],
+];
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1" ?>
+
+<table>
+ <base>CRM/Standaloneusers</base>
+ <class>RolePermission</class>
+ <name>civicrm_role_permission</name>
+ <comment>Assigns permissions to roles</comment>
+ <log>true</log>
+
+ <field>
+ <name>id</name>
+ <type>int unsigned</type>
+ <required>true</required>
+ <comment>Unique RolePermission ID</comment>
+ <html>
+ <type>Number</type>
+ </html>
+ </field>
+ <primaryKey>
+ <name>id</name>
+ <autoincrement>true</autoincrement>
+ </primaryKey>
+
+ <field>
+ <name>role_id</name>
+ <type>int unsigned</type>
+ <comment>FK to Role</comment>
+ </field>
+ <foreignKey>
+ <name>role_id</name>
+ <table>civicrm_role</table>
+ <key>id</key>
+ <onDelete>CASCADE</onDelete>
+ </foreignKey>
+
+ <field>
+ <name>permission</name>
+ <type>varchar</type>
+ <length>60</length>
+ <required>true</required>
+ <comment>A single permission granted to this role</comment>
+ </field>
+
+</table>
--- /dev/null
+<?php
+// This file declares a new entity type. For more details, see "hook_civicrm_entityTypes" at:
+// https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
+return [
+ [
+ 'name' => 'User',
+ 'class' => 'CRM_Standaloneusers_DAO_User',
+ 'table' => 'civicrm_user',
+ ],
+];
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1" ?>
+
+<table>
+ <base>CRM/Standaloneusers</base>
+ <class>User</class>
+ <name>civicrm_user</name>
+ <comment>A standalone user account</comment>
+ <labelField>username</labelField>
+ <searchField>username</searchField>
+ <descriptionField>email</descriptionField>
+ <log>true</log>
+
+ <field>
+ <name>id</name>
+ <type>int unsigned</type>
+ <required>true</required>
+ <comment>Unique User ID</comment>
+ <html>
+ <type>Number</type>
+ </html>
+ </field>
+ <primaryKey>
+ <name>id</name>
+ <autoincrement>true</autoincrement>
+ </primaryKey>
+
+ <field>
+ <name>contact_id</name>
+ <type>int unsigned</type>
+ <comment>FK to Contact - possibly redundant</comment>
+ </field>
+ <foreignKey>
+ <name>contact_id</name>
+ <table>civicrm_contact</table>
+ <key>id</key>
+ <onDelete>CASCADE</onDelete>
+ </foreignKey>
+
+ <field>
+ <name>username</name>
+ <required>true</required>
+ <type>varchar</type>
+ <length>60</length>
+ </field>
+ <index>
+ <name>UI_username</name>
+ <fieldName>username</fieldName>
+ <unique>true</unique>
+ </index>
+
+ <field>
+ <name>password</name>
+ <type>varchar</type>
+ <required>true</required>
+ <length>128</length>
+ <comment>Hashed password</comment>
+ </field>
+
+ <field>
+ <name>email</name>
+ <type>varchar</type>
+ <required>true</required>
+ <length>255</length>
+ <comment>Email (e.g. for password resets)</comment>
+ </field>
+
+ <field>
+ <name>when_created</name>
+ <type>timestamp</type>
+ <default>CURRENT_TIMESTAMP</default>
+ </field>
+
+ <field>
+ <name>when_last_accessed</name>
+ <type>timestamp</type>
+ <required>false</required>
+ </field>
+
+ <field>
+ <name>when_updated</name>
+ <type>timestamp</type>
+ <required>false</required>
+ </field>
+
+ <field>
+ <name>is_active</name>
+ <type>boolean</type>
+ <default>1</default>
+ <required>true</required>
+ </field>
+
+ <field>
+ <name>timezone</name>
+ <type>varchar</type>
+ <length>32</length>
+ <required>false</required>
+ <comment>User's timezone</comment>
+ </field>
+
+ <field>
+ <name>language</name>
+ <type>int unsigned</type>
+ <title>Language</title>
+ <pseudoconstant>
+ <optionGroupName>languages</optionGroupName>
+ </pseudoconstant>
+ <html>
+ <type>Select</type>
+ </html>
+ <comment>The language for the user.</comment>
+ </field>
+
+</table>
--- /dev/null
+<?php
+// This file declares a new entity type. For more details, see "hook_civicrm_entityTypes" at:
+// https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
+return [
+ [
+ 'name' => 'UserRole',
+ 'class' => 'CRM_Standaloneusers_DAO_UserRole',
+ 'table' => 'civicrm_user_role',
+ ],
+];
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1" ?>
+
+<table>
+ <base>CRM/Standaloneusers</base>
+ <class>UserRole</class>
+ <name>civicrm_user_role</name>
+ <comment>Assigns Roles to Users</comment>
+ <log>true</log>
+
+ <field>
+ <name>id</name>
+ <type>int unsigned</type>
+ <required>true</required>
+ <comment>Unique UserRole ID</comment>
+ <html>
+ <type>Number</type>
+ </html>
+ </field>
+ <primaryKey>
+ <name>id</name>
+ <autoincrement>true</autoincrement>
+ </primaryKey>
+
+ <field>
+ <name>user_id</name>
+ <type>int unsigned</type>
+ <comment>FK to User</comment>
+ </field>
+ <foreignKey>
+ <name>user_id</name>
+ <table>civicrm_user</table>
+ <key>id</key>
+ <onDelete>CASCADE</onDelete>
+ </foreignKey>
+
+ <field>
+ <name>role_id</name>
+ <type>int unsigned</type>
+ <comment>FK to role</comment>
+ </field>
+ <foreignKey>
+ <name>role_id</name>
+ <table>civicrm_role</table>
+ <key>id</key>
+ <onDelete>CASCADE</onDelete>
+ </foreignKey>
+
+ <index>
+ <name>index_user_role</name>
+ <fieldName>user_id</fieldName>
+ <fieldName>role_id</fieldName>
+ </index>
+
+</table>
projects / civicrm-core.git / commitdiff
