From: Tim Otten Date: Fri, 4 Dec 2020 07:05:25 +0000 (-0800) Subject: CRM_Core_Permission_* - Add getAvailablePermision(). Implement on BD/D7/D8/WP. X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=0247a0006ed82f6bf064c34f75cf4c403c15a1b1;p=civicrm-core.git CRM_Core_Permission_* - Add getAvailablePermision(). Implement on BD/D7/D8/WP. --- diff --git a/CRM/Core/Permission/Backdrop.php b/CRM/Core/Permission/Backdrop.php index 8226c45a16..09411c38fa 100644 --- a/CRM/Core/Permission/Backdrop.php +++ b/CRM/Core/Permission/Backdrop.php @@ -98,6 +98,31 @@ class CRM_Core_Permission_Backdrop extends CRM_Core_Permission_DrupalBase { return FALSE; } + /** + * @inheritDoc + */ + public function getAvailablePermissions() { + // We want to list *only* Backdrop perms, so we'll *skip* Civi perms. + $allCorePerms = \CRM_Core_Permission::basicPermissions(TRUE); + + $permissions = []; + $modules = system_get_info('module'); + foreach ($modules as $moduleName => $module) { + $prefix = isset($module['name']) ? ($module['name'] . ': ') : ''; + foreach (module_invoke($moduleName, 'permission') as $permName => $perm) { + if (isset($allCorePerms[$permName])) { + continue; + } + + $permissions["Drupal:$permName"] = [ + 'title' => $prefix . strip_tags($perm['title']), + 'description' => $perm['description'] ?? NULL, + ]; + } + } + return $permissions; + } + /** * @inheritDoc */ diff --git a/CRM/Core/Permission/Base.php b/CRM/Core/Permission/Base.php index a49eb88f8a..68c2cd53d0 100644 --- a/CRM/Core/Permission/Base.php +++ b/CRM/Core/Permission/Base.php @@ -162,6 +162,26 @@ class CRM_Core_Permission_Base { return FALSE; } + /** + * Get the palette of available permissions in the CMS's user-management system. + * + * @return array + * List of permissions, keyed by symbolic name. Each item may have fields: + * - title: string + * - description: string + * + * The permission-name should correspond to the Civi notation used by + * 'CRM_Core_Permission::check()'. For CMS-specific permissions, these are + * translated names (eg "WordPress:list_users" or "Drupal:post comments"). + * + * The list should include *only* CMS permissions. Exclude Civi-native permissions. + * + * @see \CRM_Core_Permission_Base::translatePermission() + */ + public function getAvailablePermissions() { + return []; + } + /** * Get all the contact emails for users that have a specific permission. * diff --git a/CRM/Core/Permission/Drupal.php b/CRM/Core/Permission/Drupal.php index 73179d4575..b179cdf0c3 100644 --- a/CRM/Core/Permission/Drupal.php +++ b/CRM/Core/Permission/Drupal.php @@ -97,6 +97,31 @@ class CRM_Core_Permission_Drupal extends CRM_Core_Permission_DrupalBase { return FALSE; } + /** + * @inheritDoc + */ + public function getAvailablePermissions() { + // We want to list *only* Drupal perms, so we'll *skip* Civi perms. + $allCorePerms = \CRM_Core_Permission::basicPermissions(TRUE); + + $permissions = []; + $modules = system_get_info('module'); + foreach ($modules as $moduleName => $module) { + $prefix = isset($module['name']) ? ($module['name'] . ': ') : ''; + foreach (module_invoke($moduleName, 'permission') as $permName => $perm) { + if (isset($allCorePerms[$permName])) { + continue; + } + + $permissions["Drupal:$permName"] = [ + 'title' => $prefix . strip_tags($perm['title']), + 'description' => $perm['description'] ?? NULL, + ]; + } + } + return $permissions; + } + /** * @inheritDoc */ diff --git a/CRM/Core/Permission/Drupal8.php b/CRM/Core/Permission/Drupal8.php index 649ff0c53b..e9fa1377d9 100644 --- a/CRM/Core/Permission/Drupal8.php +++ b/CRM/Core/Permission/Drupal8.php @@ -45,6 +45,38 @@ class CRM_Core_Permission_Drupal8 extends CRM_Core_Permission_DrupalBase { return $acct->hasPermission($str); } + /** + * Get the palette of available permissions in the CMS's user-management system. + * + * @return array + * List of permissions, keyed by symbolic name. Each item may have fields: + * - title: string + * - description: string + */ + public function getAvailablePermissions() { + // We want to list *only* Drupal perms, so we'll *skip* Civi perms. + $allCorePerms = \CRM_Core_Permission::basicPermissions(TRUE); + + $dperms = \Drupal::service('user.permissions')->getPermissions(); + $modules = system_get_info('module'); + + $permissions = []; + foreach ($dperms as $permName => $dperm) { + if (isset($allCorePerms[$permName])) { + continue; + } + + $module = $modules[$dperm['provider']] ?? []; + $prefix = isset($module['name']) ? ($module['name'] . ': ') : ''; + $permissions["Drupal:$permName"] = [ + 'title' => $prefix . strip_tags($dperm['title']), + 'description' => $perm['description'] ?? NULL, + ]; + } + + return $permissions; + } + /** * Get all the contact emails for users that have a specific permission. * diff --git a/CRM/Core/Permission/WordPress.php b/CRM/Core/Permission/WordPress.php index 9b7f8c9a5b..3325d0fc11 100644 --- a/CRM/Core/Permission/WordPress.php +++ b/CRM/Core/Permission/WordPress.php @@ -86,6 +86,36 @@ class CRM_Core_Permission_WordPress extends CRM_Core_Permission_Base { return FALSE; } + /** + * @inheritDoc + */ + public function getAvailablePermissions() { + // We want to list *only* WordPress perms, so we'll *skip* Civi perms. + $mungedCorePerms = array_map( + function($str) { + return CRM_Utils_String::munge(strtolower($str)); + }, + array_keys(\CRM_Core_Permission::basicPermissions(TRUE)) + ); + + // WP doesn't have an API to list all capabilities. However, we can discover a + // pretty good list by inspecting the (super)admin roles. + $wpCaps = []; + foreach (wp_roles()->roles as $wpRole) { + $wpCaps = array_unique(array_merge(array_keys($wpRole['capabilities']), $wpCaps)); + } + + $permissions = []; + foreach ($wpCaps as $wpCap) { + if (!in_array($wpCap, $mungedCorePerms)) { + $permissions["WordPress:$wpCap"] = [ + 'title' => "WordPress: $wpCap", + ]; + } + } + return $permissions; + } + /** * @inheritDoc */