From 68be1dfe5c19502862f8632bac36521379b8c131 Mon Sep 17 00:00:00 2001 From: Eileen McNaughton Date: Wed, 1 Oct 2014 11:10:42 +1300 Subject: [PATCH] CRM-15297 add extra d8 permission functions. The ones not customised to D8 (per https://github.com/torrance/civicrm-drupal/commit/9e9e4e2e344f500cd083a2af4a68f4fe25ae4e5d#diff-e446ed2bd1f533a810378b76b9ec7312) are add to the DrupalBase class --- CRM/Core/Permission/Drupal8.php | 22 ++++++++- CRM/Core/Permission/DrupalBase.php | 78 ++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+), 1 deletion(-) diff --git a/CRM/Core/Permission/Drupal8.php b/CRM/Core/Permission/Drupal8.php index 8a449c5e4e..635f9cef6e 100644 --- a/CRM/Core/Permission/Drupal8.php +++ b/CRM/Core/Permission/Drupal8.php @@ -37,5 +37,25 @@ * */ class CRM_Core_Permission_Drupal8 extends CRM_Core_Permission_DrupalBase{ + /** + * Given a permission string, check for access requirements + * + * @param string $str The permission to check + * + * @return bool + */ + function check($str, $contactID = NULL) { + $str = $this->translatePermission($str, 'Drupal', array( + 'view user account' => 'access user profiles', + )); + + if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) { + return FALSE; + } + if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) { + return TRUE; + } + return \Drupal::currentUser()->hasPermission($str); + } +} -} \ No newline at end of file diff --git a/CRM/Core/Permission/DrupalBase.php b/CRM/Core/Permission/DrupalBase.php index 1030904ae4..50dc86ffce 100644 --- a/CRM/Core/Permission/DrupalBase.php +++ b/CRM/Core/Permission/DrupalBase.php @@ -247,4 +247,82 @@ class CRM_Core_Permission_DrupalBase extends CRM_Core_Permission_Base { return implode(', ', $emails); } + + /** + * Given a roles array, check for access requirements + * + * @param array $array the roles to check + * + * @return boolean true if yes, else false + * @access public + * + */ + function checkGroupRole($array) { + if (function_exists('user_load') && isset($array)) { + $user = user_load( $GLOBALS['user']->uid); + //if giver roles found in user roles - return true + foreach ($array as $key => $value) { + if (in_array($value, $user->roles)) { + return TRUE; + } + } + } + return FALSE; + } + + /** + * {@inheritDoc} + */ + public function isModulePermissionSupported() { + return TRUE; + } + + /** + * Get all the contact emails for users that have a specific permission + * + * @param string $permissionName name of the permission we are interested in + * + * @return string a comma separated list of email addresses + */ + public function permissionEmails($permissionName) { + static $_cache = array(); + + if (isset($_cache[$permissionName])) { + return $_cache[$permissionName]; + } + + $uids = array(); + $sql = " + SELECT {users}.uid, {role_permission}.permission + FROM {users} + JOIN {users_roles} + ON {users}.uid = {users_roles}.uid + JOIN {role_permission} + ON {role_permission}.rid = {users_roles}.rid + WHERE {role_permission}.permission = '{$permissionName}' + AND {users}.status = 1 + "; + + $result = db_query($sql); + foreach ( $result as $record ) { + $uids[] = $record->uid; + } + + $_cache[$permissionName] = self::getContactEmails($uids); + return $_cache[$permissionName]; + } + + /** + * {@inheritdoc} + * + */ + function upgradePermissions($permissions) { + if (empty($permissions)) { + throw new CRM_Core_Exception("Cannot upgrade permissions: permission list missing"); + } + $query = db_delete('role_permission') + ->condition('module', 'civicrm') + ->condition('permission', array_keys($permissions), 'NOT IN'); + $query->execute(); + } } -- 2.25.1