From 81bb85ea70bc844479f1a6643ed75520e16d6194 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Mon, 28 Apr 2014 12:01:28 -0700 Subject: [PATCH] CRM-14171: Adding Core infastructure to get permissions from components that are considered dangerous for Anonymous users. --- CRM/Contribute/Info.php | 5 +++++ CRM/Core/Component/Info.php | 10 ++++++++++ CRM/Core/Permission.php | 25 ++++++++++++++++++++++--- CRM/Event/Info.php | 6 ++++++ 4 files changed, 43 insertions(+), 3 deletions(-) diff --git a/CRM/Contribute/Info.php b/CRM/Contribute/Info.php index dea13d9dd8..e23b3eb3ef 100644 --- a/CRM/Contribute/Info.php +++ b/CRM/Contribute/Info.php @@ -62,6 +62,11 @@ class CRM_Contribute_Info extends CRM_Core_Component_Info { ); } + public function getAnonymousPermissionWarnings() { + return array( + 'access CiviContribute', + ); + } // docs inherited from interface public function getUserDashboardElement() { diff --git a/CRM/Core/Component/Info.php b/CRM/Core/Component/Info.php index ac6df87f78..f79cdba620 100644 --- a/CRM/Core/Component/Info.php +++ b/CRM/Core/Component/Info.php @@ -136,6 +136,16 @@ abstract class CRM_Core_Component_Info { return array(); } + /** + * Provides permissions that are unwise for Anonymous Roles to have + * + * @return array list of permissions + * @see CRM_Component_Info::getPermissions + */ + public function getAnonymousPermissionWarnings() { + return array(); + } + /** * Provides permissions that are used by component. * Needs to be implemented in component's information diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php index d632e87d60..3c30ad036b 100644 --- a/CRM/Core/Permission.php +++ b/CRM/Core/Permission.php @@ -471,6 +471,7 @@ class CRM_Core_Permission { static $permissions = NULL; if (!$permissions) { + $config = CRM_Core_Config::singleton(); $prefix = ts('CiviCRM') . ': '; $permissions = self::getCorePermissions(); @@ -478,8 +479,6 @@ class CRM_Core_Permission { $permissions['administer Multiple Organizations'] = $prefix . ts('administer Multiple Organizations'); } - $config = CRM_Core_Config::singleton(); - if (!$all) { $components = CRM_Core_Component::getEnabledComponents(); } @@ -498,7 +497,6 @@ class CRM_Core_Permission { } // Add any permissions defined in hook_civicrm_permission implementations. - $config = CRM_Core_Config::singleton(); $module_permissions = $config->userPermissionClass->getAllModulePermissions(); $permissions = array_merge($permissions, $module_permissions); } @@ -506,6 +504,27 @@ class CRM_Core_Permission { return $permissions; } + static function getAnonymousPermissionsWarnings() { + static $permissions = array(); + if (empty($permissions)) { + $permissions = array( + 'administer CiviCRM' + ); + $components = CRM_Core_Component::getComponents(); + foreach ($components as $comp) { + if (!method_exists($comp, 'getAnonymousPermissionWarnings')) { + continue; + } + $permissions = array_merge($permissions, $comp->getAnonymousPermissionWarnings()); + } + } + return $permissions; + } + + static function validateForPermissionWarnings($anonymous_perms) { + return array_intersect($anonymous_perms, self::getAnonymousPermissionsWarnings()); + } + static function getCorePermissions() { $prefix = ts('CiviCRM') . ': '; $permissions = array( diff --git a/CRM/Event/Info.php b/CRM/Event/Info.php index 21c7a110df..57c8d68281 100644 --- a/CRM/Event/Info.php +++ b/CRM/Event/Info.php @@ -64,6 +64,12 @@ class CRM_Event_Info extends CRM_Core_Component_Info { ); } + public function getAnonymousPermissionWarnings() { + return array( + 'access CiviEvent', + ); + } + // docs inherited from interface public function getUserDashboardElement() { return array('name' => ts('Events'), -- 2.25.1