From 8c0146525d1e6f86eae79785c050044e9a5fea1a Mon Sep 17 00:00:00 2001
From: Rich Lott / Artful Robot <code.commits@artfulrobot.uk>
Date: Fri, 23 Jun 2023 12:17:01 +0100
Subject: [PATCH] standalone: initial incomplete import of standaloneusers ext
---
.../CRM/Standaloneusers/BAO/Role.php | 26 +
.../Standaloneusers/BAO/RolePermission.php | 26 +
.../CRM/Standaloneusers/BAO/User.php | 26 +
.../CRM/Standaloneusers/BAO/UserRole.php | 26 +
.../CRM/Standaloneusers/DAO/Role.php | 189 +++++
.../Standaloneusers/DAO/RolePermission.php | 218 ++++++
.../CRM/Standaloneusers/DAO/User.php | 402 +++++++++++
.../CRM/Standaloneusers/DAO/UserRole.php | 226 ++++++
.../CRM/Standaloneusers/Page/Login.php | 17 +
.../CRM/Standaloneusers/Upgrader.php | 190 +++++
ext/standaloneusers/Civi/Api4/Role.php | 13 +
.../Civi/Api4/RolePermission.php | 13 +
ext/standaloneusers/Civi/Api4/User.php | 13 +
ext/standaloneusers/Civi/Api4/UserRole.php | 13 +
ext/standaloneusers/Civi/Authx/Standalone.php | 72 ++
.../Civi/Standalone/Security.php | 425 +++++++++++
ext/standaloneusers/LICENSE.txt | 667 ++++++++++++++++++
ext/standaloneusers/README.md | 37 +
.../ang/afsearchUsers.aff.html | 8 +
.../ang/afsearchUsers.aff.json | 9 +
ext/standaloneusers/images/civicrm-logo.png | Bin 0 -> 28835 bytes
ext/standaloneusers/info.xml | 44 ++
.../mixin/menu-xml@1.0.0.mixin.php | 31 +
.../mixin/mgd-php@1.0.0.mixin.php | 42 ++
ext/standaloneusers/mixin/polyfill.php | 101 +++
.../mixin/setting-php@1.0.0.mixin.php | 32 +
ext/standaloneusers/phpunit.xml.dist | 18 +
ext/standaloneusers/sql/auto_install.sql | 104 +++
ext/standaloneusers/sql/auto_uninstall.sql | 23 +
ext/standaloneusers/standaloneusers.civix.php | 250 +++++++
ext/standaloneusers/standaloneusers.php | 77 ++
.../CRM/Standaloneusers/Page/Login.tpl | 298 ++++++++
.../phpunit/Civi/Standalone/SecurityTest.php | 151 ++++
.../tests/phpunit/bootstrap.php | 65 ++
.../xml/Menu/standaloneusers.xml | 9 +
.../CRM/Standaloneusers/Role.entityType.php | 10 +
.../xml/schema/CRM/Standaloneusers/Role.xml | 37 +
.../RolePermission.entityType.php | 10 +
.../CRM/Standaloneusers/RolePermission.xml | 44 ++
.../CRM/Standaloneusers/User.entityType.php | 10 +
.../xml/schema/CRM/Standaloneusers/User.xml | 113 +++
.../Standaloneusers/UserRole.entityType.php | 10 +
.../schema/CRM/Standaloneusers/UserRole.xml | 54 ++
43 files changed, 4149 insertions(+)
create mode 100644 ext/standaloneusers/CRM/Standaloneusers/BAO/Role.php
create mode 100644 ext/standaloneusers/CRM/Standaloneusers/BAO/RolePermission.php
create mode 100644 ext/standaloneusers/CRM/Standaloneusers/BAO/User.php
create mode 100644 ext/standaloneusers/CRM/Standaloneusers/BAO/UserRole.php
create mode 100644 ext/standaloneusers/CRM/Standaloneusers/DAO/Role.php
create mode 100644 ext/standaloneusers/CRM/Standaloneusers/DAO/RolePermission.php
create mode 100644 ext/standaloneusers/CRM/Standaloneusers/DAO/User.php
create mode 100644 ext/standaloneusers/CRM/Standaloneusers/DAO/UserRole.php
create mode 100644 ext/standaloneusers/CRM/Standaloneusers/Page/Login.php
create mode 100644 ext/standaloneusers/CRM/Standaloneusers/Upgrader.php
create mode 100644 ext/standaloneusers/Civi/Api4/Role.php
create mode 100644 ext/standaloneusers/Civi/Api4/RolePermission.php
create mode 100644 ext/standaloneusers/Civi/Api4/User.php
create mode 100644 ext/standaloneusers/Civi/Api4/UserRole.php
create mode 100644 ext/standaloneusers/Civi/Authx/Standalone.php
create mode 100644 ext/standaloneusers/Civi/Standalone/Security.php
create mode 100644 ext/standaloneusers/LICENSE.txt
create mode 100644 ext/standaloneusers/README.md
create mode 100644 ext/standaloneusers/ang/afsearchUsers.aff.html
create mode 100644 ext/standaloneusers/ang/afsearchUsers.aff.json
create mode 100644 ext/standaloneusers/images/civicrm-logo.png
create mode 100644 ext/standaloneusers/info.xml
create mode 100644 ext/standaloneusers/mixin/menu-xml@1.0.0.mixin.php
create mode 100644 ext/standaloneusers/mixin/mgd-php@1.0.0.mixin.php
create mode 100644 ext/standaloneusers/mixin/polyfill.php
create mode 100644 ext/standaloneusers/mixin/setting-php@1.0.0.mixin.php
create mode 100644 ext/standaloneusers/phpunit.xml.dist
create mode 100644 ext/standaloneusers/sql/auto_install.sql
create mode 100644 ext/standaloneusers/sql/auto_uninstall.sql
create mode 100644 ext/standaloneusers/standaloneusers.civix.php
create mode 100644 ext/standaloneusers/standaloneusers.php
create mode 100644 ext/standaloneusers/templates/CRM/Standaloneusers/Page/Login.tpl
create mode 100644 ext/standaloneusers/tests/phpunit/Civi/Standalone/SecurityTest.php
create mode 100644 ext/standaloneusers/tests/phpunit/bootstrap.php
create mode 100644 ext/standaloneusers/xml/Menu/standaloneusers.xml
create mode 100644 ext/standaloneusers/xml/schema/CRM/Standaloneusers/Role.entityType.php
create mode 100644 ext/standaloneusers/xml/schema/CRM/Standaloneusers/Role.xml
create mode 100644 ext/standaloneusers/xml/schema/CRM/Standaloneusers/RolePermission.entityType.php
create mode 100644 ext/standaloneusers/xml/schema/CRM/Standaloneusers/RolePermission.xml
create mode 100644 ext/standaloneusers/xml/schema/CRM/Standaloneusers/User.entityType.php
create mode 100644 ext/standaloneusers/xml/schema/CRM/Standaloneusers/User.xml
create mode 100644 ext/standaloneusers/xml/schema/CRM/Standaloneusers/UserRole.entityType.php
create mode 100644 ext/standaloneusers/xml/schema/CRM/Standaloneusers/UserRole.xml
diff --git a/ext/standaloneusers/CRM/Standaloneusers/BAO/Role.php b/ext/standaloneusers/CRM/Standaloneusers/BAO/Role.php
new file mode 100644
index 0000000000..58042186a8
--- /dev/null
+++ b/ext/standaloneusers/CRM/Standaloneusers/BAO/Role.php
@@ -0,0 +1,26 @@
+<?php
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+class CRM_Standaloneusers_BAO_Role extends CRM_Standaloneusers_DAO_Role {
+
+ /**
+ * Create a new Role based on array-data
+ *
+ * @param array $params key-value pairs
+ * @return CRM_Standaloneusers_DAO_Role|NULL
+ *
+ public static function create($params) {
+ $className = 'CRM_Standaloneusers_DAO_Role';
+ $entityName = 'Role';
+ $hook = empty($params['id']) ? 'create' : 'edit';
+
+ CRM_Utils_Hook::pre($hook, $entityName, CRM_Utils_Array::value('id', $params), $params);
+ $instance = new $className();
+ $instance->copyValues($params);
+ $instance->save();
+ CRM_Utils_Hook::post($hook, $entityName, $instance->id, $instance);
+
+ return $instance;
+ } */
+
+}
diff --git a/ext/standaloneusers/CRM/Standaloneusers/BAO/RolePermission.php b/ext/standaloneusers/CRM/Standaloneusers/BAO/RolePermission.php
new file mode 100644
index 0000000000..10a1f8eb2d
--- /dev/null
+++ b/ext/standaloneusers/CRM/Standaloneusers/BAO/RolePermission.php
@@ -0,0 +1,26 @@
+<?php
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+class CRM_Standaloneusers_BAO_RolePermission extends CRM_Standaloneusers_DAO_RolePermission {
+
+ /**
+ * Create a new RolePermission based on array-data
+ *
+ * @param array $params key-value pairs
+ * @return CRM_Standaloneusers_DAO_RolePermission|NULL
+ *
+ public static function create($params) {
+ $className = 'CRM_Standaloneusers_DAO_RolePermission';
+ $entityName = 'RolePermission';
+ $hook = empty($params['id']) ? 'create' : 'edit';
+
+ CRM_Utils_Hook::pre($hook, $entityName, CRM_Utils_Array::value('id', $params), $params);
+ $instance = new $className();
+ $instance->copyValues($params);
+ $instance->save();
+ CRM_Utils_Hook::post($hook, $entityName, $instance->id, $instance);
+
+ return $instance;
+ } */
+
+}
diff --git a/ext/standaloneusers/CRM/Standaloneusers/BAO/User.php b/ext/standaloneusers/CRM/Standaloneusers/BAO/User.php
new file mode 100644
index 0000000000..715a7fcce4
--- /dev/null
+++ b/ext/standaloneusers/CRM/Standaloneusers/BAO/User.php
@@ -0,0 +1,26 @@
+<?php
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+class CRM_Standaloneusers_BAO_User extends CRM_Standaloneusers_DAO_User {
+
+ /**
+ * Create a new User based on array-data
+ *
+ * @param array $params key-value pairs
+ * @return CRM_Standaloneusers_DAO_User|NULL
+ *
+ public static function create($params) {
+ $className = 'CRM_Standaloneusers_DAO_User';
+ $entityName = 'User';
+ $hook = empty($params['id']) ? 'create' : 'edit';
+
+ CRM_Utils_Hook::pre($hook, $entityName, CRM_Utils_Array::value('id', $params), $params);
+ $instance = new $className();
+ $instance->copyValues($params);
+ $instance->save();
+ CRM_Utils_Hook::post($hook, $entityName, $instance->id, $instance);
+
+ return $instance;
+ } */
+
+}
diff --git a/ext/standaloneusers/CRM/Standaloneusers/BAO/UserRole.php b/ext/standaloneusers/CRM/Standaloneusers/BAO/UserRole.php
new file mode 100644
index 0000000000..35ef60a0ed
--- /dev/null
+++ b/ext/standaloneusers/CRM/Standaloneusers/BAO/UserRole.php
@@ -0,0 +1,26 @@
+<?php
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+class CRM_Standaloneusers_BAO_UserRole extends CRM_Standaloneusers_DAO_UserRole {
+
+ /**
+ * Create a new UserRole based on array-data
+ *
+ * @param array $params key-value pairs
+ * @return CRM_Standaloneusers_DAO_UserRole|NULL
+ *
+ public static function create($params) {
+ $className = 'CRM_Standaloneusers_DAO_UserRole';
+ $entityName = 'UserRole';
+ $hook = empty($params['id']) ? 'create' : 'edit';
+
+ CRM_Utils_Hook::pre($hook, $entityName, CRM_Utils_Array::value('id', $params), $params);
+ $instance = new $className();
+ $instance->copyValues($params);
+ $instance->save();
+ CRM_Utils_Hook::post($hook, $entityName, $instance->id, $instance);
+
+ return $instance;
+ } */
+
+}
diff --git a/ext/standaloneusers/CRM/Standaloneusers/DAO/Role.php b/ext/standaloneusers/CRM/Standaloneusers/DAO/Role.php
new file mode 100644
index 0000000000..704310ccc0
--- /dev/null
+++ b/ext/standaloneusers/CRM/Standaloneusers/DAO/Role.php
@@ -0,0 +1,189 @@
+<?php
+
+/**
+ * @package CRM
+ * @copyright CiviCRM LLC https://civicrm.org/licensing
+ *
+ * Generated from standaloneusers/xml/schema/CRM/Standaloneusers/Role.xml
+ * DO NOT EDIT. Generated by CRM_Core_CodeGen
+ * (GenCodeChecksum:f9203d75619187e85a6db2ce88d0b30b)
+ */
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+/**
+ * Database access object for the Role entity.
+ */
+class CRM_Standaloneusers_DAO_Role extends CRM_Core_DAO {
+ const EXT = E::LONG_NAME;
+ const TABLE_ADDED = '';
+
+ /**
+ * Static instance to hold the table name.
+ *
+ * @var string
+ */
+ public static $_tableName = 'civicrm_role';
+
+ /**
+ * Should CiviCRM log any modifications to this table in the civicrm_log table.
+ *
+ * @var bool
+ */
+ public static $_log = TRUE;
+
+ /**
+ * Unique Role ID
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $id;
+
+ /**
+ * @var string
+ * (SQL type: varchar(64))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $name;
+
+ /**
+ * Class constructor.
+ */
+ public function __construct() {
+ $this->__table = 'civicrm_role';
+ parent::__construct();
+ }
+
+ /**
+ * Returns localized title of this entity.
+ *
+ * @param bool $plural
+ * Whether to return the plural version of the title.
+ */
+ public static function getEntityTitle($plural = FALSE) {
+ return $plural ? E::ts('Roles') : E::ts('Role');
+ }
+
+ /**
+ * Returns all the column names of this table
+ *
+ * @return array
+ */
+ public static function &fields() {
+ if (!isset(Civi::$statics[__CLASS__]['fields'])) {
+ Civi::$statics[__CLASS__]['fields'] = [
+ 'id' => [
+ 'name' => 'id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('Unique Role ID'),
+ 'required' => TRUE,
+ 'where' => 'civicrm_role.id',
+ 'table_name' => 'civicrm_role',
+ 'entity' => 'Role',
+ 'bao' => 'CRM_Standaloneusers_DAO_Role',
+ 'localizable' => 0,
+ 'html' => [
+ 'type' => 'Number',
+ ],
+ 'readonly' => TRUE,
+ 'add' => NULL,
+ ],
+ 'name' => [
+ 'name' => 'name',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Name'),
+ 'required' => TRUE,
+ 'maxlength' => 64,
+ 'size' => CRM_Utils_Type::BIG,
+ 'where' => 'civicrm_role.name',
+ 'table_name' => 'civicrm_role',
+ 'entity' => 'Role',
+ 'bao' => 'CRM_Standaloneusers_DAO_Role',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ ];
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'fields_callback', Civi::$statics[__CLASS__]['fields']);
+ }
+ return Civi::$statics[__CLASS__]['fields'];
+ }
+
+ /**
+ * Return a mapping from field-name to the corresponding key (as used in fields()).
+ *
+ * @return array
+ * Array(string $name => string $uniqueName).
+ */
+ public static function &fieldKeys() {
+ if (!isset(Civi::$statics[__CLASS__]['fieldKeys'])) {
+ Civi::$statics[__CLASS__]['fieldKeys'] = array_flip(CRM_Utils_Array::collect('name', self::fields()));
+ }
+ return Civi::$statics[__CLASS__]['fieldKeys'];
+ }
+
+ /**
+ * Returns the names of this table
+ *
+ * @return string
+ */
+ public static function getTableName() {
+ return self::$_tableName;
+ }
+
+ /**
+ * Returns if this table needs to be logged
+ *
+ * @return bool
+ */
+ public function getLog() {
+ return self::$_log;
+ }
+
+ /**
+ * Returns the list of fields that can be imported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &import($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getImports(__CLASS__, 'role', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of fields that can be exported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &export($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getExports(__CLASS__, 'role', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of indices
+ *
+ * @param bool $localize
+ *
+ * @return array
+ */
+ public static function indices($localize = TRUE) {
+ $indices = [
+ 'index_name' => [
+ 'name' => 'index_name',
+ 'field' => [
+ 0 => 'name',
+ ],
+ 'localizable' => FALSE,
+ 'unique' => TRUE,
+ 'sig' => 'civicrm_role::1::name',
+ ],
+ ];
+ return ($localize && !empty($indices)) ? CRM_Core_DAO_AllCoreTables::multilingualize(__CLASS__, $indices) : $indices;
+ }
+
+}
diff --git a/ext/standaloneusers/CRM/Standaloneusers/DAO/RolePermission.php b/ext/standaloneusers/CRM/Standaloneusers/DAO/RolePermission.php
new file mode 100644
index 0000000000..41d06278f4
--- /dev/null
+++ b/ext/standaloneusers/CRM/Standaloneusers/DAO/RolePermission.php
@@ -0,0 +1,218 @@
+<?php
+
+/**
+ * @package CRM
+ * @copyright CiviCRM LLC https://civicrm.org/licensing
+ *
+ * Generated from standaloneusers/xml/schema/CRM/Standaloneusers/RolePermission.xml
+ * DO NOT EDIT. Generated by CRM_Core_CodeGen
+ * (GenCodeChecksum:212bcca5de5d35a0542f2e1df14de8bd)
+ */
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+/**
+ * Database access object for the RolePermission entity.
+ */
+class CRM_Standaloneusers_DAO_RolePermission extends CRM_Core_DAO {
+ const EXT = E::LONG_NAME;
+ const TABLE_ADDED = '';
+
+ /**
+ * Static instance to hold the table name.
+ *
+ * @var string
+ */
+ public static $_tableName = 'civicrm_role_permission';
+
+ /**
+ * Should CiviCRM log any modifications to this table in the civicrm_log table.
+ *
+ * @var bool
+ */
+ public static $_log = TRUE;
+
+ /**
+ * Unique RolePermission ID
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $id;
+
+ /**
+ * FK to Role
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $role_id;
+
+ /**
+ * A single permission granted to this role
+ *
+ * @var string
+ * (SQL type: varchar(60))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $permission;
+
+ /**
+ * Class constructor.
+ */
+ public function __construct() {
+ $this->__table = 'civicrm_role_permission';
+ parent::__construct();
+ }
+
+ /**
+ * Returns localized title of this entity.
+ *
+ * @param bool $plural
+ * Whether to return the plural version of the title.
+ */
+ public static function getEntityTitle($plural = FALSE) {
+ return $plural ? E::ts('Role Permissions') : E::ts('Role Permission');
+ }
+
+ /**
+ * Returns foreign keys and entity references.
+ *
+ * @return array
+ * [CRM_Core_Reference_Interface]
+ */
+ public static function getReferenceColumns() {
+ if (!isset(Civi::$statics[__CLASS__]['links'])) {
+ Civi::$statics[__CLASS__]['links'] = static::createReferenceColumns(__CLASS__);
+ Civi::$statics[__CLASS__]['links'][] = new CRM_Core_Reference_Basic(self::getTableName(), 'role_id', 'civicrm_role', 'id');
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'links_callback', Civi::$statics[__CLASS__]['links']);
+ }
+ return Civi::$statics[__CLASS__]['links'];
+ }
+
+ /**
+ * Returns all the column names of this table
+ *
+ * @return array
+ */
+ public static function &fields() {
+ if (!isset(Civi::$statics[__CLASS__]['fields'])) {
+ Civi::$statics[__CLASS__]['fields'] = [
+ 'id' => [
+ 'name' => 'id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('Unique RolePermission ID'),
+ 'required' => TRUE,
+ 'where' => 'civicrm_role_permission.id',
+ 'table_name' => 'civicrm_role_permission',
+ 'entity' => 'RolePermission',
+ 'bao' => 'CRM_Standaloneusers_DAO_RolePermission',
+ 'localizable' => 0,
+ 'html' => [
+ 'type' => 'Number',
+ ],
+ 'readonly' => TRUE,
+ 'add' => NULL,
+ ],
+ 'role_id' => [
+ 'name' => 'role_id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('FK to Role'),
+ 'where' => 'civicrm_role_permission.role_id',
+ 'table_name' => 'civicrm_role_permission',
+ 'entity' => 'RolePermission',
+ 'bao' => 'CRM_Standaloneusers_DAO_RolePermission',
+ 'localizable' => 0,
+ 'FKClassName' => 'CRM_Standaloneusers_DAO_Role',
+ 'add' => NULL,
+ ],
+ 'permission' => [
+ 'name' => 'permission',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Permission'),
+ 'description' => E::ts('A single permission granted to this role'),
+ 'required' => TRUE,
+ 'maxlength' => 60,
+ 'size' => CRM_Utils_Type::BIG,
+ 'where' => 'civicrm_role_permission.permission',
+ 'table_name' => 'civicrm_role_permission',
+ 'entity' => 'RolePermission',
+ 'bao' => 'CRM_Standaloneusers_DAO_RolePermission',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ ];
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'fields_callback', Civi::$statics[__CLASS__]['fields']);
+ }
+ return Civi::$statics[__CLASS__]['fields'];
+ }
+
+ /**
+ * Return a mapping from field-name to the corresponding key (as used in fields()).
+ *
+ * @return array
+ * Array(string $name => string $uniqueName).
+ */
+ public static function &fieldKeys() {
+ if (!isset(Civi::$statics[__CLASS__]['fieldKeys'])) {
+ Civi::$statics[__CLASS__]['fieldKeys'] = array_flip(CRM_Utils_Array::collect('name', self::fields()));
+ }
+ return Civi::$statics[__CLASS__]['fieldKeys'];
+ }
+
+ /**
+ * Returns the names of this table
+ *
+ * @return string
+ */
+ public static function getTableName() {
+ return self::$_tableName;
+ }
+
+ /**
+ * Returns if this table needs to be logged
+ *
+ * @return bool
+ */
+ public function getLog() {
+ return self::$_log;
+ }
+
+ /**
+ * Returns the list of fields that can be imported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &import($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getImports(__CLASS__, 'role_permission', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of fields that can be exported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &export($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getExports(__CLASS__, 'role_permission', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of indices
+ *
+ * @param bool $localize
+ *
+ * @return array
+ */
+ public static function indices($localize = TRUE) {
+ $indices = [];
+ return ($localize && !empty($indices)) ? CRM_Core_DAO_AllCoreTables::multilingualize(__CLASS__, $indices) : $indices;
+ }
+
+}
diff --git a/ext/standaloneusers/CRM/Standaloneusers/DAO/User.php b/ext/standaloneusers/CRM/Standaloneusers/DAO/User.php
new file mode 100644
index 0000000000..b63ed15a9c
--- /dev/null
+++ b/ext/standaloneusers/CRM/Standaloneusers/DAO/User.php
@@ -0,0 +1,402 @@
+<?php
+
+/**
+ * @package CRM
+ * @copyright CiviCRM LLC https://civicrm.org/licensing
+ *
+ * Generated from standaloneusers/xml/schema/CRM/Standaloneusers/User.xml
+ * DO NOT EDIT. Generated by CRM_Core_CodeGen
+ * (GenCodeChecksum:5a36926dd2c3d68eb325cc1f10961b29)
+ */
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+/**
+ * Database access object for the User entity.
+ */
+class CRM_Standaloneusers_DAO_User extends CRM_Core_DAO {
+ const EXT = E::LONG_NAME;
+ const TABLE_ADDED = '';
+
+ /**
+ * Static instance to hold the table name.
+ *
+ * @var string
+ */
+ public static $_tableName = 'civicrm_user';
+
+ /**
+ * Field to show when displaying a record.
+ *
+ * @var string
+ */
+ public static $_labelField = 'username';
+
+ /**
+ * Should CiviCRM log any modifications to this table in the civicrm_log table.
+ *
+ * @var bool
+ */
+ public static $_log = TRUE;
+
+ /**
+ * Unique User ID
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $id;
+
+ /**
+ * FK to Contact
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $contact_id;
+
+ /**
+ * @var string
+ * (SQL type: varchar(60))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $username;
+
+ /**
+ * Hashed password
+ *
+ * @var string
+ * (SQL type: varchar(128))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $password;
+
+ /**
+ * Email (e.g. for password resets)
+ *
+ * @var string
+ * (SQL type: varchar(255))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $email;
+
+ /**
+ * @var string|null
+ * (SQL type: timestamp)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $when_created;
+
+ /**
+ * @var string|null
+ * (SQL type: timestamp)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $when_last_accessed;
+
+ /**
+ * @var string|null
+ * (SQL type: timestamp)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $when_updated;
+
+ /**
+ * @var bool|string
+ * (SQL type: tinyint)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $is_active;
+
+ /**
+ * User's timezone
+ *
+ * @var string
+ * (SQL type: varchar(32))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $timezone;
+
+ /**
+ * User's language
+ *
+ * @var string
+ * (SQL type: varchar(12))
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $language;
+
+ /**
+ * Class constructor.
+ */
+ public function __construct() {
+ $this->__table = 'civicrm_user';
+ parent::__construct();
+ }
+
+ /**
+ * Returns localized title of this entity.
+ *
+ * @param bool $plural
+ * Whether to return the plural version of the title.
+ */
+ public static function getEntityTitle($plural = FALSE) {
+ return $plural ? E::ts('Users') : E::ts('User');
+ }
+
+ /**
+ * Returns foreign keys and entity references.
+ *
+ * @return array
+ * [CRM_Core_Reference_Interface]
+ */
+ public static function getReferenceColumns() {
+ if (!isset(Civi::$statics[__CLASS__]['links'])) {
+ Civi::$statics[__CLASS__]['links'] = static::createReferenceColumns(__CLASS__);
+ Civi::$statics[__CLASS__]['links'][] = new CRM_Core_Reference_Basic(self::getTableName(), 'contact_id', 'civicrm_contact', 'id');
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'links_callback', Civi::$statics[__CLASS__]['links']);
+ }
+ return Civi::$statics[__CLASS__]['links'];
+ }
+
+ /**
+ * Returns all the column names of this table
+ *
+ * @return array
+ */
+ public static function &fields() {
+ if (!isset(Civi::$statics[__CLASS__]['fields'])) {
+ Civi::$statics[__CLASS__]['fields'] = [
+ 'id' => [
+ 'name' => 'id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('Unique User ID'),
+ 'required' => TRUE,
+ 'where' => 'civicrm_user.id',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'html' => [
+ 'type' => 'Number',
+ ],
+ 'readonly' => TRUE,
+ 'add' => NULL,
+ ],
+ 'contact_id' => [
+ 'name' => 'contact_id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('FK to Contact'),
+ 'where' => 'civicrm_user.contact_id',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'FKClassName' => 'CRM_Contact_DAO_Contact',
+ 'add' => NULL,
+ ],
+ 'username' => [
+ 'name' => 'username',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Username'),
+ 'required' => TRUE,
+ 'maxlength' => 60,
+ 'size' => CRM_Utils_Type::BIG,
+ 'where' => 'civicrm_user.username',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'password' => [
+ 'name' => 'password',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Password'),
+ 'description' => E::ts('Hashed password'),
+ 'required' => TRUE,
+ 'maxlength' => 128,
+ 'size' => CRM_Utils_Type::HUGE,
+ 'where' => 'civicrm_user.password',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'email' => [
+ 'name' => 'email',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Email'),
+ 'description' => E::ts('Email (e.g. for password resets)'),
+ 'required' => TRUE,
+ 'maxlength' => 255,
+ 'size' => CRM_Utils_Type::HUGE,
+ 'where' => 'civicrm_user.email',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'when_created' => [
+ 'name' => 'when_created',
+ 'type' => CRM_Utils_Type::T_TIMESTAMP,
+ 'title' => E::ts('When Created'),
+ 'where' => 'civicrm_user.when_created',
+ 'default' => 'CURRENT_TIMESTAMP',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'when_last_accessed' => [
+ 'name' => 'when_last_accessed',
+ 'type' => CRM_Utils_Type::T_TIMESTAMP,
+ 'title' => E::ts('When Last Accessed'),
+ 'where' => 'civicrm_user.when_last_accessed',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'when_updated' => [
+ 'name' => 'when_updated',
+ 'type' => CRM_Utils_Type::T_TIMESTAMP,
+ 'title' => E::ts('When Updated'),
+ 'where' => 'civicrm_user.when_updated',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'is_active' => [
+ 'name' => 'is_active',
+ 'type' => CRM_Utils_Type::T_BOOLEAN,
+ 'required' => TRUE,
+ 'where' => 'civicrm_user.is_active',
+ 'default' => '1',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'timezone' => [
+ 'name' => 'timezone',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Timezone'),
+ 'description' => E::ts('User\'s timezone'),
+ 'required' => FALSE,
+ 'maxlength' => 32,
+ 'size' => CRM_Utils_Type::MEDIUM,
+ 'where' => 'civicrm_user.timezone',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ 'language' => [
+ 'name' => 'language',
+ 'type' => CRM_Utils_Type::T_STRING,
+ 'title' => E::ts('Language'),
+ 'description' => E::ts('User\'s language'),
+ 'required' => FALSE,
+ 'maxlength' => 12,
+ 'size' => CRM_Utils_Type::TWELVE,
+ 'where' => 'civicrm_user.language',
+ 'table_name' => 'civicrm_user',
+ 'entity' => 'User',
+ 'bao' => 'CRM_Standaloneusers_DAO_User',
+ 'localizable' => 0,
+ 'add' => NULL,
+ ],
+ ];
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'fields_callback', Civi::$statics[__CLASS__]['fields']);
+ }
+ return Civi::$statics[__CLASS__]['fields'];
+ }
+
+ /**
+ * Return a mapping from field-name to the corresponding key (as used in fields()).
+ *
+ * @return array
+ * Array(string $name => string $uniqueName).
+ */
+ public static function &fieldKeys() {
+ if (!isset(Civi::$statics[__CLASS__]['fieldKeys'])) {
+ Civi::$statics[__CLASS__]['fieldKeys'] = array_flip(CRM_Utils_Array::collect('name', self::fields()));
+ }
+ return Civi::$statics[__CLASS__]['fieldKeys'];
+ }
+
+ /**
+ * Returns the names of this table
+ *
+ * @return string
+ */
+ public static function getTableName() {
+ return self::$_tableName;
+ }
+
+ /**
+ * Returns if this table needs to be logged
+ *
+ * @return bool
+ */
+ public function getLog() {
+ return self::$_log;
+ }
+
+ /**
+ * Returns the list of fields that can be imported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &import($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getImports(__CLASS__, 'user', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of fields that can be exported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &export($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getExports(__CLASS__, 'user', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of indices
+ *
+ * @param bool $localize
+ *
+ * @return array
+ */
+ public static function indices($localize = TRUE) {
+ $indices = [
+ 'index_username' => [
+ 'name' => 'index_username',
+ 'field' => [
+ 0 => 'username',
+ ],
+ 'localizable' => FALSE,
+ 'unique' => TRUE,
+ 'sig' => 'civicrm_user::1::username',
+ ],
+ ];
+ return ($localize && !empty($indices)) ? CRM_Core_DAO_AllCoreTables::multilingualize(__CLASS__, $indices) : $indices;
+ }
+
+}
diff --git a/ext/standaloneusers/CRM/Standaloneusers/DAO/UserRole.php b/ext/standaloneusers/CRM/Standaloneusers/DAO/UserRole.php
new file mode 100644
index 0000000000..19f81fd330
--- /dev/null
+++ b/ext/standaloneusers/CRM/Standaloneusers/DAO/UserRole.php
@@ -0,0 +1,226 @@
+<?php
+
+/**
+ * @package CRM
+ * @copyright CiviCRM LLC https://civicrm.org/licensing
+ *
+ * Generated from standaloneusers/xml/schema/CRM/Standaloneusers/UserRole.xml
+ * DO NOT EDIT. Generated by CRM_Core_CodeGen
+ * (GenCodeChecksum:5d4248ccad5a9831f1b0f5bd38a758de)
+ */
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+/**
+ * Database access object for the UserRole entity.
+ */
+class CRM_Standaloneusers_DAO_UserRole extends CRM_Core_DAO {
+ const EXT = E::LONG_NAME;
+ const TABLE_ADDED = '';
+
+ /**
+ * Static instance to hold the table name.
+ *
+ * @var string
+ */
+ public static $_tableName = 'civicrm_user_role';
+
+ /**
+ * Should CiviCRM log any modifications to this table in the civicrm_log table.
+ *
+ * @var bool
+ */
+ public static $_log = TRUE;
+
+ /**
+ * Unique UserRole ID
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $id;
+
+ /**
+ * FK to User
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $user_id;
+
+ /**
+ * FK to role
+ *
+ * @var int|string|null
+ * (SQL type: int unsigned)
+ * Note that values will be retrieved from the database as a string.
+ */
+ public $role_id;
+
+ /**
+ * Class constructor.
+ */
+ public function __construct() {
+ $this->__table = 'civicrm_user_role';
+ parent::__construct();
+ }
+
+ /**
+ * Returns localized title of this entity.
+ *
+ * @param bool $plural
+ * Whether to return the plural version of the title.
+ */
+ public static function getEntityTitle($plural = FALSE) {
+ return $plural ? E::ts('User Roles') : E::ts('User Role');
+ }
+
+ /**
+ * Returns foreign keys and entity references.
+ *
+ * @return array
+ * [CRM_Core_Reference_Interface]
+ */
+ public static function getReferenceColumns() {
+ if (!isset(Civi::$statics[__CLASS__]['links'])) {
+ Civi::$statics[__CLASS__]['links'] = static::createReferenceColumns(__CLASS__);
+ Civi::$statics[__CLASS__]['links'][] = new CRM_Core_Reference_Basic(self::getTableName(), 'user_id', 'civicrm_user', 'id');
+ Civi::$statics[__CLASS__]['links'][] = new CRM_Core_Reference_Basic(self::getTableName(), 'role_id', 'civicrm_role', 'id');
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'links_callback', Civi::$statics[__CLASS__]['links']);
+ }
+ return Civi::$statics[__CLASS__]['links'];
+ }
+
+ /**
+ * Returns all the column names of this table
+ *
+ * @return array
+ */
+ public static function &fields() {
+ if (!isset(Civi::$statics[__CLASS__]['fields'])) {
+ Civi::$statics[__CLASS__]['fields'] = [
+ 'id' => [
+ 'name' => 'id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('Unique UserRole ID'),
+ 'required' => TRUE,
+ 'where' => 'civicrm_user_role.id',
+ 'table_name' => 'civicrm_user_role',
+ 'entity' => 'UserRole',
+ 'bao' => 'CRM_Standaloneusers_DAO_UserRole',
+ 'localizable' => 0,
+ 'html' => [
+ 'type' => 'Number',
+ ],
+ 'readonly' => TRUE,
+ 'add' => NULL,
+ ],
+ 'user_id' => [
+ 'name' => 'user_id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('FK to User'),
+ 'where' => 'civicrm_user_role.user_id',
+ 'table_name' => 'civicrm_user_role',
+ 'entity' => 'UserRole',
+ 'bao' => 'CRM_Standaloneusers_DAO_UserRole',
+ 'localizable' => 0,
+ 'FKClassName' => 'CRM_Standaloneusers_DAO_User',
+ 'add' => NULL,
+ ],
+ 'role_id' => [
+ 'name' => 'role_id',
+ 'type' => CRM_Utils_Type::T_INT,
+ 'description' => E::ts('FK to role'),
+ 'where' => 'civicrm_user_role.role_id',
+ 'table_name' => 'civicrm_user_role',
+ 'entity' => 'UserRole',
+ 'bao' => 'CRM_Standaloneusers_DAO_UserRole',
+ 'localizable' => 0,
+ 'FKClassName' => 'CRM_Standaloneusers_DAO_Role',
+ 'add' => NULL,
+ ],
+ ];
+ CRM_Core_DAO_AllCoreTables::invoke(__CLASS__, 'fields_callback', Civi::$statics[__CLASS__]['fields']);
+ }
+ return Civi::$statics[__CLASS__]['fields'];
+ }
+
+ /**
+ * Return a mapping from field-name to the corresponding key (as used in fields()).
+ *
+ * @return array
+ * Array(string $name => string $uniqueName).
+ */
+ public static function &fieldKeys() {
+ if (!isset(Civi::$statics[__CLASS__]['fieldKeys'])) {
+ Civi::$statics[__CLASS__]['fieldKeys'] = array_flip(CRM_Utils_Array::collect('name', self::fields()));
+ }
+ return Civi::$statics[__CLASS__]['fieldKeys'];
+ }
+
+ /**
+ * Returns the names of this table
+ *
+ * @return string
+ */
+ public static function getTableName() {
+ return self::$_tableName;
+ }
+
+ /**
+ * Returns if this table needs to be logged
+ *
+ * @return bool
+ */
+ public function getLog() {
+ return self::$_log;
+ }
+
+ /**
+ * Returns the list of fields that can be imported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &import($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getImports(__CLASS__, 'user_role', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of fields that can be exported
+ *
+ * @param bool $prefix
+ *
+ * @return array
+ */
+ public static function &export($prefix = FALSE) {
+ $r = CRM_Core_DAO_AllCoreTables::getExports(__CLASS__, 'user_role', $prefix, []);
+ return $r;
+ }
+
+ /**
+ * Returns the list of indices
+ *
+ * @param bool $localize
+ *
+ * @return array
+ */
+ public static function indices($localize = TRUE) {
+ $indices = [
+ 'index_user_role' => [
+ 'name' => 'index_user_role',
+ 'field' => [
+ 0 => 'user_id',
+ 1 => 'role_id',
+ ],
+ 'localizable' => FALSE,
+ 'sig' => 'civicrm_user_role::0::user_id::role_id',
+ ],
+ ];
+ return ($localize && !empty($indices)) ? CRM_Core_DAO_AllCoreTables::multilingualize(__CLASS__, $indices) : $indices;
+ }
+
+}
diff --git a/ext/standaloneusers/CRM/Standaloneusers/Page/Login.php b/ext/standaloneusers/CRM/Standaloneusers/Page/Login.php
new file mode 100644
index 0000000000..1c43cf2e33
--- /dev/null
+++ b/ext/standaloneusers/CRM/Standaloneusers/Page/Login.php
@@ -0,0 +1,17 @@
+<?php
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+class CRM_Standaloneusers_Page_Login extends CRM_Core_Page {
+
+ public function run() {
+ // // Example: Set the page-title dynamically; alternatively, declare a static title in xml/Menu/*.xml
+ // CRM_Utils_System::setTitle(E::ts('Login'));
+ //
+ // // Example: Assign a variable for use in a template
+ // $this->assign('currentTime', date('Y-m-d H:i:s'));
+ $this->assign('logoUrl', E::url('images/civicrm-logo.png'));
+
+ parent::run();
+ }
+
+}
diff --git a/ext/standaloneusers/CRM/Standaloneusers/Upgrader.php b/ext/standaloneusers/CRM/Standaloneusers/Upgrader.php
new file mode 100644
index 0000000000..f6b9f891fe
--- /dev/null
+++ b/ext/standaloneusers/CRM/Standaloneusers/Upgrader.php
@@ -0,0 +1,190 @@
+<?php
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+/**
+ * Collection of upgrade steps.
+ */
+class CRM_Standaloneusers_Upgrader extends CRM_Extension_Upgrader_Base {
+
+ // By convention, functions that look like "function upgrade_NNNN()" are
+ // upgrade tasks. They are executed in order (like Drupal's hook_update_N).
+
+ /**
+ * Example: Run an external SQL script when the module is installed.
+ *
+ public function install() {
+ $this->executeSqlFile('sql/myinstall.sql');
+ }
+
+ /**
+ * Example: Work with entities usually not available during the install step.
+ *
+ * This method can be used for any post-install tasks. For example, if a step
+ * of your installation depends on accessing an entity that is itself
+ * created during the installation (e.g., a setting or a managed entity), do
+ * so here to avoid order of operation problems.
+ */
+ public function postInstall() {
+
+ $users = \Civi\Api4\User::get(FALSE)->selectRowCount()->execute()->countMatched();
+ if ($users == 0) {
+
+ CRM_Core_DAO::executeQuery('DELETE FROM civicrm_uf_match');
+
+ // Create an admin contact.
+ $contactID = \Civi\Api4\Contact::create(FALSE)
+ ->setValues([
+ 'contact_type' => 'Individual',
+ 'first_name' => 'Standalone',
+ 'last_name' => 'Admin',
+ ])
+ ->execute()->first()['id'];
+ $dummyEmail = 'admin@localhost.localdomain';
+
+ // Create user
+ $config = \CRM_Core_Config::singleton();
+ $originalUFPermission = $config->userPermissionClass;
+ $originalUF = $config->userSystem;
+ $config->userPermissionClass = new \CRM_Core_Permission_Standalone();
+ $config->userSystem = new \CRM_Utils_System_Standalone();
+ $password = substr(base64_encode(random_bytes(8)), 0, 12);
+ $params = [
+ 'cms_name' => 'admin',
+ 'cms_pass' => $password,
+ 'notify' => FALSE,
+ $dummyEmail => $dummyEmail,
+ 'contactID' => $contactID,
+ ];
+ $userID = \CRM_Core_BAO_CMSUser::create($params, $dummyEmail);
+ $config->userPermissionClass = $originalUFPermission;
+ $config->userSystem = $originalUF;
+
+ // Create Role
+ $roleID = \Civi\Api4\Role::create(FALSE)->setValues(['name' => 'Administrator'])->execute()->first()['id'];
+
+ // Assign role to user
+ \Civi\Api4\UserRole::create(FALSE)->setValues(['role_id' => $roleID, 'user_id' => $userID])->execute();
+
+ // Create permissions for role
+ // @todo I expect there's a better way than this; this doesn't even bring in all the permissions.
+ $records = [['permission' => 'authenticate with password']];
+ foreach (array_keys(\CRM_Core_Permission::getCorePermissions()) as $permission) {
+ $records[] = ['permission' => $permission];
+ }
+ \Civi\Api4\RolePermission::save(FALSE)
+ ->setDefaults(['role_id' => $roleID])
+ ->setRecords($records)
+ ->execute();
+
+ $message = "Created New admin User $userID and contact $contactID with password $password and ALL permissions.";
+ \Civi::log()->notice($message);
+ if (php_sapi_name() === 'cli') {
+ print $message . "\n";
+ }
+ else {
+ $authx = new \Civi\Authx\Standalone();
+ $authx->loginSession($userID);
+ CRM_Core_Session::setStatus($message . " You are logged in!", 'Standalone installed', 'alert');
+ }
+ }
+ }
+
+ /**
+ * Example: Run an external SQL script when the module is uninstalled.
+ */
+ // public function uninstall() {
+ // $this->executeSqlFile('sql/myuninstall.sql');
+ // }
+
+ /**
+ * Example: Run a simple query when a module is enabled.
+ */
+ // public function enable() {
+ // CRM_Core_DAO::executeQuery('UPDATE foo SET is_active = 1 WHERE bar = "whiz"');
+ // }
+
+ /**
+ * Example: Run a simple query when a module is disabled.
+ */
+ // public function disable() {
+ // CRM_Core_DAO::executeQuery('UPDATE foo SET is_active = 0 WHERE bar = "whiz"');
+ // }
+
+ /**
+ * Example: Run a couple simple queries.
+ *
+ * @return TRUE on success
+ * @throws Exception
+ */
+ // public function upgrade_4200(): bool {
+ // $this->ctx->log->info('Applying update 4200');
+ // CRM_Core_DAO::executeQuery('UPDATE foo SET bar = "whiz"');
+ // CRM_Core_DAO::executeQuery('DELETE FROM bang WHERE willy = wonka(2)');
+ // return TRUE;
+ // }
+
+
+ /**
+ * Example: Run an external SQL script.
+ *
+ * @return TRUE on success
+ * @throws Exception
+ */
+ // public function upgrade_4201(): bool {
+ // $this->ctx->log->info('Applying update 4201');
+ // // this path is relative to the extension base dir
+ // $this->executeSqlFile('sql/upgrade_4201.sql');
+ // return TRUE;
+ // }
+
+
+ /**
+ * Example: Run a slow upgrade process by breaking it up into smaller chunk.
+ *
+ * @return TRUE on success
+ * @throws Exception
+ */
+ // public function upgrade_4202(): bool {
+ // $this->ctx->log->info('Planning update 4202'); // PEAR Log interface
+
+ // $this->addTask(E::ts('Process first step'), 'processPart1', $arg1, $arg2);
+ // $this->addTask(E::ts('Process second step'), 'processPart2', $arg3, $arg4);
+ // $this->addTask(E::ts('Process second step'), 'processPart3', $arg5);
+ // return TRUE;
+ // }
+ // public function processPart1($arg1, $arg2) { sleep(10); return TRUE; }
+ // public function processPart2($arg3, $arg4) { sleep(10); return TRUE; }
+ // public function processPart3($arg5) { sleep(10); return TRUE; }
+
+ /**
+ * Example: Run an upgrade with a query that touches many (potentially
+ * millions) of records by breaking it up into smaller chunks.
+ *
+ * @return TRUE on success
+ * @throws Exception
+ */
+ // public function upgrade_4203(): bool {
+ // $this->ctx->log->info('Planning update 4203'); // PEAR Log interface
+
+ // $minId = CRM_Core_DAO::singleValueQuery('SELECT coalesce(min(id),0) FROM civicrm_contribution');
+ // $maxId = CRM_Core_DAO::singleValueQuery('SELECT coalesce(max(id),0) FROM civicrm_contribution');
+ // for ($startId = $minId; $startId <= $maxId; $startId += self::BATCH_SIZE) {
+ // $endId = $startId + self::BATCH_SIZE - 1;
+ // $title = E::ts('Upgrade Batch (%1 => %2)', array(
+ // 1 => $startId,
+ // 2 => $endId,
+ // ));
+ // $sql = '
+ // UPDATE civicrm_contribution SET foobar = whiz(wonky()+wanker)
+ // WHERE id BETWEEN %1 and %2
+ // ';
+ // $params = array(
+ // 1 => array($startId, 'Integer'),
+ // 2 => array($endId, 'Integer'),
+ // );
+ // $this->addTask($title, 'executeSql', $sql, $params);
+ // }
+ // return TRUE;
+ // }
+
+}
diff --git a/ext/standaloneusers/Civi/Api4/Role.php b/ext/standaloneusers/Civi/Api4/Role.php
new file mode 100644
index 0000000000..678779fa3a
--- /dev/null
+++ b/ext/standaloneusers/Civi/Api4/Role.php
@@ -0,0 +1,13 @@
+<?php
+namespace Civi\Api4;
+
+/**
+ * Role entity.
+ *
+ * Provided by the Standalone Users extension.
+ *
+ * @package Civi\Api4
+ */
+class Role extends Generic\DAOEntity {
+
+}
diff --git a/ext/standaloneusers/Civi/Api4/RolePermission.php b/ext/standaloneusers/Civi/Api4/RolePermission.php
new file mode 100644
index 0000000000..df22311640
--- /dev/null
+++ b/ext/standaloneusers/Civi/Api4/RolePermission.php
@@ -0,0 +1,13 @@
+<?php
+namespace Civi\Api4;
+
+/**
+ * RolePermission entity.
+ *
+ * Provided by the Standalone Users extension.
+ *
+ * @package Civi\Api4
+ */
+class RolePermission extends Generic\DAOEntity {
+
+}
diff --git a/ext/standaloneusers/Civi/Api4/User.php b/ext/standaloneusers/Civi/Api4/User.php
new file mode 100644
index 0000000000..ddb629fadd
--- /dev/null
+++ b/ext/standaloneusers/Civi/Api4/User.php
@@ -0,0 +1,13 @@
+<?php
+namespace Civi\Api4;
+
+/**
+ * User entity.
+ *
+ * Provided by the Standalone Users extension.
+ *
+ * @package Civi\Api4
+ */
+class User extends Generic\DAOEntity {
+
+}
diff --git a/ext/standaloneusers/Civi/Api4/UserRole.php b/ext/standaloneusers/Civi/Api4/UserRole.php
new file mode 100644
index 0000000000..ab5fbced8f
--- /dev/null
+++ b/ext/standaloneusers/Civi/Api4/UserRole.php
@@ -0,0 +1,13 @@
+<?php
+namespace Civi\Api4;
+
+/**
+ * UserRole entity.
+ *
+ * Provided by the Standalone Users extension.
+ *
+ * @package Civi\Api4
+ */
+class UserRole extends Generic\DAOEntity {
+
+}
diff --git a/ext/standaloneusers/Civi/Authx/Standalone.php b/ext/standaloneusers/Civi/Authx/Standalone.php
new file mode 100644
index 0000000000..d87296d424
--- /dev/null
+++ b/ext/standaloneusers/Civi/Authx/Standalone.php
@@ -0,0 +1,72 @@
+<?php
+/*
+ +--------------------------------------------------------------------+
+ | Copyright CiviCRM LLC. All rights reserved. |
+ | |
+ | This work is published under the GNU AGPLv3 license with some |
+ | permitted exceptions and without any warranty. For full license |
+ | and copyright information, see https://civicrm.org/licensing |
+ +--------------------------------------------------------------------+
+ */
+
+namespace Civi\Authx;
+
+use Civi\Standalone\Security;
+
+class Standalone implements AuthxInterface {
+
+ /**
+ * @inheritDoc
+ */
+ public function checkPassword(string $username, string $password) {
+ $security = Security::singleton();
+ $user = $security->loadUserByName($username);
+ return $security->checkPassword($password, $user['password'] ?? '') ? $user['id'] : NULL;
+ }
+
+ /**
+ * @inheritDoc
+ */
+ public function loginSession($userId) {
+ $this->loginStateless($userId);
+
+ $session = \CRM_Core_Session::singleton();
+ $session->set('ufId', $userId);
+
+ // Identify the contact
+ $contactID = civicrm_api3('UFMatch', 'get', [
+ 'sequential' => 1,
+ 'return' => ['contact_id'],
+ 'uf_id' => $userId
+ ])['values'][0]['contact_id'] ?? NULL;
+ // Confusingly, Civi stores it's *Contact* ID as *userId* on the session.
+ $session->set('userId', $contactID);
+ }
+
+ /**
+ * @inheritDoc
+ */
+ public function logoutSession() {
+ \CRM_Core_Session::singleton()->reset();
+ }
+
+ /**
+ * @inheritDoc
+ */
+ public function loginStateless($userId) {
+ global $loggedInUserId;
+ $loggedInUserId = $userId;
+ }
+
+ /**
+ * @inheritDoc
+ */
+ public function getCurrentUserId() {
+ global $loggedInUserId;
+ if (empty($loggedInUserId) && session_status() === PHP_SESSION_ACTIVE) {
+ $loggedInUserId = \CRM_Core_Session::singleton()->get('ufId');
+ }
+ return $loggedInUserId;
+ }
+
+}
diff --git a/ext/standaloneusers/Civi/Standalone/Security.php b/ext/standaloneusers/Civi/Standalone/Security.php
new file mode 100644
index 0000000000..a16fdfffe0
--- /dev/null
+++ b/ext/standaloneusers/Civi/Standalone/Security.php
@@ -0,0 +1,425 @@
+<?php
+namespace Civi\Standalone;
+
+use CRM_Core_Session;
+
+/**
+ * This is a single home for security related functions for Civi Standalone.
+ *
+ * Things may yet move around in the codebase; at the time of writing this helps
+ * keep core PRs to a minimum.
+ *
+ */
+class Security {
+
+ public const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+
+ public static $minHashCount = 7;
+ public static $maxHashCount = 30;
+ public static $hashLength = 55;
+ public static $hashMethod = 'sha512';
+
+
+ /**
+ * @return static
+ */
+ public static function singleton() {
+ if (!isset(\Civi::$statics[__METHOD__])) {
+ \Civi::$statics[__METHOD__] = new static();
+ }
+ return \Civi::$statics[__METHOD__];
+ }
+
+ /**
+ * Check whether a password matches a hashed version.
+ */
+ public function checkPassword(string $plaintextPassword, string $storedHashedPassword): bool {
+ $type = substr($storedHashedPassword, 0, 3);
+ switch ($type) {
+ case '$S$':
+ // A normal Drupal 7 password.
+ $hash = $this->_password_crypt(static::$hashMethod, $plaintextPassword, $storedHashedPassword);
+ break;
+ default:
+ // Invalid password
+ return FALSE;
+ }
+ return hash_equals($storedHashedPassword, $hash);
+ }
+
+ /**
+ * CRM_Core_Permission_Standalone::check() delegates here.
+ *
+ * @param string $str
+ * The permission to check.
+ *
+ * @param int $userID
+ * It is unclear if this typehint is true: The Drupal version has a default NULL!
+ *
+ * @return bool
+ * true if yes, else false
+ */
+ public function checkPermission(\CRM_Core_Permission_Standalone $permissionObject, string $permissionName, $userID) {
+
+ // I think null means the current logged-in user
+ $userID = $userID ?? $this->getLoggedInUfID();
+
+ if (!$userID) {
+ // permissions for anonymous user. @todo
+ return FALSE;
+ }
+
+ // @todo handle anonymous permissions!
+ // No permissions yet; load them now.
+ $found = \Civi\Api4\RolePermission::get(FALSE)
+ ->selectRowCount()
+ ->addJoin('UserRole AS user_role', 'INNER',
+ ['role_id', '=', 'user_role.role_id'],
+ ['user_role.user_id', '=', $userID])
+ ->addWhere('permission', '=', $permissionName)
+ ->execute()->countMatched();
+ return (bool) $found;
+ }
+
+ /**
+ */
+ public function getUserIDFromUsername(string $username): ?int {
+ return \Civi\Api4\User::get(FALSE)
+ ->addWhere('username', '=', $username)
+ ->execute()
+ ->single()['id'] ?? NULL;
+ }
+
+ /**
+ * Load an active user by username.
+ *
+ * @return array|bool FALSE if not found.
+ */
+ public function loadUserByName(string $username) {
+ $user = \Civi\Api4\User::get(FALSE)
+ ->addWhere('username', '=', $username)
+ ->addWhere('is_active', '=', TRUE)
+ ->execute()->first() ?? [];
+ if ($user) {
+ return $user;
+ }
+ return FALSE;
+ }
+
+ /**
+ * Load an active user by internal user ID.
+ *
+ * @return array|bool FALSE if not found.
+ */
+ public function loadUserByID(int $userID) {
+ $user = \Civi\Api4\User::get(FALSE)
+ ->addWhere('id', '=', $userID)
+ ->addWhere('is_active', '=', TRUE)
+ ->execute()->first() ?? [];
+ if ($user) {
+ return $user;
+ }
+ return FALSE;
+ }
+
+ /**
+ */
+ public function logoutUser() {
+ // @todo
+ }
+
+ /**
+ * Create a user in the CMS.
+ *
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ *
+ * @param array $params keys:
+ * - 'cms_name'
+ * - 'cms_pass' plaintext password
+ * - 'notify' boolean
+ * @param string $mail
+ * Email id for cms user.
+ *
+ * @return int|bool
+ * uid if user was created, false otherwise
+ */
+ public function createUser(&$params, $mail) {
+ try {
+ // Q. should this be in the api for User.create?
+ $hashedPassword = $this->_password_crypt(static::$hashMethod, $params['cms_pass'], $this->_password_generate_salt());
+
+ $userID = \Civi\Api4\User::create(FALSE)
+ ->addValue('username', $params['cms_name'])
+ ->addValue('email', $mail)
+ ->addValue('password', $hashedPassword)
+ ->execute()->single()['id'];
+ }
+ catch (\Exception $e) {
+ \Civi::log()->warning("Failed to create user '$mail': " . $e->getMessage());
+ return FALSE;
+ }
+
+ // @todo This is what Drupal does, but it's unclear why.
+ // I think it assumes we want to be logged in as this contact, and as there's no uf match, it's not in civi.
+ // But I'm not sure if we are always becomming this user; I'm not sure waht calls this function.
+ // CRM_Core_Config::singleton()->inCiviCRM = FALSE;
+
+ return (int) $userID;
+ }
+
+ /**
+ * Update a user's email
+ *
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ */
+ public function updateCMSName($ufID, $email) {
+ \Civi\Api4\User::update(FALSE)
+ ->addWhere('id', '=', $ufID)
+ ->addValue('email', $email)
+ ->execute();
+ }
+
+ /**
+ * Authenticate the user against the CMS db.
+ *
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ *
+ * @param string $name
+ * The user name.
+ * @param string $password
+ * The password for the above user.
+ * @param bool $loadCMSBootstrap
+ * Load cms bootstrap?.
+ * @param string $realPath
+ * Filename of script
+ *
+ * @return array|bool
+ * [contactID, ufID, unique string] else false if no auth
+ * @throws \CRM_Core_Exception.
+ */
+ public function authenticate($name, $password, $loadCMSBootstrap = FALSE, $realPath = NULL) {
+
+ // this comment + session lines: copied from Drupal's implementation in case it's important...
+ /* Before we do any loading, let's start the session and write to it.
+ * We typically call authenticate only when we need to bootstrap the CMS
+ * directly via Civi and hence bypass the normal CMS auth and bootstrap
+ * process typically done in CLI and cron scripts. See: CRM-12648
+ */
+ $session = CRM_Core_Session::singleton();
+ $session->set('civicrmInitSession', TRUE);
+
+ $user = $this->loadUserByName($name);
+
+ if (!$this->checkPassword($password, $user['password'] ?? '')) {
+ return FALSE;
+ }
+
+ // Note: random_int is more appropriate for cryptographical use than mt_rand
+ // The long number is the max 32 bit value.
+ return [$user['contact_id'], $user['id'], random_int(0, 2147483647)];
+ }
+
+ /**
+ * Currently only used by CRM_Utils_System_Standalone::loadBootstrap
+ */
+ public function loginAuthenticatedUserRecord(array $user, bool $withSession) {
+ $authX = new \Civi\Authx\Standalone();
+ if ($withSession) {
+ $authX->loginSession($user['id']);
+ }
+ else {
+ $authX->loginStateless($user['id']);
+ }
+ }
+
+ /**
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ */
+ public function isUserLoggedIn(): bool {
+ return !empty($this->getLoggedInUfID());
+ }
+
+ public function getCurrentLanguage() {
+ // @todo
+ \Civi::log()->debug('CRM_Utils_System_Standalone::getCurrentLanguage: not implemented');
+ return NULL;
+ }
+
+ /**
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ */
+ public function getLoggedInUfID(): ?int {
+ $authX = new \Civi\Authx\Standalone();
+ return $authX->getCurrentUserId();
+ }
+
+ /**
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ */
+ public function languageNegotiationURL($url, $addLanguagePart = TRUE, $removeLanguagePart = FALSE) {
+ // @todo
+ return $url;
+ }
+
+ /**
+ * This is the (perhaps temporary location for) the implementation of CRM_Utils_System_Standalone method.
+ * Return the CMS-specific url for its permissions page
+ * @return array
+ */
+ public function getCMSPermissionsUrlParams() {
+ return ['ufAccessURL' => '/fixme/standalone/permissions/url/params'];
+ }
+
+ /**
+ * Since our User entity contains a FK to a contact, it's not possible for a User to exist without a contact.
+ *
+ * @todo review this (what if contact is deleted?)
+ */
+ public function synchronizeUsers() {
+
+ $userCount = \Civi\Api4\User::get(FALSE)->selectRowCount()->execute()->countMatched();
+ return [
+ 'contactCount' => $userCount,
+ 'contactMatching' => $userCount,
+ 'contactCreated' => 0,
+ ];
+ }
+
+ /**
+ * This is taken from Drupal 7.91
+ *
+ * Hash a password using a secure stretched hash.
+ *
+ * By using a salt and repeated hashing the password is "stretched". Its
+ * security is increased because it becomes much more computationally costly
+ * for an attacker to try to break the hash by brute-force computation of the
+ * hashes of a large number of plain-text words or strings to find a match.
+ *
+ * @param $algo
+ * The string name of a hashing algorithm usable by hash(), like 'sha256'.
+ * @param $password
+ * Plain-text password up to 512 bytes (128 to 512 UTF-8 characters) to hash.
+ * @param $setting
+ * An existing hash or the output of _password_generate_salt(). Must be
+ * at least 12 characters (the settings and salt).
+ *
+ * @return
+ * A string containing the hashed password (and salt) or FALSE on failure.
+ * The return string will be truncated at DRUPAL_HASH_LENGTH characters max.
+ */
+ public function _password_crypt($algo, $password, $setting) {
+ // Prevent DoS attacks by refusing to hash large passwords.
+ if (strlen($password) > 512) {
+ return FALSE;
+ }
+ // The first 12 characters of an existing hash are its setting string.
+ $setting = substr($setting, 0, 12);
+
+ if ($setting[0] != '$' || $setting[2] != '$') {
+ return FALSE;
+ }
+
+ $count_log2 = strpos(self::ITOA64, $setting[3]);
+
+ // Hashes may be imported from elsewhere, so we allow != DRUPAL_HASH_COUNT
+ if ($count_log2 < self::$minHashCount || $count_log2 > self::$maxHashCount) {
+ return FALSE;
+ }
+ $salt = substr($setting, 4, 8);
+ // Hashes must have an 8 character salt.
+ if (strlen($salt) != 8) {
+ return FALSE;
+ }
+
+ // Convert the base 2 logarithm into an integer.
+ $count = 1 << $count_log2;
+ $hash = hash($algo, $password, TRUE);
+ do {
+ $hash = hash($algo, $hash . $password, TRUE);
+ } while (--$count);
+
+ $len = strlen($hash);
+ $output = $setting . $this->_password_base64_encode($hash, $len);
+ // _password_base64_encode() of a 16 byte MD5 will always be 22 characters.
+ // _password_base64_encode() of a 64 byte sha512 will always be 86 characters.
+ $expected = 12 + ceil((8 * $len) / 6);
+ return (strlen($output) == $expected) ? substr($output, 0, self::$hashLength) : FALSE;
+ }
+
+ /**
+ * This is taken from Drupal 7.91
+ *
+ * Generates a random base 64-encoded salt prefixed with settings for the hash.
+ *
+ * Proper use of salts may defeat a number of attacks, including:
+ * - The ability to try candidate passwords against multiple hashes at once.
+ * - The ability to use pre-hashed lists of candidate passwords.
+ * - The ability to determine whether two users have the same (or different)
+ * password without actually having to guess one of the passwords.
+ *
+ * @param $count_log2
+ * Integer that determines the number of iterations used in the hashing
+ * process. A larger value is more secure, but takes more time to complete.
+ *
+ * @return
+ * A 12 character string containing the iteration count and a random salt.
+ */
+ public function _password_generate_salt($count_log2 = NULL) {
+
+ // Standalone: D7 has this stored as a CMS variable setting.
+ // @todo use global setting that can be changed in civicrm.settings.php
+ // For now, we just pick a value half way between our hard-coded min and max.
+ if ($count_log2 === NULL) {
+ $count_log2 = (int) ((static::$maxHashCount + static::$minHashCount)/2);
+ }
+ $output = '$S$';
+ // Ensure that $count_log2 is within set bounds.
+ $count_log2 = max(static::$minHashCount, min(static::$maxHashCount, $count_log2));
+ // We encode the final log2 iteration count in base 64.
+ $output .= self::ITOA64[$count_log2];
+ // 6 bytes is the standard salt for a portable phpass hash.
+ $output .= $this->_password_base64_encode(random_bytes(6), 6);
+ return $output;
+ }
+
+
+ /**
+ * This is taken from Drupal 7.91
+ *
+ * Encodes bytes into printable base 64 using the *nix standard from crypt().
+ *
+ * @param $input
+ * The string containing bytes to encode.
+ * @param $count
+ * The number of characters (bytes) to encode.
+ *
+ * @return
+ * Encoded string
+ */
+ public function _password_base64_encode($input, $count) {
+ $output = '';
+ $i = 0;
+ $itoa64 = self::ITOA64;
+ do {
+ $value = ord($input[$i++]);
+ $output .= $itoa64[$value & 0x3f];
+ if ($i < $count) {
+ $value |= ord($input[$i]) << 8;
+ }
+ $output .= $itoa64[($value >> 6) & 0x3f];
+ if ($i++ >= $count) {
+ break;
+ }
+ if ($i < $count) {
+ $value |= ord($input[$i]) << 16;
+ }
+ $output .= $itoa64[($value >> 12) & 0x3f];
+ if ($i++ >= $count) {
+ break;
+ }
+ $output .= $itoa64[($value >> 18) & 0x3f];
+ } while ($i < $count);
+
+ return $output;
+ }
+}
diff --git a/ext/standaloneusers/LICENSE.txt b/ext/standaloneusers/LICENSE.txt
new file mode 100644
index 0000000000..bba6f54a32
--- /dev/null
+++ b/ext/standaloneusers/LICENSE.txt
@@ -0,0 +1,667 @@
+Package: standaloneusers
+Copyright (C) 2022, Rich Lott / Artful Robot <code.commits@artfulrobot.uk>
+Licensed under the GNU Affero Public License 3.0 (below).
+
+-------------------------------------------------------------------------------
+
+ GNU AFFERO GENERAL PUBLIC LICENSE
+ Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+ A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate. Many developers of free software are heartened and
+encouraged by the resulting cooperation. However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+ The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community. It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server. Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+ An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals. This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU Affero General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Remote Network Interaction; Use with the GNU General Public License.
+
+ Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software. This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time. Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source. For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code. There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<http://www.gnu.org/licenses/>.
diff --git a/ext/standaloneusers/README.md b/ext/standaloneusers/README.md
new file mode 100644
index 0000000000..c66b127d20
--- /dev/null
+++ b/ext/standaloneusers/README.md
@@ -0,0 +1,37 @@
+# Users, Roles, Permissions for Standalone CiviCRM
+
+**â ï¸ Do not use this extension if you have CiviCRM installed the normal way (e.g. on Drupal, WordPress, Joomla, Backdrop...)!**
+
+This is only for people running [CiviCRM Standalone](https://github.com/civicrm/civicrm-standalone/) which is currently highly experimental, insecure and definitely NOT for production use!
+
+Normally, CiviCRM sits atop a CMS which provides role-based authentication: users can login, users are granted different roles, roles are granted different permissions. But standalone doesn't have these structures and relies on this extension for them.
+
+The extension is licensed under [AGPL-3.0](LICENSE.txt).
+
+## Requirements
+
+* PHP v7.4+
+* CiviCRM (standalone)
+
+
+## Getting started
+
+First, get standalone set up - e.g. you can see the admin interface up and running.
+
+Next configure AuthX from **Administer » System Settings » Authentication**. You'll need to add **User Password** to the **Acceptable credentials (HTTP Session Login) select. And hit Save.
+
+Now you can install this extension from the command line. (Clone this repo into web/upload/ext/ then enable it with `cv en standaloneusers`).
+
+On install, an account is created, user `admin`, and the password is printed on the console. The admin user is granted all permissions.
+
+Now if you try to load your site it should fail: you've got no access rights.
+
+At this stage, because you're moving from a system that had no concept of users to one that does, you'll need to clear your browser cookies for the site, otherwise login will get confused (You may see a "session already active" authx error.)
+
+Done that? Then head to `/civicrm/login`, enter your credentials and hopefully you're now back in the admin interface!
+
+
+
+## Conventions
+
+From the `Civi\Auth\Standalone` class, the User.id is stored in the global `$loggedInUserId` and when there's a session, under the key `ufId`.
diff --git a/ext/standaloneusers/ang/afsearchUsers.aff.html b/ext/standaloneusers/ang/afsearchUsers.aff.html
new file mode 100644
index 0000000000..8c24030e81
--- /dev/null
+++ b/ext/standaloneusers/ang/afsearchUsers.aff.html
@@ -0,0 +1,8 @@
+<div af-fieldset="">
+ <div class="af-markup">
+ <div class="help">
+ </div>
+ </div>
+ <crm-search-display-table search-name="Administer_Users" display-name="Users_Table"></crm-search-display-table>
+</div>
+
diff --git a/ext/standaloneusers/ang/afsearchUsers.aff.json b/ext/standaloneusers/ang/afsearchUsers.aff.json
new file mode 100644
index 0000000000..f9c40c3bfb
--- /dev/null
+++ b/ext/standaloneusers/ang/afsearchUsers.aff.json
@@ -0,0 +1,9 @@
+{
+ "type": "search",
+ "title": "Users",
+ "description": "Administer users",
+ "icon": "fa-list-alt",
+ "server_route": "civicrm/admin/users",
+ "permission": "access CiviCRM"
+}
+
diff --git a/ext/standaloneusers/images/civicrm-logo.png b/ext/standaloneusers/images/civicrm-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..5ec2f055e96302078679b1f9bc913911c2fb3771
GIT binary patch
literal 28835
zcmXt9byOSe)5TqyVx_n{6e#ZQZpBNn;uLpxcXyWpr4$cRC>E?xq__r`5TFnwe0hK8
ze1GgF=OibaooAkzJNMp=*Va_R$9ao`goK2zqAahAgoM0}cprj=fjB?S4!uUaV7n_D
zdm<qb{QB=e&gLMXKtiHLQjwR@_bWQ<3oSA;2!449+A8KeecK5;`xr-;%tl`w#5zKZ
z`W=9*13(5K$Fq*7BuJ??HGvM){5k8Z#THg`8a^cUCJdm|vBKr6;|gf$KUER)>b`~j
z%Bxus80{LJJ_`<g5kA}uyvX;ox69nH5j+!1oi6IW?zw!FJS_3tl$zn8(*nE_y1!|~
z9+?rKA?smb4h@}a&+pk(9u+C5jEqiL-CMt9xw;iN<>3zZLQM>(j^3zqC9@J!cKPP!
z(gqK@czAD4HUz>+ATb7X^Kjktt?&m$TmJGCz0y*|A=mx#^NxPli9jk40`J3a_n4)G
z(+;&5cQ#PWWz*)?o!|hBF}#okK8iu|8a6rTEzzmbd_+L^VUwZnc1L=<(>-w5_@$^G
zrpdk?kvBn0xq&=J{8K+;+-@Ez;oC#K=gs4+_#0BOQdp4X=H52|V**h$kDhC>gsY(w
z<y$~hp^RkocUyPxs&VGlN>uLPG}@c(AeJzEZvwi0x*&e0)rRjyIFeC?l_H{V*cRBj
zmJcDAydl#M1^^I@JqYOoD{DfPsu77aKxLkmo|%gl5;cTh@xUuTTJx%;gaqtac9rfq
z_gwYUH&=%Ee!7nuJ%nS|T)sT;j^vW!tpfCYhQHwM;n9R#xzC3zZpTi~d*c)%FmV(i
zHs^a)BM<5ptR-|(c}DNp;(gulJ9?-<R@?Gd%f-bRSh35!qV*s)N%z8qKra2|sy-xS
zHQTBNLU;M{aYQIV{{DSz>Bha{dy+HCkeuD+ucqy<=33Z1f=;ehU(kNbuVfG^JUU=X
z(SdSbHDgjkMq_Ku;Vh_<$jqT=uAI8R6)bFy0<gBG9NjMy-+uguVadoJ{$n<@V^2=F
zRF>p3fmAO<q00_<0Kr85Uo?hJ^+l*DObjWkNq=HgG=0+eG^^6{W-H!Z5@PWC^uNn{
z)$E6U-zKundV+204{;JaEjd>Dl6-0eZ3JJaZ<||Nv*%1Zk3BBbi627RXhLaAL}J}g
zfeqZ+U_QX!mgDYngGyr9+>eB~v@(;QsC~4TNY4iaw~cV;=^lgYT2nX+?xsOPf9F2?
zhT^78y3v94C&J6XO$8_ns*c&8UVEW84#}JLyQ6;DATf6LykChY4CZkp^t_M6;-Mdl
zcUN!FCwX-`N6*N%pgzfGWoO0iC!d1!%o5dN(R;DW|6kPo%b;SWSIr)`6#fh&6ajfH
zNx{*l9LO({z(>2+m!Vqj6ZYd_!fznu1if{fh&;iRyxDM@{O<~(=RF4L?6vik`pM8K
z$&7dW6|Jm$?5Z61HbKHaBeRIj+2~7ACA;l58Y=I6L+trC&0`jhM(aNu=&5u@+=BB7
zfIO)9^A~q3DW#PxJkcl8l>xl5rMCAT)i|HMmX4)3p0DQC+=~DH`Ql26`-N`}ly7b;
zMQwCL8QwJbh1LyY#)vf<a;*GCRFIQx>Sq%6LksOC)tRZ7U?xoB4dkc5U#{QIm%mMQ
z%rKn-QVu?+*okCwEMk2?DXMSaAr^jX1E?_1%+vuweqX`V2)7JGgXXwPEZ|(%y?5@)
zhm2o1)kp1$TN<9u+c}mkG9hMdAqG_q95S1@MZaxa-}|?p%~TtPanXB_9C1YkcP`ld
zcxT58qxf>h(Y~AA5m9>l<1q+J2{}RhUnH`Wl9psagN$ITn;g&psDxsKN`|yie*RUT
zE+u-k3bw;$o_RA>x=kMY%xnQoGH)Lypi1p2)$N6DN&25Dg~!kBgzJ|$4S0SLqHj^W
zd8?nJs*IV5Ph{^|_lIeO9BHZko5^<n&;Isg;;XN$FUO;akI_q6_6!Obx8ey9ouBq{
z;kD#jX9b11k;q%@8V1I*J8NW8g(ruU{mA{D117I;P!wE|%&}&g4YUu-R9&BzKF<o1
zGP6u`Q&6Q}93B0RCB7j0&;r8v%^Q9-m%iAJsEQWrfa8-7V1WisZIWJV!wzw5#?B<R
zOr^G0?T#Aqk~n6B;?#dF0}QiX5ZeH~X#LHn*AGqUy7&@6<?`4%1M81&SJ=&f=^9NR
zw<{M1l9`=a{L4)x)F2(x;^9v0&4B(EWJxTq#s&kQlnS*&b{78Z=wE>@=sfIuSg94_
zaYw#7{vY{rxQzP1m`d{L780#20beN9ax>OC`ApTED`!)7HF)dj#|^iGv1q8zOnc9z
zbL@M!H;TWR*nX(Gsx5Ghwy(rf7wXS9gWs+sxK$JJ3{CCWlZB)Zyk<9Q;0S9$#tn+?
zBtJ(Dk<A{{p@wb9k9E$7pWDYi&!t<pT!`9utk^hrTxmZJh_3(9`RF^w#Uy|sEfj`_
zY)Ou|T%$rOfhxOb($8u|(1MYp<V@|c_WGanf3^<G1YV)Lhx3?jt3tmIAZ=J%Yf=kL
z^uBc`i9|f4&RxqQCUm}itbMtD26;tU8`lRTdn}ZlO?OdJFdBm6A{)MxufDkV)E%B1
z&PU;=(OO8psLNKPv3ovTFZsV717*l~hlgJcwnyM&lLz!aPT=jzL5ZsgF@UC$Xy2NC
zBf7`nta&NZav;ZICVGFQW0Z1-QcR~+TY}$m@|sAoUlRSnU5TK~mS-nKX%^0e^o5hQ
zz-4s@Pu<=M62%*b;|LK8(<)mJ+aHZxt9i1A_RwTQNLb%roIR&VM)Bz4Dg2Ov#5>bb
zH~n@Vo1LSap5rX@sD8@^RQf%j-Wj7#%(C(?{rHXB$&RS0$_$cZzHRV5zt2?!QRvK0
zVu+lJu67flS7Mt9+hO>j5w8m=xNmTL8`LglU%|PS{%;hOVCOB{KK)a8mCvoV{o6~9
zV;_FJ1IV95-^=0NPC$!DP~rAuwj&GVa!^%F2c%x|+8691SPxQ<d+pdBm!hj~(?YhB
z$;GNdVD@=vYb5gZ*y!+crG4tv6Nzcw%Ywv$V@4sq%k~QS@QC&BuQI|gyn1N1lTmYV
z-UZZIC}<p&TQ?_p-QmS*T6|k^lkXAv@~}3YWs5WE9mQ4hg<CXYJ#nR!+Oj~|j${yP
z19Q6=U83pF2G*p^n@B-Ob4|t9yK<$TXD`k0mD$pz>w!wGWBA6UXb-dXagkBNw8+5B
z)RDRfJ3dTk$QrmKC(0t?05gQ&bh#Y2+pK|Z&W62O9K4GxWtfsRBfnAHi-H6qIhG~g
z6M<K`_X7vN`BFR1Nla&1HG;gE=hb&gBGG9o=x6;2q#m#6hP#Y|3x+!Zi2c6GG&CC~
z_lMVH5xDHQK6i+EmqI}JE7bF{ku(lcn*OcMF!Rdt`5|qUr^9<0ej2}(*x_8f)$Iga
zFlbb$M*OQxIg+VAZ?9*qP9PbY3!i>oKBtgLyu4g}wTCBcX?Weci%oDC>lHN_k@kAA
z3n0n+lm!vbonk(^u82}>F6&>xMYrwteV>{(|1@~G9*k%l-m+MWE?D*2zW06J?v+$(
z%R>aPv*Lw|9k;C!u1SFewDGdpK1Et?Hf=|`=l!Ofp`wLCMTPV3s_;tpob2U#VY)N)
z*4UCKdpDbQ45eEC3Io>rXf6}-kQO<1G$YX-XFD*EnOoc+Uprm;akgZ9eJ^0RJKti4
zp-4?|{u!;pNtFJ1VY(Dv8D9$DYsb`}^3A1dmu)gR`fc_Y>vu7GgGgk`X&qC&7HpZ9
zSBsStJM#BpSx$;dhGR}k=0K$VvB8S<Di#(h?_U&%O)B0Ru!k)Wjy{NuGfM`xiP|GM
zM^?RkR9|wFGL}zxXPhW}C1QFUc)@dY6qlcbJ{RCWKVg1cd=Sp2m^CqRl>SI<b`$;I
ziE8_&|24C3*nY=ck&FKK(*D?!-o*=nt?AK6iz=I7i}bs|@m|-g5`rMvWLX?K(GORC
z%ZZ!Mlp#Lba{pl@IMSX%d(Ds?K!wCzlw5T^?psm#H;lS&)XrnSre{0)8PI;!JNTM^
z5<VeP60+~gK$ltlzc^4U7EAcQ`fp}g(b8nfSu;N!SyN%Qo4~wBA<EHVDK<}&Ej##;
zv2~p^<sq1N?ogf%bKeMYE2$#4{)MR`XUBV}ck6-o7sb7zG#5v|A19v|Z`s9Z8%$+J
zm6R|{Ry=zoHd`?9*o<;jDpTm>^$hUJA5F^pMtbk=VUGI~vxdMI>>XdCfUW=V%zvB8
zCE>D3pFyXOI^8$Qt-Z3=ZUAhbN<ipr(&oB|f_91=IO+fAvIlwp*U$cK^}Ql-uxdMn
zFb>!+>ag(yoBq4JL7;q9*1%%^iF0XA5^Tv45X-YV;t*WuKRUGaYRqmW<FByiTcl2t
zbz{ox2{&TiFO*-lB4e+fX{Z!kbdTclkf`+*@#()R`Ab_7(Tk0UIae5mn3g#VKUxne
zEVXMX6w7je%1D4bH|pDo7gzOI{1jK7H~W?K>|jJe+L_Eg@o#wOCQgrvATlU8m%Lp<
zv~vm~^sh%1z$J~W0{U;r*+iI$xevskKc?g-#QRuT*3zZ5^c-j@`qf5J+`d~5x$@ss
z$x@z&c{L?>$i!XXQQeBWl9`>vIQvS`{?#fWx2JMlhrO}ae_kv;MkUX$EVd33(Gqe5
zX>EsW>wI+f@++JBm-~48OzJ=QzI$`(k^MDi)X(k%j+y+P3tb(_VD&bSe6D-M;3HC?
zpx>-dR{lUlay&6=DPY=f-CuFEJf>(kz<7w<*mlOE^T|%BL6I6l45nbO2Ym{!d}UZx
z6z7fyqW>7eS11}NxWF9UJoA=?`-LXuW#DBJsOzld@ZBz2Xm~YOYFbFOp5Y*#OKZ>c
zj%tRdLn1px+2w;62aSTYOh>tRjJp&>LZ3$VZvtp$E*+IW#q0+j_K@n-$USJfkHsrg
z=Rta|NVcGog@3x>-B~7;WwX9m6K0TMz<j!rU0>5#3XA{fn&k_Fbm-S_tW<gE>p$Y0
zrN2mQJ7f-+)#qrRD}2E4Kyjyc7jICL4%i?W%*>R9y__9nA-Ydn&NKUM%!am?GTiJf
zZ%NBgsOuTHSIQ4V%-4G!z!u+~;ahY5nq!d{u!7cu3=WKQ)?U=0|1R<BdrA5oh3?=x
zZ}gP}6oM-^0cVMg<KJ${tc<75zl16~j=c^b{1IC;vw6c>{QYM25htd^oA%tsJUZ_;
zu;iRgqKqv3VW}4wA$UEkKUrwvF}Y+b!kixELZYcZ#<PxvmtcLTyit}X9q}=pl)8T|
zF8T+Yrd;hUlo0SOFzS1XSDc;^7d&aNlw0ZR{dE`W^+qb_{`f3E>FAZlBs;mAqPZM1
z*RVOQsWc5TjM|+B^5&bjSJ%$3=00wkP;y-kRiP^V!sx2REEf)oEB(Hsde&|EgL>9)
z2u$7!-|v<*n4;|0xB|mZc(J6UkLPcsQP1qitJM5<^HTfv5@`ClQov(x+mt;|1B$E0
zG4!=4&HU9G>5h(X(iqApgo%YsvPtM4fD^)^Jq!uC)S*-Vj{HL(aC>@~>lZ8NVa2?5
z*K*K-I7Eai#d_{%o)clmd$>nO-^6^uf}|=#3p-FWAJjF271p8Wx)8#2r7(@kVbqZB
za|2ix&fmM50)c<@Zk^-ar493W4vsZRh5nE>5*ogcvVMa1d^w12j9RLF)H`cWur-R9
zDpr%B_-*f5^Zl~%vR8F9qbGz{drrU<FZ&RM-Vow3oe;dgeEeH0VQERoG?1r%h7HB6
zxM8+||KvFkV}Z+-1B;ua>+#Nj<m+DQmF%qz(mzbTM%)0Vge;a2`1^}~U+lFG-#;R5
zuYrMYv+YeRVjRoFq)U*frM)G_G303|s4OJ<g}{HD8B!`RF7+z6Wb?FZ=f|-=FU+0c
zZ}!=z92`x^2in%p?htY!n)KUv<HN`0dZ-Fe$Xi0TUZN>*mZQ1rMoRKMFMx|wB?a@x
zx_nbD3q=?a=A)e?nuNhqc}vUpQ=#gke6<jXm)%@9GwOH?e2)fp9s1Co?<*&xPvoQf
zK9B_GmKU1TobJQT;ru#p?UOh?+qF9JKW)iZpcTBHvAC4A33EcEEwnx-FPmHICOg3&
zcx+V*vI7EoUEBiDbrYTDKgB)+LXDK%b{%_#SFF22v88?YBBIK5ow^dnS(kOM;>}H+
z2zbX0C)p9dzV*_v>?Z6vTav<X?#!(0Gy82-1+6j6lt6~&oe5&15;{U}08-dExGtx@
zw^VTW21A5XB2e^xDLD3e_$5e`N=Kb>AM~4NcD={0(kt=mAm_{PM`=m4AS*AwkG_?_
zZk#S-)UCCYEu$kkv!grmZr9o6GZ_)ZD9w+!kS_l5eoOF5>GI^W!K)mkN#bN3f3uIL
zN8{31mh#h^i1DWn;`u(=W|XImARyE=@<X#eA$ouONvpIV>O}D?ys1Jmw}4YyLT^XT
z#6EuC;`7{EH}ZLSnZT)$0uC<PCczW>J1Ja%ePky-)QROQ+w}pP^?-O(OYmvF_|<i-
z4*Q55T3?ws6Ks}q%fosH{|bi?*(e@*TVboIU_ICr;}guo_uSXXM;xz;U0&5t9Knf1
zO6%45+IThu<qf7!Sr1WFjJ94~vMot(I$&E@FQ{8LS^t(Q0!UO&hP3!W;X?LS72xmu
z{$-u*%FRBgdtkM(;u5gGD9wTd>Pko{^O*iSK1h&oI+#=)$YG$Zy7cBmUWE8a=jgj0
z`===EX!8ou8v0&z=Cc{8tGX3cw*ip2+PrI|+d@dD3U6^eT`Bo9QOcL4@gvvq(9k^u
zu#R^w+^9-T(s4wmveJY9GuyNd=Qr>d)F!&Yj0-~l>wLPCbkJ#5j}nA*qjCI;gGC)j
z5#S}yYXtna)3s2p<MW{Xx<uoj*%JOIV)ta@e<29|!5i-#T9L|pZaOy=!9iz9mVb3#
z@=IS>?=sJhkr-hsQM=h?=S7ZsJ`wkesJJ@oQzh222t`;G%;i1yWUY316uSeDJCL0P
zi6!BizEymg1a0*X_p?wz0;zHk0iXj(3rPxz8cC2fDOuplo@up5^}|bf0M%~3N{uiL
za`5pH<b(yqzi{!`qgs@vi$oZAoXey0hAj>BS9xQqKT0+x$JE|r)RYIPmK{z16{!T5
zl91D2QGtF6GhUX&)L=|zR9XmEJY}4axX&_8DVz!)nBJE$(8;&JFpi@aTKp&nXn5dB
z+3uc9XK%$4&>sV=*s}OIqx&HD>i7gEd|Cx<!8X|0B?$Ik8<=y`o2Psw8pPOU-UgU<
zOrI2N#hw`jxrMezxi<{552|mfD0{O&5VN&H-;ne8z`CV*jC*m#SOTaxPlLNB{1B-Y
zsT2+VGls(c{XpOIVjFrN1NP5?o%I0pr_p6`^+WM#?$uVEv916tzvfQ7`lhXxQj4~b
zMdQJ=25Ju3EWz*EA?Dwu>TsyiUvmV#C?W6<e(Y7R1R&kUdNTgI#;QU`5{DU_P8^Az
zVQ}s1>lwC>xdj5wPg|4Easc|ous`8OWkqP5Q2uih7C4fx1XC+o$C|m?g>*OW-!tbQ
z8%NPFo<xu8o;RNI%TGY@?jg8XniEPgQL0;8!o1+UN2q}8O^^Z1%hC7mm)HEZQhhf=
z2%OZ5t*0Z$S|JJ)n8`u5=KxZI{Qv>7P^9C(_#sqRkh0b|apd(xs7RC>DqQw~Z4v<q
zQqlV+IMdT|!1)bNny^blFEP7Epb~n&{aA(|a<Aerpj;NlW;nzg`n-s>b31sO))#Bm
z`=0wsGs=nBm6Ct>y@G{m<xSFFa(ewT8&D^0Mm<E=`p=tZ=o?TW;DTFwsN1VsR|2Jr
z{9X`3o%Lm{bEK@5JaZo->m19?JEwL^IRt_DbhpJ=)#NVK()E#NIoM!E@uo~Pvi{8*
zan=I^EyoBdc%VVaV2gDqyN<K^-2lA6fz}}ur&@Qad24D<Y)h<&M(SUv_K5l>s5l+3
z;9@~RCXg;E_RV4=0FEep-t#HDjGpPaBETPy635z=oAB~VKsNzcEKfCnI>V@cV*gHl
zRQ_)O_!Mm}6WL`)TYnZsG74fIwd3*fo7~6K-KbeUB=_l(<>S{Sp!h|bfg$^<f&@vn
z0-&AT!Xj@8Fu|_!sU$!0o4-s8wt`@w1^<di9-@C5H|rar2(bl``SCQ=#{Je~Osy9%
z*4nvXJKa-YL@}>vXi>cX(a?;!sn@KZYg#R33qwQ#<u@U_Axu-Iq#i_A^JLJjmc|rO
zl;kJ{q1*1ou|(Z8K&)6t`C@(6z?$H?Zv@U^B%G*WCJ-X(iA-`X<Ii(cO?@c~pSgXG
z=mdLEK}d~YZ((%#eU2?O@eqKza5vq{Cfrd7^a_Ii5&w58#8_Xd5!6(N_lce~myT2a
zMuWfD(x3zBj;yamygSei{AiV-qVUK%8$L?-uW5sAND8Hv?x}ESMmt2{dF$3B^ZkP3
zkY0~tk@o{Lx1=vaBH<%G0w#XVXq5W2=J5rw3Q7#}oADk=9H9&&BtL#kX0s!}5nmP^
z0LBdAj<UUNS=APXTWFa?O*&4=ZVS*_qV<1h#xu8(Yvk_cA>i4_KE-MsakJiW#QCQ7
zY9JH0nu46eCAzaEwEuty>7p0#s;5{;yDHAK-{PVr2b6t+%}RsZUjwTC6vF}?HA)xP
z49>%`kWWE_zvedvA9z#;sIC;%i;}>!46`$9<Vu2v)r1;YkmVeq*PDnB^}9E<*+FD^
zJ=>jo)H<6@s$>~k0A=17U;;y?wk$cPQG*&~N%DQ{JN{TBO`RV!jO=M!W~dYe3rvFs
zOVS+sJVQA0xkxWb^XNbst44ZXq%C=2s(ayYxHpb6+#GjCWHUA)V~QA#WtJLzq*E<w
z1#iMu{-vn6kFL#oy!5p=AcDN{8gW2{A%@|e+I@OyCfoy>rjss*$616}fsR8J(R*e=
z7g{2BBdM3-XTP^L;l1%ko5FU5^j{LsM_SzC>-w;ay3U1;yE3H)7-re{og6F@AeUH|
zgRCP@PCpu^s}_1MYWZGYe$q5PsLk_6sjYyjY)|$*%N>g1PjnWn1D#1H`qds#GLXF^
zf1ZWRCz)KyuA;cf6-fc^`sy^Cnt#7EqK7D8XcBC#S)MC+;X@3f62mWw2<C4FWc_Q9
zx2#K_ZMP3LLBDZKuL?ngoFsFf3&1NZz&sc97s`9z?c}98){Fsis@NkPhukWk%pi_T
zWm0n0Bs73AN|Dsa;gs;LVFOe2q{6W)>wxucB2L3sG*Xf)0U|*W%>6_JoE0OAG~X7p
zW<aH(rXcql7+M@uodQND*SRX*MCDKOhOKjq|I-fftn+%sH{oC7brPdUfb#at)Rf}P
z^wA|67tn{|_v`cU*8!pD@(5Kc*ss=i<hZjI9hHaeEkRze-c9H>S!&1<56@Q(5QlYj
z0%+sY0sEp!lbge%?2P`0v~fxtnMYL-j9rh=TWx{Osn{?E4-p||=>m0Yx?>hi<_T|c
z2UYRel_uH?#z;I%-4AT^oe>1NkBurdPc!5DGPfa9RT){~A{vY$<#Ili4`1x@SoUr2
zi+$5OHw5nyCHxJTpH?iXmZQUY#KffxWVp@Yqt59FJ)F#Z>@%z9CfgxMLl!Wdh9ztQ
zXMTOc8|N?f6R?Jpg$I$maUYtOfrYcS#@Wl3I1KXW++Y|;{zc5l*b`cC^XQZD@9Wni
zA0R%mRlKj>=W`Xl9Rz@wQg+>b4HyTkLMkZ3kH|H^xj`Wc!uoS1qfg%X?5Riq!5?*y
zSj3)XLmc@iM#!C&XK2i?R-%q6?0bR)kqKj=g$%8IMIS~gRm?#mRFAj8=Y&t~9B$+^
zXT9Lc!Ngb3rZSy{+?$$H-)-mXf?hE##Ywb(&S#h7k$ASJ@jEOG5q>E)dV*|ZwgU0|
zBq8(w1V$zD`l=JGcESSU%c_o_>PJ6k-+6BhhL>Bv>W_msYTK`N+C~1J@H4a{5Wezl
z8neF6=WWC-vq_OmhM3m@-`+HYogF8VQyEKygTQ&9!i>BZW@4(>`y4Y`A&i5`ueXET
z0)cVPXw7IoJ?R*xA!`a<D0|P3K~F!_MAW-=t2;xFoVPs(Ro(6G<IB*Lv%|#sBgl>n
z7M;TQWud*tUQad2`@UBZUi3iCw0562HFJ+Ri|Lw3t>-!}UcbC#RRT40-1nK)sBwGv
zAVu0#&RHdzPyP{{&I<6Lka&3}$HA>PQXNgUn|NfXmoi>h!V1|Gib@!t9t-FdKG}5z
zojISjL_<$?EAYO%v(~3))Kwg()tX;L20L|PeMR<9r|m3Tn5Ul~1!rcJ(#cqh_;~2X
z+%4?4xrIK*kQiCOf9D|5C{QsL6HW~#p`DfMP9J*6xlo{rufh@j*JQheT4Pq<EWJNj
z#xd_Y!G|%cr!ms*ufI{_-Wm6V>&`^qg5;0vUco*)!YSh~=}tiJCJm$5z8+L;zX(oi
z^>>HjIa#@fbW7d3z6P=F&ZUPdon2#uw=|weB!r;&Mbj?MrI+2EQZRi%u5r2Y!8orC
zBV&8wa2IkXYk0u}zPisCi6ZWLOrotZBTvx3)lEy4GwFuPVV3`B6|_#$xnVMZ6ZoOJ
zr{vvbEu<5L|9R!lG-MhcDi0GqA~KF--!5$_DQ<YcvB#@n9Y_Ypx(qU(UfF~eRFCwP
zJdr;U<xN|5Aonip4=}+{p+(s1`x-MITe)iawP{|GyFV<YRKXT%SF89QDq+4Qp-w+$
z{lttfhHMH451^0f?VsQczv^7&g}JS4-TJ6^m}q&>B-w`o@i@+P!C2vA_Ur?&ug4p-
zy}(3C*6SnP*b#3huho4Aqo<EsT<t%zooG<{D0gh>ot0yV-e#wMkg$)1yxyxJ+E@S0
zgF*xJ*%+BbLM${hVri)5x^SwNWFJq|_cfO$V97!#h=SrR0&(~l-_Tybh`rXZw|nq)
z-(~PTAw*N2`qx*>Wow83_X4;Sxi0}^E#_*MLD}V4RZ;UyN3YZP^}DsF0(3093nEl;
z(_o}~uG|)PQ;1C90;}G-8L-j4Ms6R}(F?&OJz0<~_Fda`fk|m!v`8vLHx-ysCcW1m
z6Gg9yEiYP70$SsOur8^XoWMyeJ3c`X4X(udq$IHKZz7#2uel3A)^{UZZ1Y@0yn|{0
z5kmg9#WYhXDt}^g>9UJxs3~peSCC~q1RWK0-}tNrbP{1x_im@tIG48xXUA38$5MEa
zPb0ya)Hx@Zph-JK*?t_9x`&Eo3H_aF<5#0nnk#fN4I6<?ShK;C5M2adJ=|!nK*Wb-
z4sFpQv@j0;2Gk5OJ&JHfCJltH&5+!UEL_o0kjEjA6B&sst5L(HQoPH`f@17+jR4}l
z#Rf-~kVF-uM)DZW?3f1#EcB^$cD~4`s9hIEi9A;*OY|_l&VLp(hyD=TbnW(EMrg?v
zw04Rw0$8{d*;<?3#GT@SVat_8?Fdzt;*~2ULM}}?Ii}ZD%_DB-F`!c0=M>Qz_ZRI$
zAlPWFgp-UP49cSv%8>^ty_3ueTO9PANY;oONED5beM@D5uNbb0l$!I{n3~|u07}Qo
ztqfqZo8~=E;Z{*rxRG3o7pk<mt5V!-E=(~UoFWZ!7V={iU7J7LfCO8KUh8R-kE*9k
z;`81Y=9^Yug*Eh>%3tW(-hJ3>dWwK1<%=`k?*E5jN(XzxNd`&cidyoFH~jsj<@>?=
z97S6;cw?DcSMLzHXLRYTD~K(?|EU9+BHVk1u~iNrLbk|Zu>XOjLZ2lyPM&o+i(^qt
z36Z3(kfN^^!dD%?HaoT6(a<lWF4vztIgfr$u%xHAN516Q-})<DM2eWRx#~}B>mK2J
zmzvp1G6P)fZa4d5i$INif9WixSIvf=w1Z@fg-Wk0owaxLP_A|0*gL_7BAuWC@YB*W
za}w@)b;DTx(-Qt)V_RqFMT}nGLWsZRc?1nY8FWI}EQIJE{I}oASjMW>T1plq)tg!`
zF0lcjW_SS-?71(~ePoumcS1Q!l=C9Ton*j&?WSpCME*}qLh*;aNVacwj*8}QWruvy
zuehV`P?uBjTQocPo%dT|3FX@Ue_bF*)FYe}T?Adke!aAl`iq+ksS!ZWuk9NFX8Dlj
zXkbMoOf>xT%g<X;;0m#{6n;i?F{$#Y%IZRLaR&)v!hjw99e1?6I?ohOk!f!>tKY=^
zs(5=IhiDBJ99o?8rAGHhA3B0<kwd@8>Z<h5r<rH8Iq+!Nzxl`k*+F0k>k1&X6@EjX
zjKBKYS*xm_0d64C*l`nMCDO{O@>;r^!V2v--9N31W^evwAjWYWd#66}m-@NQ-Q0xn
z6&3O>sHupXUN*W63>C!AIC}&cl<(Gk=7=^$??!$j?-iIpOic!6j^c@s#Ny+NgiX&K
zL8RB$ET7+wm$G?1C=tB9(k<m~>O;}&uwC8H*SJTh;z)%Ep5fLmt?*S0nx;|vwc&hC
zbKc5)nsYcfmj&xuHB%|{GB#1toPDHN;g;+6M|SLnsQ!?iIvDP#GUuBxPTu{lq`29I
z`fI!ngcW3}q-40|;^w;t4H?tRA~3%uQAGPl@sy0%GGp>06#FkYPq{;6qcNDHMTdfc
z%$x0ooOKA<ef*tc%rrs^DA(NH!@<qOrs}S<IH(_?U$16&`w#a44d8m&EOd=wf~cVe
z7cHA%?t<g|+Rw<4+t!`%3RacTvE%9mm3l_5j|YfWUCDsj8-AC|v8V*-CjW3YiOM)E
zWB*AOLMY&`m=!(ImgXZ$U>CwlC;AmMVON<cZZQXrC_-B&*|#jcG{oD<xdN+_MB_4U
z{N&&nU?;+HQn+c!m~WVMi-dmpj3CwmyLJ1tcQ(qlUUeaubNHKTy`66Q0K9ShxTnT8
z9@vkAPAs0G$U#yAbBqkBINHe{be&%ghA;Wy{i`HyBv+_TOD&?9UDEQ+7%6;m^8TL7
z&q(tg+}XSLQXw8k{{s61{Vsw2#y?5hc}TkTidr9kq0SKJe$!2p!W4^3qQS-Fm0HI)
z6BOl3n<{Zxf)TSN&}-GD&F1O+>ijWS3kbavGWsF}EwLBd)FRvXL)ikg$EwW>uw(y_
zgRus3ia_+{MFjD6pLMTgP=XYKkPfk@s`v+x1rJ)PNZp>l<6D!EK?)6FnNA4w?The)
zaF9HA(IQHVGH3uZ+cP{Cw<J65xy08Y^GBQQ-Z?!Ua^n2v=%-)mcD+@d0|B#tmH)tq
z6l~k?{Hm3r)I31%Sq6fr{LH3H*6yJ~{vpNU|ABhM=$38As;-G%60c3vMY7+FXk6!T
z34Ab54ciW)6pbRjAPO+fSq8?;dpc3=2~&(JJN*v#z*xm_(~5fdg(%z?Xqzz*W&;Ug
z<%8rjmoMll{ytu;QqPy@*1jRv`M9dpUHd(C(sjY-uRfeA*1slvL(6Uy6Ck}DHl;Nd
z|839L^-T6&)P3Uffp-tNtNyFxtg066gwLXo3%7~qCibr@Nwq%(a^LPEI!$_>KpLYp
z1FVj;PM7GOEUFRJ{*z{-IDc5De?w<P+n2Iub}h6ZnY1<S;9@c*FOa1rLM3XPp&r|@
z|C@YtO%%}tc736tqW){#jJFX1C5u}SNuh^+`duAm|NL;<!fF{9E0oEX>WS_lh$pkd
zV9gwKmUI|MU{%bp{(*YU!SzSzBlFAqU4z@n2(u*RiI$uU{un)?m5IQBVdTt#V#t3;
z5q0^iap#F4pxb25)8JTB%fRCx!^`W}le6b+3Qx!$VL*klSR1zc&V$|Kgz2wFsfl50
z&xP!wSdeN_yV@u^hQ9NWF%6o9Q<J1n<n;WsC>7bMFSWwmIj&@S{SjDU=I)4gh|KEw
zF#;Gko&LGez}w0rGVXcSP+aWSKi(*(vr%TQ>(T~s{&20grXinV?EI%k!|n>743UFg
zr587g*Q?h&rRv+3kNs)EOb-kd^;e>_%NOt_qW>}<d<gmWCcACu2^aq-ioeO&8u?hZ
ze2OS6JDK&aD_V~>RQAyT?l6|Pj+?adbxG$n2d`6TE0N(TR4NeKO9S~&;zt1*rr|1d
z5%MQtFoKL$pi){?k59`fM<}AjBA}lSc3G{i#R&hxWn1RQKlarqb>ES|=U6(TAD!6>
z@tMUG_P-;t&n0|{SVt#jW9!aWl>Ls-JBMSDJ8+b_#4MRO(Cnhc=ho1}DTQLU7BoN-
z<W{}9=;XsxfD?*P;%%;}OqNJ6FTP9?hVN<HtI67H2v-H%OP<0W_L?+cov8hPc~$L{
z4nDt3v>;@$G4XKsthu0GV&)w%)T<>uNvm3|P}j#ez{_tNU|`Oo;Adsv7P_HG+dQSf
zcZM4RaCa?#I&z^ubH9F_vE?88$c`Xq+zh=U3%8;&S{$Bf^C`1v&?E<;olKjqPB4<_
z+z6nCfndEXF<a%p+1tnU;@Oj;q-tD`bHefEPDZofrQ^bbft^J{%MQEe2G={|dT-jH
zL_msXu4vWOrB?*15kfl_m+jNV^@jW9z3Mlp7IFDc9YT;+TgXuSZPPLugac?2^=`2`
z@G+J&=P?#;GUrzIFue&s(eBnYU)tZK@BW9gWm?aT;7>x6PlV9m2onFj{zVJ7iw>M2
zEL8Tk5NGQ@=+-gzK4#OH@*dSMvI3Vcwca&lkYKx^b!X93Lb3@e1-W0S!uOAJ2pE`@
z66JeGM^6#tUo=c1%Dcu9bKf0A=d|K5R+Rk3mXV%j;nNe&NB{8krg{CV7Q-X%H2d1P
zDr@J9uScR!Hxr)HSJuO*2$VZV&U-Vi|F_81P{saOvr`<C0>0YcE*3@+PBz1#0iSH~
zq5cl$x0L*T?Mp;;%`id#O9j?@iytLSYT>>+D{>M?b-g!nL^UYYWIVtwA<wF#YA%hg
zl}S<Z51alDl|hr)WJ0~}51a0iLeQtWwh#YsESvGN-__=trMly|ql}-*T(aI7X>oTE
zB1%yMuKfPqU@y8Mj>qevUg^st0af8xp0uX4P!2@6d!)0(!UX8QzZS-}m7dc=@Ck{9
z<Dpe?>*b)*$gi*3%=ax(I}s_WfN!H*kDv(@M2s?$X*1kCH|ODK?rxF5AF7ztEhk5x
zS|3#2{@dhdPc5Hr7BBe2Y%=ex@`3o?3-5xH)1hCkM<$q{#S-w>EQ|;H!GwZz=8EUu
zf>n#d@3BZIjuaFsw36qQGm8Ses1$dJ8ZiBsJ3!_oSg^fdjbM!gvpmYcZcd0{X!U+I
z+ezs8I=1xsXKL^Pp)dTPvl^DZX7PS5Bcsu+{lopAy^gEeF&AqOU2Qs)hwz^WjVPOT
z4L5)s#HMm2@}sY+!6Np1Auz&|KkT|NkSojKPAIo#SLG7jf*VOfjA9RC4KFv0fRxgd
zY|WOCtP#4qfC`EMrO4f~uZb{vbYZ9}TMSH@j0{liFfw=xGPBWhyxKJTg-`*K!xjg5
z<8w35Ch?2#fc<9V6>MzwY0<)M*hcZ3<AU44;l(3%RMCQh<Nm)eQ$h-BfY8pqM$6nF
zYY~juam~?-34E3}U%%sm^%VT%XGYEhNuXz$vvv96Tszr%Iud-G1EX=9XX^Kp;5LF%
zlC90jKg@pZnZvT)e{PNiUoPAg{=FdQh6-*Y9A!+ItwBM2Ih71Qop>CRtsc#@CRBC^
zQ}3C0gpUt@O=#{O++l%vv}X{qL$<LVW>KPWVt28W8X=ZPCzZ5M^v#4(nyX?$2<}|c
zw!v++anxo!#T&wxH_9yE?w?dEfQ*GKCjl}MSY&BMPkLI|G+X?H6Q*%IMh)hyEo~xK
z`<UA|n`c4$l%dhC`bIs3Uy?Z$EW=d4OVz(%zCv_)<sFg<0bd^X*yZy<Yj~dx2{0|R
zaOX7X_xk3c?zrax*r?=Wa_>yYl*ntnw=+$@EoC@mV>y}^f%nF+gmC!)LmUBhL*3}9
z5V3B%1-wv&ji?5FYJW5va~aK32wK)+NLr{O#Cml5SvR<NWOR+_QYz7%c*--61h%nt
z@A0DDGRPvM^{$r(V>OY;DlaM8p7TlL={uS0_e)w!ctQ?wGiDFNlx|gSl~$YCMog1C
zzwYw4VA~=u`s6G|{17ca_2`-?vUHeW`X6(j`^HRXH)nUKZ7UO5%dVz#nuWqFkFeX)
zv>WRNJ6s(tkTyU%Bo4@*tp}%<kHgk@D4bjK&fHMGc<v7U*TW4E?sruucEYaM!z#t&
z49BiUeOkjQ<)9H7&>X)T94{@Z+RYs}CLYxx_q=DyGTL8yR!hRR$IBlK20-2nnJf5(
zPa+zF5Dfk^)U{Qd3t_rDc^%cpczk;TetGXB_$@FLu&HOLms5*>WjV6;NzmYx%7y?&
zrqJ+!%f6f1f1(y{dTL}d=hv5uA~uqMk{*_RNKq-ur~yv)Kpb_nhYy-p<B7_O8HbqM
zJO0<cI6)5Y*Va~yy8M<iy_Dx3-sHxv&B-HAN$#1qSggC7hR|}AXVvCq=J)3h*8-ds
z<N=-w<-M)g76lPrdWdHBwp{=BS=zlQ%;1t~fXoNPKg<+*08XIl{ruXn9n3O@lsMmz
z3;jtg%tgUVF(<_L?JdNOAE+mp1~xijVLumwA(GqGz;ip$99Fo!_-2S`CitgM`M;1B
z_+PIAuQeU~H{3&&MP+t;h8*W#cv?=Kw0r)14%7_kKrQ{^Q<2bmE|Fxkg<PU2LiqO<
zQ{OwWkgbzv*1&Y+tfWSy1k(iG(TiaF6(cs2JV^0Z6UBVl6TA+cEMZ6TN>%C1w$!Yl
zPQ?A}C@Ey=7gNzQ?>h|6?yUdSXp9@ZD!-hDV+E03UAJ6HY_?hOO)^b>^>l;EPN~S!
zcUs%s+wEX_b2<wngZ*ACh7^^s^pcDuUhgcN{p^4Gj+<^;EMO;6ay%ncuiy;Zzouf>
z$~DYmm3~X2;{W%-%RaJoiyrq!9D(>IM=9q3`p@3{9L!fA;>Q90{<Nm26VC{kdqD@-
zdH8tg?F&<_V4o443wn+XL=%jGV8!Y3*5+%3KJ(le^-6R59$NZALn-(POlDb<d@c7D
z)~qRZ5g^!+zWaKrxb<OQ>&v6BDV7UeXfI+!a#YztjWZ)|kb*sw%179Y-QNSrB&r*I
zNR*q5VH}*P`Xby^MTAl7VV8fWiOuLTwU#~NaNbD@{`&@(;NH~IBHPr}ec%0|nZp{S
zX2m~#NEAeh;sa8vd!IfGCZ98NO-xS=gB?4mPv0$gTE>c0GmT5tzw@@}zkMp!xR;x)
zbry$6`7ofb<T&9R&_=msgtkm?wx&7=iI+dsJeFPB`#Z<ook#d|L!~{~^Om&xk2VU|
zOFJ)^P8HP;zP_GbCVbhX8g!upy5N$9aWY!onMsa7-;b4+e@i-ZNO|I;8&Z-TE4DM`
z#();Ku2T4~61VswTv|(Q=cj)N`jhwF2>;_B%FS4YC~!|xjb0WhRc{)uwEFho6Dr+0
z23w`lkzhhB&LsK!O#RH>EcFjzn8l6#zx@WHvy|r~`ggCgF~e{AcNQnDKT!t;2usiX
zg-GMirG}|9S`9?S{-LupYt|100%Jf8DWL#_BWZ?gC*#cc;yxQm7uA)(`7Te_jz#!;
zP4e$}6ynK+rlIt1W6TKhg?A;(u2b;_7k&L!2f2}@haEp_Grdq?0&4jGTEv&$h7!3e
z);*m&?`t@A#Cc!hcanIEMRHCx7n}u}hPGf|f|?q>{~24mybezU0s+dgtFCkimkZ92
zElP1dUH(LBz3*vJpkB!_o9n`%&>D-sBlL%W1$a%G6j?>KRE3y@JOD&Nd(IF_u^sr>
z$h2*a6$)r@EB{CTj$2#ie1}msX*{(sXCN5zJ?Qe3mDDPC;WGHdgb+JA%NZ~_`y+H~
zsydO_8Q!zSR^uQ;t=~0U{1-_CyjXb<b`uj+lP5`a6Sv+5O*vCE=xf~Ge1E=1T_8kh
z2Ib%!M3Euuy03C;TkeQ({Q~K~A_`m%g1bZuW$Hu0dpBTLk?AgR1e32>W|<|>u)-+Q
z`J}+82uqUyOo3_qxA3baur9>j8wPlws7Z`qr6T)2`q|gr;)CII1J_R6TBtxQCHA7`
zc%bm&7UPnrJ>=lNwzwwI7kVnu%jCaGF6Brd-p$b`x1dg{v6Wl4$vEYc@gn`77eghg
zlhv$J8)r#qppSNMa4l>NVXoYDTDHVvXTdW2Q}@(#3FJZ{?It3Y|L*={&?iZO1Qb^I
zQ(M$#<<YQz3jkYAoDYo79V{3WueSR8+jAE&BAC~0nz{2Mp}2i}WFmt)2$(nP>ntuu
z>~|)s<9|T!@^-el{ihgIWGbC;S5!?^GZC0LF)$3Hy*3AS1%1pcu3B!e+PQY)2>L!n
zn`Iemr%&B$d-RE<o1hE1Tn8q_ITR})Nh~f@`77V&RIiV>paxL_nC0(<KcDR;>(n8Q
z(R=91^cPI%MGZ)2S?HfuzOPu*mb4s~B8I3!O{Fl_8^q63e20GTCVzvi)h*$R{D^$Q
zM00yQQwu*u6CJ*t4yju97CKs_5As4d9{&UXn!Gw?Vqr}9lUqM>F;%5ogb0qh{+_)f
z#Ma#pcC+)ozo&;v#4t+W-!rbCWI4NvGaAU2KQhpg@+uW0E1}Vp_n672j3rGx#K`Kw
zH{FyHR$3dwY{ZUSxURII`P7ZsP1s%?G~U^DY8weY-D2l&D7d(Ko2WNi?&030t2m{L
zF+)!?dEy8&hO#^v>S4o)=}6I4VW4G+IAXnUnJv4wHnfIO1==Fd@AU^CZ%=jbf=ttt
z!mNpat7#ogpN!H7u{$|aQxP>ZFwCHaa8k2S<zJ0amlC58tU=SYcPhnZU2MWF@{kn7
zPXTcpD(emBp7)oi@3hl))c?6}voE!Wc%Y0H0*14*9yT5Yq96O5diM8spGRYF_pt7c
zzVtc#FG_nlhLJ_J6~!3>NgrWrH}-0**O{wDO^*TvCQ;^jyrUKBvca)ib=qb@>ECaf
zh;wKAclv%8*2i_B?`|GKJzHFmB?+IZy9H?eC{+=4Q4-}qz&FWRuU?2-+)L^>zY=2C
zkayuSlGA_wC1pUFv54!0#G=a79`o#x7{)#K3s>uKT{MTvI%>-;PWEXHx0HgRakgd5
ztrX05XLQ*3?JxTpSvc^GZGN158f!YjLqSbN-BlYFsti+7c~&9*eDWbyZnj@W0^`9!
zKSe_V1*wggaC;pwVE7@3tVGXHB7cu3exQ59kd6r4*tAf(+uw_E;AY&uL`;8l(oGs5
zlw;ojr9ld!R9dU_&%8sfWsb={j0?vacy@7ESsrNrQRsZ`ZaN++4H+VDc#xDK4Kpg0
zyTx>Dc=9AZmIB^>k0r=nHh&T<vs56Q7F-+rGz?DtvfHn(d!)|!X!d!jj0HmK8<_9T
zKcAF<1JWX6`xiWBI>~c7RaDu%E>j~87X3Z9gN$H<Saco$r1y_4s~M65X5?=vsVvS*
za?Na{qeMT0o)=-PEe)B9Dw~V0GLoOf%2)@-z@?4I4z-LOczn*v@u*((6Ze(5*4ANX
z{~+ZFrMb1qSM@pumXdX^<K3;?UVhWqXBtz^{xz_3ZJcbE<_h;JzoF+u$w^pIX(C(H
z?LlL=A_=kNh4>CWQtU6gQKS#Y{SeqkkrlE2(R}gW;{jmM@AJXz!EzO2hozi=cUE1Y
z<^2qtX)H#**2=y|fm{v6T~GXkHVpK4?{_YDJz>)aAHgN&th4%HDQ&-K6MOq7+iiUv
z83mP3EE8yA04u(nlCjbwW9*>n;{C0y`%Tqb8~s=X8-R_Al=hZ0Oa)j=8te!5>;xYE
zI&=;e7&o9*>Q4Dk;HnKr$N}a|0Qz2q*x-)``1P-QXNu*T5YNZmMd5G}Y|G{K4JV34
za>bAJl4tFQ<jSg^TSa*fu6SES!uqlHowu#2OATSDMN#hR8wO4iapMdPLA?ra2PPbL
z^u~q0$7?FR^jw>z9vJxi+Wn6e+$CyOR^b-bKH{a*kB19s{zPQ|_&Y)oEJ<rXYQ@x#
zde5;<G%+C+{uHyS=)?6!<E}!)iaJajCy3%E=+B&=4Dk*WL5h#grF+3X{bl9c*TSR3
zFM7T2MsFmPn*5cTaJ?`@D}kf_4ko>r1<ohAFBTd|tZX(9u8lKm`Mm$uH2yK?_kI<S
z@?KYLVnFKZA2F~H&?<(<oWO6n_5Fb5$<_CmD0JziQmo`5OQO^OyuZK;_yQ7UyFPPm
zd2&N_MYsegl%zFAjJH@t+`6h7Tv^a}2qae%z4~HJW(NRvJdg`U(kl~2V!uJ|ORPax
z;VXawg|m2h?phO@X?0d;cPQ5HWfXI(x?ecM)(qXZE7AL+cNYO2&O|RC`^{IJ;za5s
zS(87<KLpIhSsn$hZC_*ljaKo%PwYXs;kh=@f!YRACoVzrj_}H)mTl_6vi%&o==-W$
z%bmT31?Smxc-#5W=cw%Rz{Gv*s#!fRtGI!<vsdYB1y{K@0}oGvtdI01df6{wJC@K0
zmX0jZ-E(6v9^Qk6i!fUQxnIUJbbKxhFYrMG6<!(Eo<O~`{POUC*Iw{@!=Tq~dzL!x
zP|9}J-T+KomX%ZMeZ-f%tG)}$mLe=O6ZzZeBMz|hoqsU_yZwp4GPikThy}*&2SNiG
zE*Cmw6M#qBSXKd$0^4_DopVgs6DNW52R$C0w5j{d`eF_SIgKmijdAw8q3H~-L^h!H
zdo2xXBkKK*zxdU}-U<sb=M?zw`YMO4oMSj<c*>b&lng4An)v6sg!|t4aJ>ip(DBz4
zvS4|aaA!LxG8ogEzSwlIEEJ;GA0J(k$#w}9;&Z)}*`K??63k6qF?#l}R>puuRS2-X
zASxS@7l};}6VIWMwqPK1;o4Ve;pxfFM^VqehW#ac)YnIIl-_YQIOGq0rshef$cSUN
zr<>`xR3>5ueFawa#)gPQSIXXQHMxDk%gh`~IDFCy8gZhQw8&l_Vc%E*nwyq1x99rx
zy23cHz9Y}!l5CWW6S4I$6jQp8{j2<|FnkkdjI!r*;^$y_)icn!Tg}{6|3Nq~T1#+v
z#;#g~MT+DaYyJpfJk^&vCO~CQN23@zLN;7!{i?`!Fisupm(##47&O0wG`y9>vo0tK
z3<v}emJZZ2T>Op@6%`RF;1ZBDQw8~VR`e2yci;(t^GeW2`1;NI75-}uUNh*h#rH{+
z+_T4{k<QYvv;xl@7T`Beosh&NaXH6G^C}D=4H|UKq4_x#pYZIJS5xnnha+b}euzEY
z_l3-IWopZg>;}qA&>qC7E_`#pXv%P0N@xN!*<v%SGyR`s5c5sx&EW)PMOCUAC1*=Z
zpnva#RHa`z*$qLKb;9X@Luz}$H|L2K|36OfNIk7p%8@S~OFqH=s~bnODw#Z?+nU?e
zh{r*ldwjrL_2TKYYYOWsEQ;}eFZ<$r#K;p-Lb<yW<`5&z_|MoZ5B;zeC*c0u5?(<*
zuzqeTeI$cg;(9Y^X<vQZ8N=*Bbp|yc_(0=+mh1yq69sy&#k#KV?v@w2x@)G!^LUc<
z;XcO}D#AVP=hIuISXw{W^J{o7m~b(=W2E-<76-~Pb8F@p18L|%+4(~sM6;+idGL3_
z5PEtbW~ucH-_3sGJCV=zsr@s*zAIU}i?M{qef$l|A=x<b$vcK`Ye)$eG0DJgE9tc+
zi3Aa!Z#pF!fwO2$lP#Sj(&gfM*#lINdQUri;Md}aDo;yY(KS(Q#7<P-(dbP#4F`|h
z(l}-U29~eIxJ3_Z&HQGxj!znN3eS{p73;+Him@$(O?*&7Q;!-kjG8x2bm;@u|KAG$
zvVPrA$nQ&@(T2;#_3P~N#BSj^G5~$sl)Bstz<m?QV4*kE8!#^AzCn(GPflK*!u^(t
z+E0C3^Tn^tMx#A}6LrSj?-v)uQj?Ta6(+)OH6S4<4slm5k%jlOq<vLrNDYYraVdJU
zd_(YA(JHwJW~h1SkzzT%V^}StGvcYi?l=Z4@_f$#kVIKGYsRB8nGp=a29urOTacCF
zwzB|UtFUA)?3}_11iJ33BAB0*4R<V@P8I4rId?;|=xckR`}e~dK4)TCvjOlFac?=?
zTh*>FA*PuF5)jvaXJ0LZo{G|`lk*`<7Emqz&5LR{AnVWYtqg(?k|W69zsVHxgegcJ
z+>u>=`lO|#DX~fs0Y0wNe#a4ap$n!27)$*1ot#N~Vv0^4eY<RC+ujz%Kq5lgM&mX9
z2g-k@`+pr>Wk8dE7o|%nC8S#r5Co*VMWjoKfq)>A0s^B(cXx+$OGu7J8U`XA+vpyQ
zh5_&X@3(z=;_lw_J2%dKgna3*&k+~E!{=+n^;;ss%-Z~CU_ab+q|v#JKsZOSY6;7$
z$D}OHU7<CbQ~8I>x0wb+x$@sXFr5d=t*xNKt|g~G^cOopa3@aBZx9&GEcCe>Ib3*&
zjIehw79?@MGy8vW$loR%cXop-$7Ez3E+^7KGcsye(~=hZyTp#VPJw+Y_M0fHbi{cA
zpY5-ju46yKo*U*TlmJ2pp5eOe9oCYZ3gM&|>c*bgsaDo$>;|%N`@jhIq;2sn@20-@
zFg`Tn)q1-3x9Dtu#LikBZ`Q-RT|Geycth|T5(8S=Z4`@-6fAab(auY|ZsE*huS`nG
z&7L%2{7VSVaNxi4NB|k1&Jmz6c5wmsZ;6D$;@;hC6t%b^2~B|edY9VS9|nU~e{%C_
zeW!aSg=I?WyNxdG4$+M;u^<(B>)O+;aCQ$S;;q6YZrC^cdqX5bwR?pdmrTlCUT>^2
za$d~>PR<e&K(F!0;DGU3qfbw#KXbYyaSuscQJ)!6VcX8W8azyO=!@Z?7=6B;zht1f
z(&%*W+NC&Jg03UZ|I@FGv0X3B9C>ZVHKuqavDXUoUWRx6{>47e`-jyvmcUOgpV_bS
zykZLfZ`l;5Che|X6Y2h`Wo>T6@EHXF2TYSFDZHrN-Fv4yn~EiRacQ*b`2OC*(EO?s
zwb@+AaoVNmi9@_bu;rAX>V_$;G1T8a@S;FttA3uk+_jKj>lr;oA|z%G;hCGx*#k}F
zOgFFDnUU&l#6*B)HO#p`(P=#$z$wbvm@vpRyKxLa2>Vo!1_HA1QV(@a3?i&PdSBPI
zU2o9=r(ZqB*D8Mdpt(&MLYK(Rt#x-GVnMdmgzmO8p&3W^A?qhDkXkkJ-RgIHpk&y_
zh$YoL;v}POZ|b);{5qe7w3z(SufNPMqn&7oMeUeSr`*j7J=a`gT0v6fnnaK&)X!50
z5Xc)<#Py~3M_O8_9ar*{?xMv%RmmFsLCBEn4uF#22=m>aET<$|CK<>AD=48hH?2DF
zqb!Gl7op9nn+~?!FuHSS2jtk=*q#T+XG!~2(tz?6uD^d+UV6HMo)cHaF$@4;yW+jq
zzv>bMPEx{kVg0YSMJL<@pD#qtCGe)7ctmi2TNcQ`#`uq&2X6c=p%N#}6Vi^uV6<nC
z2ZHn1T}<cdIp}N&2DRX&Hpoq`ihOhvxmmefNWo+nQQforElL0LkEP0y&WW~q6|%&w
z44UceWrYX3J~Um?gwY!KMHA?>OS3CD3jPFJi26b9aUl=bMN8j=IUj<Jm1FPIX7k&T
z6g1S0lIuUvJy0{%k_uE}-}8d(2K-ke#uj%eMLHc!HJ)`>MoKc1e?*_XDb~Iu&Nr63
z(c(ATR2vM0CUrxi7k>)MzD&5t-a#YX8Wv*!L(#i<hH(?K%TY1z{I5EBD~SD3j$$k7
zEbz|wj4M=wFRNe_k9;wb9j>PVtk792Ll4h{{_EaQv0HkENRQ8k#@Hz3p^F7e=-CX3
z1fy5Ckb>`4z;jvz!MJwz_+y&!+2HCA2*x}r>x5N&q$G8jg651(E^VGQ#EotgJLRq_
zm(`U<fg(+n5r^@sS{^$?N*TN|d=9yM>?K(;?+%|^NKm@)zW69N&6uLMtny&jlYKF9
zn@)rvOH86^M60$e0k5`ic$!^Cc>McxKqu<!3toSmZU{zj%ns=zEr5fpE7)Mu=`sAf
zIT;Cq8#V!ZsqWm5ANHt>iMWHf$@@6awHMD`5elA4GRjwZte9pG6c(j1S6BW&axFOb
zWQ(T9;@;$LlZ0r&6Q37~(Q1gk<XQ(k-5p)&6z4Z{GIHBA*8}=KWNzfQNa>pJM@zm$
zyzJB4XLWcxNW0kS@z9kU)J-Oow%H9$AlDn}t~s%L%ufX+nM1U*1%T*5IS&F?V%Ep)
zZho!2l8hQAzXukpSyQb!j?x`*N#ESu6Db)dfN5S#+*5~Vho1(r3~mp{9SkqBGM7IC
zF(}O{U2L=&*(TrEn5>i{H~;=XS|3Q!jm)q<UJj^JjXbwE<ymkf18Yuk<q^QYpwDBO
zb+r2S9sGiMKH_iY(~a4ep;mFUTYsN`#v>t%?<**t+f(r77cbqoaU>&gRwKl{HYw4L
zhG=g_q(ycn$_ge2Z^jK+>JE9oH~kJ{Jp^QKN_x?n+AGC|ASvIqem=qlpyGIGNJkZ-
zyJ8Blh<~`0@4p#6Uh!W_>*nI1<f{*to<HR`3d7)&FDZVYgX}6=u~jKDXlv(5+$2Zx
z?hRlzTm;_uJX;gTm6eeCr4Bnr`NNynv)&jIo)fQC8yS^G;GvcY^JBkAtQAhw717z4
z{^xqDMDrGxQY52RdkwCj---1fwema(62{MoLTvmt_y#~94eTq1vUWf@gjL~Ndq?Qf
zx+%L&d6gz($WhNu?ggY~*y<C`*7vdca@p+nz-9(O?!h9F-o#7NPp+(tJm>=BNYV&4
z-=hpXG#aN?bx+0O=S!(hsY#BV`;hd!OQCH~1WR1(dT0<*=eK$c@?~@%3HiNA!c0IS
z8vl-8S?i@iQ5KgJYf+T1YI3p|^%klsjl@iNZlB(V!F3ZY2?&oi6k9uo)Sp>G_-qaw
z-K2cCjy+QzoY7*IFqiZW=H)GZm-YhHkQ;S=7x_RbjH}N!KhcFCpVtDC`UkIL9n>e!
z+wUGwNK{V72BJajwYal_VL8$g!Dzm%f?CGn_rGVJ{~R91WAh=e9zAu^Gh2R4Fk+Sd
zk3N1^CuCWn{Qk?RX=78=w%`s-aWD_^$QYukabLFqB{a2Zk*-cw4RL}cSpv^J#uqpB
z5{FW>J~Fn@ycIOfMmp<(Gyf*OIMXa11$ArQ@KV5wMG`@E|LH?BGiV^vztsxe*4S<H
z>m$_x^@;s?GLxIuDRbe2TUI;~#rHtsRt?w<mp$IyoD+IS#`5^79XAMP;9FdB2ZO=C
z%wGl89qfci>K@(jNJvJ{)h11s#RFPM%l!`BBt0}`8{*cCja`wht?rtJ1JtGI>~ldF
zMxgDQ2>_*dUBF{zL9{eDn{n_dWfO1wm~3QL@wetyc`6zq!n!*O#+nY%kze1+2p&N`
zJ4|1U47P3{T?ViIvJ8IY=XuViU@XLIArK*;$Wus3qu;}1)uGKrV^UGp9JeIxLAs$X
z)T!_~ohSbL$(6HTXaucX6FKOuVlZp*3u~+=0$7&T%1>Dukd;<3U%0A{^JFKbukw7>
z+7O+$sbHh7Tm#@v?p5dAaU-J5Hop-fe&?Wxr980q`{)Gm6kL~YDj__js?B&Tzgb!!
zg~2`68^T9?a{3BSvMx2&Yo<gzHv0MMt--qs<1g<MvW}p)D0y?WIe#zI1#hTcACjy{
z*KHlp!lCsZ7fHd}lO_H*Iban=Ya^fg^3HJ8{e7lCo<49EYs5|Iq{Q{2gkXL^Ab4h`
zkEZM~%+nMpqzQO*9<gV$Gh_ZPO1;miMwf(7;YaB*lBTij;Us?0{!<9Uh8KkMM#eaj
zQl@J7v*c3<SoTsjt?2fXvwGm2-Ao~QrtJGL@F_uTlpnSbzgJ_>Ytez;P0?|m&`sw&
zLnmAhpdy#iVDyKaWz&*9)!&Dgtt<Ak1K`d!fW6pN({Cv%XCI(ta4aVSTKE7H_bb(}
zGaz~5OO+@lYQD}pX0-LE#|L}uS+{N&QUVKFz?A6V&vh6C&<5^r--C^nIcYapYC7t^
zxn74q@{a%5V@4|t{$yhk{y=7(K1LB;hWw-l=^J9#X<2{R5-73+hLfe?e~}EL^D1=&
zj&n(jjh{m1q(jbUoPd(goaxPM<P*8JG4ME#x{zz_8E(k|l&S^~nd|CXH7TRBv6ZH>
z!W>m|3|EqCz!8Yp9f#Hw^`C)yYlfZTpNqIg%C~BBV#mrCtE{L$l-ac%R%4}(8YIxn
zT-2*~FdcHI5BKYPAR3HKDHtL-eOR<wCN!obn@{kC^87eW9gB~ZD#eZ8uOr$AQ-8lE
ztjc`iQ>|?ZP3+ZOr2ZFaR(@i5^5hh825eO*jZ>pTgu#{_=5X~c=4%xmJq+(3j`IkW
zq55P+z&?I}TQX41yx9;HFVQ70yP$(5e&AlbiOH(NNMY?6ELD69l@kfyN1o=(dsn6w
zgBCNUvN6A_?kJ}q>*l#P%GWY3IT#+o+#^s@&M}J*$gBdXQe(4ZhnuW=Db}PX2~*7R
z^)ke_cIlw9^~S*LVoK$lCiOOqXFrF6^EC4$+QC(8fG^(0nps(CAph;CvU%{{?`~M%
zJSxa4{XVf`k08mLf}Vo%V28O+HGtXy?PCzf#ip9Y3OBbT*@G|h+{rx#tn|YqTrP26
zu<i<EicfCYza@{o`4>z|NCE5)_qt}A0`^94jwTihwPaJ(;arZbr?d1&_)`8m&YZl?
z?j{(R3{}oZFNvw@ka{3<(dcXjULx7qU`=HQB1@Cf3|2FTK;;YLEwaAUZ`(>aj`k#=
z=QIar1Z8+qFEwuPk?~?O6cKD3cE5U6l^$-tZZV6%q7~yFjIcPpQNbwow#mHC^@kER
z$S+ftMK_f4H8`~@P__YcVRz(FL>a%&i;+6fWLR$*$(6v^vwp^T&+9GYnA)OudP&|M
zuUo@8KH+wby{A8@liqEH8i05G05!YsFYn~E?TFFIAmjD?0^X*Hs);`2|NT7fzm|@f
zj<$~Dqrw;yuqU^N`p`Ght0wk4$6kOO@#c>af*~eC(Swn@qWLLjJ|?1HjenBGU)X9m
zeNt><+8lh@ogW_Q^~a*Eo#MQkf;E+?KuSUtIJ^xX<}PITl3W#aOt6$x1r?JAaE`7H
z67DyD6@NI;?!psiTcH9WT8e@^FE%J9QCp4i8K_FscseJseMS4z=O;f6NTnvhrVkyk
ze7mfU?tDJx#lVK508mJ2bUjyU6?Twm)<rbk+C;X_Wnx+LR{eo=5bB97z{Yq@b3n2Y
zOpMpki@UoQe%87B?Ti`H2ZP)|AN`KhAJ-$D0p8R72j=cedIR<1GE=V$C4zbM7~Y;<
ze+qECa>suY;yR5+CdLm`A77WFV4t?UYn~PPQnW%f6N{IVlidZ4O$kkdPxv?qWY=sP
zv+u$dL`MtP6iCczYx($7TWT+Y$SBq|mP8Cc7d~VALf7LZvS(d;8O_c%fI-X(F4V7O
zJ&{P5#bpS30nfVq`o)zGiJ>znb0+%bZt?3-!REOHpo-oQe$R|QYu|H*5~sYjg{21f
zqs^59>U9<xBqcF=m0HDvA6`|Z-oLkEsQ%!w;n!vLxw}ke2{*l4K#NH^*_~BuUy~}5
zLVB@7<Xn>myxgXFlmx@cy_9V5FDr<6r0AOsMZtrLv1u`PepdG*4zpz@L;B`(tnh95
z;w>&8@UE#HerIU_CCQv)<0{6Q7Yer+G4FG@`fiJOKyIkvg{dCO<!}ISd$98nnf`b>
zGJ~Hs@IfnkyR#fzarFKnC-?;;_5<dofr*G?2XO3DMaNA<N=spj8B@)n-WGNNzHYky
z(wSD24V7TETpQ8#In3n(NWu?VSmlNIwPls)`Bs=R@TOLQYEGmRm|m^Oe5~yfB9x>O
zRG?v6o*7F^TQ;C6#vS7sbH>RoF+&CS<i?`(+HpSOf!Pwvbr`qg4LaRqHb<QDg%>JV
z>Z6YZr9-(5`rYX33>Yz*H-mvVH?pLyfRM*TUOD?{5ObX)`hF#EP0ctJa9hn_d?C*1
zVO2Zg$BzmRdmc4Pvdv<dRMdtKtl)@4MX^Jo#Ch4{`h??-sVR)&yIw~avB_Mui+?cr
zH#ypC&JN73l1eSg6H$gKI5!cZCw6daJ=KR@a)s?*z;8BEWmKnMPvaJJ<XUMfsyMIK
z+WIg~&iB5DJ4HxR?g0;NS~4St?rZnZD&_0TB#u+Nm%i3ikb+;}=5Mw<r-Ol7m~{&c
zcFRM}4oe=euPLHU{G{Z^7&l~<OwSSnbLJ<SHA>5*FrG%c7*?3xi@BJ||8gfn`oe?v
zHWO}tW7XlKC)~^iDERF7HSuEuAY$_(NC--B(f_@qn%3w9_iK_9*R$xq0^3}bRe^4%
z4_U7-B^b`>4a9|h+zF4m-FrE@eI>CRL`GOp%O^XTf3L0u7GuF}sYY9%ve;mpEsez{
zV>XaQD7T5S*AdL+M^%sG#kBip4WS2RiUH1OY^`2*7e2f>4u4L$Icz#@KVcj5A1rNw
z#=5$kY+wW1Nn}eO551f?ucg-7=(z*lVM8Tu_gh(p(^fXWyItB-|DC#BMiJ-kh?NlJ
zBpE2AC1UsWPvraM>BM3&LK&*oW<b?Kvb7D5mc-AiYieMDt;yPCUlqgs(qr`#g&atT
z!Yw(#jJ7sTVlAAF2ZSLjDAI)I)e-?__?X=MN#WrWRf_13!-x-&NV5>0K!(ZD?II*t
zK^noe=yvrg0fO<JFYCjSiQuP^pql48_hO?*Xs+Xoj>Ci8BRqe8S$3Cq*X8=PwOpw!
zdBncDFx3Jk{MCSRc(QQ9Ju^sXp><j|U-NX4O?_FnC6M?EfI|Iz8%cL-Xkp}knj1^6
zjDs%Bj5Wx;5C>j<rozU#f#@@i&Ev7CNq<jzun@YprNl@6?e?w_3`IJ@NIL$!8kW5i
z(+hEC_AS$|?W%YS{$U{Wa5O3;2L7Q@Vd{rHDgq0a!~JX~mnR?ELP9k^@gm}oYb{lF
zk0TM+(zzx-bH9-iV4)DAX2i(fxv~M*^&q`_h+4WzZ=!qI%J<bg4z0k0<u@@Iv3<b3
zDJrWN4JS`4N#th$2CNpeP>w>oq(ZKjaZB^;zs+qOiGeq(!fcK~Nz;1XI@*t;dl8;o
z<2u|3G*UDq)<;9}R%&-;vFr~EIFyvPG`ge%T+tcwf8a2mxnuU`#su#8bpWr(0L{wM
zM`y<Zx5}TY)3Td26m~7F>PNBOW0j!+_}n#t0c~*)7$9^=`!YV>uv7|j2Cr1VR;99<
z>@$N6#aTL$En!0(d-2Dvoo&CLRXCrB=v|4jMc)UKSme>F1iGmq@SQLo1U$p5kL%n!
ze>1LPebb81Y?RtxGisRjFjjtYk(gu-<VBRr7}M~lR;3r*62r#HK*M-{%K31`so@Tk
zi+bEfEj+i1IzY0|qN9PuJF8QX7+l0gcjS11KPtW3Bfw9^o_~3*(9K}k23bl~O%%2S
zbLg==R3s5?@-IZ`m*>BE{ItPI>1Lc<q~!oKpgB1?zF3spnM{^9#6;#jfo}Y*tVf<o
z26o^A_Rpx<bz7My6j4TSn}p8S*DY*X8Qpph;z)$G)Tgo`Q17b8+hQhZl159vtLY?=
zwF6h*z~CdN{-ogA+<5t|$$Q~dC_OJiCWS}7yJ4&PV9>6(=n@>n_ti(f(=hV|uhFCC
z6rsUd^t%+1Zxv6*s(-4h(!Iy2#^ckTeey<CScCZxZG^i3Y@%@OSn^05GrR_c&%%AQ
zXgLP&bMl?9vQS;&uS^N50`eH99GibDOiCk=MLpsr2fvBXf0I2Cg3=RF<ntK7Tls;&
z)P!mEFzvG@a-mB-c;odvjn3C<rHQ{ZfJJ<yic%fsB$|ghCrbzT2ma`hkYB6r3+V|V
zx_iI1ub07gOM+crc^N(IYG8<A{|3LAU$I!=tK4KZ85jQ{&Uf>qFu|p3XO^2>iGS~n
zjx21#j7pWpuL5M$O1~&boz7T3Nveu}=qG9>uFVNW2@LT9qC1A9g$F*VzC5D;f~3c3
z1_s)qAtM6Bs<;$39tu)jKY|U{CVHB?bt66&<P&VomblKwcKZ!%GSSc(<C~HoZQcN$
znfreSXlabXB^PmD>fdnprLwmBjFlcp90M<&``^qw8MIH0)NS+5?5PW=Ddh~BF=_7P
zbo6Q;=|>w+Z`J@kgCY@|_SS{?D4@|n>Ip^SZ-O?|Iql0pQcixyLWM)N_dAxWS+CS+
zXjNIebQOuM$^Fv{T7pbp<OJ0pf!X2-NXz$EH}i*bHeb=7FZ<ZaRB3BXitaw_zO9Wn
zWVLX%YxO4YGpM|6e!G&rBoxx9VE<RoEjT~odp_S#PGw3z+oaG~G?WkI)4TE0H1{oc
zs0t*L8y)Tj$vK)?`$Idj_~2J&wVaFEYg1h9ELtVs>)d3z+<#4m?i)pbOzRBR(eL(T
zJ7#eM3+09gWP^~<UP+3gxB5vfeFW4wjmLt*;mOyqiksA&pZyFoa(-R{rA2rD69043
zudgZ}iD$d94cR8Pw6c$_Z>P4ica5eUd$w3t5Up8$Y+nEJ)0Z(?ski^CCB((Q0@EL)
z{o;v?R!P~1@WbK4LZy3o>KZfaC%<X{Y>WZ9Ty+>ug{_HWqZ`#2O>WDXIc<Hd-gcYM
zHFr)_oRP{?Z*LPi9935ZF(U@KexFWHIBn*)jV0@AFJs)6?Tc|v-3+eQP#3P5@ztTD
z9{)i_Y4jV_Q;w~q^DYni<60$ti7i{eiCx>d4UF>Lz9A1^o%Xn_xrR+~KCoAEu%!_E
zX_e?Seih|@(R75%>B}HfKQ!c7C%ol+(oWr&E;<C|pyLzF9F3B%(_G3Hxo%0}9FjF!
zQ^^WPdf=_)VoyNQMCQAD%WlPW;Kgh#kHZUpVq%ERFjmS=SSam%qqnq{X9n&nvHbi5
zKw>MRHz&2dV|jTo0QC*lsyH9O15I}tE$x-HJJ1u2`Is(kKM~KYaThM-lDb-bXcI&&
z$*=UDVcVZQ`?Iam?=h7@0}wh%d$CY*@)^dnQIvhJ{h6hRB9MLX<z6JG=liQTyAy9C
zCV5e#C#X*5t6(R0)$bL(5aC^<*siBtaoZ@i8Z#1|=EbP!N9xV%d34H3*w3~_28h{7
zb(?ZKcRo+72?CSE%(L@!TzJ3J&eNxJ`xE`)r?=>ExZLqcTq6&!^LFc#6VaoY>I)%G
zFqx$7Vc117{JYoIez4_sB8#x^h&RbtRk_hBvw1>yiMOK=8c2*SUVOH@+%GAshEp*U
z{<dQ?|Gfz{&XamH1=2|_yYV^iz#3JQbLx^FM*{KB+5Ykm5_hh;DMGSQHhJlK@-0DK
z&oun6%KW1?wYL3~Exe5v{Gp9y9w_Sz{43d;nD~?XtM;p-g`F)?CGwlW-U;jiH2=mC
z33gDp=KiK4K@7iBYEb40uwPw)-LsC!{QJjMy79$9c1R#4T)CAFEq|Q$szH{V8q=1u
z>X-T|7E3v)K9M1e31&pre!mG#IfNEr=I>U8y<34POzhzY)Xl4kB0SN%mZ5P{tRGmV
zz8v~Je6Ub#rzZF#No>HJ16J_uY`zglVS)YbA$@b!HrW_z32eB1BPoS1?~DZ?Mn-wp
zxSAA@ze+P-4E9nPLsG}$UZQu9O+k21@dez9Ki_8rOPT^MB_4AZk~`yTs{jH#pMfj=
zcdoatl$~w`QU!ezi=D%?cbm8g?tF%_=AuLV&5-U2DWtlyJ|gW3V=-vr6B6+OOc&E9
zHKQ$2XnBv3qp>l1D?WziOBAs�=s4hA_T_Gm6M+-W!hwIe$v_ATC|T#S7l9lMB6#
z4u9~aUX(t=#_}no>MLavG<Z_yZ^jWXu@RIgC&(p|*%`e_cwdh1@Ux)t_xo#)xIS;m
zhG9i(zIBJ*LH1wNa6^ODFqbPY$3~_v+;0!B&U6aH_Lr4EZqF$hSWeNA0Y~|(An5%g
z_U~3vbx&^d-$+FLqx-|*143ZPNT@&5oP_Jt$}cdJvBb4tkvu{E*~|=c-|_dnFeyGb
z_woDZFvOkO@_@1V0j3*xCTCcrWLGzr$a!?M<ZWeq=*uq_qWUsml?#g1*#%ez&!pSp
zA)$_7Du<`TZlX4Mu9LT!^)mLUBfapNWjU2YR^=)t18E%7nUL;&Jw$Iv%u2>9%9(OP
zPv$*(hj${~wUnLCrPvb2ndn?5+u##FE8Sm_w{}<qD<V`|D&x&VG^fr{MqS)}_yN7+
zZVBzPPKKW$IoF<CG6*}j4YJl_WyQ-kVR-i#QF$+iB|gZd02BWMP>#_*JvPd5T8R(i
z0e&C4PyrEtp=DAx|LRwo@7oUVC+eT_Ms_#2@15I}6|GW2#t@{+BvZC8ER#eo)l!P6
zi@*xXkY`0JsXcQ2>(TV$$KR}eaq5t89jd8xJXVfMZxm7buxd+gj^*p3F-2%JHKG<b
zG64G<;NRH6?@^YhRIxI5bb5xPLa`RIDEP%FB_11!&sR0ieYbtrC1S>HgioQOy~fv9
zP&pWMh<Tq76%#ifWHO*|`xHGha2mX|ZycD8Ri`@}8&oa-5%c_x&-<Wsyp4xNsC5)G
z#H_~y_K0!C32~W3qLVN>G8tlTiD8UUoW4#XXPP>LOTH9;V|emZl~JK-gm?hU;33^3
z^9inP;HMeS68+k|(i5P*XvCX>H!Q=_1&G>tk(MY~87o@)TE_5S%2V?N4aUmJ2CEJD
zg*vso7#L&%|9vCCZS7(x$yT)c>a`Js{5-ibhv58)D}fLz2-Imv_@lKWPo<fZIOu`?
zv%xk!i%)(4^zk!ce#fQ$?cK(|qo<oQHU;OT%uM#{VNP15^@SysIoR!=lqU6Ohf_I^
z)H@8t+`^YQaL$!Sok5~Kmya!J;r;^e%&oOzioj$SwuNe3jDmMW{NLzL&hWyk)Rn~m
za4#KAc`v?QV}nnx`UFEUQ$B|DM`;oW#@Q*M7yV(aVmAy)hE>C5a2tgGaAGRN;fr95
z$$17z>DO&p@=>2Ur#VGx^)c5D4ZH(XjIxk3Vllds(B}(38hW{1zA0nQ30r)L#27uc
zF5cg-i%`I`GQ9rlLP?nx-9R$^BPu6k-%ZJyxOAhLqKV0xXroI8=TLPq{DcRlQ<gXI
zgau^R+O9ht8&OR;J4De2@@*2F-b@0{XbJi1#%tng>U_}+xkI~&)$7`en+(my26DJq
z%IdqNK*Du9Uq}}6>U4W`W~UIX)#8rfdF*Z9n;OpqMI;5w8DiR6^zq6BoyZ}(AekV}
zb=AQzLvEC*g@HvET|kB1;#mcMe)HRBhT{IMgW{H3hDwiao#?%3GtE+LR*C_6SPe92
z`J4Kajf6!L2_Nr?pKl85_-$Mp;_v+1vlvKg|NGe`gS*vH;9L>!Br{d(Z^Qbiuwkar
z^tRfq<gbgcpicDw(Ob&hPn5BM9ii@W_?@1b$+rt%MYej}A<o?5hhpJ~UI%+|W2F15
zu213O?i!@s?@rj3!|^En<9>~{em^roQtU>r`^emuP#?=*^sOs<5)EU*LeVw#s}Eah
zeX3nr2GF?SZ@-+jRDiC82h>IptjRaSwYCDy8;kVUM*`;;pRgx#d(6e*@yma;I*?3+
z;BKNN=i>Wx@c|0_1Cv|RJfXke2D?863*}!Mwz2|NW8%O1s<5yz+}=mPlPRwzsOA}T
zfbA5}>VDmGne&rqOlKpqDjV#j6>s_oRx^={p<VO4yE6W_vXXpXC1ssW2Y8e>dB-nj
znm1|C+%^n}H#Nak)>^yG3apM^Idm6@cDuVv<-BAV%a!#f@yRpQq<D3IU!VJAEl@DU
z!S9gw9)f|OwP4b=-i*o!bx{U(^(bG(Ex&`{IoEw3LzboRu|Bp;2_3^bu%Vi^<M+9Y
z{?o8z+`QQ6+QU3^^4t72U*sH=={UZ(I;S~>FKLWwysKTm7BFuesE1=CTUVJwjM8f$
z`Px%^^o_uGb0m4<f=K<=iiD9CR_im5M4PTK>bvN&v_PL?M#ki2^{(a&X!$zg4J8dv
z_GM-V$ZL-bK^Cu#X|q(&6x}jEpz&9SF2kwc1eu@th$1LPFAwg!L*NI3xdQg!9gO)e
zG&c|$4M}Ww|6X+LRYY8Yk9z&;8x+4|FS85v?fZ`|X1KJ6B4g0y86a~$HGG+Cr{HP%
z%Qb5{v5H8k0;QiyiLO_E_N}+K$-v!dd5oW2El0=SmBYzA@cXPiA|959mbFu4u%SWW
zG3ohEVf^jQTy?`1lhkXSFWnu>1x%iL<*)c=lbjyFJ4m72P-lAYYvo{1)y73lES(R-
zBLj?@e-zk#@l%CX>?}ap?7#44V>6zwxguj?%)q9pk5R*Sfx>$<;EMWGcX@+Csh*ys
z3{_BD((+*57=na&irP+M|3^^&;qz7k>oRKnvi@_ZOc&R)w9c<GNRvdK42>b&ZU}W(
zrfbySXiO-{oFgn7{V0-jh`Cdni<e5$zSJ8N0fLKNwq{_976gZ+OzPeq0l5?2y@gFv
zZpPE~Y9lIu32p6KTJ?sSCeONXxxaRZp3ukb%Si=sF&$=lpneQ|RrbLaHAbohi{y+i
z={Da(L=z4R#fk6S0d@-FKJAqypD35HguZBLxE9iY6o0lW)5#+2qOALqb4lFrC<y?N
zLUXUh5~xS{-(Q`WMWwTMx%I!BThz+OZ9%s_fJz2hf;W6G(`B?i!=jE9lMBj%&;W=_
z1G>1jeNu<KyN(S!j<zJxy8OPJd*F2fH#ol<;{BBLXA^P;4~XcZOqEP3dT+Kbb`QZp
zbQCBKPJcN}jz=pp-rohOV2b<3@Iy^cj)j%?SZ_KQ5VAw8GM7H2&`z&MX_uKJ+H1zH
z<&(DE;0nEr^MJm8*W3ijTrHcLm5onInSU^8X^h?O<ex0Z>J&Tw`?yB<ve{GM(Klk|
zJmlr`{gnS8s^i#f?4SNX5=VV5o@U+1dhLO{(wbhKqleX|XY+$?Kzz<qY8ahbG$H(6
zr3XTKf#n;hFerV#><d>U&W2PCmwO6z4ZB>OM3W-?sXF<U5gw$_Rj)H?V!n*y>k;Mj
zXCbG?xFLvFmo2=<-rj-Sv`;_}E5Xp`)7=K{ua<JU=~^cld&reXkIm~~W1>0ZN6Y!q
zmF&H5bA-0)?VBk=2zA;Vz=mzdTnBEwCtax|X0Yx<CqPwtXDa5^7D0*MA^JfYM2h|d
zkd{Pyou916UO^2Wvwq&r^m~fSM6wH0{tBA=MdSbS*y`yD|F0o>jf~JBg98bw!fsic
z9k!AZ_1leqt)g4`rd5^a7kmE#gNFv7s0VK+)Wg}$5hAXz8$_#ddZPmrOv=MiA?tE)
zx@b%Af?Bi{*u-``1`T26<nyf`>FES+KWF-x00%hSC^N9P=vkgcOT3cyy@IVm{fIiN
zq*1IrPX@|ASU<^#No*|B;%L%sJRrsLTw;3_c<wbi&hhl_lK<fGo+<4^VqWvV6j|0c
zZ^&dXXTptEy(Wk`wT{;sgE;Ol33{a-&-1p2UclLURKbdt?Fx@Vy{eOC&M}0(EkJ?T
zSUK`FXRfF>G9X!y%xPg*P5JZs7iWd7NToH~|2$^iVx#2V-Ul7t>90cW7yX%S`9wB;
z8z=mhL-!?1*E0}bgAc@H`*QQrzFuwcl(K$rrlmZg-h%ZcT|bB3KAg$AjKyn;nXsDC
zDlesU!!fw>u~on|DrUuxm!~2#_ii*H)n3zO`GaHp-{cfN8eJQ{rSpCFy~}|Q`X|U!
zHaf2+9}UTLh_b@^F7zQm$o~N=o}=Sy;{x?06Iq40QSRdpC|!||sLTzQ%kb~1J!9U9
z=BM|YaD&sNhXwe24@ei@;dg&}W8{CUJpX_+f}qZm9`=N3#ddpl@?CBO`@W3GOXU_q
za0kM9o6)g!W!N3+azv|2O*gal!>u=*f;vh3U-=KVHOSe;Y^CUYzbEP1pKA(yr1$lo
z5F`Jb(5@b@$mFI4GsRtKd<^mI%ZDk?BXvL%A{+9_jcYE${df*g^;OWU`aiCVt)+Fz
zFj<<!kxgRQ#`NVK>}Qos3tY~;+n+7!V{Xmd-}5(NWFUk4G-gEAd{&;=9K)^ibLgmr
z@}{}Na>Nkh;L!7)-#(C5X6gKE8^LQS<I_VCUmnH7$F+V>&b98aATSw(u`Bu%U95}_
zlr;FkUEeeUS6C$4*~|zlLF=JJt47=PH0k3@ON-q3=A@}VCWFg3@9_NZH<A51*7vhS
zeT*<c80zCzsa8yv#gBi~AncE}xZ}=_-!|iiYl2eHd6K}b={qn}L=l74HXYP(zBMD^
z^b%x`FT~_k6(U>GBx`wT$M>T!9G#Qp$1U}sV=ErY!Agoj$715>pi(Qcpxj{do;eO4
zvV(H6uo!WF`mDsqb@jf7=-y9&RK_%F9*sNKdm~?ozEHs5lQTja>`Y9#jpniDgL9JH
z#H*esjx9S^?@F^G)6jiLjNB>+ZZG<vdQh(Y&1bnbjzRS~s`d;>Hk|K_`aoM}!w~D#
zcLxzpv8^y**!}Ndk68kid0#sXJPFso$%=5&XD1H%9Nw?cyfu8-OPN>i>k3<Zbh6w>
zBYx~p0(<)B9>uD754VxFygs+_(~c1i<O}s*W}06ya}ygGVVdim#~eCow*FV&j-Cx9
zl9cDex@6M1cP9W4^(cQ>8p$W5jGdyAkUcliX^$`x-7q8i(G}(GD(&kDU*1c&{2TpN
z`oF6Fbs{$>mKsH+!$HC~OU6GLqg+upBZ^h)CLni(ChN#ATf|lq!{Uaio~Y$nrWe1j
zxKpcwUu^i~d0k6wAsMkJ@jW<Bb0rm=RRxdiZDpLbl~@$L-lpnU|Ds}JBsEF7tV0uq
z=g|FjfOldUnyB*W&)VbC5G?)4k=7@<_YbIY7Nd#f_>@`gkzFVB(?EZbV|eV1Es_!6
zw8lk~MW!?MN5ENYpLy&&H>rD6ZJdgPtDu8~bu~e8k(|t1<k?IOZ91zl0r+)MG~r0s
z#}gK!y^+qYaD<cZwB!m&X*j|krNN3MSF-YHGT(pv{iI3vnW2<bl5JfcbF+ziEHqO}
zn=J8y+msZg1>>_qf2}0<z7NYMuq9@m`-)!<*g*tUmEbsbB3JJ=i5gZWcYHH>EX?9B
z<DA~TwYAodAb|Ph^MfUB1Qu&uvj^Ke1Yk$b2~etCb85*OG?uQvZbLZj=AJ`$82uAr
zh!?BkejYcnD06w%1ZphoMYVToee~n@FH}eWxxc*`TZJ4RL_eF!eBq#W`f=G$s&6dN
z_PyY~W0=<Q1;ua)x<!7eIR%*>yelgG>3%41B5-_Vm|t@YryUO+FyY?+-P)9K^6+(p
zN#}+kld-Ggl&qFb2eUcc-1?eF#8EP4pGqIS-<F|L;<IBw!C*$zO|(@e>I&o!o96mk
z7K1DB7;~^t|7wldXvRDnHjT}UsF>$&;j;#I5F#L$cY_tHP#blBY+d~XG8?{Y?f%&)
zswZ8l(hYBCJln$&t|&??YX0Y&PYnPhIjnsJKa;t%0#R74o_hj%r2Z!xwx|mMY(0~S
zVH(>Mhw2~Rb1rcWiB0kNB$#Nd;Wn2^+B$Og{Yq{){f7lxMDIffZpNPQ88H5*;IDTl
zEcZ=k^k@e9=c-&)o|c9#ikWyVQMaM;MzYfTr5C_DhnY6ijvB(wnvR+8x-NMY0mjTz
zV_O}?pgzs2C_J(2I$`-{vk>LwNryg+6@0zXS8CBCwYinKJOQy@>$bI%UpMz<z4gM6
zEfUEt%Zt=ZNba$LJr7Kdm8b-(Vnfq?zf*g`eA_9qv^~E2`$webdmtR^u4dM^Aow!+
z@hb=_#Ez%rn%|@hQx#nf^uH$!Uz2?7bhvav-(mgw3*DsOGxR{bZ-N!`%JsWjyT?pt
zqHrZ3bzl1a?@|4-^sBEhv!X@5Hbbcts3Qgb-!6c03EJx0ZJ@&cUrm%wTs6?06xzRY
za$(G&(ndI|9^l7v_ETJ_$mz<ttmlTn{9<L2!DOu{ke^oLw|&NPZ)n(>YIc-0awehe
zITd!-r;_@A{rrsJ?D@*I^Al-bGIMSt%sFf$%({9K>PE6Brb0hQ^|11BWP)9KBxhQ9
zMt#^%C#XI%5Pq9a;8j}EeHR%m>^KIES+QR#M7!3B^!{`;x`B6zUblA6s)VMkfDr!=
p^gH1J2n;ChpigwoQqd!+e13P~OZHnw^j8Nl)RZ-qY85Pk{s*+L@$&!x
literal 0
HcmV?d00001
diff --git a/ext/standaloneusers/info.xml b/ext/standaloneusers/info.xml
new file mode 100644
index 0000000000..e99c6d3c06
--- /dev/null
+++ b/ext/standaloneusers/info.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0"?>
+<extension key="standaloneusers" type="module">
+ <file>standaloneusers</file>
+ <name>Standalone Users</name>
+ <description>Provides user management, roles, permissions for standalone CiviCRM.</description>
+ <license>AGPL-3.0</license>
+ <maintainer>
+ <author>Rich Lott / Artful Robot</author>
+ <email>code.commits@artfulrobot.uk</email>
+ </maintainer>
+ <urls>
+ <url desc="Main Extension Page">http://FIXME</url>
+ <url desc="Documentation">http://FIXME</url>
+ <url desc="Support">http://FIXME</url>
+ <url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
+ </urls>
+ <releaseDate>2022-11-11</releaseDate>
+ <version>1.0</version>
+ <develStage>alpha</develStage>
+ <compatibility>
+ <ver>5.38</ver>
+ </compatibility>
+ <requires>
+ <ext>org.civicrm.search_kit</ext>
+ <ext>authx</ext>
+ <ext>org.civicrm.afform</ext>
+ </requires>
+ <comments>Don't enable this on a standard CMS-based install!</comments>
+ <classloader>
+ <psr4 prefix="Civi\" path="Civi"/>
+ <psr0 prefix="CRM_" path="."/>
+ </classloader>
+ <civix>
+ <namespace>CRM/Standaloneusers</namespace>
+ <format>22.12.1</format>
+ <angularModule>crmStandaloneusers</angularModule>
+ </civix>
+ <mixins>
+ <mixin>mgd-php@1.0.0</mixin>
+ <mixin>setting-php@1.0.0</mixin>
+ <mixin>menu-xml@1.0.0</mixin>
+ </mixins>
+ <upgrader>CRM_Standaloneusers_Upgrader</upgrader>
+</extension>
diff --git a/ext/standaloneusers/mixin/menu-xml@1.0.0.mixin.php b/ext/standaloneusers/mixin/menu-xml@1.0.0.mixin.php
new file mode 100644
index 0000000000..4c0b2276c0
--- /dev/null
+++ b/ext/standaloneusers/mixin/menu-xml@1.0.0.mixin.php
@@ -0,0 +1,31 @@
+<?php
+
+/**
+ * Auto-register "xml/Menu/*.xml" files.
+ *
+ * @mixinName menu-xml
+ * @mixinVersion 1.0.0
+ *
+ * @param CRM_Extension_MixInfo $mixInfo
+ * On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ * @param \CRM_Extension_BootCache $bootCache
+ * On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ */
+return function ($mixInfo, $bootCache) {
+
+ /**
+ * @param \Civi\Core\Event\GenericHookEvent $e
+ * @see CRM_Utils_Hook::xmlMenu()
+ */
+ Civi::dispatcher()->addListener('hook_civicrm_xmlMenu', function ($e) use ($mixInfo) {
+ if (!$mixInfo->isActive()) {
+ return;
+ }
+
+ $files = (array) glob($mixInfo->getPath('xml/Menu/*.xml'));
+ foreach ($files as $file) {
+ $e->files[] = $file;
+ }
+ });
+
+};
diff --git a/ext/standaloneusers/mixin/mgd-php@1.0.0.mixin.php b/ext/standaloneusers/mixin/mgd-php@1.0.0.mixin.php
new file mode 100644
index 0000000000..39d45b14ab
--- /dev/null
+++ b/ext/standaloneusers/mixin/mgd-php@1.0.0.mixin.php
@@ -0,0 +1,42 @@
+<?php
+
+/**
+ * Auto-register "**.mgd.php" files.
+ *
+ * @mixinName mgd-php
+ * @mixinVersion 1.0.0
+ *
+ * @param CRM_Extension_MixInfo $mixInfo
+ * On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ * @param \CRM_Extension_BootCache $bootCache
+ * On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ */
+return function ($mixInfo, $bootCache) {
+
+ /**
+ * @param \Civi\Core\Event\GenericHookEvent $e
+ * @see CRM_Utils_Hook::managed()
+ */
+ Civi::dispatcher()->addListener('hook_civicrm_managed', function ($event) use ($mixInfo) {
+ // When deactivating on a polyfill/pre-mixin system, listeners may not cleanup automatically.
+ if (!$mixInfo->isActive()) {
+ return;
+ }
+
+ $mgdFiles = CRM_Utils_File::findFiles($mixInfo->getPath(), '*.mgd.php');
+ sort($mgdFiles);
+ foreach ($mgdFiles as $file) {
+ $es = include $file;
+ foreach ($es as $e) {
+ if (empty($e['module'])) {
+ $e['module'] = $mixInfo->longName;
+ }
+ if (empty($e['params']['version'])) {
+ $e['params']['version'] = '3';
+ }
+ $event->entities[] = $e;
+ }
+ }
+ });
+
+};
diff --git a/ext/standaloneusers/mixin/polyfill.php b/ext/standaloneusers/mixin/polyfill.php
new file mode 100644
index 0000000000..f57c5ebbf8
--- /dev/null
+++ b/ext/standaloneusers/mixin/polyfill.php
@@ -0,0 +1,101 @@
+<?php
+
+/**
+ * When deploying on systems that lack mixin support, fake it.
+ *
+ * @mixinFile polyfill.php
+ *
+ * This polyfill does some (persnickity) deduplication, but it doesn't allow upgrades or shipping replacements in core.
+ *
+ * Note: The polyfill.php is designed to be copied into extensions for interoperability. Consequently, this file is
+ * not used 'live' by `civicrm-core`. However, the file does need a canonical home, and it's convenient to keep it
+ * adjacent to the actual mixin files.
+ *
+ * @param string $longName
+ * @param string $shortName
+ * @param string $basePath
+ */
+return function ($longName, $shortName, $basePath) {
+ // Construct imitations of the mixin services. These cannot work as well (e.g. with respect to
+ // number of file-reads, deduping, upgrading)... but they should be OK for a few months while
+ // the mixin services become available.
+
+ // List of active mixins; deduped by version
+ $mixinVers = [];
+ foreach ((array) glob($basePath . '/mixin/*.mixin.php') as $f) {
+ [$name, $ver] = explode('@', substr(basename($f), 0, -10));
+ if (!isset($mixinVers[$name]) || version_compare($ver, $mixinVers[$name], '>')) {
+ $mixinVers[$name] = $ver;
+ }
+ }
+ $mixins = [];
+ foreach ($mixinVers as $name => $ver) {
+ $mixins[] = "$name@$ver";
+ }
+
+ // Imitate CRM_Extension_MixInfo.
+ $mixInfo = new class() {
+
+ /**
+ * @var string
+ */
+ public $longName;
+
+ /**
+ * @var string
+ */
+ public $shortName;
+
+ public $_basePath;
+
+ public function getPath($file = NULL) {
+ return $this->_basePath . ($file === NULL ? '' : (DIRECTORY_SEPARATOR . $file));
+ }
+
+ public function isActive() {
+ return \CRM_Extension_System::singleton()->getMapper()->isActiveModule($this->shortName);
+ }
+
+ };
+ $mixInfo->longName = $longName;
+ $mixInfo->shortName = $shortName;
+ $mixInfo->_basePath = $basePath;
+
+ // Imitate CRM_Extension_BootCache.
+ $bootCache = new class() {
+
+ public function define($name, $callback) {
+ $envId = \CRM_Core_Config_Runtime::getId();
+ $oldExtCachePath = \Civi::paths()->getPath("[civicrm.compile]/CachedExtLoader.{$envId}.php");
+ $stat = stat($oldExtCachePath);
+ $file = Civi::paths()->getPath('[civicrm.compile]/CachedMixin.' . md5($name . ($stat['mtime'] ?? 0)) . '.php');
+ if (file_exists($file)) {
+ return include $file;
+ }
+ else {
+ $data = $callback();
+ file_put_contents($file, '<' . "?php\nreturn " . var_export($data, 1) . ';');
+ return $data;
+ }
+ }
+
+ };
+
+ // Imitate CRM_Extension_MixinLoader::run()
+ // Parse all live mixins before trying to scan any classes.
+ global $_CIVIX_MIXIN_POLYFILL;
+ foreach ($mixins as $mixin) {
+ // If the exact same mixin is defined by multiple exts, just use the first one.
+ if (!isset($_CIVIX_MIXIN_POLYFILL[$mixin])) {
+ $_CIVIX_MIXIN_POLYFILL[$mixin] = include_once $basePath . '/mixin/' . $mixin . '.mixin.php';
+ }
+ }
+ foreach ($mixins as $mixin) {
+ // If there's trickery about installs/uninstalls/resets, then we may need to register a second time.
+ if (!isset(\Civi::$statics[__FUNCTION__][$mixin])) {
+ \Civi::$statics[__FUNCTION__][$mixin] = 1;
+ $func = $_CIVIX_MIXIN_POLYFILL[$mixin];
+ $func($mixInfo, $bootCache);
+ }
+ }
+};
diff --git a/ext/standaloneusers/mixin/setting-php@1.0.0.mixin.php b/ext/standaloneusers/mixin/setting-php@1.0.0.mixin.php
new file mode 100644
index 0000000000..7195af40de
--- /dev/null
+++ b/ext/standaloneusers/mixin/setting-php@1.0.0.mixin.php
@@ -0,0 +1,32 @@
+<?php
+
+/**
+ * Auto-register "settings/*.setting.php" files.
+ *
+ * @mixinName setting-php
+ * @mixinVersion 1.0.0
+ *
+ * @param CRM_Extension_MixInfo $mixInfo
+ * On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ * @param \CRM_Extension_BootCache $bootCache
+ * On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ */
+return function ($mixInfo, $bootCache) {
+
+ /**
+ * @param \Civi\Core\Event\GenericHookEvent $e
+ * @see CRM_Utils_Hook::alterSettingsFolders()
+ */
+ Civi::dispatcher()->addListener('hook_civicrm_alterSettingsFolders', function ($e) use ($mixInfo) {
+ // When deactivating on a polyfill/pre-mixin system, listeners may not cleanup automatically.
+ if (!$mixInfo->isActive()) {
+ return;
+ }
+
+ $settingsDir = $mixInfo->getPath('settings');
+ if (!in_array($settingsDir, $e->settingsFolders) && is_dir($settingsDir)) {
+ $e->settingsFolders[] = $settingsDir;
+ }
+ });
+
+};
diff --git a/ext/standaloneusers/phpunit.xml.dist b/ext/standaloneusers/phpunit.xml.dist
new file mode 100644
index 0000000000..ea391745fa
--- /dev/null
+++ b/ext/standaloneusers/phpunit.xml.dist
@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<phpunit backupGlobals="false" backupStaticAttributes="false" colors="true" convertErrorsToExceptions="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" convertDeprecationsToExceptions="true" processIsolation="false" stopOnFailure="false" cacheResult="false" bootstrap="tests/phpunit/bootstrap.php">
+ <testsuites>
+ <testsuite name="My Test Suite">
+ <directory>./tests/phpunit</directory>
+ </testsuite>
+ </testsuites>
+ <filter>
+ <whitelist>
+ <directory suffix=".php">./</directory>
+ </whitelist>
+ </filter>
+ <listeners>
+ <listener class="Civi\Test\CiviTestListener">
+ <arguments/>
+ </listener>
+ </listeners>
+</phpunit>
diff --git a/ext/standaloneusers/sql/auto_install.sql b/ext/standaloneusers/sql/auto_install.sql
new file mode 100644
index 0000000000..74c61fe08d
--- /dev/null
+++ b/ext/standaloneusers/sql/auto_install.sql
@@ -0,0 +1,104 @@
+-- +--------------------------------------------------------------------+
+-- | Copyright CiviCRM LLC. All rights reserved. |
+-- | |
+-- | This work is published under the GNU AGPLv3 license with some |
+-- | permitted exceptions and without any warranty. For full license |
+-- | and copyright information, see https://civicrm.org/licensing |
+-- +--------------------------------------------------------------------+
+--
+-- Generated from schema.tpl
+-- DO NOT EDIT. Generated by CRM_Core_CodeGen
+--
+-- /*******************************************************
+-- *
+-- * Clean up the existing tables - this section generated from drop.tpl
+-- *
+-- *******************************************************/
+
+SET FOREIGN_KEY_CHECKS=0;
+
+DROP TABLE IF EXISTS `civicrm_user_role`;
+DROP TABLE IF EXISTS `civicrm_user`;
+DROP TABLE IF EXISTS `civicrm_role_permission`;
+DROP TABLE IF EXISTS `civicrm_role`;
+
+SET FOREIGN_KEY_CHECKS=1;
+-- /*******************************************************
+-- *
+-- * Create new tables
+-- *
+-- *******************************************************/
+
+-- /*******************************************************
+-- *
+-- * civicrm_role
+-- *
+-- * Permissions are assigned to roles which are assigned to users
+-- *
+-- *******************************************************/
+CREATE TABLE `civicrm_role` (
+ `id` int unsigned NOT NULL AUTO_INCREMENT COMMENT 'Unique Role ID',
+ `name` varchar(64) NOT NULL,
+ PRIMARY KEY (`id`),
+ UNIQUE INDEX `index_name`(name)
+)
+ENGINE=InnoDB;
+
+-- /*******************************************************
+-- *
+-- * civicrm_role_permission
+-- *
+-- * Assigns permissions to roles
+-- *
+-- *******************************************************/
+CREATE TABLE `civicrm_role_permission` (
+ `id` int unsigned NOT NULL AUTO_INCREMENT COMMENT 'Unique RolePermission ID',
+ `role_id` int unsigned COMMENT 'FK to Role',
+ `permission` varchar(60) NOT NULL COMMENT 'A single permission granted to this role',
+ PRIMARY KEY (`id`),
+ CONSTRAINT FK_civicrm_role_permission_role_id FOREIGN KEY (`role_id`) REFERENCES `civicrm_role`(`id`) ON DELETE CASCADE
+)
+ENGINE=InnoDB;
+
+-- /*******************************************************
+-- *
+-- * civicrm_user
+-- *
+-- * A standalone user account
+-- *
+-- *******************************************************/
+CREATE TABLE `civicrm_user` (
+ `id` int unsigned NOT NULL AUTO_INCREMENT COMMENT 'Unique User ID',
+ `contact_id` int unsigned COMMENT 'FK to Contact',
+ `username` varchar(60) NOT NULL,
+ `password` varchar(128) NOT NULL COMMENT 'Hashed password',
+ `email` varchar(255) NOT NULL COMMENT 'Email (e.g. for password resets)',
+ `when_created` timestamp DEFAULT CURRENT_TIMESTAMP,
+ `when_last_accessed` timestamp NULL,
+ `when_updated` timestamp NULL,
+ `is_active` tinyint NOT NULL DEFAULT 1,
+ `timezone` varchar(32) NULL COMMENT 'User\'s timezone',
+ `language` varchar(12) NULL COMMENT 'User\'s language',
+ PRIMARY KEY (`id`),
+ UNIQUE INDEX `index_username`(username),
+ CONSTRAINT FK_civicrm_user_contact_id FOREIGN KEY (`contact_id`) REFERENCES `civicrm_contact`(`id`) ON DELETE CASCADE
+)
+ENGINE=InnoDB;
+
+-- /*******************************************************
+-- *
+-- * civicrm_user_role
+-- *
+-- * Assigns Roles to Users
+-- *
+-- *******************************************************/
+CREATE TABLE `civicrm_user_role` (
+ `id` int unsigned NOT NULL AUTO_INCREMENT COMMENT 'Unique UserRole ID',
+ `user_id` int unsigned COMMENT 'FK to User',
+ `role_id` int unsigned COMMENT 'FK to role',
+ PRIMARY KEY (`id`),
+ INDEX `index_user_role`(user_id, role_id),
+ CONSTRAINT FK_civicrm_user_role_user_id FOREIGN KEY (`user_id`) REFERENCES `civicrm_user`(`id`) ON DELETE CASCADE,
+ CONSTRAINT FK_civicrm_user_role_role_id FOREIGN KEY (`role_id`) REFERENCES `civicrm_role`(`id`) ON DELETE CASCADE
+)
+ENGINE=InnoDB;
diff --git a/ext/standaloneusers/sql/auto_uninstall.sql b/ext/standaloneusers/sql/auto_uninstall.sql
new file mode 100644
index 0000000000..8426d37129
--- /dev/null
+++ b/ext/standaloneusers/sql/auto_uninstall.sql
@@ -0,0 +1,23 @@
+-- +--------------------------------------------------------------------+
+-- | Copyright CiviCRM LLC. All rights reserved. |
+-- | |
+-- | This work is published under the GNU AGPLv3 license with some |
+-- | permitted exceptions and without any warranty. For full license |
+-- | and copyright information, see https://civicrm.org/licensing |
+-- +--------------------------------------------------------------------+
+--
+-- Generated from drop.tpl
+-- DO NOT EDIT. Generated by CRM_Core_CodeGen
+---- /*******************************************************
+-- *
+-- * Clean up the existing tables-- *
+-- *******************************************************/
+
+SET FOREIGN_KEY_CHECKS=0;
+
+DROP TABLE IF EXISTS `civicrm_user_role`;
+DROP TABLE IF EXISTS `civicrm_user`;
+DROP TABLE IF EXISTS `civicrm_role_permission`;
+DROP TABLE IF EXISTS `civicrm_role`;
+
+SET FOREIGN_KEY_CHECKS=1;
\ No newline at end of file
diff --git a/ext/standaloneusers/standaloneusers.civix.php b/ext/standaloneusers/standaloneusers.civix.php
new file mode 100644
index 0000000000..4f56172044
--- /dev/null
+++ b/ext/standaloneusers/standaloneusers.civix.php
@@ -0,0 +1,250 @@
+<?php
+
+// AUTO-GENERATED FILE -- Civix may overwrite any changes made to this file
+
+/**
+ * The ExtensionUtil class provides small stubs for accessing resources of this
+ * extension.
+ */
+class CRM_Standaloneusers_ExtensionUtil {
+ const SHORT_NAME = 'standaloneusers';
+ const LONG_NAME = 'standaloneusers';
+ const CLASS_PREFIX = 'CRM_Standaloneusers';
+
+ /**
+ * Translate a string using the extension's domain.
+ *
+ * If the extension doesn't have a specific translation
+ * for the string, fallback to the default translations.
+ *
+ * @param string $text
+ * Canonical message text (generally en_US).
+ * @param array $params
+ * @return string
+ * Translated text.
+ * @see ts
+ */
+ public static function ts($text, $params = []): string {
+ if (!array_key_exists('domain', $params)) {
+ $params['domain'] = [self::LONG_NAME, NULL];
+ }
+ return ts($text, $params);
+ }
+
+ /**
+ * Get the URL of a resource file (in this extension).
+ *
+ * @param string|NULL $file
+ * Ex: NULL.
+ * Ex: 'css/foo.css'.
+ * @return string
+ * Ex: 'http://example.org/sites/default/ext/org.example.foo'.
+ * Ex: 'http://example.org/sites/default/ext/org.example.foo/css/foo.css'.
+ */
+ public static function url($file = NULL): string {
+ if ($file === NULL) {
+ return rtrim(CRM_Core_Resources::singleton()->getUrl(self::LONG_NAME), '/');
+ }
+ return CRM_Core_Resources::singleton()->getUrl(self::LONG_NAME, $file);
+ }
+
+ /**
+ * Get the path of a resource file (in this extension).
+ *
+ * @param string|NULL $file
+ * Ex: NULL.
+ * Ex: 'css/foo.css'.
+ * @return string
+ * Ex: '/var/www/example.org/sites/default/ext/org.example.foo'.
+ * Ex: '/var/www/example.org/sites/default/ext/org.example.foo/css/foo.css'.
+ */
+ public static function path($file = NULL) {
+ // return CRM_Core_Resources::singleton()->getPath(self::LONG_NAME, $file);
+ return __DIR__ . ($file === NULL ? '' : (DIRECTORY_SEPARATOR . $file));
+ }
+
+ /**
+ * Get the name of a class within this extension.
+ *
+ * @param string $suffix
+ * Ex: 'Page_HelloWorld' or 'Page\\HelloWorld'.
+ * @return string
+ * Ex: 'CRM_Foo_Page_HelloWorld'.
+ */
+ public static function findClass($suffix) {
+ return self::CLASS_PREFIX . '_' . str_replace('\\', '_', $suffix);
+ }
+
+}
+
+use CRM_Standaloneusers_ExtensionUtil as E;
+
+function _standaloneusers_civix_mixin_polyfill() {
+ if (!class_exists('CRM_Extension_MixInfo')) {
+ $polyfill = __DIR__ . '/mixin/polyfill.php';
+ (require $polyfill)(E::LONG_NAME, E::SHORT_NAME, E::path());
+ }
+}
+
+/**
+ * (Delegated) Implements hook_civicrm_config().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_config
+ */
+function _standaloneusers_civix_civicrm_config(&$config = NULL) {
+ static $configured = FALSE;
+ if ($configured) {
+ return;
+ }
+ $configured = TRUE;
+
+ $template = CRM_Core_Smarty::singleton();
+
+ $extRoot = __DIR__ . DIRECTORY_SEPARATOR;
+ $extDir = $extRoot . 'templates';
+
+ if (is_array($template->template_dir)) {
+ array_unshift($template->template_dir, $extDir);
+ }
+ else {
+ $template->template_dir = [$extDir, $template->template_dir];
+ }
+
+ $include_path = $extRoot . PATH_SEPARATOR . get_include_path();
+ set_include_path($include_path);
+ _standaloneusers_civix_mixin_polyfill();
+}
+
+/**
+ * Implements hook_civicrm_install().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_install
+ */
+function _standaloneusers_civix_civicrm_install() {
+ _standaloneusers_civix_civicrm_config();
+ _standaloneusers_civix_mixin_polyfill();
+}
+
+/**
+ * (Delegated) Implements hook_civicrm_enable().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_enable
+ */
+function _standaloneusers_civix_civicrm_enable(): void {
+ _standaloneusers_civix_civicrm_config();
+ _standaloneusers_civix_mixin_polyfill();
+}
+
+/**
+ * Inserts a navigation menu item at a given place in the hierarchy.
+ *
+ * @param array $menu - menu hierarchy
+ * @param string $path - path to parent of this item, e.g. 'my_extension/submenu'
+ * 'Mailing', or 'Administer/System Settings'
+ * @param array $item - the item to insert (parent/child attributes will be
+ * filled for you)
+ *
+ * @return bool
+ */
+function _standaloneusers_civix_insert_navigation_menu(&$menu, $path, $item) {
+ // If we are done going down the path, insert menu
+ if (empty($path)) {
+ $menu[] = [
+ 'attributes' => array_merge([
+ 'label' => CRM_Utils_Array::value('name', $item),
+ 'active' => 1,
+ ], $item),
+ ];
+ return TRUE;
+ }
+ else {
+ // Find an recurse into the next level down
+ $found = FALSE;
+ $path = explode('/', $path);
+ $first = array_shift($path);
+ foreach ($menu as $key => &$entry) {
+ if ($entry['attributes']['name'] == $first) {
+ if (!isset($entry['child'])) {
+ $entry['child'] = [];
+ }
+ $found = _standaloneusers_civix_insert_navigation_menu($entry['child'], implode('/', $path), $item);
+ }
+ }
+ return $found;
+ }
+}
+
+/**
+ * (Delegated) Implements hook_civicrm_navigationMenu().
+ */
+function _standaloneusers_civix_navigationMenu(&$nodes) {
+ if (!is_callable(['CRM_Core_BAO_Navigation', 'fixNavigationMenu'])) {
+ _standaloneusers_civix_fixNavigationMenu($nodes);
+ }
+}
+
+/**
+ * Given a navigation menu, generate navIDs for any items which are
+ * missing them.
+ */
+function _standaloneusers_civix_fixNavigationMenu(&$nodes) {
+ $maxNavID = 1;
+ array_walk_recursive($nodes, function($item, $key) use (&$maxNavID) {
+ if ($key === 'navID') {
+ $maxNavID = max($maxNavID, $item);
+ }
+ });
+ _standaloneusers_civix_fixNavigationMenuItems($nodes, $maxNavID, NULL);
+}
+
+function _standaloneusers_civix_fixNavigationMenuItems(&$nodes, &$maxNavID, $parentID) {
+ $origKeys = array_keys($nodes);
+ foreach ($origKeys as $origKey) {
+ if (!isset($nodes[$origKey]['attributes']['parentID']) && $parentID !== NULL) {
+ $nodes[$origKey]['attributes']['parentID'] = $parentID;
+ }
+ // If no navID, then assign navID and fix key.
+ if (!isset($nodes[$origKey]['attributes']['navID'])) {
+ $newKey = ++$maxNavID;
+ $nodes[$origKey]['attributes']['navID'] = $newKey;
+ $nodes[$newKey] = $nodes[$origKey];
+ unset($nodes[$origKey]);
+ $origKey = $newKey;
+ }
+ if (isset($nodes[$origKey]['child']) && is_array($nodes[$origKey]['child'])) {
+ _standaloneusers_civix_fixNavigationMenuItems($nodes[$origKey]['child'], $maxNavID, $nodes[$origKey]['attributes']['navID']);
+ }
+ }
+}
+
+/**
+ * (Delegated) Implements hook_civicrm_entityTypes().
+ *
+ * Find any *.entityType.php files, merge their content, and return.
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
+ */
+function _standaloneusers_civix_civicrm_entityTypes(&$entityTypes) {
+ $entityTypes = array_merge($entityTypes, [
+ 'CRM_Standaloneusers_DAO_Role' => [
+ 'name' => 'Role',
+ 'class' => 'CRM_Standaloneusers_DAO_Role',
+ 'table' => 'civicrm_role',
+ ],
+ 'CRM_Standaloneusers_DAO_RolePermission' => [
+ 'name' => 'RolePermission',
+ 'class' => 'CRM_Standaloneusers_DAO_RolePermission',
+ 'table' => 'civicrm_role_permission',
+ ],
+ 'CRM_Standaloneusers_DAO_User' => [
+ 'name' => 'User',
+ 'class' => 'CRM_Standaloneusers_DAO_User',
+ 'table' => 'civicrm_user',
+ ],
+ 'CRM_Standaloneusers_DAO_UserRole' => [
+ 'name' => 'UserRole',
+ 'class' => 'CRM_Standaloneusers_DAO_UserRole',
+ 'table' => 'civicrm_user_role',
+ ],
+ ]);
+}
diff --git a/ext/standaloneusers/standaloneusers.php b/ext/standaloneusers/standaloneusers.php
new file mode 100644
index 0000000000..a43d6c24e7
--- /dev/null
+++ b/ext/standaloneusers/standaloneusers.php
@@ -0,0 +1,77 @@
+<?php
+
+require_once 'standaloneusers.civix.php';
+// phpcs:disable
+use CRM_Standaloneusers_ExtensionUtil as E;
+// phpcs:enable
+
+/**
+ * Implements hook_civicrm_config().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_config/
+ */
+function standaloneusers_civicrm_config(&$config) {
+ _standaloneusers_civix_civicrm_config($config);
+}
+
+/**
+ * Implements hook_civicrm_install().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_install
+ */
+function standaloneusers_civicrm_install() {
+ _standaloneusers_civix_civicrm_install();
+}
+
+/**
+ * Implements hook_civicrm_enable().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_enable
+ */
+function standaloneusers_civicrm_enable() {
+ _standaloneusers_civix_civicrm_enable();
+}
+
+/**
+ * Implements hook_civicrm_entityTypes().
+ *
+ * Declare entity types provided by this module.
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
+ */
+function standaloneusers_civicrm_entityTypes(&$entityTypes) {
+ _standaloneusers_civix_civicrm_entityTypes($entityTypes);
+}
+
+// --- Functions below this ship commented out. Uncomment as required. ---
+
+/**
+ * Implements hook_civicrm_preProcess().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_preProcess
+ */
+//function standaloneusers_civicrm_preProcess($formName, &$form) {
+//
+//}
+
+/**
+ * Implements hook_civicrm_navigationMenu().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_navigationMenu
+ */
+function standaloneusers_civicrm_navigationMenu(&$menu) {
+ _standalineusers_addUserMenus($menu);
+}
+
+function _standalineusers_addUserMenus(&$menu) {
+ _standaloneusers_civix_insert_navigation_menu($menu, 'Administer/Users and Permissions', [
+ 'label' => E::ts('Users'),
+ 'name' => 'admin_users',
+ 'url' => 'civicrm/search#/display/Users/Users',
+ 'permission' => 'access CiviCRM',
+ 'operator' => 'OR',
+ 'separator' => 0,
+ 'weight' => 0,
+ ]);
+ _standaloneusers_civix_navigationMenu($menu);
+}
diff --git a/ext/standaloneusers/templates/CRM/Standaloneusers/Page/Login.tpl b/ext/standaloneusers/templates/CRM/Standaloneusers/Page/Login.tpl
new file mode 100644
index 0000000000..c43aec04c1
--- /dev/null
+++ b/ext/standaloneusers/templates/CRM/Standaloneusers/Page/Login.tpl
@@ -0,0 +1,298 @@
+<style>
+{literal}
+/***Structure****
+ Variables (comment out your subtheme)
+ - Finsbury Park
+ - Jerry Seinfeld
+ - Shoreditch (soon)
+ - Aah (soon)
+ Resets
+ Base
+****************/
+
+/***************
+ Variables
+****************/
+
+/* Finsbury Park
+
+:root {
+ --roundness: 0.25rem;
+ --font-family: -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans, Ubuntu,Cantarell,"Helvetica Neue",Helvetica,Arial,sans-serif,"Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
+ --text-colour: #000;
+ --text-size: 0.9rem;
+ --error-colour: #aa0c0c;
+ --label-colour: #000;
+ --background-colour: #ededed;
+ --box-border: 1px #cdcdcd solid;
+ --box-padding: 2rem 1.75rem;
+ --box-shadow: none;
+ --box-roundness: 0.25rem;
+ --box-background: #fff;
+ --input-border: 1px solid #ccc;
+ --input-padding: 0.5rem;
+ --input-shadow: inset 0 1px 1px rgba(0,0,0,.075);
+ --button-border: 1px solid #bbb;
+ --button-shadow: 0 1px 2px rgba(0,0,0,0.05);
+ --button-padding: 5px 15px;
+ --button-text-colour: #3e3e3e;
+ --button-background: #f0f0f0;
+}
+
+/* Shoreditch
+
+:root {
+ --roundness: 2px;
+ --font-family: "Open Sans","Helvetica Neue",Helvetica,Arial,sans-serif;
+ --text-colour: #232429;
+ --text-size: 0.9rem;
+ --error-colour: #cf3458;
+ --label-colour: #464354;
+ --background-colour: #f3f6f7;
+ --box-border: 0 transparent solid;
+ --box-padding: 20px;
+ --box-shadow: 0 3px 18px 0 rgba(48,40,40,0.25);
+ --box-roundness: 2px;
+ --box-background: #fff;
+ --input-border: 1px solid #c2cfd8;
+ --input-padding: 5px 10px;
+ --input-shadow: inset 0 0 3px 0 rgba(0,0,0,0.2);
+ --button-border: 0 solid transparent;
+ --button-shadow: none;
+ --button-padding: 8px 28px;
+ --button-text-colour: #fff;
+ --button-background: #0071bd;
+}
+
+/* Aah */
+
+:root {
+ --roundness: 3px;
+ --font-family: Lato,Helvetica,Arial,sans-serif;
+ --text-colour: #222;
+ --text-size: 0.9rem;
+ --error-colour: #a00;
+ --label-colour: #464354;
+ --background-colour: rgb(242,242,237);
+ --box-border: 0 transparent solid;
+ --box-padding: 1.6rem;
+ --box-shadow: none;
+ --box-roundness: 0;
+ --box-background: #fff;
+ --input-border: 1px solid rgba(0,0,0,.2);
+ --input-padding: 5px 10px;
+ --input-shadow: inset 0 0 3px 0 rgba(0,0,0,0.2);
+ --button-border: 0 solid transparent;
+ --button-shadow: 0 0 6px rgba(0,0,0,.2);
+ --button-padding: .4rem 1.6rem;
+ --button-text-colour: #fff;
+ --button-background: #2c98ed;
+}
+
+/* Ffresh
+
+:root {
+ --roundness: 2rem;
+ --font-family: Lato,Helvetica,Arial,sans-serif;
+ --text-colour: #222;
+ --text-size: 1rem;
+ --error-colour: #a00;
+ --label-colour: #464354;
+ --background-colour: #2c98ed;
+ --box-border: 0 transparent solid;
+ --box-padding: 1.6rem;
+ --box-shadow: 0 0 10px 0 rgba(0,0,0,0.2);
+ --box-roundness: 1.75rem;
+ --box-background: #fff;
+ --input-border: 2px solid #2c98ed;
+ --input-padding: 0.75rem;
+ --input-shadow: none;
+ --button-border: 0 solid transparent;
+ --button-shadow: none;
+ --button-padding: 0.75rem 2rem;
+ --button-text-colour: #fff;
+ --button-background: #2c98ed;
+}
+
+/***************
+ Base
+****************/
+
+body {
+ background-color: var(--background-colour);
+ font-family: var(--font-family);
+ color: var(--text-colour);
+ font-size: var(--text-size);
+}
+#crm-container.standalone-entry * {
+ box-sizing: border-box;
+}
+a {
+ text-decoration: none;
+ font-size: 90%;
+}
+a:hover, a:focus {
+ text-decoration: underline;
+}
+.flex {
+ display: flex;
+ justify-content: space-between;
+ align-items: center;
+}
+
+/***************
+ UI Elements
+****************/
+
+#crm-container.standalone-entry .mid-block {
+ margin: 0;
+ background-color: var(--box-background);
+ border: var(--box-border);
+ border-radius: var(--box-roundness);
+ padding: var(--box-padding);
+ box-shadow: var(--box-shadow);
+}
+#crm-container.standalone-entry img {
+ width: 100%;
+ max-width: 400px;
+ margin-bottom: 2rem;
+}
+#crm-container.standalone-entry label {
+ display: inline-block;
+ max-width: 100%;
+ margin-bottom: 5px;
+ font-weight: 700;
+ color: var(--label-colour);
+}
+#crm-container.standalone-entry input {
+ display: block;
+ width: 100%;
+ color: #555;
+ background-color: #fff;
+ background-image: none;
+ margin-bottom: 0.75rem;
+ padding: var(--input-padding);
+ font-size: var(--text-size);
+ border-radius: var(--roundness);
+ border: var(--input-border);
+ box-shadow: var(--input-shadow);
+}
+#crm-container.standalone-entry input:focus,
+#crm-container.standalone-entry input:focus-visible {
+ border: 1px solid #66afe9;
+}
+#crm-container.standalone-entry .btn {
+ display: inline-block;
+ margin-bottom: 0;
+ text-align: center;
+ vertical-align: middle;
+ touch-action: manipulation;
+ cursor: pointer;
+ background-image: none;
+ font-size: var(--text-size);
+ background-color: var(--button-background);
+ color: var(--button-text-colour);
+ border: var(--button-border);
+ padding: var(--button-padding);
+ border-radius: var(--roundness);
+ font-family: var(--font-family);
+ box-shadow: var(--button-shadow);
+}
+#crm-container.standalone-entry .btn:hover,
+#crm-container.standalone-entry .btn:focus {
+ filter: brightness(80%);
+}
+#crm-container.standalone-entry .float-right {
+ float: right;
+ font-size: 90%;
+ margin-top: 0.2rem;
+}
+#crm-container.standalone-entry .form-alert {
+ color: var(--error-colour);
+ margin: 1rem 0;
+}
+@media (min-width: 768px) {
+ #crm-container.standalone-entry {
+ width: 60vw;
+ margin: 20vh auto 0;
+ }
+}
+@media (min-width: 960px) {
+ #crm-container.standalone-entry {
+ width: 30vw;
+ }
+}
+{/literal}
+</style>
+
+<div id="crm-container" class="crm-container standalone-entry">
+ <div class="mid-block">
+ <img src="{$logoUrl}" alt="logo for CiviCRM, with an intersecting blue and green triangle">
+ <form>
+ <div>
+ <label for="exampleInputEmail1" class="form-label">Username</label>
+ <input type="email" class="form-control" id="usernameInput" aria-describedby="emailHelp">
+ </div>
+ <div>
+ <label for="exampleInputPassword1" class="form-label">Password</label>
+ <input type="password" class="form-control" id="passwordInput">
+ </div>
+ <div id="error" style="display:none;" class="form-alert">Your username and password do not match</div>
+ <div class="flex"><button id="loginSubmit" type="submit" class="btn btn-secondary crm-button">Submit</button><a href="request.html">Forgotten password?</a></div>
+ </form>
+ </div>
+</div>
+{literal}
+<script>
+document.addEventListener('DOMContentLoaded', () => {
+ const submitBtn = document.getElementById('loginSubmit'),
+ username = document.getElementById('usernameInput'),
+ password = document.getElementById('passwordInput');
+
+ submitBtn.addEventListener('click', e => {
+ e.preventDefault();
+
+ fetch(CRM.url("civicrm/authx/login"), {
+ method: 'POST',
+ headers: {
+ 'Content-Type': 'application/x-www-form-urlencoded'
+ },
+ //body: '_authx=Basic ' + btoa(encodeURIComponent(`${username.value}:${password.value}`))
+ body: '_authx=Basic ' + encodeURIComponent(btoa(`${username.value}:${password.value}`))
+ })
+ .then(response => response.json()) // <<<---note this
+ .then(data => {
+ console.log(data);
+ window.location = '/civicrm/';
+ });
+ });
+});
+
+/* (function($) { */
+/* var request = new XMLHttpRequest(); */
+/* request.open("POST", ); */
+/* request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); */
+/* request.responseType = "json"; */
+/* request.onreadystatechange = function() { */
+/* console.log(request.response); */
+/* if (request.readyState == 4) { */
+/* if (request.status == 200) { */
+/* if (request.response.user_id > 0) { */
+/* window.location.href = "/civicrm?reset=1"; */
+/* } else { */
+/* // probably won't ever be here? */
+/* alert("Success but fail because ???"); */
+/* console.log(request.response); */
+/* } */
+/* } else { */
+/* // todo - send errors back to the form via whatever forms framework we'll be using */
+/* alert("Fail with status code " + request.status + " " + request.statusText); */
+/* console.log(request.response); */
+/* } */
+/* } */
+/* }; */
+/* var data = '_authx=Basic ' + btoa(encodeURIComponent($('#username').val()) + ':' + $('#password').val()); */
+/* request.send(data); */
+/* }); */
+</script>
+{/literal}
diff --git a/ext/standaloneusers/tests/phpunit/Civi/Standalone/SecurityTest.php b/ext/standaloneusers/tests/phpunit/Civi/Standalone/SecurityTest.php
new file mode 100644
index 0000000000..1ea18cc997
--- /dev/null
+++ b/ext/standaloneusers/tests/phpunit/Civi/Standalone/SecurityTest.php
@@ -0,0 +1,151 @@
+<?php
+namespace Civi\Standalone;
+
+use CRM_Standaloneusers_ExtensionUtil as E;
+use Civi\Test\CiviEnvBuilder;
+use Civi\Test\HeadlessInterface;
+use Civi\Core\HookInterface;
+use Civi\Test\TransactionalInterface;
+use Civi\Standalone\Security;
+
+/**
+ * FIXME - Add test description.
+ *
+ * Tips:
+ * - With HookInterface, you may implement CiviCRM hooks directly in the test class.
+ * Simply create corresponding functions (e.g. "hook_civicrm_post(...)" or similar).
+ * - With TransactionalInterface, any data changes made by setUp() or test****() functions will
+ * rollback automatically -- as long as you don't manipulate schema or truncate tables.
+ * If this test needs to manipulate schema or truncate tables, then either:
+ * a. Do all that using setupHeadless() and Civi\Test.
+ * b. Disable TransactionalInterface, and handle all setup/teardown yourself.
+ *
+ * @group headless
+ */
+class SecurityTest extends \PHPUnit\Framework\TestCase implements HeadlessInterface, HookInterface, TransactionalInterface {
+
+ protected $originalUF;
+ protected $originalUFPermission;
+ protected $contactID;
+ protected $userID;
+ /**
+ * Setup used when HeadlessInterface is implemented.
+ *
+ * Civi\Test has many helpers, like install(), uninstall(), sql(), and sqlFile().
+ *
+ * @link https://github.com/civicrm/org.civicrm.testapalooza/blob/master/civi-test.md
+ *
+ * @return \Civi\Test\CiviEnvBuilder
+ *
+ * @throws \CRM_Extension_Exception_ParseException
+ */
+ public function setUpHeadless(): CiviEnvBuilder {
+ return \Civi\Test::headless()
+ ->install(['authx','org.civicrm.search_kit', 'org.civicrm.afform', 'standaloneusers'])
+ // ->installMe(__DIR__) This causes failure, so we do â
+ ->apply(FALSE);
+ }
+
+ public function setUp():void {
+ parent::setUp();
+ }
+
+ public function tearDown():void {
+ $this->switchBackFromOurUFClasses(TRUE);
+ parent::tearDown();
+ }
+
+ public function testCreateUser():void {
+ list($contactID, $userID, $security) = $this->createFixtureContactAndUser();
+
+ $user = \Civi\Api4\User::get(FALSE)
+ ->addSelect('*', 'uf_match.*')
+ ->addWhere('id', '=', $userID)
+ ->addJoin('UFMatch AS uf_match', 'INNER', ['uf_match.uf_id', '=', 'id'])
+ ->execute()->single();
+
+ $this->assertEquals('user_one', $user['username']);
+ $this->assertEquals('user_one@example.org', $user['email']);
+ $this->assertStringStartsWith('$', $user['password']);
+
+ $this->assertTrue($security->checkPassword('secret1', $user['password']));
+ $this->assertFalse($security->checkPassword('some other password', $user['password']));
+ }
+
+ public function testPerms() {
+ list($contactID, $userID, $security) = $this->createFixtureContactAndUser();
+ // Create role,
+ $roleID = \Civi\Api4\Role::create(FALSE)
+ ->setValues([ 'name' => 'staff' ]) ->execute()->first()['id'];
+ $this->assertGreaterThan(0, $roleID);
+
+ // Assign role to user
+ \Civi\Api4\UserRole::create(FALSE)
+ ->setValues(['user_id' => $userID, 'role_id' => $roleID])->execute();
+
+ // Assign some permissions to the role.
+ \Civi\Api4\RolePermission::save(FALSE)
+ ->setDefaults(['role_id' => $roleID])
+ ->setRecords([
+ // Master control for access to the main CiviCRM backend and API. Give to trusted roles only.
+ ['permission' => 'access CiviCRM'],
+ // Perform all tasks in the Administer CiviCRM control panel and Import Contacts
+ // ['permission' => 'administer CiviCRM'],
+ ['permission' => 'view all contacts'],
+ ['permission' => 'add contacts'],
+ ['permission' => 'edit all contacts'],
+ ])
+ ->execute();
+
+ $this->switchToOurUFClasses();
+ foreach (['access CiviCRM', 'view all contacts', 'add contacts', 'edit all contacts'] as $allowed) {
+ $this->assertTrue(\CRM_Core_Permission::check([$allowed], $contactID), "Should have '$allowed' permission but don't");
+ }
+ foreach (['administer CiviCRM', 'access uploaded files'] as $notAllowed) {
+ $this->assertFalse(\CRM_Core_Permission::check([$notAllowed], $contactID), "Should NOT have '$allowed' permission but do");
+ }
+ $this->switchBackFromOurUFClasses();
+ }
+
+ protected function switchToOurUFClasses() {
+ if (!empty($this->originalUFPermission)) {
+ throw new \RuntimeException("are you calling switchToOurUFClasses twice?");
+ }
+ $this->originalUFPermission = \CRM_Core_Config::singleton()->userPermissionClass;
+ $this->originalUF = \CRM_Core_Config::singleton()->userSystem;
+ \CRM_Core_Config::singleton()->userPermissionClass = new \CRM_Core_Permission_Standalone();
+ \CRM_Core_Config::singleton()->userSystem = new \CRM_Utils_System_Standalone();
+ }
+
+ protected function switchBackFromOurUFClasses($justInCase = FALSE) {
+ if (!$justInCase && empty($this->originalUFPermission)) {
+ throw new \RuntimeException("are you calling switchBackFromOurUFClasses() twice?");
+ }
+ \CRM_Core_Config::singleton()->userPermissionClass = $this->originalUFPermission;
+ \CRM_Core_Config::singleton()->userSystem = $this->originalUF;
+ $this->originalUFPermission = $this->originalUF = NULL;
+ }
+
+ public function createFixtureContactAndUser(): array {
+
+ $contactID = \Civi\Api4\Contact::create(FALSE)
+ ->setValues([
+ 'contact_type' => 'Individual',
+ 'display_name' => 'Admin McDemo',
+ ])->execute()->first()['id'];
+
+ $security = Security::singleton();
+ $params = ['cms_name' => 'user_one', 'cms_pass' => 'secret1', 'notify' => FALSE, 'contactID' => $contactID, 'user_one@example.org' => 'user_one@example.org'];
+
+ $this->switchToOurUFClasses();
+ $userID = \CRM_Core_BAO_CMSUser::create($params, 'user_one@example.org');
+ $this->switchBackFromOurUFClasses();
+
+ $this->assertGreaterThan(0, $userID);
+ $this->contactID = $contactID;
+ $this->userID = $userID;
+ return [$contactID, $userID, $security];
+ }
+
+
+}
diff --git a/ext/standaloneusers/tests/phpunit/bootstrap.php b/ext/standaloneusers/tests/phpunit/bootstrap.php
new file mode 100644
index 0000000000..eaa8379442
--- /dev/null
+++ b/ext/standaloneusers/tests/phpunit/bootstrap.php
@@ -0,0 +1,65 @@
+<?php
+
+ini_set('memory_limit', '2G');
+
+// phpcs:disable
+eval(cv('php:boot --level=classloader', 'phpcode'));
+// phpcs:enable
+// Allow autoloading of PHPUnit helper classes in this extension.
+$loader = new \Composer\Autoload\ClassLoader();
+$loader->add('CRM_', [__DIR__ . '/../..', __DIR__]);
+$loader->addPsr4('Civi\\', [__DIR__ . '/../../Civi', __DIR__ . '/Civi']);
+$loader->add('api_', [__DIR__ . '/../..', __DIR__]);
+$loader->addPsr4('api\\', [__DIR__ . '/../../api', __DIR__ . '/api']);
+
+$loader->register();
+
+/**
+ * Call the "cv" command.
+ *
+ * @param string $cmd
+ * The rest of the command to send.
+ * @param string $decode
+ * Ex: 'json' or 'phpcode'.
+ * @return mixed
+ * Response output (if the command executed normally).
+ * For 'raw' or 'phpcode', this will be a string. For 'json', it could be any JSON value.
+ * @throws \RuntimeException
+ * If the command terminates abnormally.
+ */
+function cv(string $cmd, string $decode = 'json') {
+ $cmd = 'cv ' . $cmd;
+ $descriptorSpec = [0 => ['pipe', 'r'], 1 => ['pipe', 'w'], 2 => STDERR];
+ $oldOutput = getenv('CV_OUTPUT');
+ putenv('CV_OUTPUT=json');
+
+ // Execute `cv` in the original folder. This is a work-around for
+ // phpunit/codeception, which seem to manipulate PWD.
+ $cmd = sprintf('cd %s; %s', escapeshellarg(getenv('PWD')), $cmd);
+
+ $process = proc_open($cmd, $descriptorSpec, $pipes, __DIR__);
+ putenv("CV_OUTPUT=$oldOutput");
+ fclose($pipes[0]);
+ $result = stream_get_contents($pipes[1]);
+ fclose($pipes[1]);
+ if (proc_close($process) !== 0) {
+ throw new RuntimeException("Command failed ($cmd):\n$result");
+ }
+ switch ($decode) {
+ case 'raw':
+ return $result;
+
+ case 'phpcode':
+ // If the last output is /*PHPCODE*/, then we managed to complete execution.
+ if (substr(trim($result), 0, 12) !== '/*BEGINPHP*/' || substr(trim($result), -10) !== '/*ENDPHP*/') {
+ throw new \RuntimeException("Command failed ($cmd):\n$result");
+ }
+ return $result;
+
+ case 'json':
+ return json_decode($result, 1);
+
+ default:
+ throw new RuntimeException("Bad decoder format ($decode)");
+ }
+}
diff --git a/ext/standaloneusers/xml/Menu/standaloneusers.xml b/ext/standaloneusers/xml/Menu/standaloneusers.xml
new file mode 100644
index 0000000000..db747f15cb
--- /dev/null
+++ b/ext/standaloneusers/xml/Menu/standaloneusers.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<menu>
+ <item>
+ <path>civicrm/login</path>
+ <page_callback>CRM_Standaloneusers_Page_Login</page_callback>
+ <title>Login</title>
+ <access_arguments>*always allow*</access_arguments>
+ </item>
+</menu>
diff --git a/ext/standaloneusers/xml/schema/CRM/Standaloneusers/Role.entityType.php b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/Role.entityType.php
new file mode 100644
index 0000000000..881922985e
--- /dev/null
+++ b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/Role.entityType.php
@@ -0,0 +1,10 @@
+<?php
+// This file declares a new entity type. For more details, see "hook_civicrm_entityTypes" at:
+// https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
+return [
+ [
+ 'name' => 'Role',
+ 'class' => 'CRM_Standaloneusers_DAO_Role',
+ 'table' => 'civicrm_role',
+ ],
+];
diff --git a/ext/standaloneusers/xml/schema/CRM/Standaloneusers/Role.xml b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/Role.xml
new file mode 100644
index 0000000000..4e3c532799
--- /dev/null
+++ b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/Role.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="iso-8859-1" ?>
+
+<table>
+ <base>CRM/Standaloneusers</base>
+ <class>Role</class>
+ <name>civicrm_role</name>
+ <comment>Permissions are assigned to roles which are assigned to users</comment>
+ <log>true</log>
+ <searchField>name</searchField>
+
+ <field>
+ <name>id</name>
+ <type>int unsigned</type>
+ <required>true</required>
+ <comment>Unique Role ID</comment>
+ <html>
+ <type>Number</type>
+ </html>
+ </field>
+ <primaryKey>
+ <name>id</name>
+ <autoincrement>true</autoincrement>
+ </primaryKey>
+
+ <field>
+ <name>name</name>
+ <type>varchar</type>
+ <required>true</required>
+ <length>64</length>
+ </field>
+ <index>
+ <name>UI_name</name>
+ <unique>true</unique>
+ <fieldName>name</fieldName>
+ </index>
+
+</table>
diff --git a/ext/standaloneusers/xml/schema/CRM/Standaloneusers/RolePermission.entityType.php b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/RolePermission.entityType.php
new file mode 100644
index 0000000000..922e73b92d
--- /dev/null
+++ b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/RolePermission.entityType.php
@@ -0,0 +1,10 @@
+<?php
+// This file declares a new entity type. For more details, see "hook_civicrm_entityTypes" at:
+// https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
+return [
+ [
+ 'name' => 'RolePermission',
+ 'class' => 'CRM_Standaloneusers_DAO_RolePermission',
+ 'table' => 'civicrm_role_permission',
+ ],
+];
diff --git a/ext/standaloneusers/xml/schema/CRM/Standaloneusers/RolePermission.xml b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/RolePermission.xml
new file mode 100644
index 0000000000..3a95370f02
--- /dev/null
+++ b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/RolePermission.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="iso-8859-1" ?>
+
+<table>
+ <base>CRM/Standaloneusers</base>
+ <class>RolePermission</class>
+ <name>civicrm_role_permission</name>
+ <comment>Assigns permissions to roles</comment>
+ <log>true</log>
+
+ <field>
+ <name>id</name>
+ <type>int unsigned</type>
+ <required>true</required>
+ <comment>Unique RolePermission ID</comment>
+ <html>
+ <type>Number</type>
+ </html>
+ </field>
+ <primaryKey>
+ <name>id</name>
+ <autoincrement>true</autoincrement>
+ </primaryKey>
+
+ <field>
+ <name>role_id</name>
+ <type>int unsigned</type>
+ <comment>FK to Role</comment>
+ </field>
+ <foreignKey>
+ <name>role_id</name>
+ <table>civicrm_role</table>
+ <key>id</key>
+ <onDelete>CASCADE</onDelete>
+ </foreignKey>
+
+ <field>
+ <name>permission</name>
+ <type>varchar</type>
+ <length>60</length>
+ <required>true</required>
+ <comment>A single permission granted to this role</comment>
+ </field>
+
+</table>
diff --git a/ext/standaloneusers/xml/schema/CRM/Standaloneusers/User.entityType.php b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/User.entityType.php
new file mode 100644
index 0000000000..5ef16e5b9d
--- /dev/null
+++ b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/User.entityType.php
@@ -0,0 +1,10 @@
+<?php
+// This file declares a new entity type. For more details, see "hook_civicrm_entityTypes" at:
+// https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
+return [
+ [
+ 'name' => 'User',
+ 'class' => 'CRM_Standaloneusers_DAO_User',
+ 'table' => 'civicrm_user',
+ ],
+];
diff --git a/ext/standaloneusers/xml/schema/CRM/Standaloneusers/User.xml b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/User.xml
new file mode 100644
index 0000000000..44eaee7bd9
--- /dev/null
+++ b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/User.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="iso-8859-1" ?>
+
+<table>
+ <base>CRM/Standaloneusers</base>
+ <class>User</class>
+ <name>civicrm_user</name>
+ <comment>A standalone user account</comment>
+ <labelField>username</labelField>
+ <searchField>username</searchField>
+ <descriptionField>email</descriptionField>
+ <log>true</log>
+
+ <field>
+ <name>id</name>
+ <type>int unsigned</type>
+ <required>true</required>
+ <comment>Unique User ID</comment>
+ <html>
+ <type>Number</type>
+ </html>
+ </field>
+ <primaryKey>
+ <name>id</name>
+ <autoincrement>true</autoincrement>
+ </primaryKey>
+
+ <field>
+ <name>contact_id</name>
+ <type>int unsigned</type>
+ <comment>FK to Contact - possibly redundant</comment>
+ </field>
+ <foreignKey>
+ <name>contact_id</name>
+ <table>civicrm_contact</table>
+ <key>id</key>
+ <onDelete>CASCADE</onDelete>
+ </foreignKey>
+
+ <field>
+ <name>username</name>
+ <required>true</required>
+ <type>varchar</type>
+ <length>60</length>
+ </field>
+ <index>
+ <name>UI_username</name>
+ <fieldName>username</fieldName>
+ <unique>true</unique>
+ </index>
+
+ <field>
+ <name>password</name>
+ <type>varchar</type>
+ <required>true</required>
+ <length>128</length>
+ <comment>Hashed password</comment>
+ </field>
+
+ <field>
+ <name>email</name>
+ <type>varchar</type>
+ <required>true</required>
+ <length>255</length>
+ <comment>Email (e.g. for password resets)</comment>
+ </field>
+
+ <field>
+ <name>when_created</name>
+ <type>timestamp</type>
+ <default>CURRENT_TIMESTAMP</default>
+ </field>
+
+ <field>
+ <name>when_last_accessed</name>
+ <type>timestamp</type>
+ <required>false</required>
+ </field>
+
+ <field>
+ <name>when_updated</name>
+ <type>timestamp</type>
+ <required>false</required>
+ </field>
+
+ <field>
+ <name>is_active</name>
+ <type>boolean</type>
+ <default>1</default>
+ <required>true</required>
+ </field>
+
+ <field>
+ <name>timezone</name>
+ <type>varchar</type>
+ <length>32</length>
+ <required>false</required>
+ <comment>User's timezone</comment>
+ </field>
+
+ <field>
+ <name>language</name>
+ <type>int unsigned</type>
+ <title>Language</title>
+ <pseudoconstant>
+ <optionGroupName>languages</optionGroupName>
+ </pseudoconstant>
+ <html>
+ <type>Select</type>
+ </html>
+ <comment>The language for the user.</comment>
+ </field>
+
+</table>
diff --git a/ext/standaloneusers/xml/schema/CRM/Standaloneusers/UserRole.entityType.php b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/UserRole.entityType.php
new file mode 100644
index 0000000000..3ef64043b2
--- /dev/null
+++ b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/UserRole.entityType.php
@@ -0,0 +1,10 @@
+<?php
+// This file declares a new entity type. For more details, see "hook_civicrm_entityTypes" at:
+// https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_entityTypes
+return [
+ [
+ 'name' => 'UserRole',
+ 'class' => 'CRM_Standaloneusers_DAO_UserRole',
+ 'table' => 'civicrm_user_role',
+ ],
+];
diff --git a/ext/standaloneusers/xml/schema/CRM/Standaloneusers/UserRole.xml b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/UserRole.xml
new file mode 100644
index 0000000000..0ebb663db8
--- /dev/null
+++ b/ext/standaloneusers/xml/schema/CRM/Standaloneusers/UserRole.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="iso-8859-1" ?>
+
+<table>
+ <base>CRM/Standaloneusers</base>
+ <class>UserRole</class>
+ <name>civicrm_user_role</name>
+ <comment>Assigns Roles to Users</comment>
+ <log>true</log>
+
+ <field>
+ <name>id</name>
+ <type>int unsigned</type>
+ <required>true</required>
+ <comment>Unique UserRole ID</comment>
+ <html>
+ <type>Number</type>
+ </html>
+ </field>
+ <primaryKey>
+ <name>id</name>
+ <autoincrement>true</autoincrement>
+ </primaryKey>
+
+ <field>
+ <name>user_id</name>
+ <type>int unsigned</type>
+ <comment>FK to User</comment>
+ </field>
+ <foreignKey>
+ <name>user_id</name>
+ <table>civicrm_user</table>
+ <key>id</key>
+ <onDelete>CASCADE</onDelete>
+ </foreignKey>
+
+ <field>
+ <name>role_id</name>
+ <type>int unsigned</type>
+ <comment>FK to role</comment>
+ </field>
+ <foreignKey>
+ <name>role_id</name>
+ <table>civicrm_role</table>
+ <key>id</key>
+ <onDelete>CASCADE</onDelete>
+ </foreignKey>
+
+ <index>
+ <name>index_user_role</name>
+ <fieldName>user_id</fieldName>
+ <fieldName>role_id</fieldName>
+ </index>
+
+</table>
--
2.25.1