Commit 6a488035 authored by totten's avatar totten
Browse files

Import from SVN (r45945, r596)

parent 39330a6d
<?php
// $Id$
/*
+--------------------------------------------------------------------+
| CiviCRM version 4.3 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2013 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| CiviCRM is free software; you can copy, modify, and distribute it |
| under the terms of the GNU Affero General Public License |
| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
| |
| CiviCRM is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| See the GNU Affero General Public License for more details. |
| |
| You should have received a copy of the GNU Affero General Public |
| License and the CiviCRM Licensing Exception along |
| with this program; if not, contact CiviCRM LLC |
| at info[AT]civicrm[DOT]org. If you have questions about the |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
*/
/**
*
* @package CRM
* @copyright CiviCRM LLC (c) 2004-2013
* $Id$
*
*/
class CRM_ACL_API {
/**
* The various type of permissions
*
* @var int
*/
CONST EDIT = 1;
CONST VIEW = 2;
CONST DELETE = 3;
CONST CREATE = 4;
CONST SEARCH = 5;
CONST ALL = 6;
/**
* given a permission string, check for access requirements
*
* @param string $str the permission to check
* @param int $contactID the contactID for whom the check is made
*
* @return boolean true if yes, else false
* @static
* @access public
*/
static function check($str, $contactID = NULL) {
if ($contactID == NULL) {
$session = CRM_Core_Session::singleton();
$contactID = $session->get('userID');
}
if (!$contactID) {
// anonymous user
$contactID = 0;
}
return CRM_ACL_BAO_ACL::check($str, $contactID);
}
/**
* Get the permissioned where clause for the user
*
* @param int $type the type of permission needed
* @param array $tables (reference ) add the tables that are needed for the select clause
* @param array $whereTables (reference ) add the tables that are needed for the where clause
* @param int $contactID the contactID for whom the check is made
* @param bool $onlyDeleted whether to include only deleted contacts
* @param bool $skipDeleteClause don't add delete clause if this is true,
* this means it is handled by generating query
*
* @return string the group where clause for this user
* @access public
*/
public static function whereClause($type,
&$tables,
&$whereTables,
$contactID = NULL,
$onlyDeleted = FALSE,
$skipDeleteClause = FALSE
) {
// the default value which is valid for rhe final AND
$deleteClause = ' ( 1 ) ';
if (!$skipDeleteClause) {
if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) {
$deleteClause = '(contact_a.is_deleted)';
}
else {
// CRM-6181
$deleteClause = '(contact_a.is_deleted = 0)';
}
}
// first see if the contact has edit / view all contacts
if (CRM_Core_Permission::check('edit all contacts') ||
($type == self::VIEW &&
CRM_Core_Permission::check('view all contacts')
)
) {
return $skipDeleteClause ? ' ( 1 ) ' : $deleteClause;
}
if ($contactID == NULL) {
$session = CRM_Core_Session::singleton();
$contactID = $session->get('userID');
}
if (!$contactID) {
// anonymous user
$contactID = 0;
}
return implode(' AND ',
array(
CRM_ACL_BAO_ACL::whereClause($type,
$tables,
$whereTables,
$contactID
),
$deleteClause,
)
);
}
/**
* get all the groups the user has access to for the given operation
*
* @param int $type the type of permission needed
* @param int $contactID the contactID for whom the check is made
*
* @return array the ids of the groups for which the user has permissions
* @access public
*/
public static function group(
$type,
$contactID = NULL,
$tableName = 'civicrm_saved_search',
$allGroups = NULL,
$includedGroups = NULL
) {
if ($contactID == NULL) {
$session = CRM_Core_Session::singleton();
$contactID = $session->get('userID');
}
if (!$contactID) {
// anonymous user
$contactID = 0;
}
return CRM_ACL_BAO_ACL::group($type, $contactID, $tableName, $allGroups, $includedGroups);
}
/**
* check if the user has access to this group for operation $type
*
* @param int $type the type of permission needed
* @param int $contactID the contactID for whom the check is made
*
* @return array the ids of the groups for which the user has permissions
* @access public
*/
public static function groupPermission(
$type,
$groupID,
$contactID = NULL,
$tableName = 'civicrm_saved_search',
$allGroups = NULL,
$includedGroups = NULL
) {
static $cache = array();
if (!$contactID) {
$session = CRM_Core_Session::singleton();
$contactID = NULL;
if ($session->get('userID')) {
$contactID = $session->get('userID');
}
}
$key = "{$tableName}_{$type}_{$contactID}";
if (array_key_exists($key, $cache)) {
$groups = &$cache[$key];
}
else {
$groups = self::group($type, $contactID, $tableName, $allGroups, $includedGroups);
$cache[$key] = $groups;
}
return in_array($groupID, $groups) ? TRUE : FALSE;
}
}
This diff is collapsed.
<?php
// $Id$
/*
+--------------------------------------------------------------------+
| CiviCRM version 4.3 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2013 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| CiviCRM is free software; you can copy, modify, and distribute it |
| under the terms of the GNU Affero General Public License |
| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
| |
| CiviCRM is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| See the GNU Affero General Public License for more details. |
| |
| You should have received a copy of the GNU Affero General Public |
| License and the CiviCRM Licensing Exception along |
| with this program; if not, contact CiviCRM LLC |
| at info[AT]civicrm[DOT]org. If you have questions about the |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
*/
/**
*
* @package CRM
* @copyright CiviCRM LLC (c) 2004-2013
* $Id$
*
*/
/**
* Access Control Cache
*/
class CRM_ACL_BAO_Cache extends CRM_ACL_DAO_Cache {
static $_cache = NULL;
static function &build($id) {
if (!self::$_cache) {
self::$_cache = array();
}
if (array_key_exists($id, self::$_cache)) {
return self::$_cache[$id];
}
// check if this entry exists in db
// if so retrieve and return
self::$_cache[$id] = self::retrieve($id);
if (self::$_cache[$id]) {
return self::$_cache[$id];
}
self::$_cache[$id] = CRM_ACL_BAO_ACL::getAllByContact($id);
self::store($id, self::$_cache[$id]);
return self::$_cache[$id];
}
static function retrieve($id) {
$query = "
SELECT acl_id
FROM civicrm_acl_cache
WHERE contact_id = %1
";
$params = array(1 => array($id, 'Integer'));
if ($id == 0) {
$query .= " OR contact_id IS NULL";
}
$dao = CRM_Core_DAO::executeQuery($query, $params);
$cache = array();
while ($dao->fetch()) {
$cache[$dao->acl_id] = 1;
}
return $cache;
}
static function store($id, &$cache) {
foreach ($cache as $aclID => $data) {
$dao = new CRM_ACL_DAO_Cache();
if ($id) {
$dao->contact_id = $id;
}
$dao->acl_id = $aclID;
$cache[$aclID] = 1;
$dao->save();
}
}
static function deleteEntry($id) {
if (self::$_cache &&
array_key_exists($id, self::$_cache)
) {
unset(self::$_cache[$id]);
}
$query = "
DELETE FROM civicrm_acl_cache
WHERE contact_id = %1
";
$params = array(1 => array($id, 'Integer'));
$dao = CRM_Core_DAO::executeQuery($query, $params);
}
static function updateEntry($id) {
// rebuilds civicrm_acl_cache
self::deleteEntry($id);
self::build($id);
// rebuilds civicrm_acl_contact_cache
CRM_Contact_BAO_Contact_Permission::cache($id, CRM_Core_Permission::VIEW, TRUE);
}
// deletes all the cache entries
static function resetCache() {
// reset any static caching
self::$_cache = NULL;
// reset any db caching
$config = CRM_Core_Config::singleton();
$smartGroupCacheTimeout = CRM_Contact_BAO_GroupContactCache::smartGroupCacheTimeout();
//make sure to give original timezone settings again.
$now = CRM_Utils_Date::getUTCTime();
$query = "
DELETE
FROM civicrm_acl_cache
WHERE modified_date IS NULL
OR (TIMESTAMPDIFF(MINUTE, modified_date, $now) >= $smartGroupCacheTimeout)
";
CRM_Core_DAO::singleValueQuery($query);
CRM_Core_DAO::singleValueQuery("TRUNCATE TABLE civicrm_acl_contact_cache");
}
}
<?php
// $Id$
/*
+--------------------------------------------------------------------+
| CiviCRM version 4.3 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2013 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| CiviCRM is free software; you can copy, modify, and distribute it |
| under the terms of the GNU Affero General Public License |
| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
| |
| CiviCRM is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| See the GNU Affero General Public License for more details. |
| |
| You should have received a copy of the GNU Affero General Public |
| License and the CiviCRM Licensing Exception along |
| with this program; if not, contact CiviCRM LLC |
| at info[AT]civicrm[DOT]org. If you have questions about the |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
*/
/**
*
* @package CRM
* @copyright CiviCRM LLC (c) 2004-2013
* $Id$
*
*/
/**
* Access Control EntityRole
*/
class CRM_ACL_BAO_EntityRole extends CRM_ACL_DAO_EntityRole {
static $_entityTable = NULL;
static function entityTable() {
if (!self::$_entityTable) {
self::$_entityTable = array(
'civicrm_contact' => ts('Contact'),
'civicrm_group' => ts('Group'),
);
}
return self::$_entityTable;
}
static function create(&$params) {
$dao = new CRM_ACL_DAO_EntityRole();
$dao->copyValues($params);
$dao->save();
}
static function retrieve(&$params, &$defaults) {
CRM_Core_DAO::commonRetrieve('CRM_ACL_DAO_EntityRole', $params, $defaults);
}
/**
* update the is_active flag in the db
*
* @param int $id id of the database record
* @param boolean $is_active value we want to set the is_active field
*
* @return Object DAO object on sucess, null otherwise
* @static
*/
static function setIsActive($id, $is_active) {
return CRM_Core_DAO::setFieldValue('CRM_ACL_DAO_EntityRole', $id, 'is_active', $is_active);
}
/**
* Function to delete Entity Role records
*
* @param int $entityRoleId ID of the EntityRole record to be deleted.
*
* @access public
* @static
*/
static function del($entityRoleId) {
$entityDAO = new CRM_ACL_DAO_EntityRole();
$entityDAO->id = $entityRoleId;
$entityDAO->find(TRUE);
$entityDAO->delete();
}
}
<?php
// $Id$
/*
+--------------------------------------------------------------------+
| CiviCRM version 4.3 |
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC (c) 2004-2013 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| CiviCRM is free software; you can copy, modify, and distribute it |
| under the terms of the GNU Affero General Public License |
| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
| |
| CiviCRM is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| See the GNU Affero General Public License for more details. |
| |
| You should have received a copy of the GNU Affero General Public |
| License and the CiviCRM Licensing Exception along |
| with this program; if not, contact CiviCRM LLC |
| at info[AT]civicrm[DOT]org. If you have questions about the |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
*/
/**
*
* @package CRM
* @copyright CiviCRM LLC (c) 2004-2013
* $Id$
*
*/
/**
*
* @package CRM
* @copyright CiviCRM LLC (c) 2004-2013
* $Id$
*
*/
class CRM_ACL_Form_ACL extends CRM_Admin_Form {
/**
* This function sets the default values for the form.
*
* @access public
*
* @return None
*/
function setDefaultValues() {
$defaults = parent::setDefaultValues();
if ($this->_action & CRM_Core_Action::ADD) {
$defaults['object_type'] = 1;
}
$showHide = new CRM_Core_ShowHideBlocks();
if (isset($defaults['object_table'])) {
switch ($defaults['object_table']) {
case 'civicrm_saved_search':
$defaults['group_id'] = $defaults['object_id'];
$defaults['object_type'] = 1;
$showHide->addShow("id-group-acl");
$showHide->addHide("id-profile-acl");
$showHide->addHide("id-custom-acl");
$showHide->addHide("id-event-acl");
break;
case 'civicrm_uf_group':
$defaults['uf_group_id'] = $defaults['object_id'];
$defaults['object_type'] = 2;
$showHide->addHide("id-group-acl");
$showHide->addShow("id-profile-acl");
$showHide->addHide("id-custom-acl");
$showHide->addHide("id-event-acl");
break;
case 'civicrm_custom_group':
$defaults['custom_group_id'] = $defaults['object_id'];
$defaults['object_type'] = 3;
$showHide->addHide("id-group-acl");
$showHide->addHide("id-profile-acl");
$showHide->addShow("id-custom-acl");
$showHide->addHide("id-event-acl");
break;
case 'civicrm_event':
$defaults['event_id'] = $defaults['object_id'];
$defaults['object_type'] = 4;
$showHide->addHide("id-group-acl");
$showHide->addHide("id-profile-acl");
$showHide->addHide("id-custom-acl");
$showHide->addShow("id-event-acl");
break;
}
}
else {
$showHide->addHide("id-group-acl");
$showHide->addHide("id-profile-acl");
$showHide->addHide("id-custom-acl");
$showHide->addHide("id-event-acl");
}
// Don't assign showHide elements to template in DELETE mode (fields to be shown and hidden don't exist)
if (!($this->_action & CRM_Core_Action::DELETE)) {
$showHide->addToTemplate();
}
return $defaults;
}
/**
* Function to build the form
*
* @return None
* @access public
*/
public function buildQuickForm() {
parent::buildQuickForm();
if ($this->_action & CRM_Core_Action::DELETE) {
return;
}
$attributes = CRM_Core_DAO::getAttribute('CRM_ACL_DAO_ACL');
$this->add('text', 'name', ts('Description'), CRM_Core_DAO::getAttribute('CRM_ACL_DAO_ACL', 'name'), TRUE);
$operations = array('' => ts('- select -')) + CRM_ACL_BAO_ACL::operation();
$this->add('select',
'operation',
ts('Operation'),
$operations, TRUE
);
$objTypes = array('1' => ts('A group of contacts'),
'2' => ts('A profile'),
'3' => ts('A set of custom data fields'),
);
if (CRM_Core_Permission::access('CiviEvent')) {
$objTypes['4'] = ts('Events');
}
$extra = array('onclick' => "showObjectSelect();");
$this->addRadio('object_type',
ts('Type of Data'),
$objTypes,
$extra,
'&nbsp;', TRUE
);
$label = ts('Role');
$role = array('-1' => ts('- select role -'),
'0' => ts('Everyone'),
) + CRM_Core_OptionGroup::values('acl_role');
$this->add('select', 'entity_id', $label, $role, TRUE);
$group = array('-1' => ts('- select -'),
'0' => ts('All Groups'),
) + CRM_Core_PseudoConstant::group();
$customGroup = array('-1' => ts('- select -'),
'0' => ts('All Custom Groups'),
) + CRM_Core_PseudoConstant::customGroup();
$ufGroup = array('-1' => ts('- select -'),
'0' => ts('All Profiles'),
) + CRM_Core_PseudoConstant::ufGroup();