-
-
Notifications
You must be signed in to change notification settings - Fork 85
/
Copy pathcivicrm.users.php
367 lines (310 loc) · 8.69 KB
/
civicrm.users.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
<?php
/*
+--------------------------------------------------------------------+
| Copyright CiviCRM LLC. All rights reserved. |
| |
| This work is published under the GNU AGPLv3 license with some |
| permitted exceptions and without any warranty. For full license |
| and copyright information, see https://civicrm.org/licensing |
+--------------------------------------------------------------------+
*/
/**
*
* @package CRM
* @copyright CiviCRM LLC https://civicrm.org/licensing
*
*/
// This file must not accessed directly.
if (!defined('ABSPATH')) {
exit;
}
/**
* Define CiviCRM_For_WordPress_Users Class.
*
* @since 4.6
*/
class CiviCRM_For_WordPress_Users {
/**
* @var object
* Plugin object reference.
* @since 4.6
* @access public
*/
public $civi;
/**
* Instance constructor.
*
* @since 4.6
*/
public function __construct() {
// Store reference to CiviCRM plugin object.
$this->civi = civi_wp();
// Always listen for activation action.
add_action('civicrm_activation', [$this, 'activate']);
}
/**
* Plugin activation tasks.
*
* @since 5.6
*/
public function activate() {
/*
* Assign minimum capabilities for all WordPress roles and create
* 'anonymous_user' role.
*/
$this->set_wp_user_capabilities();
}
/**
* Register hooks.
*
* @since 4.6
*/
public function register_hooks() {
// Add CiviCRM access capabilities to WordPress roles.
$this->set_access_capabilities();
// Do not hook into user updates if CiviCRM not installed yet.
if (!CIVICRM_INSTALLED) {
return;
}
// Synchronise users on insert and update.
add_action('user_register', [$this, 'update_user']);
add_action('profile_update', [$this, 'update_user']);
// Delete ufMatch record when a WordPress user is deleted.
add_action('deleted_user', [$this, 'delete_user_ufmatch'], 10, 1);
}
/**
* Check permissions.
*
* Authentication function used by basepage_register_hooks()
*
* @since 4.6
*
* @param array $args The page arguments array.
* @return bool True if authenticated, false otherwise.
*/
public function check_permission($args) {
if ($args[0] != 'civicrm') {
return FALSE;
}
$config = CRM_Core_Config::singleton();
// Set frontend true.
$config->userFrameworkFrontend = TRUE;
require_once 'CRM/Utils/Array.php';
// All profile and file urls, as well as user dashboard and tell-a-friend are valid.
$arg1 = CRM_Utils_Array::value(1, $args);
$invalidPaths = ['admin'];
if (in_array($arg1, $invalidPaths)) {
return FALSE;
}
return TRUE;
}
/**
* Get "permission denied" text.
*
* Called when authentication fails in basepage_register_hooks()
*
* @since 4.6
*
* @return string Warning message.
*/
public function get_permission_denied() {
return __('You do not have permission to access this content.', 'civicrm');
}
/**
* Handle WordPress user events.
*
* Callback function for 'user_register' hook.
* Callback function for 'profile_update' hook.
*
* CMW: seems to (wrongly) create new CiviCRM Contact every time a user changes
* their first_name or last_name attributes in WordPress.
*
* @since 4.6
*
* @param int $user_id The numeric ID of the WordPress user.
*/
public function update_user($user_id) {
$user = get_userdata($user_id);
if ($user) {
$this->sync_user($user);
}
}
/**
* Keep WordPress user synced with CiviCRM Contact.
*
* @since 4.6
*
* @param object $user The WordPress user object.
*/
public function sync_user($user = FALSE) {
// Sanity check
if ($user === FALSE || !is_a($user, 'WP_User')) {
return;
}
if (!$this->civi->initialize()) {
return;
}
require_once 'CRM/Core/BAO/UFMatch.php';
/*
* This does not return anything, so if we want to do anything further
* to the CiviCRM Contact, we have to search for it all over again.
*/
CRM_Core_BAO_UFMatch::synchronize(
// User object.
$user,
// Update = true.
TRUE,
// CMS.
'WordPress',
// Contact Type.
'Individual'
);
}
/**
* When a WordPress user is deleted, delete the UFMatch record.
*
* Callback function for 'delete_user' hook.
*
* @since 4.6
*
* @param $user_id The numerical ID of the WordPress user.
*/
public function delete_user_ufmatch($user_id) {
if (!$this->civi->initialize()) {
return;
}
// Delete the UFMatch record.
require_once 'CRM/Core/BAO/UFMatch.php';
CRM_Core_BAO_UFMatch::deleteUser($user_id);
}
/**
* Create anonymous role and define capabilities.
*
* Function to create 'anonymous_user' role, if 'anonymous_user' role is not
* in the WordPress installation and assign minimum capabilities for all
* WordPress roles.
*
* The legacy global scope function civicrm_wp_set_capabilities() is called
* from upgrade_4_3_alpha1()
*
* @since 4.6
*/
public function set_wp_user_capabilities() {
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
// Define minimum capabilities (CiviCRM permissions).
$default_min_capabilities = [
'access_civimail_subscribe_unsubscribe_pages' => 1,
'access_all_custom_data' => 1,
'access_uploaded_files' => 1,
'make_online_contributions' => 1,
'profile_create' => 1,
'profile_edit' => 1,
'profile_view' => 1,
'register_for_events' => 1,
'view_event_info' => 1,
'sign_civicrm_petition' => 1,
'view_public_civimail_content' => 1,
];
/**
* Allow minimum capabilities to be filtered.
*
* @since 4.6
*
* @param array $default_min_capabilities The minimum capabilities.
* @return array $default_min_capabilities The modified capabilities.
*/
$min_capabilities = apply_filters('civicrm_min_capabilities', $default_min_capabilities);
// Assign the minimum capabilities to all WordPress roles.
foreach ($wp_roles->role_names as $role => $name) {
$roleObj = $wp_roles->get_role($role);
foreach ($min_capabilities as $capability_name => $capability_value) {
$roleObj->add_cap($capability_name);
}
}
// Add the 'anonymous_user' role with minimum capabilities.
if (!in_array('anonymous_user', $wp_roles->roles)) {
add_role(
'anonymous_user',
__('Anonymous User', 'civicrm'),
$min_capabilities
);
}
}
/**
* Add CiviCRM access capabilities to WordPress roles.
*
* This is a callback for the 'init' hook in register_hooks().
*
* The legacy global scope function wp_civicrm_capability() is called by
* postProcess() in civicrm/CRM/ACL/Form/WordPress/Permissions.php
*
* @since 4.6
*/
public function set_access_capabilities() {
// Test for existing global
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
/**
* Filter the default roles with access to CiviCRM.
*
* The 'access_civicrm' capability is the most basic CiviCRM capability and
* is required to see the CiviCRM menu link in the WordPress Admin menu.
*
* @since 4.6
*
* @param array The default roles with access to CiviCRM.
* @return array The modified roles with access to CiviCRM.
*/
$roles = apply_filters('civicrm_access_roles', ['super admin', 'administrator']);
// Give access to CiviCRM to particular roles.
foreach ($roles as $role) {
$roleObj = $wp_roles->get_role($role);
if (
is_object($roleObj) &&
is_array($roleObj->capabilities) &&
!array_key_exists('access_civicrm', $wp_roles->get_role($role)->capabilities)
) {
$wp_roles->add_cap($role, 'access_civicrm');
}
}
}
/**
* Get CiviCRM Contact Type.
*
* @since 4.6
*
* @param string $default The requested Contact Type.
* @return string $ctype The computed Contact Type.
*/
public function get_civicrm_contact_type($default = NULL) {
/*
* Here we are creating a new Contact.
* Get the Contact Type from the POST variables if any.
*/
if (isset($_REQUEST['ctype'])) {
$ctype = $_REQUEST['ctype'];
}
elseif (
isset($_REQUEST['edit']) &&
isset($_REQUEST['edit']['ctype'])
) {
$ctype = $_REQUEST['edit']['ctype'];
}
else {
$ctype = $default;
}
if (
$ctype != 'Individual' &&
$ctype != 'Organization' &&
$ctype != 'Household'
) {
$ctype = $default;
}
return $ctype;
}
}