Commit 53db5912 authored by Kevin Cristiano's avatar Kevin Cristiano 🌎

Merge branch 'cap-sync' into 'master'

Cap sync

See merge request plugins/reset-wp-civicrm-roles-caps!1
parents be6c67d9 207463db
# EditorConfig is awesome: https://editorconfig.org
# top-most EditorConfig file
root = true
# Unix-style newlines with a newline ending every file
[*]
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
# Tab indentation
[*.php]
indent_style = tab
<?php /*
--------------------------------------------------------------------------------
Plugin Name: CiviCRM Permissions Sync
Plugin URI: https://develop.tadpole.cc/plugins/reset-wp-civicrm-roles-caps
Description: Keeps CiviCRM permissions in sync with WordPress capabilities so that they are exposed to other plugins.
Author: Tadpole Collective
Author URI: https://tadpole.cc
Version: 1.0
License: GPLv2
Text Domain: reset-wp-civicrm-roles-caps
Domain Path: /languages
--------------------------------------------------------------------------------
Based upon code in https://github.com/civicrm/civicrm-wordpress/blob/master/includes/civicrm.users.php
--------------------------------------------------------------------------------
*/
// Version.
define( 'CIVICRM_PERMISSIONS_SYNC_VERSION', '1.0' );
// Store reference to this file.
define( 'CIVICRM_PERMISSIONS_SYNC_FILE', __FILE__ );
// Store URL to this plugin's directory.
if ( ! defined( 'CIVICRM_PERMISSIONS_SYNC_URL' ) ) {
define( 'CIVICRM_PERMISSIONS_SYNC_URL', plugin_dir_url( CIVICRM_PERMISSIONS_SYNC_FILE ) );
}
// Store PATH to this plugin's directory.
if ( ! defined( 'CIVICRM_PERMISSIONS_SYNC_PATH' ) ) {
define( 'CIVICRM_PERMISSIONS_SYNC_PATH', plugin_dir_path( CIVICRM_PERMISSIONS_SYNC_FILE ) );
}
/**
* CiviCRM Permissions Sync class.
*
* A class for encapsulating plugin functionality.
*
* @since 1.0
*/
class CiviCRM_Permissions_Sync {
/**
* Custom role name.
*
* @since 1.0
* @access public
* @var str $custom_role_name The name of the custom role.
*/
public $custom_role_name = 'civicrm_admin';
/**
* Additional minimum capabilities.
*
* @since 1.0
* @access public
* @var array $min_capabilities The array of additional minimum capabilities.
*/
public $min_capabilities = array(
'access_ajax_api' => 1,
'view_my_invoices' => 1,
);
/**
* Initialise this object.
*
* @since 1.0
*/
public function __construct() {
// Init translation.
$this->translation();
// Bail if CiviCRM plugin is not present.
if ( ! function_exists( 'civi_wp' ) ) {
return;
}
// Register hooks.
$this->register_hooks();
/**
* Broadcast that this plugin is now loaded.
*
* @since 1.0
*/
do_action( 'civicrm_permissions_sync_loaded' );
}
/**
* Register hooks.
*
* @since 1.0
*/
public function register_hooks() {
/*
* The following two hooks are native to the CiviCRM WordPress plugin.
*
* If this plugin is not active when CiviCRM itself is activated, then
* (obviously) the callbacks will never run. If it is active, however,
* then this is quite neat.
*/
// Filter minimum CiviCRM capabilities.
add_filter( 'civicrm_min_capabilities', [ $this, 'capabilities_minimum' ], 20, 1 );
// Sync when CiviCRM activation action fires.
add_action( 'civicrm_activation', [ $this, 'capabilities_sync' ], 20 );
/*
* If this plugin is activated after CiviCRM itself is activated, then
* we need other events to hook into. The 'init' hook is where most
* role-related changes are made, so use that.
*/
// Add minimum CiviCRM capabilities to all roles.
add_action( 'init', [ $this, 'capabilities_all_roles' ], 100 );
// Sync late on init.
add_action( 'init', [ $this, 'capabilities_sync' ], 100 );
}
/**
* Load translation.
*
* @since 1.0
*/
public function translation() {
load_plugin_textdomain(
'reset-wp-civicrm-roles-caps', // Unique name.
false, // Deprecated argument.
dirname( plugin_basename( __FILE__ ) ) . '/languages/' // Relative path.
);
}
/**
* Filter minimum CiviCRM capabilities.
*
* The standard CiviCRM install misses out a few capabilities which many
* installs need to function as expected. They are added here, but may
* themselves be filtered by hooking in to `civicrm_min_capabilities` and
* `init` with a priority greater than those used by this plugin.
*
* @since 1.0
*
* @param array $capabilities The existing minimum capabilities.
* @return array $capabilities The modified minimum capabilities.
*/
public function capabilities_minimum( $capabilities = array() ) {
// Add our extra capabilities.
foreach( $this->min_capabilities AS $capability => $value ) {
$capabilities[$capability] = 1;
}
// --<
return $capabilities;
}
/**
* Add minimum CiviCRM capabilities to all roles.
*
* This method adds a few capabilities which many CiviCRM installs need to
* function as expected.
*
* @since 1.0
*/
public function capabilities_all_roles() {
// Fetch roles object.
$wp_roles = wp_roles();
// Add capabilities to all roles if not already added.
foreach( $wp_roles->role_names AS $role_name => $title ) {
$role = $wp_roles->get_role( $role_name );
foreach( $this->min_capabilities AS $capability => $value ) {
if ( ! $role->has_cap( $capability ) ) {
$role->add_cap( $capability );
}
}
}
}
/**
* Sync capabilities to WordPress.
*
* Most plugins that deal with capabilities discover them by inspecting the
* roles in WordPress. There are other places that some plugins also inspect
* such as Custom Post Types and plugins such as WooCommerce and bbPress. We
* don't need to concern ourselves with these subsequent inspections, since
* adding all CiviCRM permissions to a WordPress role is enough to make them
* discoverable.
*
* @since 1.0
*/
public function capabilities_sync() {
// Bail if CiviCRM not initialised.
if ( ! $this->is_civicrm_initialised() ) {
return;
}
// Get all CiviCRM permissions, excluding disabled components and descriptions.
$permissions = CRM_Core_Permission::basicPermissions( false, false );
// Convert to WordPress capabilities.
$capabilities = array();
foreach( $permissions AS $permission => $title ) {
$capabilities[] = CRM_Utils_String::munge( strtolower( $permission ) );
}
/**
* Allow administrator-level capabilities to be filtered.
*
* @since 1.0
*
* @param array $capabilities The complete set of CiviCRM capabilities.
* @return array $capabilities The modified set of CiviCRM capabilities.
*/
$capabilities = apply_filters( 'civicrm_permissions_sync_caps_admin', $capabilities );
// Get the role to apply all CiviCRM permissions to.
$custom_role = $this->role_get();
// Bail if something went wrong.
if ( empty( $custom_role ) ) {
return;
}
// Add the capabilities if not already added.
foreach( $capabilities as $capability ) {
if ( ! $custom_role->has_cap( $capability ) ) {
$custom_role->add_cap( $capability );
}
}
}
/**
* Retrieve our custom WordPress role.
*
* We need a role to which we add all CiviCRM permissions. This makes the
* capabilities discoverable by other plugins. This method creates the role
* if it doesn't already exist by cloning the 'adminstrator' role.
*
* @since 1.0
*
* @return WP_Role|void $custom_role The custom role, or void on failure.
*/
public function role_get() {
// Fetch roles object.
$wp_roles = wp_roles();
// If the custom role already exists.
if ( $wp_roles->is_role( $this->custom_role_name ) ) {
// Get existing role.
$custom_role = $wp_roles->get_role( $this->custom_role_name );
} else {
// Bail if the 'administrator' role is not there for some reason.
if ( ! $wp_roles->is_role( 'administrator' ) ) {
return;
}
// Grab the 'administrator' role.
$admin = $wp_roles->get_role( 'administrator' );
// Add new role.
$custom_role = add_role(
$this->custom_role_name,
__( 'CiviCRM Administrator', 'reset-wp-civicrm-roles-caps' ),
$admin->capabilities
);
}
// If void then log something.
if ( empty( $custom_role ) ) {
// Construct a message.
$message = sprintf(
__( 'Could not find CiviCRM sync role: "%s"', 'reset-wp-civicrm-roles-caps' ),
$this->custom_role_name
);
// Add log entry.
$e = new Exception;
$trace = $e->getTraceAsString();
error_log( print_r( array(
'method' => __METHOD__,
'message' => $message,
'backtrace' => $trace,
), true ) );
}
// --<
return $custom_role;
}
/**
* Check if CiviCRM is initialised.
*
* @since 1.0
*
* @return bool True if CiviCRM initialised, false otherwise.
*/
public function is_civicrm_initialised() {
// Init only when CiviCRM is fully installed.
if ( ! defined( 'CIVICRM_INSTALLED' ) ) return false;
if ( ! CIVICRM_INSTALLED ) return false;
// Bail if no CiviCRM init function.
if ( ! function_exists( 'civi_wp' ) ) return false;
// Try and initialise CiviCRM.
return civi_wp()->initialize();
}
} // Class ends.
/**
* Get a reference to this plugin.
*
* @since 1.0
*
* @return CiviCRM_Permissions_Sync $civicrm_permissions_sync The plugin reference.
*/
function civicrm_permissions_sync() {
// Hold the plugin instance in a static variable.
static $civicrm_permissions_sync = false;
// Instantiate plugin if not yet instantiated.
if ( false === $civicrm_permissions_sync ) {
$civicrm_permissions_sync = new CiviCRM_Permissions_Sync();
}
// --<
return $civicrm_permissions_sync;
}
// Init plugin.
add_action( 'plugins_loaded', 'civicrm_permissions_sync' );
<?php
/*
Plugin Name: Resync Default CiviCRM permissions
Plugin URI: https://tadpole.cc
Description: Resync Default CiviCRM permissions
Author: Tadpole Collective
Author URI: https://tadpole.cc
Version: 1.0
License: GPLv2
Based upon code in https://github.com/civicrm/civicrm-wordpress/blob/master/includes/civicrm.users.php
*/
function tc_reset_wp_user_capabilities() {
global $wp_roles;
if ( ! isset( $wp_roles ) ) {
$wp_roles = new WP_Roles();
}
// Minimum capabilities (CiviCRM permissions) arrays
$default_min_capabilities = array(
'read' => 1,
'access_civimail_subscribe_unsubscribe_pages' => 1,
'access_all_custom_data' => 1,
'access_uploaded_files' => 1,
'make_online_contributions' => 1,
'profile_create' => 1,
'profile_edit' => 1,
'profile_view' => 1,
'register_for_events' => 1,
'view_event_info' => 1,
'sign_civicrm_petition' => 1,
'view_public_civimail_content' => 1,
'access_ajax_api' => 1,
'view_my_invoices' => 1,
);
// allow other plugins to filter
$min_capabilities = apply_filters( 'civicrm_min_capabilities', $default_min_capabilities );
// Assign the Minimum capabilities (CiviCRM permissions) to all WP roles
foreach ( $wp_roles->role_names as $role => $name ) {
$roleObj = $wp_roles->get_role( $role );
foreach ( $min_capabilities as $capability_name => $capability_value ) {
$roleObj->add_cap( $capability_name );
}
}
// Admin capabilities (CiviCRM permissions) arrays
$default_admin_capabilities = array(
'read' => 1,
'access_ajax_api' => 1,
'access_all_cases_and_activities' => 1,
'access_all_custom_data' => 1,
'access_civicontribute' => 1,
'access_civicrm' => 1,
'access_civievent' => 1,
'access_civigrant' => 1,
'access_civimail' => 1,
'access_civimail_subscribe_unsubscribe_pages' => 1,
'access_civimember' => 1,
'access_civipledge' => 1,
'access_civireport' => 1,
'access_contact_dashboard' => 1,
'access_contact_reference_fields' => 1,
'access_deleted_contacts' => 1,
'access_my_cases_and_activities' => 1,
'access_report_criteria' => 1,
'access_uploaded_files' => 1,
'add_cases' => 1,
'add_contacts' => 1,
'administer_civicampaign' => 1,
'administer_civicase' => 1,
'administer_civicrm' => 1,
'administer_dedupe_rules' => 1,
'administer_reports' => 1,
'administer_reserved_groups' => 1,
'administer_reserved_reports' => 1,
'administer_reserved_tags' => 1,
'administer_tagsets' => 1,
'create_manual_batch' => 1,
'delete_activities' => 1,
'delete_all_manual_batches' => 1,
'delete_contacts' => 1,
'delete_in_civicase' => 1,
'delete_in_civicontribute' => 1,
'delete_in_civievent' => 1,
'delete_in_civigrant' => 1,
'delete_in_civimail' => 1,
'delete_in_civimember' => 1,
'delete_in_civipledge' => 1,
'delete_own_manual_batches' => 1,
'edit_all_contacts' => 1,
'edit_all_events' => 1,
'edit_all_manual_batches' => 1,
'edit_contributions' => 1,
'edit_event_participants' => 1,
'edit_grants' => 1,
'edit_groups' => 1,
'edit_memberships' => 1,
'edit_own_manual_batches' => 1,
'edit_pledges' => 1,
'export_all_manual_batches' => 1,
'export_own_manual_batches' => 1,
'gotv_campaign_contacts' => 1,
'import_contacts' => 1,
'interview_campaign_contacts' => 1,
'make_online_contributions' => 1,
'manage_campaign' => 1,
'merge_duplicate_contacts' => 1,
'profile_create' => 1,
'profile_edit' => 1,
'profile_listings' => 1,
'profile_listings_and_forms' => 1,
'profile_view' => 1,
'register_for_events' => 1,
'release_campaign_contacts' => 1,
'reserve_campaign_contacts' => 1,
'sign_civicrm_petition' => 1,
'translate_civicrm' => 1,
'view_all_activities' => 1,
'view_all_contacts' => 1,
'view_all_manual_batches' => 1,
'view_all_notes' => 1,
'view_debug_output' => 1,
'view_event_info' => 1,
'view_event_participants' => 1,
'view_own_manual_batches' => 1,
'view_public_civimail_content' => 1,
'administer_payment_processors' => 1,
'administer_private_reports' => 1,
'close_all_manual_batches' => 1,
'close_own_manual_batches' => 1,
'edit_api_keys' => 1,
'edit_message_templates' => 1,
'edit_my_contact' => 1,
'edit_own_api_keys' => 1,
'force_merge_duplicate_contacts' => 1,
'import_sql_datasource' => 1,
'manage_event_profiles' => 1,
'manage_tags' => 1,
'reopen_all_manual_batches' => 1,
'reopen_own_manual_batches' => 1,
'view_my_contact' => 1,
'view_my_invoices' => 1,
'view_report_sql' => 1,
'skip_ids_check' => 1,
);
$admin_capabilities = apply_filters( 'civicrm_admin_capabilities', $default_admin_capabilities );
// Add the 'anonymous_user' role with minimum capabilities.
if ( ! in_array( 'anonymous_user', $wp_roles->roles ) ) {
add_role(
'anonymous_user',
__( 'Anonymous User', 'civicrm' ),
$min_capabilities
);
}
// Add the 'civicrm_admin' role with all capabilities.
if ( ! in_array( 'civicrm_admin', $wp_roles->roles ) ) {
add_role(
'civicrm_admin',
__( 'CiviCRM Administrator', 'civicrm' ),
$admin_capabilities
);
}
$roleObj = get_role( 'civicrm_admin' );
foreach ( $admin_capabilities as $capability_name => $capability_value ) {
$roleObj->add_cap( $capability_name );
}
}
register_activation_hook( __FILE__, 'tc_reset_wp_user_capabilities' );
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment