Commit 822bd966 authored by Christian Wach's avatar Christian Wach

Enable a plugin "mode" which syncs to role, Groups or both

parent cda7a7cb
......@@ -16,6 +16,30 @@ Based upon code in https://github.com/civicrm/civicrm-wordpress/blob/master/incl
/*
* Set the plugin sync mode.
*
* This must be set prior to activating the plugin.
*
* Possible values are:
*
* 'all': Syncs permissions to both our custom role and the "Groups" plugin.
* 'role': Only syncs permissions to our custom role.
* 'groups': Only syncs permissions to the "Groups" plugin.
*
* The existence of our sync role may confuse existing admin users who see it in
* the WordPress UI and think that it serves a purpose other than allowing other
* plugins to discover CiviCRM's permissions.
*
* An alternative to this is to use the "Groups" plugin and ensure that user
* capabilities are derived solely from membership of a "Groups" group.
*
* @since 1.0
*/
if ( ! defined( 'CIVICRM_PERMISSIONS_SYNC_MODE' ) ) {
define( 'CIVICRM_PERMISSIONS_SYNC_MODE', 'groups' );
}
// Version.
define( 'CIVICRM_PERMISSIONS_SYNC_VERSION', '1.0' );
......@@ -112,7 +136,7 @@ class CiviCRM_Permissions_Sync {
*
* @see https://core.trac.wordpress.org/ticket/14170#comment:68
*
* The 'init' hook is where most role-related changes are made, so we can
* The 'admin_init' hook is recommended for plugin upgrade tasks, so we can
* use that to perform permissions sync each time this plugin is upgraded.
*
* @since 1.0
......@@ -133,10 +157,10 @@ class CiviCRM_Permissions_Sync {
if ( $this->plugin_version != CIVICRM_PERMISSIONS_SYNC_VERSION ) {
// Add minimum CiviCRM capabilities to all roles.
add_action( 'init', [ $this, 'capabilities_all_roles' ], 100 );
add_action( 'admin_init', [ $this, 'capabilities_all_roles' ], 100 );
// Sync late on init.
add_action( 'init', [ $this, 'capabilities_sync' ], 100 );
add_action( 'admin_init', [ $this, 'capabilities_sync' ], 100 );
}
......@@ -290,6 +314,60 @@ class CiviCRM_Permissions_Sync {
*/
$capabilities = apply_filters( 'civicrm_permissions_sync_caps_admin', $capabilities );
// Perform "Groups" sync depending on plugin mode.
if ( in_array( CIVICRM_PERMISSIONS_SYNC_MODE, [ 'groups', 'all' ] ) ) {
// Sync to permissions to the "Groups" plugin.
$this->capabilities_sync_to_groups( $capabilities );
}
// Perform "Role" sync depending on plugin mode.
if ( in_array( CIVICRM_PERMISSIONS_SYNC_MODE, [ 'role', 'all' ] ) ) {
// Sync to permissions to our custom role.
$this->capabilities_sync_to_role( $capabilities );
}
}
/**
* Sync capabilities to "Groups" plugin if present.
*
* @since 1.0
*
* @param array $capabilities The complete set of CiviCRM capabilities.
*/
public function capabilities_sync_to_groups( $capabilities ) {
// Bail if we don't have the "Groups" plugin.
if ( ! defined( 'GROUPS_CORE_VERSION' ) ) {
return;
}
// Add the capabilities if not already added.
foreach( $capabilities as $capability ) {
if ( ! Groups_Capability::read_by_capability( $capability ) ) {
Groups_Capability::create( array( 'capability' => $capability ) );
}
}
}
/**
* Sync capabilities to a custom role.
*
* @since 1.0
*
* @param array $capabilities The complete set of CiviCRM capabilities.
*/
public function capabilities_sync_to_role( $capabilities ) {
// Get the role to apply all CiviCRM permissions to.
$custom_role = $this->role_get();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment