Commit 9ee8b642 authored by Kevin Cristiano's avatar Kevin Cristiano 🌎

Merge branch 'groups' into 'master'

Groups

See merge request plugins/reset-wp-civicrm-roles-caps!2
parents 53db5912 822bd966
# CiviCRM Permissions Sync
A plugin which keeps CiviCRM permissions in sync with WordPress capabilities.
#### Notes ####
This plugin has been developed using a minimum of *WordPress 5.1* and *CiviCRM 5.12*.
**Please note:** This plugin is still in early stages of development and may not be production-ready for you. Use at your own risk.
#### Installation ####
There are two ways to install from GitLab:
###### ZIP Download ######
If you have downloaded *CiviCRM Permissions Sync* as a ZIP file from the GitLab repository, do the following to install and activate the plugin:
1. Unzip the .zip file and, if needed, rename the enclosing folder so that the plugin's files are located directly inside `/wp-content/plugins/reset-wp-civicrm-roles-caps`
2. Activate (or network-activate) the plugin
3. You're done.
###### git clone ######
If you have cloned the code from GitLab, it is assumed that you know what you're doing.
# Copyright (C) 2019 CiviCRM Permissions Sync
# This file is distributed under the same license as the CiviCRM Permissions Sync package.
msgid ""
msgstr ""
"Project-Id-Version: CiviCRM Permissions Sync 1.0\n"
"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/reset-wp-civicrm-roles-caps\n"
"POT-Creation-Date: 2019-04-11 09:50:27+00:00\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2019-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
#: reset-wp-civicrm-roles-caps.php:347
msgid "CiviCRM Administrator"
msgstr ""
#: reset-wp-civicrm-roles-caps.php:358
msgid "Could not find CiviCRM sync role: \"%s\""
msgstr ""
#. Plugin Name of the plugin/theme
msgid "CiviCRM Permissions Sync"
msgstr ""
#. Plugin URI of the plugin/theme
msgid "https://develop.tadpole.cc/plugins/reset-wp-civicrm-roles-caps"
msgstr ""
#. Description of the plugin/theme
msgid "Keeps CiviCRM permissions in sync with WordPress capabilities so that they are exposed to other plugins."
msgstr ""
#. Author of the plugin/theme
msgid "Tadpole Collective"
msgstr ""
#. Author URI of the plugin/theme
msgid "https://tadpole.cc"
msgstr ""
=== CiviCRM Permissions Sync ===
Contributors: needle, tadpole
Tags: civicrm, permissions, sync
Requires at least: 5.0
Tested up to: 5.1
Stable tag: 1.0
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
Keeps CiviCRM permissions in sync with WordPress capabilities.
== Description ==
A plugin which keeps CiviCRM permissions in sync with WordPress capabilities.
== Installation ==
1. Extract the plugin archive
1. Upload plugin files to your `/wp-content/plugins/` directory
1. Activate (or network-activate) the plugin
== Changelog ==
= 1.0 =
Initial release
......@@ -15,6 +15,31 @@ Based upon code in https://github.com/civicrm/civicrm-wordpress/blob/master/incl
*/
/*
* Set the plugin sync mode.
*
* This must be set prior to activating the plugin.
*
* Possible values are:
*
* 'all': Syncs permissions to both our custom role and the "Groups" plugin.
* 'role': Only syncs permissions to our custom role.
* 'groups': Only syncs permissions to the "Groups" plugin.
*
* The existence of our sync role may confuse existing admin users who see it in
* the WordPress UI and think that it serves a purpose other than allowing other
* plugins to discover CiviCRM's permissions.
*
* An alternative to this is to use the "Groups" plugin and ensure that user
* capabilities are derived solely from membership of a "Groups" group.
*
* @since 1.0
*/
if ( ! defined( 'CIVICRM_PERMISSIONS_SYNC_MODE' ) ) {
define( 'CIVICRM_PERMISSIONS_SYNC_MODE', 'groups' );
}
// Version.
define( 'CIVICRM_PERMISSIONS_SYNC_VERSION', '1.0' );
......@@ -80,6 +105,9 @@ class CiviCRM_Permissions_Sync {
return;
}
// Do upgrade tasks.
$this->upgrade_tasks();
// Register hooks.
$this->register_hooks();
......@@ -95,37 +123,83 @@ class CiviCRM_Permissions_Sync {
/**
* Register hooks.
* Perform upgrade tasks.
*
* If this plugin is activated after CiviCRM itself is activated, then we
* need another way to trigger sync which doesn't rely on CiviCRM's hooks.
*
* @see $this->register_hooks()
*
* This method is written as a substitute for registering activation hooks
* because, in multisite, a network-activated plugin will not inform all
* sites in the network of it's activation.
*
* @see https://core.trac.wordpress.org/ticket/14170#comment:68
*
* The 'admin_init' hook is recommended for plugin upgrade tasks, so we can
* use that to perform permissions sync each time this plugin is upgraded.
*
* @since 1.0
*/
public function register_hooks() {
public function upgrade_tasks() {
// Get installed plugin version for this site.
$this->plugin_version = get_option( 'civicrm_permissions_sync_version', 'false' );
/*
* The following two hooks are native to the CiviCRM WordPress plugin.
*
* If this plugin is not active when CiviCRM itself is activated, then
* (obviously) the callbacks will never run. If it is active, however,
* then this is quite neat.
*/
// If this is a new install.
if ( $this->plugin_version === 'false' ) {
// Do something.
}
*/
// Filter minimum CiviCRM capabilities.
add_filter( 'civicrm_min_capabilities', [ $this, 'capabilities_minimum' ], 20, 1 );
// If the version has changed.
if ( $this->plugin_version != CIVICRM_PERMISSIONS_SYNC_VERSION ) {
// Sync when CiviCRM activation action fires.
add_action( 'civicrm_activation', [ $this, 'capabilities_sync' ], 20 );
// Add minimum CiviCRM capabilities to all roles.
add_action( 'admin_init', [ $this, 'capabilities_all_roles' ], 100 );
// Sync late on init.
add_action( 'admin_init', [ $this, 'capabilities_sync' ], 100 );
}
/*
* If this plugin is activated after CiviCRM itself is activated, then
* we need other events to hook into. The 'init' hook is where most
* role-related changes are made, so use that.
*/
// For specific upgrades, use something like the following.
if ( version_compare( CIVICRM_PERMISSIONS_SYNC_VERSION, '1.0.1', '>=' ) ) {
// Do something.
}
*/
// Store version if there has been a change.
if ( $this->plugin_version != CIVICRM_PERMISSIONS_SYNC_VERSION ) {
update_option( 'civicrm_permissions_sync_version', CIVICRM_PERMISSIONS_SYNC_VERSION );
$this->plugin_version = CIVICRM_PERMISSIONS_SYNC_VERSION;
}
}
// Add minimum CiviCRM capabilities to all roles.
add_action( 'init', [ $this, 'capabilities_all_roles' ], 100 );
// Sync late on init.
add_action( 'init', [ $this, 'capabilities_sync' ], 100 );
/**
* Register hooks.
*
* The two hooks referenced here are native to the CiviCRM WordPress plugin.
* If this plugin active when CiviCRM itself is activated, then these hooks
* provide a neat way of ensuring capabilities are synced at the point when
* CiviCRM is activated.
*
* @see $this->upgrade_tasks()
*
* @since 1.0
*/
public function register_hooks() {
// Filter minimum CiviCRM capabilities.
add_filter( 'civicrm_min_capabilities', [ $this, 'capabilities_minimum' ], 20, 1 );
// Sync when CiviCRM activation action fires.
add_action( 'civicrm_activation', [ $this, 'capabilities_sync' ], 20 );
}
......@@ -240,6 +314,60 @@ class CiviCRM_Permissions_Sync {
*/
$capabilities = apply_filters( 'civicrm_permissions_sync_caps_admin', $capabilities );
// Perform "Groups" sync depending on plugin mode.
if ( in_array( CIVICRM_PERMISSIONS_SYNC_MODE, [ 'groups', 'all' ] ) ) {
// Sync to permissions to the "Groups" plugin.
$this->capabilities_sync_to_groups( $capabilities );
}
// Perform "Role" sync depending on plugin mode.
if ( in_array( CIVICRM_PERMISSIONS_SYNC_MODE, [ 'role', 'all' ] ) ) {
// Sync to permissions to our custom role.
$this->capabilities_sync_to_role( $capabilities );
}
}
/**
* Sync capabilities to "Groups" plugin if present.
*
* @since 1.0
*
* @param array $capabilities The complete set of CiviCRM capabilities.
*/
public function capabilities_sync_to_groups( $capabilities ) {
// Bail if we don't have the "Groups" plugin.
if ( ! defined( 'GROUPS_CORE_VERSION' ) ) {
return;
}
// Add the capabilities if not already added.
foreach( $capabilities as $capability ) {
if ( ! Groups_Capability::read_by_capability( $capability ) ) {
Groups_Capability::create( array( 'capability' => $capability ) );
}
}
}
/**
* Sync capabilities to a custom role.
*
* @since 1.0
*
* @param array $capabilities The complete set of CiviCRM capabilities.
*/
public function capabilities_sync_to_role( $capabilities ) {
// Get the role to apply all CiviCRM permissions to.
$custom_role = $this->role_get();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment