Commit fff1c262 authored by Christian Wach's avatar Christian Wach

Delete permissions when they no longer exist

parent 822bd966
......@@ -314,22 +314,19 @@ class CiviCRM_Permissions_Sync {
*/
$capabilities = apply_filters( 'civicrm_permissions_sync_caps_admin', $capabilities );
// Perform "Groups" sync depending on plugin mode.
// Sync permissions to the "Groups" plugin depending on plugin mode.
if ( in_array( CIVICRM_PERMISSIONS_SYNC_MODE, [ 'groups', 'all' ] ) ) {
// Sync to permissions to the "Groups" plugin.
$this->capabilities_sync_to_groups( $capabilities );
}
// Perform "Role" sync depending on plugin mode.
// Sync permissions to our custom role depending on plugin mode.
if ( in_array( CIVICRM_PERMISSIONS_SYNC_MODE, [ 'role', 'all' ] ) ) {
// Sync to permissions to our custom role.
$this->capabilities_sync_to_role( $capabilities );
}
// Clean up.
$this->capabilities_delete_missing( $capabilities );
}
......@@ -387,6 +384,101 @@ class CiviCRM_Permissions_Sync {
/**
* Delete CiviCRM capabilities when they no longer exist.
*
* This can happen when an Extension which had previously added permissions
* is disabled or uninstalled, for example.
*
* @since 1.0
*
* @param array $capabilities The complete set of CiviCRM capabilities.
*/
public function capabilities_delete_missing( $capabilities ) {
// Read the stored CiviCRM permissions array.
$stored = $this->permissions_get();
// Save and bail if we don't have any stored.
if ( empty( $stored ) ) {
$this->permissions_set( $capabilities );
return;
}
// Find the capabilities that are missing in the current CiviCRM data.
$not_in_current = array_diff( $stored, $capabilities );
// Delete them from "Groups" depending on plugin mode.
if ( in_array( CIVICRM_PERMISSIONS_SYNC_MODE, [ 'groups', 'all' ] ) ) {
//$this->capabilities_delete_from_groups( $not_in_current );
}
// Delete them from the custom role depending on plugin mode.
if ( in_array( CIVICRM_PERMISSIONS_SYNC_MODE, [ 'role', 'all' ] ) ) {
//$this->capabilities_delete_from_role( $not_in_current );
}
// Overwrite the current permissions array.
$this->permissions_set( $capabilities );
}
/**
* Delete capabilities from "Groups" plugin if present.
*
* @since 1.0
*
* @param array $capabilities The array of capabilities to delete.
*/
public function capabilities_delete_from_groups( $capabilities ) {
// Bail if we don't have the "Groups" plugin.
if ( ! defined( 'GROUPS_CORE_VERSION' ) ) {
return;
}
// Delete the capabilities if not already deleted.
foreach( $capabilities as $capability ) {
$groups_cap = Groups_Capability::read_by_capability( $capability );
if ( ! empty( $groups_cap->capability_id ) ) {
Groups_Capability::delete( $groups_cap->capability_id );
}
}
}
/**
* Delete capabilities from a custom role.
*
* @since 1.0
*
* @param array $capabilities The array of capabilities to delete.
*/
public function capabilities_delete_from_role( $capabilities ) {
// Get the role to delete CiviCRM permissions from.
$custom_role = $this->role_get();
// Bail if something went wrong.
if ( empty( $custom_role ) ) {
return;
}
// Delete the capabilities if not already deleted.
foreach( $capabilities as $capability ) {
if ( $custom_role->has_cap( $capability ) ) {
$custom_role->remove_cap( $capability );
}
}
}
/**
* Retrieve our custom WordPress role.
*
......@@ -455,6 +547,46 @@ class CiviCRM_Permissions_Sync {
/**
* Get stored CiviCRM permissions.
*
* @since 1.0
*
* @return array $permissions The array of stored permissions.
*/
public function permissions_get() {
// Get from option.
$permissions = get_option( 'civicrm_permissions_sync_perms', 'false' );
// If no option exists, cast return as array.
if ( $permissions === 'false' ) {
$permissions = array();
}
// --<
return $permissions;
}
/**
* Set stored CiviCRM permissions.
*
* @since 1.0
*
* @param array $permissions The array of permissions to store.
*/
public function permissions_set( $permissions ) {
// Set the option.
update_option( 'civicrm_permissions_sync_perms', $permissions );
}
/**
* Check if CiviCRM is initialised.
*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment