Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Added EDIT_PERMISSIONS permission code for SecurityAdmin

Added LeftAndMain::alternateAccessCheck() / alternateMenuDisplayCheck() so that subsite could hook a new security model into the admin
Added support for Group::alternateTreeTitle() to allow subsites to put *s before global groups

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@41098 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information...
commit 1739d9932ae20c6cf57df38a6b9754dba917cbe1 1 parent 62c2237
@sminnee sminnee authored
Showing with 33 additions and 8 deletions.
  1. +23 −6 code/LeftAndMain.php
  2. +10 −2 code/SecurityAdmin.php
View
29 code/LeftAndMain.php
@@ -14,18 +14,27 @@ function init() {
parent::init();
- // Security check for LeftAndMain sub-class permissions
- if(!Permission::check("CMS_ACCESS_$this->class")) {
- // When access /admin/, we should try a redirect to another part of the admin rather than a
- if($this->class == 'CMSMain') {
+ // Allow customisation of the access check by a decorator
+ if($this->hasMethod('alternateAccessCheck')) {
+ $isAllowed = $this->alternateAccessCheck();
+
+ // Default security check for LeftAndMain sub-class permissions
+ } else {
+ $isAllowed = Permission::check("CMS_ACCESS_$this->class");
+ if(!$isAllowed && $this->class == 'CMSMain') {
+ // When access /admin/, we should try a redirect to another part of the admin rather than be locked out
$menu = $this->MainMenu();
if(($first = $menu->First()) && $first->Link) {
Director::redirect($first->Link);
- return;
}
}
+ }
+ // Don't continue if there's already been a redirection request.
+ if(Director::redirected_to()) return;
+ // Access failure!
+ if(!$isAllowed) {
$messageSet = array(
'default' => "Enter your email address and password to access the CMS.",
'alreadyLoggedIn' => "I'm sorry, but you can't access that part of the CMS. If you want to log in as someone else, do so below",
@@ -213,7 +222,15 @@ public function MainMenu() {
$itemsWithPermission = 0;
foreach($menuSrc as $title => $menuItem) {
if(is_numeric($title) && isset($menuItem['title'])) $title = $menuItem['title'];
- if(!isset($menuItem[2]) || Permission::check("CMS_ACCESS_$menuItem[2]")) {
+
+ if(isset($menuItem[2])) {
+ if($this->hasMethod('alternateMenuDisplayCheck')) $isAllowed = $this->alternateMenuDisplayCheck($menuItem[2]);
+ else $isAllowed = Permission::check("CMS_ACCESS_" . $menuItem[2]);
+ } else {
+ $isAllowed = true;
+ }
+
+ if($isAllowed) {
// Count up the number of items that have specific permission settings
if(isset($menuItem[2])) $itemsWithPermission++;
View
12 code/SecurityAdmin.php
@@ -1,6 +1,6 @@
<?php
-class SecurityAdmin extends LeftAndMain {
+class SecurityAdmin extends LeftAndMain implements PermissionProvider {
static $tree_class = "Group";
static $subitem_class = "Member";
@@ -58,6 +58,8 @@ public function getEditForm($id) {
)
);
+ if(!Permission::check('EDIT_PERMISSIONS')) $fields->removeFieldFromTab('Root', 'Permissions');
+
$memberList->setController($this);
$fields->push($idField = new HiddenField("ID"));
@@ -220,7 +222,7 @@ public function SiteTreeAsUL() {
$siteTree = $obj->getChildrenAsUL("",
' "<li id=\"record-$child->ID\" class=\"$child->class " . ($child->Locked ? " nodelete" : "") . ' .
' ($extraArg->isCurrentPage($child) ? " current" : "") . "\">" . ' .
- ' "<a href=\"" . Director::link("admin", "show", $child->ID) . "\" >" . $child->Title . "</a>" ',$this);
+ ' "<a href=\"" . Director::link("admin", "show", $child->ID) . "\" >" . $child->TreeTitle() . "</a>" ',$this);
$siteTree = "<ul id=\"sitetree\" class=\"tree unformatted\">" .
"<li id=\"record-0\" class=\"Root\">" .
@@ -329,6 +331,12 @@ public function listmembers( $baseGroup = null ) {
return $memberListField->renderWith('MemberList_Table');
}
+
+ function providePermissions() {
+ return array(
+ 'EDIT_PERMISSIONS' => 'Edit Permissions on each Group',
+ );
+ }
}
?>

0 comments on commit 1739d99

Please sign in to comment.
Something went wrong with that request. Please try again.