/
SiteTreeExtension.php
64 lines (55 loc) · 1.92 KB
/
SiteTreeExtension.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<?php
namespace SilverStripe\RealMe\Extension;
use SilverStripe\CMS\Model\SiteTree;
use SilverStripe\RealMe\RealMeService;
use SilverStripe\Security\InheritedPermissions;
use SilverStripe\Security\Member;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DataExtension;
/**
* @extends DataExtension<SiteTree>
*/
class SiteTreeExtension extends DataExtension
{
private static $dependencies = array(
'service' => '%$' . RealMeService::class
);
/**
* @var RealMeService
*/
public $service;
/**
* This function is an extension of the default SiteTree canView(), and allows viewing permissions for a SiteTree
* object which has allowed a page to be presented to logged in users. With RealMe a logged in user is a user
* which has authenticated with the identity provider, and we have stored a FLT in session.
*
* Return true, if the CanViewType is LoggedInUsers, and we have a valid RealMe Session authenticated.
*
* @param Member|int $member
*
* @return bool|null True if the current user can view this page (or null to defer)
*/
public function canView($member)
{
// Defer if there's a member - this only catches allowing those who aren't members but might be authenticated
// with RealMe
if ($member && $member->ID) {
return null;
}
$data = $this->service->getUserData();
if (empty($data)) {
// Defer if there's no logged in RealMe user
return null;
}
// Follow existing SiteTree logic where orphaned pages aren't viewable
if ($this->owner->isOrphaned()) {
return false;
}
if ($this->owner->CanViewType === InheritedPermissions::LOGGED_IN_USERS) {
// We have a logged in RealMe user (which may not be a member)
return true;
}
// Defer in all other cases
return null;
}
}