ENH update SiteTree permissions in CMS

2024-06-24 05:29:26 +02:00 · 2023-06-15 23:30:17 +12:00 · 2023-06-15 23:30:17 +12:00 · 14eb767c9c
commit 14eb767c9c
parent 2ea9d85ee8
2 changed files with 38 additions and 1 deletions
--- a/code/Model/SiteTree.php
+++ b/code/Model/SiteTree.php
@ -35,6 +35,7 @@ use SilverStripe\Forms\GridField\GridField;
 use SilverStripe\Forms\GridField\GridFieldDataColumns;
 use SilverStripe\Forms\GridField\GridFieldLazyLoader;
 use SilverStripe\Forms\HTMLEditor\HTMLEditorField;
+use SilverStripe\Forms\ListboxField;
 use SilverStripe\Forms\LiteralField;
 use SilverStripe\Forms\OptionsetField;
 use SilverStripe\Forms\Tab;
@ -1187,6 +1188,14 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
            return true;
        }

+        // check for specific users
+        if ($this->CanViewType === InheritedPermissions::ONLY_THESE_MEMBERS
+            && $member
+            && $this->ViewerMembers()->filter('ID', $member->ID)->count() > 0
+        ) {
+            return true;
+        }
+
        return false;
    }

@ -2238,6 +2247,7 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
        };
        $viewAllGroupsMap = $mapFn(Permission::get_groups_by_permission(['SITETREE_VIEW_ALL', 'ADMIN']));
        $editAllGroupsMap = $mapFn(Permission::get_groups_by_permission(['SITETREE_EDIT_ALL', 'ADMIN']));
+        $membersMap = Member::get()->map('ID', 'Name');

        $fields = new FieldList(
            $rootTab = new TabSet(
@ -2269,6 +2279,11 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
                        _t(__CLASS__.'.VIEWERGROUPS', "Viewer Groups"),
                        Group::class
                    ),
+                    $viewerMembersField = ListboxField::create(
+                        "ViewerMembers",
+                        _t(__CLASS__.'.VIEWERMEMBERS', "Viewer Users"),
+                        $membersMap,
+                    ),
                    $editorsOptionsField = new OptionsetField(
                        "CanEditType",
                        _t(__CLASS__.'.EDITHEADER', "Who can edit this page?")
@ -2277,6 +2292,11 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
                        "EditorGroups",
                        _t(__CLASS__.'.EDITORGROUPS', "Editor Groups"),
                        Group::class
+                    ),
+                    $editorMembersField = ListboxField::create(
+                        "EditorMembers",
+                        _t(__CLASS__.'.EDITORMEMBERS', "Editor Users"),
+                        $membersMap
                    )
                )
            )
@ -2317,6 +2337,10 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
                __CLASS__.'.ACCESSONLYTHESE',
                "Only these groups (choose from list)"
            ),
+            InheritedPermissions::ONLY_THESE_MEMBERS => _t(
+                __CLASS__.'.ACCESSONLYMEMBERS',
+                "Only these users (choose from list)"
+            ),
        ];
        $viewersOptionsField->setSource($viewersOptionsSource);

@ -2343,17 +2367,27 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi

        if (!Permission::check('SITETREE_GRANT_ACCESS')) {
            $fields->makeFieldReadonly($viewersOptionsField);
-            if ($this->CanEditType === InheritedPermissions::ONLY_THESE_USERS) {
+            if ($this->CanViewType === InheritedPermissions::ONLY_THESE_USERS) {
                $fields->makeFieldReadonly($viewerGroupsField);
+                $fields->removeByName('ViewerMembers');
+            } elseif ($this->CanViewType === InheritedPermissions::ONLY_THESE_MEMBERS) {
+                $fields->makeFieldReadonly($viewerMembersField);
+                $fields->removeByName('ViewerGroups');
            } else {
                $fields->removeByName('ViewerGroups');
+                $fields->removeByName('ViewerMembers');
            }

            $fields->makeFieldReadonly($editorsOptionsField);
            if ($this->CanEditType === InheritedPermissions::ONLY_THESE_USERS) {
                $fields->makeFieldReadonly($editorGroupsField);
+                $fields->removeByName('EditorMembers');
+            } elseif ($this->CanEditType === InheritedPermissions::ONLY_THESE_MEMBERS) {
+                $fields->makeFieldReadonly($editorMembersField);
+                $fields->removeByName('EditorGroups');
            } else {
                $fields->removeByName('EditorGroups');
+                $fields->removeByName('EditorMembers');
            }
        }

--- a/lang/en.yml
+++ b/lang/en.yml
@ -173,6 +173,7 @@ en:
    ACCESSANYONE: Anyone
    ACCESSHEADER: 'Who can view this page?'
    ACCESSLOGGEDIN: 'Logged-in users'
+    ACCESSONLYMEMBERS: 'Only these users (choose from list)'
    ACCESSONLYTHESE: 'Only these groups (choose from list)'
    ADDEDTODRAFTHELP: 'Page has not been published yet'
    ADDEDTODRAFTSHORT: Draft
@ -200,6 +201,7 @@ en:
    DependtPageColumnLinkType: 'Link type'
    EDITHEADER: 'Who can edit this page?'
    EDITORGROUPS: 'Editor Groups'
+    EDITORMEMBERS: 'Editor Users'
    EDITOR_GROUPS_FIELD_DESC: 'Groups with global edit permissions: {groupList}'
    EDIT_ALL_DESCRIPTION: 'Edit any page'
    EDIT_ALL_HELP: 'Ability to edit any page on the site, regardless of the settings on the Access tab.  Requires the "Access to ''Pages'' section" permission'
@ -257,6 +259,7 @@ en:
    URLSegment: 'URL segment'
    UntitledDependentObject: 'Untitled {instanceType}'
    VIEWERGROUPS: 'Viewer Groups'
+    VIEWERMEMBERS: 'Viewer Users'
    VIEWER_GROUPS_FIELD_DESC: 'Groups with global view permissions: {groupList}'
    VIEW_ALL_DESCRIPTION: 'View any page'
    VIEW_ALL_HELP: 'Ability to view any page on the site, regardless of the settings on the Access tab.  Requires the "Access to ''Pages'' section" permission'