tonyair/silverstripe-cms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-cms synced 2024-06-30 16:39:23 +02:00
Code Issues Projects Releases Wiki Activity

ENH update SiteTree permissions in CMS

Browse Source
This commit is contained in:
Andrew Paxley 2023-06-15 23:30:17 +12:00
parent 2ea9d85ee8
commit 14eb767c9c
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
code/Model/SiteTree.php
View File

@ -35,6 +35,7 @@ use SilverStripe\Forms\GridField\GridField;
use SilverStripe\Forms\GridField\GridFieldDataColumns; use SilverStripe\Forms\GridField\GridFieldDataColumns;
use SilverStripe\Forms\GridField\GridFieldLazyLoader; use SilverStripe\Forms\GridField\GridFieldLazyLoader;
use SilverStripe\Forms\HTMLEditor\HTMLEditorField; use SilverStripe\Forms\HTMLEditor\HTMLEditorField;
use SilverStripe\Forms\ListboxField;
use SilverStripe\Forms\LiteralField; use SilverStripe\Forms\LiteralField;
use SilverStripe\Forms\OptionsetField; use SilverStripe\Forms\OptionsetField;
use SilverStripe\Forms\Tab; use SilverStripe\Forms\Tab;
@ -1187,6 +1188,14 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
return true; return true;
} }
// check for specific users
if ($this->CanViewType === InheritedPermissions::ONLY_THESE_MEMBERS
&& $member
&& $this->ViewerMembers()->filter('ID', $member->ID)->count() > 0
) {
return true;
}
return false; return false;
} }
@ -2238,6 +2247,7 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
}; };
$viewAllGroupsMap = $mapFn(Permission::get_groups_by_permission(['SITETREE_VIEW_ALL', 'ADMIN'])); $viewAllGroupsMap = $mapFn(Permission::get_groups_by_permission(['SITETREE_VIEW_ALL', 'ADMIN']));
$editAllGroupsMap = $mapFn(Permission::get_groups_by_permission(['SITETREE_EDIT_ALL', 'ADMIN'])); $editAllGroupsMap = $mapFn(Permission::get_groups_by_permission(['SITETREE_EDIT_ALL', 'ADMIN']));
$membersMap = Member::get()->map('ID', 'Name');
$fields = new FieldList( $fields = new FieldList(
$rootTab = new TabSet( $rootTab = new TabSet(
@ -2269,6 +2279,11 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
_t(__CLASS__.'.VIEWERGROUPS', "Viewer Groups"), _t(__CLASS__.'.VIEWERGROUPS', "Viewer Groups"),
Group::class Group::class
), ),
$viewerMembersField = ListboxField::create(
"ViewerMembers",
_t(__CLASS__.'.VIEWERMEMBERS', "Viewer Users"),
$membersMap,
),
$editorsOptionsField = new OptionsetField( $editorsOptionsField = new OptionsetField(
"CanEditType", "CanEditType",
_t(__CLASS__.'.EDITHEADER', "Who can edit this page?") _t(__CLASS__.'.EDITHEADER', "Who can edit this page?")
@ -2277,6 +2292,11 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
"EditorGroups", "EditorGroups",
_t(__CLASS__.'.EDITORGROUPS', "Editor Groups"), _t(__CLASS__.'.EDITORGROUPS', "Editor Groups"),
Group::class Group::class
),
$editorMembersField = ListboxField::create(
"EditorMembers",
_t(__CLASS__.'.EDITORMEMBERS', "Editor Users"),
$membersMap
) )
) )
) )
@ -2317,6 +2337,10 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
__CLASS__.'.ACCESSONLYTHESE', __CLASS__.'.ACCESSONLYTHESE',
"Only these groups (choose from list)" "Only these groups (choose from list)"
), ),
InheritedPermissions::ONLY_THESE_MEMBERS => _t(
__CLASS__.'.ACCESSONLYMEMBERS',
"Only these users (choose from list)"
),
]; ];
$viewersOptionsField->setSource($viewersOptionsSource); $viewersOptionsField->setSource($viewersOptionsSource);
@ -2343,17 +2367,27 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
if (!Permission::check('SITETREE_GRANT_ACCESS')) { if (!Permission::check('SITETREE_GRANT_ACCESS')) {
$fields->makeFieldReadonly($viewersOptionsField); $fields->makeFieldReadonly($viewersOptionsField);
if ($this->CanEditType === InheritedPermissions::ONLY_THESE_USERS) { if ($this->CanViewType === InheritedPermissions::ONLY_THESE_USERS) {
$fields->makeFieldReadonly($viewerGroupsField); $fields->makeFieldReadonly($viewerGroupsField);
$fields->removeByName('ViewerMembers');
} elseif ($this->CanViewType === InheritedPermissions::ONLY_THESE_MEMBERS) {
$fields->makeFieldReadonly($viewerMembersField);
$fields->removeByName('ViewerGroups');
} else { } else {
$fields->removeByName('ViewerGroups'); $fields->removeByName('ViewerGroups');
$fields->removeByName('ViewerMembers');
} }
$fields->makeFieldReadonly($editorsOptionsField); $fields->makeFieldReadonly($editorsOptionsField);
if ($this->CanEditType === InheritedPermissions::ONLY_THESE_USERS) { if ($this->CanEditType === InheritedPermissions::ONLY_THESE_USERS) {
$fields->makeFieldReadonly($editorGroupsField); $fields->makeFieldReadonly($editorGroupsField);
$fields->removeByName('EditorMembers');
} elseif ($this->CanEditType === InheritedPermissions::ONLY_THESE_MEMBERS) {
$fields->makeFieldReadonly($editorMembersField);
$fields->removeByName('EditorGroups');
} else { } else {
$fields->removeByName('EditorGroups'); $fields->removeByName('EditorGroups');
$fields->removeByName('EditorMembers');
} }
} }

3
lang/en.yml
View File

@ -173,6 +173,7 @@ en:
ACCESSANYONE: Anyone ACCESSANYONE: Anyone
ACCESSHEADER: 'Who can view this page?' ACCESSHEADER: 'Who can view this page?'
ACCESSLOGGEDIN: 'Logged-in users' ACCESSLOGGEDIN: 'Logged-in users'
ACCESSONLYMEMBERS: 'Only these users (choose from list)'
ACCESSONLYTHESE: 'Only these groups (choose from list)' ACCESSONLYTHESE: 'Only these groups (choose from list)'
ADDEDTODRAFTHELP: 'Page has not been published yet' ADDEDTODRAFTHELP: 'Page has not been published yet'
ADDEDTODRAFTSHORT: Draft ADDEDTODRAFTSHORT: Draft
@ -200,6 +201,7 @@ en:
DependtPageColumnLinkType: 'Link type' DependtPageColumnLinkType: 'Link type'
EDITHEADER: 'Who can edit this page?' EDITHEADER: 'Who can edit this page?'
EDITORGROUPS: 'Editor Groups' EDITORGROUPS: 'Editor Groups'
EDITORMEMBERS: 'Editor Users'
EDITOR_GROUPS_FIELD_DESC: 'Groups with global edit permissions: {groupList}' EDITOR_GROUPS_FIELD_DESC: 'Groups with global edit permissions: {groupList}'
EDIT_ALL_DESCRIPTION: 'Edit any page' EDIT_ALL_DESCRIPTION: 'Edit any page'
EDIT_ALL_HELP: 'Ability to edit any page on the site, regardless of the settings on the Access tab. Requires the "Access to ''Pages'' section" permission' EDIT_ALL_HELP: 'Ability to edit any page on the site, regardless of the settings on the Access tab. Requires the "Access to ''Pages'' section" permission'
@ -257,6 +259,7 @@ en:
URLSegment: 'URL segment' URLSegment: 'URL segment'
UntitledDependentObject: 'Untitled {instanceType}' UntitledDependentObject: 'Untitled {instanceType}'
VIEWERGROUPS: 'Viewer Groups' VIEWERGROUPS: 'Viewer Groups'
VIEWERMEMBERS: 'Viewer Users'
VIEWER_GROUPS_FIELD_DESC: 'Groups with global view permissions: {groupList}' VIEWER_GROUPS_FIELD_DESC: 'Groups with global view permissions: {groupList}'
VIEW_ALL_DESCRIPTION: 'View any page' VIEW_ALL_DESCRIPTION: 'View any page'
VIEW_ALL_HELP: 'Ability to view any page on the site, regardless of the settings on the Access tab. Requires the "Access to ''Pages'' section" permission' VIEW_ALL_HELP: 'Ability to view any page on the site, regardless of the settings on the Access tab. Requires the "Access to ''Pages'' section" permission'