mirror of
https://github.com/silverstripe/silverstripe-cms
synced 2024-10-22 08:05:56 +02:00
Added EDIT_PERMISSIONS permission code for SecurityAdmin
Added LeftAndMain::alternateAccessCheck() / alternateMenuDisplayCheck() so that subsite could hook a new security model into the admin Added support for Group::alternateTreeTitle() to allow subsites to put *s before global groups git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@41098 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
62c2237773
commit
1739d9932a
@ -14,18 +14,27 @@ abstract class LeftAndMain extends Controller {
|
||||
|
||||
parent::init();
|
||||
|
||||
// Security check for LeftAndMain sub-class permissions
|
||||
if(!Permission::check("CMS_ACCESS_$this->class")) {
|
||||
// When access /admin/, we should try a redirect to another part of the admin rather than a
|
||||
if($this->class == 'CMSMain') {
|
||||
// Allow customisation of the access check by a decorator
|
||||
if($this->hasMethod('alternateAccessCheck')) {
|
||||
$isAllowed = $this->alternateAccessCheck();
|
||||
|
||||
// Default security check for LeftAndMain sub-class permissions
|
||||
} else {
|
||||
$isAllowed = Permission::check("CMS_ACCESS_$this->class");
|
||||
if(!$isAllowed && $this->class == 'CMSMain') {
|
||||
// When access /admin/, we should try a redirect to another part of the admin rather than be locked out
|
||||
$menu = $this->MainMenu();
|
||||
if(($first = $menu->First()) && $first->Link) {
|
||||
Director::redirect($first->Link);
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Don't continue if there's already been a redirection request.
|
||||
if(Director::redirected_to()) return;
|
||||
|
||||
// Access failure!
|
||||
if(!$isAllowed) {
|
||||
$messageSet = array(
|
||||
'default' => "Enter your email address and password to access the CMS.",
|
||||
'alreadyLoggedIn' => "I'm sorry, but you can't access that part of the CMS. If you want to log in as someone else, do so below",
|
||||
@ -213,7 +222,15 @@ abstract class LeftAndMain extends Controller {
|
||||
$itemsWithPermission = 0;
|
||||
foreach($menuSrc as $title => $menuItem) {
|
||||
if(is_numeric($title) && isset($menuItem['title'])) $title = $menuItem['title'];
|
||||
if(!isset($menuItem[2]) || Permission::check("CMS_ACCESS_$menuItem[2]")) {
|
||||
|
||||
if(isset($menuItem[2])) {
|
||||
if($this->hasMethod('alternateMenuDisplayCheck')) $isAllowed = $this->alternateMenuDisplayCheck($menuItem[2]);
|
||||
else $isAllowed = Permission::check("CMS_ACCESS_" . $menuItem[2]);
|
||||
} else {
|
||||
$isAllowed = true;
|
||||
}
|
||||
|
||||
if($isAllowed) {
|
||||
// Count up the number of items that have specific permission settings
|
||||
if(isset($menuItem[2])) $itemsWithPermission++;
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
|
||||
class SecurityAdmin extends LeftAndMain {
|
||||
class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
||||
static $tree_class = "Group";
|
||||
static $subitem_class = "Member";
|
||||
|
||||
@ -58,6 +58,8 @@ class SecurityAdmin extends LeftAndMain {
|
||||
)
|
||||
);
|
||||
|
||||
if(!Permission::check('EDIT_PERMISSIONS')) $fields->removeFieldFromTab('Root', 'Permissions');
|
||||
|
||||
$memberList->setController($this);
|
||||
|
||||
$fields->push($idField = new HiddenField("ID"));
|
||||
@ -220,7 +222,7 @@ class SecurityAdmin extends LeftAndMain {
|
||||
$siteTree = $obj->getChildrenAsUL("",
|
||||
' "<li id=\"record-$child->ID\" class=\"$child->class " . ($child->Locked ? " nodelete" : "") . ' .
|
||||
' ($extraArg->isCurrentPage($child) ? " current" : "") . "\">" . ' .
|
||||
' "<a href=\"" . Director::link("admin", "show", $child->ID) . "\" >" . $child->Title . "</a>" ',$this);
|
||||
' "<a href=\"" . Director::link("admin", "show", $child->ID) . "\" >" . $child->TreeTitle() . "</a>" ',$this);
|
||||
|
||||
$siteTree = "<ul id=\"sitetree\" class=\"tree unformatted\">" .
|
||||
"<li id=\"record-0\" class=\"Root\">" .
|
||||
@ -329,6 +331,12 @@ class SecurityAdmin extends LeftAndMain {
|
||||
|
||||
return $memberListField->renderWith('MemberList_Table');
|
||||
}
|
||||
|
||||
function providePermissions() {
|
||||
return array(
|
||||
'EDIT_PERMISSIONS' => 'Edit Permissions on each Group',
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
Loading…
Reference in New Issue
Block a user