2009-10-15 22:27:56 +00:00
|
|
|
<?php
|
2016-06-15 16:03:16 +12:00
|
|
|
|
2016-06-23 11:37:22 +12:00
|
|
|
namespace SilverStripe\Security;
|
|
|
|
|
2016-06-15 16:03:16 +12:00
|
|
|
use SilverStripe\ORM\DataObject;
|
2016-06-23 11:37:22 +12:00
|
|
|
use SilverStripe\ORM\HasManyList;
|
|
|
|
use SilverStripe\ORM\ManyManyList;
|
|
|
|
|
2009-10-15 22:27:56 +00:00
|
|
|
/**
|
|
|
|
* A PermissionRole represents a collection of permission codes that can be applied to groups.
|
2014-08-15 18:53:05 +12:00
|
|
|
*
|
2009-10-15 22:27:56 +00:00
|
|
|
* Because permission codes are very granular, this lets website administrators create more
|
|
|
|
* business-oriented units of access control - Roles - and assign those to groups.
|
2014-08-15 18:53:05 +12:00
|
|
|
*
|
2010-05-11 21:20:13 +00:00
|
|
|
* If the <b>OnlyAdminCanApply</b> property is set to TRUE, the role can only be assigned
|
|
|
|
* to new groups by a user with ADMIN privileges. This is a simple way to prevent users
|
|
|
|
* with access to {@link SecurityAdmin} (but no ADMIN privileges) to get themselves ADMIN access
|
|
|
|
* (which might be implied by certain roles).
|
2014-08-15 18:53:05 +12:00
|
|
|
*
|
2014-01-25 22:17:17 -05:00
|
|
|
* @property string Title
|
|
|
|
* @property string OnlyAdminCanApply
|
|
|
|
*
|
|
|
|
* @method HasManyList Codes() List of PermissionRoleCode objects
|
|
|
|
* @method ManyManyList Groups() List of Group objects
|
2009-10-15 22:27:56 +00:00
|
|
|
*/
|
|
|
|
class PermissionRole extends DataObject {
|
2013-03-21 19:48:54 +01:00
|
|
|
private static $db = array(
|
2009-10-15 22:27:56 +00:00
|
|
|
"Title" => "Varchar",
|
2009-10-29 22:07:44 +00:00
|
|
|
"OnlyAdminCanApply" => "Boolean"
|
2009-10-15 22:27:56 +00:00
|
|
|
);
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2013-03-21 19:48:54 +01:00
|
|
|
private static $has_many = array(
|
2016-06-23 11:37:22 +12:00
|
|
|
"Codes" => "SilverStripe\\Security\\PermissionRoleCode",
|
2009-10-15 22:27:56 +00:00
|
|
|
);
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2013-03-21 19:48:54 +01:00
|
|
|
private static $belongs_many_many = array(
|
2016-06-23 11:37:22 +12:00
|
|
|
"Groups" => "SilverStripe\\Security\\Group",
|
2009-10-15 22:27:56 +00:00
|
|
|
);
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2016-06-23 11:37:22 +12:00
|
|
|
private static $table_name = "PermissionRole";
|
|
|
|
|
2013-03-21 19:48:54 +01:00
|
|
|
private static $default_sort = '"Title"';
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2013-03-21 19:48:54 +01:00
|
|
|
private static $singular_name = 'Role';
|
2010-03-10 02:23:41 +00:00
|
|
|
|
2013-03-21 19:48:54 +01:00
|
|
|
private static $plural_name = 'Roles';
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function getCMSFields() {
|
2012-04-13 15:46:47 +02:00
|
|
|
$fields = parent::getCMSFields();
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2009-10-15 22:28:11 +00:00
|
|
|
$fields->removeFieldFromTab('Root', 'Codes');
|
|
|
|
$fields->removeFieldFromTab('Root', 'Groups');
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2010-03-10 02:23:41 +00:00
|
|
|
$fields->addFieldToTab(
|
2014-08-15 18:53:05 +12:00
|
|
|
'Root.Main',
|
2010-03-10 02:23:41 +00:00
|
|
|
$permissionField = new PermissionCheckboxSetField(
|
|
|
|
'Codes',
|
2016-06-23 11:37:22 +12:00
|
|
|
Permission::singleton()->i18n_plural_name(),
|
|
|
|
'SilverStripe\\Security\\PermissionRoleCode',
|
2010-03-10 02:23:41 +00:00
|
|
|
'RoleID'
|
|
|
|
)
|
|
|
|
);
|
2013-03-21 19:48:54 +01:00
|
|
|
$permissionField->setHiddenPermissions(
|
2016-06-23 11:37:22 +12:00
|
|
|
Permission::config()->hidden_permissions
|
2013-03-21 19:48:54 +01:00
|
|
|
);
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2009-10-15 22:28:11 +00:00
|
|
|
return $fields;
|
|
|
|
}
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function onAfterDelete() {
|
2009-12-10 03:44:35 +00:00
|
|
|
parent::onAfterDelete();
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2009-12-10 03:44:35 +00:00
|
|
|
// Delete associated permission codes
|
|
|
|
$codes = $this->Codes();
|
|
|
|
foreach ( $codes as $code ) {
|
|
|
|
$code->delete();
|
|
|
|
}
|
|
|
|
}
|
2012-09-11 13:53:09 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function fieldLabels($includerelations = true) {
|
2012-09-11 13:53:09 +02:00
|
|
|
$labels = parent::fieldLabels($includerelations);
|
|
|
|
$labels['Title'] = _t('PermissionRole.Title', 'Title');
|
|
|
|
$labels['OnlyAdminCanApply'] = _t(
|
2014-08-15 18:53:05 +12:00
|
|
|
'PermissionRole.OnlyAdminCanApply',
|
2012-09-11 13:53:09 +02:00
|
|
|
'Only admin can apply',
|
|
|
|
'Checkbox to limit which user can apply this role'
|
|
|
|
);
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2012-09-11 13:53:09 +02:00
|
|
|
return $labels;
|
|
|
|
}
|
2013-08-30 13:59:38 +02:00
|
|
|
|
|
|
|
public function canView($member = null) {
|
|
|
|
return Permission::check('APPLY_ROLES', 'any', $member);
|
|
|
|
}
|
|
|
|
|
2015-06-09 11:31:07 +12:00
|
|
|
public function canCreate($member = null, $context = array()) {
|
2013-08-30 13:59:38 +02:00
|
|
|
return Permission::check('APPLY_ROLES', 'any', $member);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function canEdit($member = null) {
|
|
|
|
return Permission::check('APPLY_ROLES', 'any', $member);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function canDelete($member = null) {
|
|
|
|
return Permission::check('APPLY_ROLES', 'any', $member);
|
|
|
|
}
|
2009-10-15 22:28:11 +00:00
|
|
|
}
|