tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-27 11:56:23 +02:00
Code Issues Projects Releases Wiki Activity
41b91d4a39
silverstripe-framework/security/PermissionCheckboxSetField.php

193 lines
6.4 KiB
PHP
Raw Normal View History

MINOR permissions on Groups and Roles are now handled by a checkbox set field git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 00:03:35 +01:00
<?php
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
/**
* Shows a categorized list of available permissions (through {@link Permission::get_codes()}).
* Permissions which are assigned to a given {@link Group} record
* (either directly, inherited from parent groups, or through a {@link PermissionRole})
* will be checked automatically. All checkboxes for "inherited" permissions will be readonly.
*
* @package sapphire
* @subpackage security
*/
class PermissionCheckboxSetField extends FormField {
API CHANGE Refactored hiding of Permissions added in r92428. Added PermissionCheckboxSetField?->setHiddenPermissions() (from r92865) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92878 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 12:05:13 +01:00
/**
* @var Array Filter certain permission codes from the output.
* Useful to simplify the interface
*/
protected $hiddenPermissions = array();
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
/**
* @var DataObjectSet
*/
protected $groups = null;
/**
* @var array Array Nested array in same notation as {@link CheckboxSetField}.
*/
protected $source = null;
/**
* @param String $name
* @param String $title
* @param String $managedClass
* @param String $filterField
* @param Group|DataObjectSet $groups One or more {@link Group} records used to determine permission checkboxes.
* Caution: saveInto() can only be used with a single group, all inherited permissions will be marked readonly.
* Setting multiple groups only makes sense in a readonly context. (Optional)
*/
function __construct($name, $title, $managedClass, $filterField, $groups = null) {
MINOR permissions on Groups and Roles are now handled by a checkbox set field git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 00:03:35 +01:00
$this->filterField = $filterField;
$this->managedClass = $managedClass;
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
if(is_a($groups, 'DataObjectSet')) {
$this->groups = $groups;
} elseif(is_a($groups, 'Group')) {
$this->groups = new DataObjectSet($groups);
} elseif($groups) {
throw new InvalidArgumentException('$group should be either a Group record, or a DataObjectSet of Group records');
}
// Get all available codes in the system as a categorized nested array
$this->source = Permission::get_codes(true);
parent::__construct($name, $title);
MINOR permissions on Groups and Roles are now handled by a checkbox set field git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 00:03:35 +01:00
}
API CHANGE Refactored hiding of Permissions added in r92428. Added PermissionCheckboxSetField?->setHiddenPermissions() (from r92865) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92878 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 12:05:13 +01:00
/**
* @param Array $codes
*/
function setHiddenPermissions($codes) {
$this->hiddenPermissions = $codes;
}
/**
* @return Array
*/
function getHiddenPermissions() {
return $this->hiddenPermissions;
}
MINOR permissions on Groups and Roles are now handled by a checkbox set field git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 00:03:35 +01:00
function Field() {
Requirements::css(SAPPHIRE_DIR . '/css/CheckboxSetField.css');
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
// Get existing values from the form record (assuming the formfield name is a join field on the record)
$uninheritedCodes = array();
MINOR permissions on Groups and Roles are now handled by a checkbox set field git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 00:03:35 +01:00
if(is_object($this->form)) {
$record = $this->form->getRecord();
if ($record && $record->hasMethod($this->name)) {
$funcName = $this->name;
$join = $record->$funcName();
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
if($join) foreach($join as $joinItem) {
$uninheritedCodes[$joinItem->Code] = $joinItem->Code;
MINOR permissions on Groups and Roles are now handled by a checkbox set field git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 00:03:35 +01:00
}
}
}
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
// Get all 'inherited' codes not directly assigned to the group (which is stored in $values)
$inheritedCodes = array();
if($this->groups) foreach($this->groups as $group) {
// Get all uninherited permissions
foreach($group->Permissions() as $permission) {
$uninheritedCodes[$permission->Code] = $permission->Code;
}
// Get all permissions from roles
if ($group->Roles()->Count()) {
foreach($group->Roles() as $role) {
MINOR update PermissionCheckboxSetField to look at roles on the actual group git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90677 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:00:54 +01:00
foreach($role->Codes() as $code) {
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
if (!isset($inheritedCodes[$code->Code])) $inheritedCodes[$code->Code] = array();
// TODO i18n
$inheritedCodes[$code->Code][] = 'from role '.$role->Title;
MINOR update PermissionCheckboxSetField to look at roles on the actual group git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90677 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:00:54 +01:00
}
}
}
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
// Get from parent groups
$parentGroups = $group->getAncestors();
MINOR update PermissionCheckboxSetField to look at roles on the actual group git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90677 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:00:54 +01:00
if ($parentGroups) {
foreach ($parentGroups as $parent) {
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
if (!$parent->Roles()->Count()) continue;
foreach($parent->Roles() as $role) {
if ($role->Codes()) {
foreach($role->Codes() as $code) {
if (!isset($inheritedCodes[$code->Code])) $inheritedCodes[$code->Code] = array();
// TODO i18n
$inheritedCodes[$code->Code][] = 'role '.$role->Title.' on group '.$parent->Title;
MINOR update PermissionCheckboxSetField to look at roles on the actual group git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90677 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:00:54 +01:00
}
}
}
if ($parent->Permissions()->Count()) {
foreach($parent->Permissions() as $permission) {
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
if (!isset($inheritedCodes[$permission->Code])) $inheritedCodes[$permission->Code] = array();
// TODO i18n
$inheritedCodes[$permission->Code][] = 'group '.$parent->Title;
MINOR update PermissionCheckboxSetField to look at roles on the actual group git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90677 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:00:54 +01:00
}
}
}
}
}
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
$odd = 0;
$options = '';
if($this->source) {
// loop through all available categorized permissions and see if they're assigned for the given groups
foreach($this->source as $categoryName => $permissions) {
MINOR permissions on Groups and Roles are now handled by a checkbox set field git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 00:03:35 +01:00
$options .= "<li><h5>$categoryName</h5></li>";
foreach($permissions as $code => $permission) {
API CHANGE Refactored hiding of Permissions added in r92428. Added PermissionCheckboxSetField?->setHiddenPermissions() (from r92865) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92878 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 12:05:13 +01:00
if(in_array($code, $this->hiddenPermissions)) continue;
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
MINOR permissions on Groups and Roles are now handled by a checkbox set field git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 00:03:35 +01:00
$value = $permission['name'];
$odd = ($odd + 1) % 2;
$extraClass = $odd ? 'odd' : 'even';
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
$extraClass .= ' val' . str_replace(' ', '', $code);
$itemID = $this->id() . '_' . ereg_replace('[^a-zA-Z0-9]+', '', $code);
MINOR update PermissionCheckboxSetField to look at roles on the actual group git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90677 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:00:54 +01:00
$checked = $disabled = $inheritMessage = '';
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
$checked = in_array($code, $uninheritedCodes) ? ' checked="checked"' : '';
$title = $permission['help'] ? 'title="' . htmlentities($permission['help']) . '" ' : '';
MINOR update PermissionCheckboxSetField to look at roles on the actual group git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90677 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:00:54 +01:00
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
if (isset($inheritedCodes[$code])) {
// disable inherited codes, as any saving logic would be too complicate to express in this interface
MINOR update PermissionCheckboxSetField to look at roles on the actual group git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90677 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:00:54 +01:00
$disabled = ' disabled="true"';
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
// TODO i18n
$inheritMessage = ' inherited from ' . join(', ', $inheritedCodes[$code]) . '';
MINOR update PermissionCheckboxSetField to look at roles on the actual group git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90677 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:00:54 +01:00
$options .= "<li class=\"$extraClass\"><label {$title}for=\"$itemID\">$value is $inheritMessage</label></li>\n";
} else {
ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 01:55:02 +01:00
// uninherited (and hence editable) code checkbox
$options .= "<li class=\"$extraClass\"><input id=\"$itemID\"$disabled name=\"$this->name[$code]\" type=\"checkbox\" value=\"$code\"$checked class=\"checkbox\" /> <label {$title}for=\"$itemID\">$value$inheritMessage</label></li>\n";
MINOR update PermissionCheckboxSetField to look at roles on the actual group git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90677 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:00:54 +01:00
}
MINOR permissions on Groups and Roles are now handled by a checkbox set field git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 00:03:35 +01:00
}
}
}
return "<ul id=\"{$this->id()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n$options</ul>\n";
}
MINOR: added comment git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94856 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-10 04:26:30 +01:00
/**
* Update the permission set associated with $record DataObject
*
* @param DataObject $record
*/
MINOR permissions on Groups and Roles are now handled by a checkbox set field git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 00:03:35 +01:00
function saveInto(DataObject $record) {
$fieldname = $this->name;
$managedClass = $this->managedClass;
BUGFIX: removing permissions before re-applying them (previously it just removed the components on the relation which resulted in permissions having GroupID set to 0) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94810 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-09 23:53:59 +01:00
// remove all permissions and re-add them afterwards
$permissions = $record->$fieldname();
foreach ( $permissions as $permission ) {
$permission->delete();
}
MINOR permissions on Groups and Roles are now handled by a checkbox set field git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 00:03:35 +01:00
if($fieldname && $record && ($record->has_many($fieldname) || $record->many_many($fieldname))) {
$idList = array();
if($this->value) foreach($this->value as $id => $bool) {
if($bool) {
$perm = new $managedClass();
$perm->{$this->filterField} = $record->ID;
$perm->Code = $id;
$perm->write();
}
}
}
}
}
Reference in New Issue Copy Permalink