silverstripe-framework/security/PermissionRole.php

<?php
/**
 * A PermissionRole represents a collection of permission codes that can be applied to groups.
 * 
 * Because permission codes are very granular, this lets website administrators create more
 * business-oriented units of access control - Roles - and assign those to groups.
 * 
 * If the <b>OnlyAdminCanApply</b> property is set to TRUE, the role can only be assigned
 * to new groups by a user with ADMIN privileges. This is a simple way to prevent users
 * with access to {@link SecurityAdmin} (but no ADMIN privileges) to get themselves ADMIN access
 * (which might be implied by certain roles).
 * 
 * @package framework
 * @subpackage security
 */
class PermissionRole extends DataObject {
	static $db = array(
		"Title" => "Varchar",
		"OnlyAdminCanApply" => "Boolean"
	);
	
	static $has_many = array(
		"Codes" => "PermissionRoleCode",
	);
	
	static $belongs_many_many = array(
		"Groups" => "Group",
	);
	
	static $default_sort = '"Title"';
	
	static $singular_name = 'Role';

	static $plural_name = 'Roles';
	
	function getCMSFields() {
		$fields = parent::getCMSFields();
		
		$fields->removeFieldFromTab('Root', 'Codes');
		$fields->removeFieldFromTab('Root', 'Groups');
		
		$fields->addFieldToTab(
			'Root.Main', 
			$permissionField = new PermissionCheckboxSetField(
				'Codes',
				singleton('Permission')->i18n_plural_name(),
				'PermissionRoleCode',
				'RoleID'
			)
		);
		$permissionField->setHiddenPermissions(SecurityAdmin::$hidden_permissions);
		
		return $fields;
	}
	
	function onAfterDelete() {
		parent::onAfterDelete();
		
		// Delete associated permission codes
		$codes = $this->Codes();
		foreach ( $codes as $code ) {
			$code->delete();
		}
	}
}
API CHANGE: Added PermissionRole and PermissionRoleCode, along with relevant tests for the permission system. (from r85173) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89187 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:27:56 +02:00			`<?php`
			`/**`
			`* A PermissionRole represents a collection of permission codes that can be applied to groups.`
			`*`
			`* Because permission codes are very granular, this lets website administrators create more`
			`* business-oriented units of access control - Roles - and assign those to groups.`
MINOR Fixed phpdoc documentation (from r103385) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103388 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-04-23 02:25:47 +02:00			`*`
MINOR Documentation git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104610 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-05-11 23:20:13 +02:00			`* If the <b>OnlyAdminCanApply</b> property is set to TRUE, the role can only be assigned`
			`* to new groups by a user with ADMIN privileges. This is a simple way to prevent users`
			`* with access to {@link SecurityAdmin} (but no ADMIN privileges) to get themselves ADMIN access`
			`* (which might be implied by certain roles).`
			`*`
MINOR Update @package values to match renaming sapphire 2012-04-12 08:02:46 +02:00			`* @package framework`
MINOR Fixed phpdoc documentation (from r103385) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103388 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-04-23 02:25:47 +02:00			`* @subpackage security`
API CHANGE: Added PermissionRole and PermissionRoleCode, along with relevant tests for the permission system. (from r85173) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89187 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:27:56 +02:00			`*/`
			`class PermissionRole extends DataObject {`
			`static $db = array(`
			`"Title" => "Varchar",`
MINOR implement OnlyAdminCanApply git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90457 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-29 23:07:44 +01:00			`"OnlyAdminCanApply" => "Boolean"`
API CHANGE: Added PermissionRole and PermissionRoleCode, along with relevant tests for the permission system. (from r85173) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89187 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:27:56 +02:00			`);`

			`static $has_many = array(`
			`"Codes" => "PermissionRoleCode",`
			`);`

			`static $belongs_many_many = array(`
			`"Groups" => "Group",`
			`);`
FEATURE: Add a simple interface for administrating permission roles. (from r85297) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89189 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:28:11 +02:00
BUGFIX: default sort column now quoted git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103182 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-04-20 06:50:30 +02:00			`static $default_sort = '"Title"';`
FEATURE: Add a simple interface for administrating permission roles. (from r85297) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89189 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:28:11 +02:00
ENHANCEMENT Respecting SecurityAdmin::$hidden_permissions in PermissionRole->getCMSFields() MINOR Setting PermissionRole $singular_name and $plural_name git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100771 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-03-10 03:23:41 +01:00			`static $singular_name = 'Role';`

			`static $plural_name = 'Roles';`

API CHANGE Removed $params argument to DataObject->getCMSFields(), please use FormScaffolder directly (fixes #7135) 2012-04-13 15:46:47 +02:00			`function getCMSFields() {`
			`$fields = parent::getCMSFields();`
FEATURE: Add a simple interface for administrating permission roles. (from r85297) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89189 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:28:11 +02:00
			`$fields->removeFieldFromTab('Root', 'Codes');`
			`$fields->removeFieldFromTab('Root', 'Groups');`

ENHANCEMENT Respecting SecurityAdmin::$hidden_permissions in PermissionRole->getCMSFields() MINOR Setting PermissionRole $singular_name and $plural_name git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100771 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-03-10 03:23:41 +01:00			`$fields->addFieldToTab(`
			`'Root.Main',`
			`$permissionField = new PermissionCheckboxSetField(`
			`'Codes',`
			`singleton('Permission')->i18n_plural_name(),`
			`'PermissionRoleCode',`
			`'RoleID'`
			`)`
			`);`
			`$permissionField->setHiddenPermissions(SecurityAdmin::$hidden_permissions);`
FEATURE: Add a simple interface for administrating permission roles. (from r85297) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89189 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:28:11 +02:00
			`return $fields;`
			`}`
BUGFIX: adding onAfterDelete hooks to remove the no longer necessary permissions git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94859 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-12-10 04:44:35 +01:00
			`function onAfterDelete() {`
			`parent::onAfterDelete();`

			`// Delete associated permission codes`
			`$codes = $this->Codes();`
			`foreach ( $codes as $code ) {`
			`$code->delete();`
			`}`
			`}`
FEATURE: Add a simple interface for administrating permission roles. (from r85297) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89189 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:28:11 +02:00			`}`