silverstripe-framework/admin/code/SecurityAdmin.php

<?php
/**
 * Security section of the CMS
 * @package cms
 * @subpackage security
 */
class SecurityAdmin extends LeftAndMain implements PermissionProvider {

	static $url_segment = 'security';
	
	static $url_rule = '/$Action/$ID/$OtherID';
	
	static $menu_title = 'Users';
	
	static $tree_class = 'Group';
	
	static $subitem_class = 'Member';
	
	static $allowed_actions = array(
		'EditForm',
		'MemberImportForm',
		'memberimport',
		'GroupImportForm',
		'groupimport',
	);

	/**
	 * @var Array
	 */
	static $hidden_permissions = array();

	public function init() {
		parent::init();
		Requirements::javascript(SAPPHIRE_ADMIN_DIR . '/javascript/SecurityAdmin.js');
	}
	
	public function getEditForm($id = null, $fields = null) {
		// TODO Duplicate record fetching (see parent implementation)
		if(!$id) $id = $this->currentPageID();
		$form = parent::getEditForm($id);
		
		// TODO Duplicate record fetching (see parent implementation)
		$record = $this->getRecord($id);
		if($record && !$record->canView()) return Security::permissionFailure($this);
		
		$memberList = Object::create('GridField',
			'Members', 
			false, 
			DataList::create('Member'), 
			$memberListConfig = GridFieldConfig_RecordEditor::create()
				->addComponent(new GridFieldExportButton())
		)->addExtraClass("members_grid");
		$memberListConfig->getComponentByType('GridFieldDetailForm')->setValidator(new Member_Validator());

		$groupList = Object::create('GridField',
			'Groups', 
			false, 
			DataList::create('Group'), 
			GridFieldConfig_RecordEditor::create()
		)->setDisplayFields(array(
			'Breadcrumbs' => singleton('Group')->fieldLabel('Title')
		));

		
		$fields = new FieldList(
			$root = new TabSet(
				'Root',
				new Tab('Users', _t('SecurityAdmin.Users', 'Users'),
					$memberList,
					new LiteralField('MembersCautionText', 
						sprintf('<p class="caution-remove"><strong>%s</strong></p>',
							_t(
								'SecurityAdmin.MemberListCaution', 
								'Caution: Removing members from this list will remove them from all groups and the database'
							)
						)
					)
				),
				new Tab('Groups', singleton('Group')->plural_name(),
					$groupList
				)
			),
			// necessary for tree node selection in LeftAndMain.EditForm.js
			new HiddenField('ID', false, 0)
		);
		
		$root->setTemplate('CMSTabSet');
		
		// Add roles editing interface
		if(Permission::check('APPLY_ROLES')) {
			$rolesField = new GridField(
				'Roles',
				false,
				DataList::create('PermissionRole'),
				GridFieldConfig_RecordEditor::create()
			);
			// $rolesCTF->setPermissions(array('add', 'edit', 'delete'));

			$rolesTab = $fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.TABROLES', 'Roles'));
			$rolesTab->push(new LiteralField(
				'RolesDescription', 
				''
			));
			$rolesTab->push($rolesField);
		}

		$fields->findOrMakeTab('Root.Import', _t('SecurityAdmin.TABIMPORT', 'Import'));
		$fields->addFieldToTab('Root.Import', 
			new LiteralField(
				'GroupImportFormIframe', 
				sprintf(
					'<iframe src="%s" id="GroupImportFormIframe" width="100%%" height="400px" border="0"></iframe>',
					$this->Link('groupimport')
				)
			)
		);

		$actions = new FieldList();
		
		$form = new Form(
			$this,
			'EditForm',
			$fields,
			$actions
		);
		$form->addExtraClass('cms-edit-form');
		$form->setTemplate($this->getTemplatesWithSuffix('_EditForm'));
		if($form->Fields()->hasTabset()) $form->Fields()->findOrMakeTab('Root')->setTemplate('CMSTabSet');
		$form->addExtraClass('center ss-tabset ' . $this->BaseCSSClasses());

		$this->extend('updateEditForm', $form);
					
		return $form;
	}
	
	public function memberimport() {
		Requirements::clear();
		Requirements::css(SAPPHIRE_ADMIN_DIR . '/css/screen.css');
		Requirements::javascript(THIRDPARTY_DIR . '/jquery/jquery.js');
		Requirements::javascript(THIRDPARTY_DIR . '/jquery-livequery/jquery.livequery.js');
		Requirements::css(SAPPHIRE_ADMIN_DIR . '/css/MemberImportForm.css');
		Requirements::javascript(SAPPHIRE_DIR . '/thirdparty/jquery-entwine/dist/jquery.entwine-dist.js');
		Requirements::javascript(SAPPHIRE_ADMIN_DIR . '/javascript/MemberImportForm.js');
		
		return $this->renderWith('BlankPage', array(
			'Form' => $this->MemberImportForm(),
			'Content' => ' '
		));
	}
	
	/**
	 * @see SecurityAdmin_MemberImportForm
	 * 
	 * @return Form
	 */
	public function MemberImportForm() {
		$group = $this->currentPage();
		$form = new MemberImportForm(
			$this,
			'MemberImportForm'
		);
		$form->setGroup($group);
		
		return $form;
	}
		
	public function groupimport() {
		Requirements::clear();
		Requirements::css(SAPPHIRE_ADMIN_DIR . '/css/screen.css');
		Requirements::javascript(THIRDPARTY_DIR . '/jquery/jquery.js');
		Requirements::javascript(THIRDPARTY_DIR . '/jquery-livequery/jquery.livequery.js');
		Requirements::css(SAPPHIRE_ADMIN_DIR . '/css/MemberImportForm.css');
		Requirements::javascript(SAPPHIRE_DIR . '/thirdparty/jquery-entwine/dist/jquery.entwine-dist.js');
		Requirements::javascript(SAPPHIRE_ADMIN_DIR . '/javascript/MemberImportForm.js');
		
		return $this->renderWith('BlankPage', array(
			'Content' => ' ',
			'Form' => $this->GroupImportForm()
		));
	}
	
	/**
	 * @see SecurityAdmin_MemberImportForm
	 * 
	 * @return Form
	 */
	public function GroupImportForm() {
		$form = new GroupImportForm(
			$this,
			'GroupImportForm'
		);
		
		return $form;
	}

	public function Breadcrumbs($unlinked = false) {
		$crumbs = parent::Breadcrumbs($unlinked);

		// Name root breadcrumb based on which record is edited,
		// which can only be determined by looking for the fieldname of the GridField.
		// Note: Titles should be same titles as tabs in RootForm().
		$params = $this->request->allParams();
		if(isset($params['FieldName'])) {
			if($params['FieldName'] == 'Groups') {
				$crumbs->First()->Title = singleton('Group')->plural_name();
			} elseif($params['FieldName'] == 'Users') {
				$crumbs->First()->Title = _t('SecurityAdmin.Users', 'Users');
			} elseif($params['FieldName'] == 'Roles') {
				$crumbs->First()->Title = _t('SecurityAdmin.TABROLES', 'Roles');
			}
		} else {
			// Avoid writing "Users" (the controller menu title) as a breadcrumb
			// because its confusing and inaccurate.
			$crumbs = new ArrayList();
		}

		return $crumbs;
	}

	function providePermissions() {
		$title = _t("SecurityAdmin.MENUTITLE", LeftAndMain::menu_title_for_class($this->class));
		return array(
			"CMS_ACCESS_SecurityAdmin" => array(
				'name' => sprintf(_t('CMSMain.ACCESS', "Access to '%s' section"), $title),
				'category' => _t('Permission.CMS_ACCESS_CATEGORY', 'CMS Access'),
				'help' => _t(
					'SecurityAdmin.ACCESS_HELP',
					'Allow viewing, adding and editing users, as well as assigning permissions and roles to them.'
				)
			),
			'EDIT_PERMISSIONS' => array(
				'name' => _t('SecurityAdmin.EDITPERMISSIONS', 'Manage permissions for groups'),
				'category' => _t('Permissions.PERMISSIONS_CATEGORY', 'Roles and access permissions'),
				'help' => _t('SecurityAdmin.EDITPERMISSIONS_HELP', 'Ability to edit Permissions and IP Addresses for a group. Requires the "Access to \'Security\' section" permission.'),
				'sort' => 0
			),
			'APPLY_ROLES' => array(
				'name' => _t('SecurityAdmin.APPLY_ROLES', 'Apply roles to groups'),
				'category' => _t('Permissions.PERMISSIONS_CATEGORY', 'Roles and access permissions'),
				'help' => _t('SecurityAdmin.APPLY_ROLES_HELP', 'Ability to edit the roles assigned to a group. Requires the "Access to \'Users\' section" permission.'),
				'sort' => 0
			)
		);
	}
	
	/**
	 * The permissions represented in the $codes will not appearing in the form
	 * containing {@link PermissionCheckboxSetField} so as not to be checked / unchecked.
	 * 
	 * @param $codes String|Array
	 */
	static function add_hidden_permission($codes){
		if(is_string($codes)) $codes = array($codes);
		self::$hidden_permissions = array_merge(self::$hidden_permissions, $codes);
	}
	
	/**
	 * @param $codes String|Array
	 */
	static function remove_hidden_permission($codes){
		if(is_string($codes)) $codes = array($codes);
		self::$hidden_permissions = array_diff(self::$hidden_permissions, $codes);
	}
	
	/**
	 * @return Array
	 */
	static function get_hidden_permissions(){
		return self::$hidden_permissions;
	}
	
	/**
	 * Clear all permissions previously hidden with {@link add_hidden_permission}
	 */
	static function clear_hidden_permissions(){
		self::$hidden_permissions = array();
	}
}
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`<?php`
			`/**`
			`* Security section of the CMS`
			`* @package cms`
			`* @subpackage security`
			`*/`
			`class SecurityAdmin extends LeftAndMain implements PermissionProvider {`

			`static $url_segment = 'security';`

			`static $url_rule = '/$Action/$ID/$OtherID';`

MINOR Renaming CMSMenu entries 2011-03-31 11:10:32 +02:00			`static $menu_title = 'Users';`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00
			`static $tree_class = 'Group';`

			`static $subitem_class = 'Member';`

			`static $allowed_actions = array(`
			`'EditForm',`
			`'MemberImportForm',`
			`'memberimport',`
			`'GroupImportForm',`
			`'groupimport',`
			`);`

			`/**`
			`* @var Array`
			`*/`
			`static $hidden_permissions = array();`

			`public function init() {`
			`parent::init();`
ENHANCEMENT Using new *_Content templates for ModelAdmin and SecurityAdmin 2011-04-19 08:04:55 +02:00			`Requirements::javascript(SAPPHIRE_ADMIN_DIR . '/javascript/SecurityAdmin.js');`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`}`

MINOR SecurityAdmin::getEditForm should have same signature as LeftAndMain::getEditForm 2012-01-23 17:12:49 +01:00			`public function getEditForm($id = null, $fields = null) {`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`// TODO Duplicate record fetching (see parent implementation)`
			`if(!$id) $id = $this->currentPageID();`
			`$form = parent::getEditForm($id);`

			`// TODO Duplicate record fetching (see parent implementation)`
			`$record = $this->getRecord($id);`
			`if($record && !$record->canView()) return Security::permissionFailure($this);`

ENHANCEMENT Replaced SecurityAdmin tree view for groups with three top-level tabs: "Users", "Groups" and "Roles" 2012-03-05 18:31:52 +01:00			`$memberList = Object::create('GridField',`
			`'Members',`
			`false,`
			`DataList::create('Member'),`
			`$memberListConfig = GridFieldConfig_RecordEditor::create()`
API CHANGE: Renaming of gridfield components #6921 2012-03-09 00:54:02 +01:00			`->addComponent(new GridFieldExportButton())`
ENHANCEMENT Replaced SecurityAdmin tree view for groups with three top-level tabs: "Users", "Groups" and "Roles" 2012-03-05 18:31:52 +01:00			`)->addExtraClass("members_grid");`
API CHANGE: Renaming of gridfield components #6921 2012-03-09 00:54:02 +01:00			`$memberListConfig->getComponentByType('GridFieldDetailForm')->setValidator(new Member_Validator());`
ENHANCEMENT Replaced SecurityAdmin tree view for groups with three top-level tabs: "Users", "Groups" and "Roles" 2012-03-05 18:31:52 +01:00
			`$groupList = Object::create('GridField',`
			`'Groups',`
			`false,`
			`DataList::create('Group'),`
			`GridFieldConfig_RecordEditor::create()`
			`)->setDisplayFields(array(`
			`'Breadcrumbs' => singleton('Group')->fieldLabel('Title')`
			`));`

MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00
API CHANGE: Deprecated CompositeField->FieldSet() in favour of CompositeField->FieldList(). MINOR: Replaced usage of FieldSet with FieldList. MINOR: Renamed FieldSetTest to FieldListTest. 2011-05-11 09:51:54 +02:00			`$fields = new FieldList(`
MINOR tweaks to SecurityAdmin layout 2011-10-29 04:41:40 +02:00			`$root = new TabSet(`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`'Root',`
ENHANCEMENT Replaced SecurityAdmin tree view for groups with three top-level tabs: "Users", "Groups" and "Roles" 2012-03-05 18:31:52 +01:00			`new Tab('Users', _t('SecurityAdmin.Users', 'Users'),`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`$memberList,`
			`new LiteralField('MembersCautionText',`
			`sprintf('<p class="caution-remove"><strong>%s</strong></p>',`
			`_t(`
			`'SecurityAdmin.MemberListCaution',`
			`'Caution: Removing members from this list will remove them from all groups and the database'`
			`)`
			`)`
			`)`
			`),`
ENHANCEMENT Replaced SecurityAdmin tree view for groups with three top-level tabs: "Users", "Groups" and "Roles" 2012-03-05 18:31:52 +01:00			`new Tab('Groups', singleton('Group')->plural_name(),`
			`$groupList`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`)`
			`),`
			`// necessary for tree node selection in LeftAndMain.EditForm.js`
			`new HiddenField('ID', false, 0)`
			`);`
MINOR tweaks to SecurityAdmin layout 2011-10-29 04:41:40 +02:00
			`$root->setTemplate('CMSTabSet');`

MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`// Add roles editing interface`
			`if(Permission::check('APPLY_ROLES')) {`
ENHANCEMENT Using GridField to edit roles in SecurityAdmin 2012-03-05 14:04:19 +01:00			`$rolesField = new GridField(`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`'Roles',`
ENHANCEMENT Using GridField to edit roles in SecurityAdmin 2012-03-05 14:04:19 +01:00			`false,`
			`DataList::create('PermissionRole'),`
			`GridFieldConfig_RecordEditor::create()`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`);`
ENHANCEMENT Using GridField to edit roles in SecurityAdmin 2012-03-05 14:04:19 +01:00			`// $rolesCTF->setPermissions(array('add', 'edit', 'delete'));`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00
			`$rolesTab = $fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.TABROLES', 'Roles'));`
			`$rolesTab->push(new LiteralField(`
			`'RolesDescription',`
			`''`
			`));`
ENHANCEMENT Using GridField to edit roles in SecurityAdmin 2012-03-05 14:04:19 +01:00			`$rolesTab->push($rolesField);`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`}`

ENHANCEMENT Replaced SecurityAdmin tree view for groups with three top-level tabs: "Users", "Groups" and "Roles" 2012-03-05 18:31:52 +01:00			`$fields->findOrMakeTab('Root.Import', _t('SecurityAdmin.TABIMPORT', 'Import'));`
			`$fields->addFieldToTab('Root.Import',`
			`new LiteralField(`
			`'GroupImportFormIframe',`
			`sprintf(`
			`'<iframe src="%s" id="GroupImportFormIframe" width="100%%" height="400px" border="0"></iframe>',`
			`$this->Link('groupimport')`
			`)`
			`)`
			`);`

MINOR Removed obsolete "add member" button in SecurityAdmin, now handled through GridField (SSF-53) 2012-03-01 17:06:30 +01:00			`$actions = new FieldList();`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00
			`$form = new Form(`
			`$this,`
			`'EditForm',`
			`$fields,`
			`$actions`
			`);`
MINOR Using '.cms-edit-form' instead of '#Form_EditForm' selector 2011-03-31 10:52:29 +02:00			`$form->addExtraClass('cms-edit-form');`
MINOR Merging SecurityAdmin->getEditForm() with RootForm(), in order to have the form fields consistently available (there's no longer a distinction between edit/root) 2012-03-06 00:59:19 +01:00			`$form->setTemplate($this->getTemplatesWithSuffix('_EditForm'));`
			`if($form->Fields()->hasTabset()) $form->Fields()->findOrMakeTab('Root')->setTemplate('CMSTabSet');`
			`$form->addExtraClass('center ss-tabset ' . $this->BaseCSSClasses());`
API CHANGE Removed LeftAndMain->RootForm(), concept no longer applies in 3.0 UI. Use EmptyForm() or EditForm() 2012-03-08 18:20:11 +01:00
			`$this->extend('updateEditForm', $form);`
MINOR Merging SecurityAdmin->getEditForm() with RootForm(), in order to have the form fields consistently available (there's no longer a distinction between edit/root) 2012-03-06 00:59:19 +01:00
ENHANCEMENT Using new *_Content templates for ModelAdmin and SecurityAdmin 2011-04-19 08:04:55 +02:00			`return $form;`
			`}`

MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`public function memberimport() {`
			`Requirements::clear();`
MINOR Fixed SecurityAdmin styling 2012-01-07 18:57:14 +01:00			`Requirements::css(SAPPHIRE_ADMIN_DIR . '/css/screen.css');`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`Requirements::javascript(THIRDPARTY_DIR . '/jquery/jquery.js');`
			`Requirements::javascript(THIRDPARTY_DIR . '/jquery-livequery/jquery.livequery.js');`
MINOR Fixed paths due to file moving into sapphire/admin 2011-03-23 11:07:31 +01:00			`Requirements::css(SAPPHIRE_ADMIN_DIR . '/css/MemberImportForm.css');`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`Requirements::javascript(SAPPHIRE_DIR . '/thirdparty/jquery-entwine/dist/jquery.entwine-dist.js');`
MINOR Fixed paths due to file moving into sapphire/admin 2011-03-23 11:07:31 +01:00			`Requirements::javascript(SAPPHIRE_ADMIN_DIR . '/javascript/MemberImportForm.js');`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00
			`return $this->renderWith('BlankPage', array(`
MINOR Fixed SecurityAdmin styling 2012-01-07 18:57:14 +01:00			`'Form' => $this->MemberImportForm(),`
			`'Content' => ' '`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`));`
			`}`

			`/**`
			`* @see SecurityAdmin_MemberImportForm`
			`*`
			`* @return Form`
			`*/`
			`public function MemberImportForm() {`
			`$group = $this->currentPage();`
			`$form = new MemberImportForm(`
			`$this,`
			`'MemberImportForm'`
			`);`
			`$form->setGroup($group);`

			`return $form;`
			`}`

			`public function groupimport() {`
			`Requirements::clear();`
MINOR Fixed SecurityAdmin styling 2012-01-07 18:57:14 +01:00			`Requirements::css(SAPPHIRE_ADMIN_DIR . '/css/screen.css');`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`Requirements::javascript(THIRDPARTY_DIR . '/jquery/jquery.js');`
			`Requirements::javascript(THIRDPARTY_DIR . '/jquery-livequery/jquery.livequery.js');`
MINOR Fixed paths due to file moving into sapphire/admin 2011-03-23 11:07:31 +01:00			`Requirements::css(SAPPHIRE_ADMIN_DIR . '/css/MemberImportForm.css');`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`Requirements::javascript(SAPPHIRE_DIR . '/thirdparty/jquery-entwine/dist/jquery.entwine-dist.js');`
MINOR Fixed paths due to file moving into sapphire/admin 2011-03-23 11:07:31 +01:00			`Requirements::javascript(SAPPHIRE_ADMIN_DIR . '/javascript/MemberImportForm.js');`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00
			`return $this->renderWith('BlankPage', array(`
MINOR Cleaning $Content property explicitly for SecurityAdmin->groupimport() iframe 2011-12-18 18:18:44 +01:00			`'Content' => ' ',`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`'Form' => $this->GroupImportForm()`
			`));`
			`}`

			`/**`
			`* @see SecurityAdmin_MemberImportForm`
			`*`
			`* @return Form`
			`*/`
			`public function GroupImportForm() {`
			`$form = new GroupImportForm(`
			`$this,`
			`'GroupImportForm'`
			`);`

			`return $form;`
			`}`

ENHANCEMENT Replaced SecurityAdmin tree view for groups with three top-level tabs: "Users", "Groups" and "Roles" 2012-03-05 18:31:52 +01:00			`public function Breadcrumbs($unlinked = false) {`
			`$crumbs = parent::Breadcrumbs($unlinked);`

			`// Name root breadcrumb based on which record is edited,`
			`// which can only be determined by looking for the fieldname of the GridField.`
			`// Note: Titles should be same titles as tabs in RootForm().`
			`$params = $this->request->allParams();`
			`if(isset($params['FieldName'])) {`
			`if($params['FieldName'] == 'Groups') {`
			`$crumbs->First()->Title = singleton('Group')->plural_name();`
			`} elseif($params['FieldName'] == 'Users') {`
			`$crumbs->First()->Title = _t('SecurityAdmin.Users', 'Users');`
			`} elseif($params['FieldName'] == 'Roles') {`
			`$crumbs->First()->Title = _t('SecurityAdmin.TABROLES', 'Roles');`
			`}`
			`} else {`
			`// Avoid writing "Users" (the controller menu title) as a breadcrumb`
			`// because its confusing and inaccurate.`
			`$crumbs = new ArrayList();`
			`}`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00
ENHANCEMENT Replaced SecurityAdmin tree view for groups with three top-level tabs: "Users", "Groups" and "Roles" 2012-03-05 18:31:52 +01:00			`return $crumbs;`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`}`

			`function providePermissions() {`
BUGFIX Restored old permission code model, broken due to new controller structure. Introduced LeftAndMain::$required_permission_codes as a way to control permissions independently of subclasses, and "cluster" multiple classes under a single code. 2012-03-05 16:07:20 +01:00			`$title = _t("SecurityAdmin.MENUTITLE", LeftAndMain::menu_title_for_class($this->class));`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`return array(`
BUGFIX Restored old permission code model, broken due to new controller structure. Introduced LeftAndMain::$required_permission_codes as a way to control permissions independently of subclasses, and "cluster" multiple classes under a single code. 2012-03-05 16:07:20 +01:00			`"CMS_ACCESS_SecurityAdmin" => array(`
			`'name' => sprintf(_t('CMSMain.ACCESS', "Access to '%s' section"), $title),`
			`'category' => _t('Permission.CMS_ACCESS_CATEGORY', 'CMS Access'),`
			`'help' => _t(`
			`'SecurityAdmin.ACCESS_HELP',`
			`'Allow viewing, adding and editing users, as well as assigning permissions and roles to them.'`
			`)`
			`),`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`'EDIT_PERMISSIONS' => array(`
			`'name' => _t('SecurityAdmin.EDITPERMISSIONS', 'Manage permissions for groups'),`
			`'category' => _t('Permissions.PERMISSIONS_CATEGORY', 'Roles and access permissions'),`
			`'help' => _t('SecurityAdmin.EDITPERMISSIONS_HELP', 'Ability to edit Permissions and IP Addresses for a group. Requires the "Access to \'Security\' section" permission.'),`
			`'sort' => 0`
			`),`
			`'APPLY_ROLES' => array(`
			`'name' => _t('SecurityAdmin.APPLY_ROLES', 'Apply roles to groups'),`
			`'category' => _t('Permissions.PERMISSIONS_CATEGORY', 'Roles and access permissions'),`
BUGFIX Restored old permission code model, broken due to new controller structure. Introduced LeftAndMain::$required_permission_codes as a way to control permissions independently of subclasses, and "cluster" multiple classes under a single code. 2012-03-05 16:07:20 +01:00			`'help' => _t('SecurityAdmin.APPLY_ROLES_HELP', 'Ability to edit the roles assigned to a group. Requires the "Access to \'Users\' section" permission.'),`
MINOR Moved LeftAndMain, SecurityAdmin, ModelAdmin and related functionality from 'cms' module to sapphire/admin 2011-03-23 10:51:00 +01:00			`'sort' => 0`
			`)`
			`);`
			`}`

			`/**`
			`* The permissions represented in the $codes will not appearing in the form`
			`* containing {@link PermissionCheckboxSetField} so as not to be checked / unchecked.`
			`*`
			`* @param $codes String\|Array`
			`*/`
			`static function add_hidden_permission($codes){`
			`if(is_string($codes)) $codes = array($codes);`
			`self::$hidden_permissions = array_merge(self::$hidden_permissions, $codes);`
			`}`

			`/**`
			`* @param $codes String\|Array`
			`*/`
			`static function remove_hidden_permission($codes){`
			`if(is_string($codes)) $codes = array($codes);`
			`self::$hidden_permissions = array_diff(self::$hidden_permissions, $codes);`
			`}`

			`/**`
			`* @return Array`
			`*/`
			`static function get_hidden_permissions(){`
			`return self::$hidden_permissions;`
			`}`

			`/**`
			`* Clear all permissions previously hidden with {@link add_hidden_permission}`
			`*/`
			`static function clear_hidden_permissions(){`
			`self::$hidden_permissions = array();`
			`}`
ENHANCEMENT Replaced SecurityAdmin tree view for groups with three top-level tabs: "Users", "Groups" and "Roles" 2012-03-05 18:31:52 +01:00			`}`