silverstripe-framework/Security/PermissionRoleCode.php

64 lines
1.4 KiB
PHP
Raw Normal View History

<?php
2016-06-23 11:37:22 +12:00
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
2016-06-23 11:37:22 +12:00
/**
* A PermissionRoleCode represents a single permission code assigned to a {@link PermissionRole}.
2014-08-15 18:53:05 +12:00
*
* @package framework
* @subpackage security
*
* @property string Code
*
* @property int RoleID
*
* @method PermissionRole Role()
*/
class PermissionRoleCode extends DataObject {
private static $db = array(
"Code" => "Varchar",
);
2014-08-15 18:53:05 +12:00
private static $has_one = array(
2016-06-23 11:37:22 +12:00
"Role" => "SilverStripe\\Security\\PermissionRole",
);
2016-06-23 11:37:22 +12:00
private static $table_name = "PermissionRoleCode";
2015-06-17 15:51:30 +12:00
public function validate() {
$result = parent::validate();
// Check that new code doesn't increase privileges, unless an admin is editing.
2016-06-23 11:37:22 +12:00
$privilegedCodes = Permission::config()->privileged_permissions;
if(
$this->Code
&& in_array($this->Code, $privilegedCodes)
&& !Permission::check('ADMIN')
) {
$result->error(sprintf(
_t(
'PermissionRoleCode.PermsError',
'Can\'t assign code "%s" with privileged permissions (requires ADMIN access)'
),
$this->Code
));
}
return $result;
}
public function canCreate($member = null, $context = array()) {
return Permission::check('APPLY_ROLES', 'any', $member);
}
public function canEdit($member = null) {
return Permission::check('APPLY_ROLES', 'any', $member);
}
public function canDelete($member = null) {
return Permission::check('APPLY_ROLES', 'any', $member);
}
}