2009-10-16 00:27:56 +02:00
|
|
|
<?php
|
2016-06-15 06:03:16 +02:00
|
|
|
|
2016-06-23 01:37:22 +02:00
|
|
|
namespace SilverStripe\Security;
|
|
|
|
|
2016-06-15 06:03:16 +02:00
|
|
|
use SilverStripe\ORM\DataObject;
|
2016-06-23 01:37:22 +02:00
|
|
|
|
2009-10-16 00:27:56 +02:00
|
|
|
/**
|
|
|
|
* A PermissionRoleCode represents a single permission code assigned to a {@link PermissionRole}.
|
2014-08-15 08:53:05 +02:00
|
|
|
*
|
2012-04-12 08:02:46 +02:00
|
|
|
* @package framework
|
2010-04-23 03:04:16 +02:00
|
|
|
* @subpackage security
|
2014-01-26 04:17:17 +01:00
|
|
|
*
|
|
|
|
* @property string Code
|
|
|
|
*
|
|
|
|
* @property int RoleID
|
|
|
|
*
|
|
|
|
* @method PermissionRole Role()
|
2009-10-16 00:27:56 +02:00
|
|
|
*/
|
|
|
|
class PermissionRoleCode extends DataObject {
|
2013-03-21 19:48:54 +01:00
|
|
|
private static $db = array(
|
2009-10-16 00:27:56 +02:00
|
|
|
"Code" => "Varchar",
|
|
|
|
);
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2013-03-21 19:48:54 +01:00
|
|
|
private static $has_one = array(
|
2016-06-23 01:37:22 +02:00
|
|
|
"Role" => "SilverStripe\\Security\\PermissionRole",
|
2009-10-16 00:27:56 +02:00
|
|
|
);
|
2013-08-30 13:59:38 +02:00
|
|
|
|
2016-06-23 01:37:22 +02:00
|
|
|
private static $table_name = "PermissionRoleCode";
|
|
|
|
|
2015-06-17 05:51:30 +02:00
|
|
|
public function validate() {
|
2013-08-30 13:59:38 +02:00
|
|
|
$result = parent::validate();
|
|
|
|
|
|
|
|
// Check that new code doesn't increase privileges, unless an admin is editing.
|
2016-06-23 01:37:22 +02:00
|
|
|
$privilegedCodes = Permission::config()->privileged_permissions;
|
2013-08-30 13:59:38 +02:00
|
|
|
if(
|
|
|
|
$this->Code
|
|
|
|
&& in_array($this->Code, $privilegedCodes)
|
|
|
|
&& !Permission::check('ADMIN')
|
|
|
|
) {
|
|
|
|
$result->error(sprintf(
|
|
|
|
_t(
|
|
|
|
'PermissionRoleCode.PermsError',
|
|
|
|
'Can\'t assign code "%s" with privileged permissions (requires ADMIN access)'
|
|
|
|
),
|
|
|
|
$this->Code
|
|
|
|
));
|
|
|
|
}
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
|
2015-06-09 01:31:07 +02:00
|
|
|
public function canCreate($member = null, $context = array()) {
|
2013-08-30 13:59:38 +02:00
|
|
|
return Permission::check('APPLY_ROLES', 'any', $member);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function canEdit($member = null) {
|
|
|
|
return Permission::check('APPLY_ROLES', 'any', $member);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function canDelete($member = null) {
|
|
|
|
return Permission::check('APPLY_ROLES', 'any', $member);
|
|
|
|
}
|
2012-03-24 04:04:52 +01:00
|
|
|
}
|