2009-10-15 22:27:56 +00:00
|
|
|
<?php
|
2016-06-15 16:03:16 +12:00
|
|
|
|
2016-06-23 11:37:22 +12:00
|
|
|
namespace SilverStripe\Security;
|
|
|
|
|
2016-06-15 16:03:16 +12:00
|
|
|
use SilverStripe\ORM\DataObject;
|
2017-02-05 08:41:31 +13:00
|
|
|
use SilverStripe\Security\PermissionRole;
|
2016-06-23 11:37:22 +12:00
|
|
|
|
2009-10-15 22:27:56 +00:00
|
|
|
/**
|
|
|
|
* A PermissionRoleCode represents a single permission code assigned to a {@link PermissionRole}.
|
2014-08-15 18:53:05 +12:00
|
|
|
*
|
2014-01-25 22:17:17 -05:00
|
|
|
* @property string Code
|
|
|
|
* @property int RoleID
|
|
|
|
* @method PermissionRole Role()
|
2009-10-15 22:27:56 +00:00
|
|
|
*/
|
2016-11-29 12:31:16 +13:00
|
|
|
class PermissionRoleCode extends DataObject
|
|
|
|
{
|
2020-04-20 18:58:09 +01:00
|
|
|
private static $db = [
|
2016-11-23 18:09:10 +13:00
|
|
|
"Code" => "Varchar",
|
2020-04-20 18:58:09 +01:00
|
|
|
];
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2020-04-20 18:58:09 +01:00
|
|
|
private static $has_one = [
|
2017-02-05 08:41:31 +13:00
|
|
|
"Role" => PermissionRole::class,
|
2020-04-20 18:58:09 +01:00
|
|
|
];
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
private static $table_name = "PermissionRoleCode";
|
2022-01-05 09:40:12 +13:00
|
|
|
|
|
|
|
private static $indexes = [
|
|
|
|
"Code" => true,
|
|
|
|
];
|
2016-11-29 12:31:16 +13:00
|
|
|
|
|
|
|
public function validate()
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
$result = parent::validate();
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2016-11-23 18:09:10 +13:00
|
|
|
// Check that new code doesn't increase privileges, unless an admin is editing.
|
|
|
|
$privilegedCodes = Permission::config()->privileged_permissions;
|
2016-11-29 12:31:16 +13:00
|
|
|
if ($this->Code
|
2022-04-14 13:12:59 +12:00
|
|
|
&& in_array($this->Code, $privilegedCodes ?? [])
|
2016-11-23 18:09:10 +13:00
|
|
|
&& !Permission::check('ADMIN')
|
|
|
|
) {
|
2017-02-05 08:41:31 +13:00
|
|
|
$result->addError(
|
2016-11-23 18:09:10 +13:00
|
|
|
_t(
|
2017-02-05 08:41:31 +13:00
|
|
|
__CLASS__ . '.PermsError',
|
|
|
|
'Can\'t assign code "{code}" with privileged permissions (requires ADMIN access)',
|
|
|
|
['code' => $this->Code]
|
|
|
|
)
|
|
|
|
);
|
2016-11-23 18:09:10 +13:00
|
|
|
}
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
2020-04-20 18:58:09 +01:00
|
|
|
public function canCreate($member = null, $context = [])
|
2016-11-29 12:31:16 +13:00
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return Permission::check('APPLY_ROLES', 'any', $member);
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
|
|
|
public function canEdit($member = null)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return Permission::check('APPLY_ROLES', 'any', $member);
|
|
|
|
}
|
2016-11-29 12:31:16 +13:00
|
|
|
|
|
|
|
public function canDelete($member = null)
|
|
|
|
{
|
2016-11-23 18:09:10 +13:00
|
|
|
return Permission::check('APPLY_ROLES', 'any', $member);
|
|
|
|
}
|
2012-03-24 16:04:52 +13:00
|
|
|
}
|