silverstripe-framework/security/OpenID/OpenIDAuthenticatedRole.php

145 lines
3.7 KiB
PHP
Raw Normal View History

<?php
/**
* OpenID authentication decorator
*
* @author Markus Lanthaler <markus@silverstripe.com>
*/
/**
* Decorator for the member class to support OpenID authentication
*
* This class adds the needed fields to the default member class to support
* authentication via OpenID.
*
* @author Markus Lanthaler <markus@silverstripe.com
*/
class OpenIDAuthenticatedRole extends DataObjectDecorator {
/**
* Define extra database fields
*
* Returns a map where the keys are db, has_one, etc, and the values are
* additional fields/relations to be defined
*
* @return array Returns a map where the keys are db, has_one, etc, and
* the values are additional fields/relations to be defined
*/
function extraDBFields() {
return array(
'db' => array('IdentityURL' => 'Varchar(255)'),
'has_one' => array(),
'defaults' => array('IdentityURL' => null),
'indexes' => array('IdentityURL' => 'unique (IdentityURL)')
);
}
/**
* Edit the given query object to support queries for this extension
*
* At the moment this method does nothing.
*
* @param SQLQuery $query Query to augment.
*/
function augmentSQL(SQLQuery &$query) {
}
/**
* Update the database schema as required by this extension
*
* At the moment this method does nothing.
*/
function augmentDatabase() {
}
/**
* Change the member dialog in the CMS
*
* This method updates the form in the member dialog to make it possible
* to edit the new database fields.
*/
function updateCMSFields(FieldSet &$fields) {
$fields->push(new HeaderField("OpenID/i-name credentials"), "OpenIDHeader");
$fields->push(new LiteralField("OpenIDDescription",
"<p>Make sure you enter your normalized OpenID/i-name credentials " .
"here, i.e. with protocol and trailing slash for OpenID (e.g. " .
"http://openid.silverstripe.com/).</p>"));
$fields->push(new TextField("IdentityURL", "OpenID URL/i-name"),
"IdentityURL");
}
/**
* Can the current user edit the given member?
*
* Only the user itself or an administrator can edit an user account.
*
* @return bool Returns TRUE if this member can be edited, FALSE otherwise
*/
function canEdit() {
if($this->owner->ID == Member::currentUserID())
return true;
$member = Member::currentUser();
if($member)
return $member->isAdmin();
return false;
}
}
/**
* Validator of the decorator for the member class to support OpenID
* authentication
*
* @author Markus Lanthaler <markus@silverstripe.com
*/
class OpenIDAuthenticatedRole_Validator extends Extension {
/**
* Server-side validation
*
* This method checks if the entered identity URL is unique.
*
* @param array $data User submitted data
* @param Form $form The used form
* @return bool Returns TRUE if the submitted data is valid, otherwise
* FALSE.
*/
function updatePHP(array $data, Form &$form) {
if(!isset($data['IdentityURL']) || strlen(trim($data['IdentityURL'])) == 0)
return true;
$member = DataObject::get_one('Member',
"IdentityURL = '". Convert::raw2sql($data['IdentityURL']) ."'");
// if we are in a complex table field popup, use ctf[childID], else use
// ID
$id = null;
if(isset($_REQUEST['ctf']['childID'])) {
$id = $_REQUEST['ctf']['childID'];
} elseif(isset($_REQUEST['ID'])) {
$id = $_REQUEST['ID'];
}
if(is_object($member) && $member->ID != $id) {
$field = $form->dataFieldByName('IdentityURL');
$this->owner->validationError($field->id(),
"There already exists a member with this identity URL",
"required");
return false;
}
return true;
}
}
?>