2011-03-23 10:51:00 +01:00
< ? php
/**
* Security section of the CMS
* @ package cms
* @ subpackage security
*/
class SecurityAdmin extends LeftAndMain implements PermissionProvider {
static $url_segment = 'security' ;
static $url_rule = '/$Action/$ID/$OtherID' ;
2012-05-08 10:25:19 +02:00
static $menu_title = 'Security' ;
2011-03-23 10:51:00 +01:00
static $tree_class = 'Group' ;
static $subitem_class = 'Member' ;
static $allowed_actions = array (
'EditForm' ,
'MemberImportForm' ,
'memberimport' ,
'GroupImportForm' ,
'groupimport' ,
2012-05-08 11:16:16 +02:00
'groups' ,
'users' ,
'roles'
2011-03-23 10:51:00 +01:00
);
/**
* @ var Array
*/
static $hidden_permissions = array ();
public function init () {
parent :: init ();
2012-03-24 04:38:57 +01:00
Requirements :: javascript ( FRAMEWORK_ADMIN_DIR . '/javascript/SecurityAdmin.js' );
2011-03-23 10:51:00 +01:00
}
2012-05-08 11:16:16 +02:00
/**
* Shortcut action for setting the correct active tab .
*/
public function users ( $request ) {
return $this -> index ( $request );
}
/**
* Shortcut action for setting the correct active tab .
*/
public function groups ( $request ) {
return $this -> index ( $request );
}
/**
* Shortcut action for setting the correct active tab .
*/
public function roles ( $request ) {
return $this -> index ( $request );
}
2011-03-23 10:51:00 +01:00
2012-01-23 17:12:49 +01:00
public function getEditForm ( $id = null , $fields = null ) {
2011-03-23 10:51:00 +01:00
// TODO Duplicate record fetching (see parent implementation)
if ( ! $id ) $id = $this -> currentPageID ();
$form = parent :: getEditForm ( $id );
// TODO Duplicate record fetching (see parent implementation)
$record = $this -> getRecord ( $id );
if ( $record && ! $record -> canView ()) return Security :: permissionFailure ( $this );
2012-04-04 16:59:30 +02:00
$memberList = GridField :: create (
2012-05-28 01:43:47 +02:00
'Members' ,
2012-03-26 03:51:40 +02:00
false ,
DataList :: create ( 'Member' ),
2012-03-05 18:31:52 +01:00
$memberListConfig = GridFieldConfig_RecordEditor :: create ()
2012-03-09 00:54:02 +01:00
-> addComponent ( new GridFieldExportButton ())
2012-03-05 18:31:52 +01:00
) -> addExtraClass ( " members_grid " );
2012-03-09 00:54:02 +01:00
$memberListConfig -> getComponentByType ( 'GridFieldDetailForm' ) -> setValidator ( new Member_Validator ());
2012-03-05 18:31:52 +01:00
2012-04-19 01:25:37 +02:00
$groupList = GridField :: create (
2012-05-28 01:43:47 +02:00
'Groups' ,
2012-03-26 03:51:40 +02:00
false ,
DataList :: create ( 'Group' ),
2012-03-05 18:31:52 +01:00
GridFieldConfig_RecordEditor :: create ()
2012-04-19 01:25:37 +02:00
);
$columns = $groupList -> getConfig () -> getComponentByType ( 'GridFieldDataColumns' );
$columns -> setDisplayFields ( array (
2012-03-05 18:31:52 +01:00
'Breadcrumbs' => singleton ( 'Group' ) -> fieldLabel ( 'Title' )
));
2011-03-23 10:51:00 +01:00
2011-05-11 09:51:54 +02:00
$fields = new FieldList (
2011-10-29 04:41:40 +02:00
$root = new TabSet (
2011-03-23 10:51:00 +01:00
'Root' ,
2012-05-08 11:16:16 +02:00
$usersTab = new Tab ( 'Users' , _t ( 'SecurityAdmin.Users' , 'Users' ),
2011-03-23 10:51:00 +01:00
$memberList ,
2012-03-26 03:51:40 +02:00
new LiteralField ( 'MembersCautionText' ,
2011-03-23 10:51:00 +01:00
sprintf ( '<p class="caution-remove"><strong>%s</strong></p>' ,
_t (
'SecurityAdmin.MemberListCaution' ,
'Caution: Removing members from this list will remove them from all groups and the database'
)
)
2012-03-24 01:20:19 +01:00
),
new HeaderField ( _t ( 'SecurityAdmin.IMPORTUSERS' , 'Import users' ), 3 ),
new LiteralField (
'MemberImportFormIframe' ,
sprintf (
'<iframe src="%s" id="MemberImportFormIframe" width="100%%" height="250px" border="0"></iframe>' ,
$this -> Link ( 'memberimport' )
)
2011-03-23 10:51:00 +01:00
)
),
2012-05-08 11:16:16 +02:00
$groupsTab = new Tab ( 'Groups' , singleton ( 'Group' ) -> plural_name (),
2012-03-24 01:20:19 +01:00
$groupList ,
new HeaderField ( _t ( 'SecurityAdmin.IMPORTGROUPS' , 'Import groups' ), 3 ),
new LiteralField (
'GroupImportFormIframe' ,
sprintf (
'<iframe src="%s" id="GroupImportFormIframe" width="100%%" height="250px" border="0"></iframe>' ,
$this -> Link ( 'groupimport' )
)
)
2011-03-23 10:51:00 +01:00
)
),
// necessary for tree node selection in LeftAndMain.EditForm.js
new HiddenField ( 'ID' , false , 0 )
);
2011-10-29 04:41:40 +02:00
$root -> setTemplate ( 'CMSTabSet' );
2011-03-23 10:51:00 +01:00
// Add roles editing interface
if ( Permission :: check ( 'APPLY_ROLES' )) {
2012-05-28 01:46:25 +02:00
$rolesField = GridField :: create ( 'Roles' ,
2012-03-05 14:04:19 +01:00
false ,
DataList :: create ( 'PermissionRole' ),
GridFieldConfig_RecordEditor :: create ()
2011-03-23 10:51:00 +01:00
);
$rolesTab = $fields -> findOrMakeTab ( 'Root.Roles' , _t ( 'SecurityAdmin.TABROLES' , 'Roles' ));
2012-03-05 14:04:19 +01:00
$rolesTab -> push ( $rolesField );
2011-03-23 10:51:00 +01:00
}
2012-05-08 11:16:16 +02:00
$actionParam = $this -> request -> param ( 'Action' );
if ( $actionParam == 'groups' ) {
$groupsTab -> addExtraClass ( 'ui-state-selected' );
} elseif ( $actionParam == 'users' ) {
$usersTab -> addExtraClass ( 'ui-state-selected' );
} elseif ( $actionParam == 'roles' ) {
$rolesTab -> addExtraClass ( 'ui-state-selected' );
}
2012-03-01 17:06:30 +01:00
$actions = new FieldList ();
2011-03-23 10:51:00 +01:00
$form = new Form (
$this ,
'EditForm' ,
$fields ,
$actions
);
2011-03-31 10:52:29 +02:00
$form -> addExtraClass ( 'cms-edit-form' );
2012-03-06 00:59:19 +01:00
$form -> setTemplate ( $this -> getTemplatesWithSuffix ( '_EditForm' ));
if ( $form -> Fields () -> hasTabset ()) $form -> Fields () -> findOrMakeTab ( 'Root' ) -> setTemplate ( 'CMSTabSet' );
2012-05-08 11:16:16 +02:00
$form -> addExtraClass ( 'center ss-tabset cms-tabset ' . $this -> BaseCSSClasses ());
2012-03-08 18:20:11 +01:00
$this -> extend ( 'updateEditForm' , $form );
2012-03-26 03:51:40 +02:00
2011-04-19 08:04:55 +02:00
return $form ;
}
2011-03-23 10:51:00 +01:00
public function memberimport () {
Requirements :: clear ();
2012-03-24 04:38:57 +01:00
Requirements :: css ( FRAMEWORK_ADMIN_DIR . '/css/screen.css' );
2011-03-23 10:51:00 +01:00
Requirements :: javascript ( THIRDPARTY_DIR . '/jquery/jquery.js' );
2012-03-24 04:38:57 +01:00
Requirements :: css ( FRAMEWORK_ADMIN_DIR . '/css/MemberImportForm.css' );
Requirements :: javascript ( FRAMEWORK_DIR . '/thirdparty/jquery-entwine/dist/jquery.entwine-dist.js' );
Requirements :: javascript ( FRAMEWORK_ADMIN_DIR . '/javascript/MemberImportForm.js' );
2011-03-23 10:51:00 +01:00
return $this -> renderWith ( 'BlankPage' , array (
2012-04-13 15:35:46 +02:00
'Form' => $this -> MemberImportForm () -> forTemplate (),
2012-01-07 18:57:14 +01:00
'Content' => ' '
2011-03-23 10:51:00 +01:00
));
}
/**
* @ see SecurityAdmin_MemberImportForm
*
* @ return Form
*/
public function MemberImportForm () {
$group = $this -> currentPage ();
$form = new MemberImportForm (
$this ,
'MemberImportForm'
);
$form -> setGroup ( $group );
return $form ;
}
public function groupimport () {
Requirements :: clear ();
2012-03-24 04:38:57 +01:00
Requirements :: css ( FRAMEWORK_ADMIN_DIR . '/css/screen.css' );
2011-03-23 10:51:00 +01:00
Requirements :: javascript ( THIRDPARTY_DIR . '/jquery/jquery.js' );
2012-03-24 04:38:57 +01:00
Requirements :: css ( FRAMEWORK_ADMIN_DIR . '/css/MemberImportForm.css' );
Requirements :: javascript ( FRAMEWORK_DIR . '/thirdparty/jquery-entwine/dist/jquery.entwine-dist.js' );
Requirements :: javascript ( FRAMEWORK_ADMIN_DIR . '/javascript/MemberImportForm.js' );
2011-03-23 10:51:00 +01:00
return $this -> renderWith ( 'BlankPage' , array (
2011-12-18 18:18:44 +01:00
'Content' => ' ' ,
2012-04-13 15:35:46 +02:00
'Form' => $this -> GroupImportForm () -> forTemplate ()
2011-03-23 10:51:00 +01:00
));
}
/**
* @ see SecurityAdmin_MemberImportForm
*
* @ return Form
*/
public function GroupImportForm () {
$form = new GroupImportForm (
$this ,
'GroupImportForm'
);
return $form ;
}
2012-05-08 11:16:16 +02:00
/**
* Disable GridFieldDetailForm backlinks for this view , as its
*/
public function Backlink () {
return false ;
}
2012-03-05 18:31:52 +01:00
public function Breadcrumbs ( $unlinked = false ) {
$crumbs = parent :: Breadcrumbs ( $unlinked );
// Name root breadcrumb based on which record is edited,
// which can only be determined by looking for the fieldname of the GridField.
// Note: Titles should be same titles as tabs in RootForm().
$params = $this -> request -> allParams ();
if ( isset ( $params [ 'FieldName' ])) {
2012-05-08 11:16:16 +02:00
// TODO FieldName param gets overwritten by nested GridFields,
// so shows "Members" rather than "Groups" for the following URL:
// admin/security/EditForm/field/Groups/item/2/ItemEditForm/field/Members/item/1/edit
$firstCrumb = $crumbs -> shift ();
2012-03-05 18:31:52 +01:00
if ( $params [ 'FieldName' ] == 'Groups' ) {
2012-05-08 11:16:16 +02:00
$crumbs -> unshift ( new ArrayData ( array (
'Title' => singleton ( 'Group' ) -> plural_name (),
'Link' => $this -> Link ( 'groups' )
)));
2012-03-05 18:31:52 +01:00
} elseif ( $params [ 'FieldName' ] == 'Users' ) {
2012-05-08 11:16:16 +02:00
$crumbs -> unshift ( new ArrayData ( array (
'Title' => _t ( 'SecurityAdmin.Users' , 'Users' ),
'Link' => $this -> Link ( 'users' )
)));
2012-03-05 18:31:52 +01:00
} elseif ( $params [ 'FieldName' ] == 'Roles' ) {
2012-05-08 11:16:16 +02:00
$crumbs -> unshift ( new ArrayData ( array (
'Title' => _t ( 'SecurityAdmin.TABROLES' , 'Roles' ),
'Link' => $this -> Link ( 'roles' )
)));
2012-03-05 18:31:52 +01:00
}
2012-05-08 11:16:16 +02:00
$crumbs -> unshift ( $firstCrumb );
}
2011-03-23 10:51:00 +01:00
2012-03-05 18:31:52 +01:00
return $crumbs ;
2011-03-23 10:51:00 +01:00
}
function providePermissions () {
2012-03-05 16:07:20 +01:00
$title = _t ( " SecurityAdmin.MENUTITLE " , LeftAndMain :: menu_title_for_class ( $this -> class ));
2011-03-23 10:51:00 +01:00
return array (
2012-03-05 16:07:20 +01:00
" CMS_ACCESS_SecurityAdmin " => array (
2012-05-01 21:44:54 +02:00
'name' => _t ( 'CMSMain.ACCESS' , " Access to ' { title}' section " , array ( 'title' => $title )),
2012-03-05 16:07:20 +01:00
'category' => _t ( 'Permission.CMS_ACCESS_CATEGORY' , 'CMS Access' ),
'help' => _t (
'SecurityAdmin.ACCESS_HELP' ,
'Allow viewing, adding and editing users, as well as assigning permissions and roles to them.'
)
),
2011-03-23 10:51:00 +01:00
'EDIT_PERMISSIONS' => array (
'name' => _t ( 'SecurityAdmin.EDITPERMISSIONS' , 'Manage permissions for groups' ),
'category' => _t ( 'Permissions.PERMISSIONS_CATEGORY' , 'Roles and access permissions' ),
'help' => _t ( 'SecurityAdmin.EDITPERMISSIONS_HELP' , 'Ability to edit Permissions and IP Addresses for a group. Requires the "Access to \'Security\' section" permission.' ),
'sort' => 0
),
'APPLY_ROLES' => array (
'name' => _t ( 'SecurityAdmin.APPLY_ROLES' , 'Apply roles to groups' ),
'category' => _t ( 'Permissions.PERMISSIONS_CATEGORY' , 'Roles and access permissions' ),
2012-03-05 16:07:20 +01:00
'help' => _t ( 'SecurityAdmin.APPLY_ROLES_HELP' , 'Ability to edit the roles assigned to a group. Requires the "Access to \'Users\' section" permission.' ),
2011-03-23 10:51:00 +01:00
'sort' => 0
)
);
}
/**
* The permissions represented in the $codes will not appearing in the form
* containing { @ link PermissionCheckboxSetField } so as not to be checked / unchecked .
*
* @ param $codes String | Array
*/
static function add_hidden_permission ( $codes ){
if ( is_string ( $codes )) $codes = array ( $codes );
self :: $hidden_permissions = array_merge ( self :: $hidden_permissions , $codes );
}
/**
* @ param $codes String | Array
*/
static function remove_hidden_permission ( $codes ){
if ( is_string ( $codes )) $codes = array ( $codes );
self :: $hidden_permissions = array_diff ( self :: $hidden_permissions , $codes );
}
/**
* @ return Array
*/
static function get_hidden_permissions (){
return self :: $hidden_permissions ;
}
/**
* Clear all permissions previously hidden with { @ link add_hidden_permission }
*/
static function clear_hidden_permissions (){
self :: $hidden_permissions = array ();
}
2012-03-24 01:20:19 +01:00
}