ENHANCEMENT Creating default "Content Authors" group with limited rights if no other groups exist.

MINOR Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords().
MINOR Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords() (from r100799)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@108804 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Andreas Piening 2010-08-03 01:05:27 +00:00
parent 983fb1fc09
commit 1941c6042c
4 changed files with 77 additions and 57 deletions

View File

@ -178,15 +178,6 @@ class Group extends DataObject {
return $labels;
}
function populateDefaults() {
parent::populateDefaults();
if(!$this->Title) $this->Title = sprintf(
_t('GROUP.NEWITEM',"New %s"),
singleton($this->class)->i18n_singular_name()
);
}
/**
* Add a member to a group. This will create the group if the given
* group code doesn't work.
@ -307,6 +298,13 @@ class Group extends DataObject {
return $items;
}
/**
* This isn't a decendant of SiteTree, but needs this in case
* the group is "reorganised";
*/
function cmsCleanup_parentChanged() {
}
/**
* Override this so groups are ordered in the CMS
*/
@ -314,7 +312,7 @@ class Group extends DataObject {
return DataObject::get('Group', "\"Group\".\"ParentID\" = " . (int)$this->ID . " AND \"Group\".\"ID\" != " . (int)$this->ID, '"Sort"');
}
public function getTreeTitle() {
public function TreeTitle() {
if($this->hasMethod('alternateTreeTitle')) return $this->alternateTreeTitle();
else return htmlspecialchars($this->Title, ENT_QUOTES);
}
@ -328,7 +326,7 @@ class Group extends DataObject {
function onBeforeWrite() {
parent::onBeforeWrite();
if(stripos($this->Code, _t('SecurityAdmin.NEWGROUPPREFIX','new-')) === 0) {
$this->setCode($this->Title);
}
@ -445,6 +443,44 @@ class Group extends DataObject {
return false;
}
/**
* Add default records to database.
*
* This function is called whenever the database is built, after the
* database tables have all been created.
*/
public function requireDefaultRecords() {
parent::requireDefaultRecords();
// Add default author group if no other group exists
$allGroups = DataObject::get('Group');
if(!$allGroups) {
$authorGroup = new Group();
$authorGroup->Code = 'content-authors';
$authorGroup->Title = _t('Group.DefaultGroupTitleContentAuthors', 'Content Authors');
$authorGroup->Sort = 1;
$authorGroup->write();
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CMSMain');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_AssetAdmin');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CommentAdmin');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_ReportAdmin');
Permission::grant($authorGroup->ID, 'SITETREE_REORGANISE');
}
// Add default admin group if none with permission code ADMIN exists
$adminGroups = Permission::get_groups_by_permission('ADMIN');
if(!$adminGroups) {
$adminGroup = new Group();
$adminGroup->Code = 'administrators';
$adminGroup->Title = _t('Group.DefaultGroupTitleAdministrators', 'Administrators');
$adminGroup->Sort = 0;
$adminGroup->write();
Permission::grant($adminGroup->ID, 'ADMIN');
}
// Members are populated through Member->requireDefaultRecords()
}
/**
* @return String
*/

View File

@ -115,6 +115,32 @@ class Member extends DataObject {
parent::populateDefaults();
$this->Locale = i18n::get_locale();
}
function requireDefaultRecords() {
// Default groups should've been built by Group->requireDefaultRecords() already
// Find or create ADMIN group
$adminGroups = Permission::get_groups_by_permission('ADMIN');
if($adminGroups) {
singleton('Group')->requireDefaultRecords();
$adminGroups = Permission::get_groups_by_permission('ADMIN');
$adminGroup = $adminGroups->First();
} else {
$adminGroup = $adminGroups->First();
}
// Add a default administrator to the first ADMIN group found (most likely the default
// group created through Group->requireDefaultRecords()).
$admins = Permission::get_members_by_permission('ADMIN');
if(!$admins) {
// Leave 'Email' and 'Password' are not set to avoid creating
// persistent logins in the database. See Security::setDefaultAdmin().
$admin = Object::create('Member');
$admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
$admin->write();
$admin->Groups()->add($adminGroup);
}
}
/**
* If this is called, then a session cookie will be set to "1" whenever a user

View File

@ -370,41 +370,6 @@ class Permission extends DataObject {
return $perm;
}
/**
* Add default records to database.
*
* This function is called whenever the database is built, after the
* database tables have all been created.
*/
public function requireDefaultRecords() {
parent::requireDefaultRecords();
// Add default content if blank
if(!DB::query("SELECT \"ID\" FROM \"Permission\"")->value() && array_key_exists('CanCMSAdmin', DB::fieldList('Group'))) {
$admins = DB::query("SELECT \"ID\" FROM \"Group\" WHERE \"CanCMSAdmin\" = 1")
->column();
if(isset($admins)) {
foreach($admins as $admin)
Permission::grant($admin, "ADMIN");
}
$authors = DB::query("SELECT \"ID\" FROM \"Group\" WHERE \"CanCMS\" = 1")
->column();
if(isset($authors)) {
foreach($authors as $author) {
Permission::grant($author, "CMS_ACCESS_CMSMain");
Permission::grant($author, "CMS_ACCESS_AssetAdmin");
Permission::grant($author, "CMS_ACCESS_NewsletterAdmin");
Permission::grant($author, "CMS_ACCESS_ReportAdmin");
}
}
}
}
/**
* Returns all members for a specific permission.
*

View File

@ -650,20 +650,13 @@ class Security extends Controller {
}
if(!$adminGroup) {
$adminGroup = Object::create('Group');
$adminGroup->Title = 'Administrators';
$adminGroup->Code = "administrators";
$adminGroup->write();
Permission::grant($adminGroup->ID, "ADMIN");
singleton('Group')->requireDefaultRecords();
}
if(!isset($member)) {
// Leave 'Email' and 'Password' are not set to avoid creating
// persistent logins in the database. See Security::setDefaultAdmin().
$member = Object::create('Member');
$member->FirstName = 'Default Admin';
$member->write();
$member->Groups()->add($adminGroup);
singleton('Member')->requireDefaultRecords();
$members = Permission::get_members_by_permission('ADMIN');
$member = $members->First();
}
return $member;