mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-06-26 14:39:25 +02:00
ENHANCEMENT Creating default "Content Authors" group with limited rights if no other groups exist.
MINOR Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords(). MINOR Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords() (from r100799) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@108804 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Andreas Piening
parent
983fb1fc09
commit
1941c6042c
|
|
@ -178,15 +178,6 @@ class Group extends DataObject {
|
|||
return $labels;
|
||||
}
|
||||
|
||||
function populateDefaults() {
|
||||
parent::populateDefaults();
|
||||
|
||||
if(!$this->Title) $this->Title = sprintf(
|
||||
_t('GROUP.NEWITEM',"New %s"),
|
||||
singleton($this->class)->i18n_singular_name()
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a member to a group. This will create the group if the given
|
||||
* group code doesn't work.
|
||||
|
|
@ -307,6 +298,13 @@ class Group extends DataObject {
|
|||
return $items;
|
||||
}
|
||||
|
||||
/**
|
||||
* This isn't a decendant of SiteTree, but needs this in case
|
||||
* the group is "reorganised";
|
||||
*/
|
||||
function cmsCleanup_parentChanged() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Override this so groups are ordered in the CMS
|
||||
*/
|
||||
|
|
@ -314,7 +312,7 @@ class Group extends DataObject {
|
|||
return DataObject::get('Group', "\"Group\".\"ParentID\" = " . (int)$this->ID . " AND \"Group\".\"ID\" != " . (int)$this->ID, '"Sort"');
|
||||
}
|
||||
|
||||
public function getTreeTitle() {
|
||||
public function TreeTitle() {
|
||||
if($this->hasMethod('alternateTreeTitle')) return $this->alternateTreeTitle();
|
||||
else return htmlspecialchars($this->Title, ENT_QUOTES);
|
||||
}
|
||||
|
|
@ -328,7 +326,7 @@ class Group extends DataObject {
|
|||
|
||||
function onBeforeWrite() {
|
||||
parent::onBeforeWrite();
|
||||
|
||||
|
||||
if(stripos($this->Code, _t('SecurityAdmin.NEWGROUPPREFIX','new-')) === 0) {
|
||||
$this->setCode($this->Title);
|
||||
}
|
||||
|
|
@ -445,6 +443,44 @@ class Group extends DataObject {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add default records to database.
|
||||
*
|
||||
* This function is called whenever the database is built, after the
|
||||
* database tables have all been created.
|
||||
*/
|
||||
public function requireDefaultRecords() {
|
||||
parent::requireDefaultRecords();
|
||||
|
||||
// Add default author group if no other group exists
|
||||
$allGroups = DataObject::get('Group');
|
||||
if(!$allGroups) {
|
||||
$authorGroup = new Group();
|
||||
$authorGroup->Code = 'content-authors';
|
||||
$authorGroup->Title = _t('Group.DefaultGroupTitleContentAuthors', 'Content Authors');
|
||||
$authorGroup->Sort = 1;
|
||||
$authorGroup->write();
|
||||
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CMSMain');
|
||||
Permission::grant($authorGroup->ID, 'CMS_ACCESS_AssetAdmin');
|
||||
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CommentAdmin');
|
||||
Permission::grant($authorGroup->ID, 'CMS_ACCESS_ReportAdmin');
|
||||
Permission::grant($authorGroup->ID, 'SITETREE_REORGANISE');
|
||||
}
|
||||
|
||||
// Add default admin group if none with permission code ADMIN exists
|
||||
$adminGroups = Permission::get_groups_by_permission('ADMIN');
|
||||
if(!$adminGroups) {
|
||||
$adminGroup = new Group();
|
||||
$adminGroup->Code = 'administrators';
|
||||
$adminGroup->Title = _t('Group.DefaultGroupTitleAdministrators', 'Administrators');
|
||||
$adminGroup->Sort = 0;
|
||||
$adminGroup->write();
|
||||
Permission::grant($adminGroup->ID, 'ADMIN');
|
||||
}
|
||||
|
||||
// Members are populated through Member->requireDefaultRecords()
|
||||
}
|
||||
|
||||
/**
|
||||
* @return String
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -115,6 +115,32 @@ class Member extends DataObject {
|
|||
parent::populateDefaults();
|
||||
$this->Locale = i18n::get_locale();
|
||||
}
|
||||
|
||||
function requireDefaultRecords() {
|
||||
// Default groups should've been built by Group->requireDefaultRecords() already
|
||||
|
||||
// Find or create ADMIN group
|
||||
$adminGroups = Permission::get_groups_by_permission('ADMIN');
|
||||
if($adminGroups) {
|
||||
singleton('Group')->requireDefaultRecords();
|
||||
$adminGroups = Permission::get_groups_by_permission('ADMIN');
|
||||
$adminGroup = $adminGroups->First();
|
||||
} else {
|
||||
$adminGroup = $adminGroups->First();
|
||||
}
|
||||
|
||||
// Add a default administrator to the first ADMIN group found (most likely the default
|
||||
// group created through Group->requireDefaultRecords()).
|
||||
$admins = Permission::get_members_by_permission('ADMIN');
|
||||
if(!$admins) {
|
||||
// Leave 'Email' and 'Password' are not set to avoid creating
|
||||
// persistent logins in the database. See Security::setDefaultAdmin().
|
||||
$admin = Object::create('Member');
|
||||
$admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
|
||||
$admin->write();
|
||||
$admin->Groups()->add($adminGroup);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* If this is called, then a session cookie will be set to "1" whenever a user
|
||||
|
|
|
|||
|
|
@ -370,41 +370,6 @@ class Permission extends DataObject {
|
|||
return $perm;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Add default records to database.
|
||||
*
|
||||
* This function is called whenever the database is built, after the
|
||||
* database tables have all been created.
|
||||
*/
|
||||
public function requireDefaultRecords() {
|
||||
parent::requireDefaultRecords();
|
||||
|
||||
// Add default content if blank
|
||||
if(!DB::query("SELECT \"ID\" FROM \"Permission\"")->value() && array_key_exists('CanCMSAdmin', DB::fieldList('Group'))) {
|
||||
$admins = DB::query("SELECT \"ID\" FROM \"Group\" WHERE \"CanCMSAdmin\" = 1")
|
||||
->column();
|
||||
|
||||
if(isset($admins)) {
|
||||
foreach($admins as $admin)
|
||||
Permission::grant($admin, "ADMIN");
|
||||
}
|
||||
|
||||
$authors = DB::query("SELECT \"ID\" FROM \"Group\" WHERE \"CanCMS\" = 1")
|
||||
->column();
|
||||
if(isset($authors)) {
|
||||
foreach($authors as $author) {
|
||||
Permission::grant($author, "CMS_ACCESS_CMSMain");
|
||||
Permission::grant($author, "CMS_ACCESS_AssetAdmin");
|
||||
Permission::grant($author, "CMS_ACCESS_NewsletterAdmin");
|
||||
Permission::grant($author, "CMS_ACCESS_ReportAdmin");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns all members for a specific permission.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -650,20 +650,13 @@ class Security extends Controller {
|
|||
}
|
||||
|
||||
if(!$adminGroup) {
|
||||
$adminGroup = Object::create('Group');
|
||||
$adminGroup->Title = 'Administrators';
|
||||
$adminGroup->Code = "administrators";
|
||||
$adminGroup->write();
|
||||
Permission::grant($adminGroup->ID, "ADMIN");
|
||||
singleton('Group')->requireDefaultRecords();
|
||||
}
|
||||
|
||||
if(!isset($member)) {
|
||||
// Leave 'Email' and 'Password' are not set to avoid creating
|
||||
// persistent logins in the database. See Security::setDefaultAdmin().
|
||||
$member = Object::create('Member');
|
||||
$member->FirstName = 'Default Admin';
|
||||
$member->write();
|
||||
$member->Groups()->add($adminGroup);
|
||||
singleton('Member')->requireDefaultRecords();
|
||||
$members = Permission::get_members_by_permission('ADMIN');
|
||||
$member = $members->First();
|
||||
}
|
||||
|
||||
return $member;
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user