mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-28 20:29:15 +02:00
ENHANCEMENT Creating default "Content Authors" group with limited rights if no other groups exist.
MINOR Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords(). MINOR Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords() (from r100799) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@108804 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
983fb1fc09
commit
1941c6042c
@ -178,15 +178,6 @@ class Group extends DataObject {
|
|||||||
return $labels;
|
return $labels;
|
||||||
}
|
}
|
||||||
|
|
||||||
function populateDefaults() {
|
|
||||||
parent::populateDefaults();
|
|
||||||
|
|
||||||
if(!$this->Title) $this->Title = sprintf(
|
|
||||||
_t('GROUP.NEWITEM',"New %s"),
|
|
||||||
singleton($this->class)->i18n_singular_name()
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Add a member to a group. This will create the group if the given
|
* Add a member to a group. This will create the group if the given
|
||||||
* group code doesn't work.
|
* group code doesn't work.
|
||||||
@ -307,6 +298,13 @@ class Group extends DataObject {
|
|||||||
return $items;
|
return $items;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This isn't a decendant of SiteTree, but needs this in case
|
||||||
|
* the group is "reorganised";
|
||||||
|
*/
|
||||||
|
function cmsCleanup_parentChanged() {
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Override this so groups are ordered in the CMS
|
* Override this so groups are ordered in the CMS
|
||||||
*/
|
*/
|
||||||
@ -314,7 +312,7 @@ class Group extends DataObject {
|
|||||||
return DataObject::get('Group', "\"Group\".\"ParentID\" = " . (int)$this->ID . " AND \"Group\".\"ID\" != " . (int)$this->ID, '"Sort"');
|
return DataObject::get('Group', "\"Group\".\"ParentID\" = " . (int)$this->ID . " AND \"Group\".\"ID\" != " . (int)$this->ID, '"Sort"');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getTreeTitle() {
|
public function TreeTitle() {
|
||||||
if($this->hasMethod('alternateTreeTitle')) return $this->alternateTreeTitle();
|
if($this->hasMethod('alternateTreeTitle')) return $this->alternateTreeTitle();
|
||||||
else return htmlspecialchars($this->Title, ENT_QUOTES);
|
else return htmlspecialchars($this->Title, ENT_QUOTES);
|
||||||
}
|
}
|
||||||
@ -328,7 +326,7 @@ class Group extends DataObject {
|
|||||||
|
|
||||||
function onBeforeWrite() {
|
function onBeforeWrite() {
|
||||||
parent::onBeforeWrite();
|
parent::onBeforeWrite();
|
||||||
|
|
||||||
if(stripos($this->Code, _t('SecurityAdmin.NEWGROUPPREFIX','new-')) === 0) {
|
if(stripos($this->Code, _t('SecurityAdmin.NEWGROUPPREFIX','new-')) === 0) {
|
||||||
$this->setCode($this->Title);
|
$this->setCode($this->Title);
|
||||||
}
|
}
|
||||||
@ -445,6 +443,44 @@ class Group extends DataObject {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add default records to database.
|
||||||
|
*
|
||||||
|
* This function is called whenever the database is built, after the
|
||||||
|
* database tables have all been created.
|
||||||
|
*/
|
||||||
|
public function requireDefaultRecords() {
|
||||||
|
parent::requireDefaultRecords();
|
||||||
|
|
||||||
|
// Add default author group if no other group exists
|
||||||
|
$allGroups = DataObject::get('Group');
|
||||||
|
if(!$allGroups) {
|
||||||
|
$authorGroup = new Group();
|
||||||
|
$authorGroup->Code = 'content-authors';
|
||||||
|
$authorGroup->Title = _t('Group.DefaultGroupTitleContentAuthors', 'Content Authors');
|
||||||
|
$authorGroup->Sort = 1;
|
||||||
|
$authorGroup->write();
|
||||||
|
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CMSMain');
|
||||||
|
Permission::grant($authorGroup->ID, 'CMS_ACCESS_AssetAdmin');
|
||||||
|
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CommentAdmin');
|
||||||
|
Permission::grant($authorGroup->ID, 'CMS_ACCESS_ReportAdmin');
|
||||||
|
Permission::grant($authorGroup->ID, 'SITETREE_REORGANISE');
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add default admin group if none with permission code ADMIN exists
|
||||||
|
$adminGroups = Permission::get_groups_by_permission('ADMIN');
|
||||||
|
if(!$adminGroups) {
|
||||||
|
$adminGroup = new Group();
|
||||||
|
$adminGroup->Code = 'administrators';
|
||||||
|
$adminGroup->Title = _t('Group.DefaultGroupTitleAdministrators', 'Administrators');
|
||||||
|
$adminGroup->Sort = 0;
|
||||||
|
$adminGroup->write();
|
||||||
|
Permission::grant($adminGroup->ID, 'ADMIN');
|
||||||
|
}
|
||||||
|
|
||||||
|
// Members are populated through Member->requireDefaultRecords()
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return String
|
* @return String
|
||||||
*/
|
*/
|
||||||
|
@ -115,6 +115,32 @@ class Member extends DataObject {
|
|||||||
parent::populateDefaults();
|
parent::populateDefaults();
|
||||||
$this->Locale = i18n::get_locale();
|
$this->Locale = i18n::get_locale();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function requireDefaultRecords() {
|
||||||
|
// Default groups should've been built by Group->requireDefaultRecords() already
|
||||||
|
|
||||||
|
// Find or create ADMIN group
|
||||||
|
$adminGroups = Permission::get_groups_by_permission('ADMIN');
|
||||||
|
if($adminGroups) {
|
||||||
|
singleton('Group')->requireDefaultRecords();
|
||||||
|
$adminGroups = Permission::get_groups_by_permission('ADMIN');
|
||||||
|
$adminGroup = $adminGroups->First();
|
||||||
|
} else {
|
||||||
|
$adminGroup = $adminGroups->First();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add a default administrator to the first ADMIN group found (most likely the default
|
||||||
|
// group created through Group->requireDefaultRecords()).
|
||||||
|
$admins = Permission::get_members_by_permission('ADMIN');
|
||||||
|
if(!$admins) {
|
||||||
|
// Leave 'Email' and 'Password' are not set to avoid creating
|
||||||
|
// persistent logins in the database. See Security::setDefaultAdmin().
|
||||||
|
$admin = Object::create('Member');
|
||||||
|
$admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
|
||||||
|
$admin->write();
|
||||||
|
$admin->Groups()->add($adminGroup);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* If this is called, then a session cookie will be set to "1" whenever a user
|
* If this is called, then a session cookie will be set to "1" whenever a user
|
||||||
|
@ -370,41 +370,6 @@ class Permission extends DataObject {
|
|||||||
return $perm;
|
return $perm;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Add default records to database.
|
|
||||||
*
|
|
||||||
* This function is called whenever the database is built, after the
|
|
||||||
* database tables have all been created.
|
|
||||||
*/
|
|
||||||
public function requireDefaultRecords() {
|
|
||||||
parent::requireDefaultRecords();
|
|
||||||
|
|
||||||
// Add default content if blank
|
|
||||||
if(!DB::query("SELECT \"ID\" FROM \"Permission\"")->value() && array_key_exists('CanCMSAdmin', DB::fieldList('Group'))) {
|
|
||||||
$admins = DB::query("SELECT \"ID\" FROM \"Group\" WHERE \"CanCMSAdmin\" = 1")
|
|
||||||
->column();
|
|
||||||
|
|
||||||
if(isset($admins)) {
|
|
||||||
foreach($admins as $admin)
|
|
||||||
Permission::grant($admin, "ADMIN");
|
|
||||||
}
|
|
||||||
|
|
||||||
$authors = DB::query("SELECT \"ID\" FROM \"Group\" WHERE \"CanCMS\" = 1")
|
|
||||||
->column();
|
|
||||||
if(isset($authors)) {
|
|
||||||
foreach($authors as $author) {
|
|
||||||
Permission::grant($author, "CMS_ACCESS_CMSMain");
|
|
||||||
Permission::grant($author, "CMS_ACCESS_AssetAdmin");
|
|
||||||
Permission::grant($author, "CMS_ACCESS_NewsletterAdmin");
|
|
||||||
Permission::grant($author, "CMS_ACCESS_ReportAdmin");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns all members for a specific permission.
|
* Returns all members for a specific permission.
|
||||||
*
|
*
|
||||||
|
@ -650,20 +650,13 @@ class Security extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(!$adminGroup) {
|
if(!$adminGroup) {
|
||||||
$adminGroup = Object::create('Group');
|
singleton('Group')->requireDefaultRecords();
|
||||||
$adminGroup->Title = 'Administrators';
|
|
||||||
$adminGroup->Code = "administrators";
|
|
||||||
$adminGroup->write();
|
|
||||||
Permission::grant($adminGroup->ID, "ADMIN");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!isset($member)) {
|
if(!isset($member)) {
|
||||||
// Leave 'Email' and 'Password' are not set to avoid creating
|
singleton('Member')->requireDefaultRecords();
|
||||||
// persistent logins in the database. See Security::setDefaultAdmin().
|
$members = Permission::get_members_by_permission('ADMIN');
|
||||||
$member = Object::create('Member');
|
$member = $members->First();
|
||||||
$member->FirstName = 'Default Admin';
|
|
||||||
$member->write();
|
|
||||||
$member->Groups()->add($adminGroup);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return $member;
|
return $member;
|
||||||
|
Loading…
Reference in New Issue
Block a user