mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
BUGFIX: Dealt with some undefined vairable bugs in SiteTree::can_edit_multiple
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@83494 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee
parent
27a5961cba
commit
3c5f477b6e
@ -857,69 +857,71 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||||||
set_time_limit(0);
|
set_time_limit(0);
|
||||||
// Default result: nothing editable
|
// Default result: nothing editable
|
||||||
$result = array_fill_keys($ids, false);
|
$result = array_fill_keys($ids, false);
|
||||||
|
if($ids) {
|
||||||
|
|
||||||
// Look in the cache for values
|
// Look in the cache for values
|
||||||
if($useCached && isset(self::$cache_permissions['edit'])) {
|
if($useCached && isset(self::$cache_permissions['edit'])) {
|
||||||
$cachedValues = array_intersect_key(self::$cache_permissions['edit'], $result);
|
$cachedValues = array_intersect_key(self::$cache_permissions['edit'], $result);
|
||||||
|
|
||||||
// If we can't find everything in the cache, then look up the remainder separately
|
// If we can't find everything in the cache, then look up the remainder separately
|
||||||
$uncachedValues = array_diff_key($result, self::$cache_permissions['edit']);
|
$uncachedValues = array_diff_key($result, self::$cache_permissions['edit']);
|
||||||
if($uncachedValues) {
|
if($uncachedValues) {
|
||||||
$cachedValues = self::can_edit_multiple(array_keys($uncachedValues), $memberID, false)
|
$cachedValues = self::can_edit_multiple(array_keys($uncachedValues), $memberID, false)
|
||||||
+ $cachedValues;
|
+ $cachedValues;
|
||||||
}
|
}
|
||||||
return $cachedValues;
|
return $cachedValues;
|
||||||
}
|
|
||||||
|
|
||||||
// If a member doesn't have CMS_ACCESS_CMSMain permission then they can't edit anything
|
|
||||||
if(!$memberID || !Permission::checkMember($memberID, 'CMS_ACCESS_CMSMain')) {
|
|
||||||
return $result;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Sanitise the IDs
|
|
||||||
$ids = array_filter($ids, 'is_numeric');
|
|
||||||
$SQL_idList = implode($ids, ", ");
|
|
||||||
|
|
||||||
// if page can't be viewed, don't grant edit permissions
|
|
||||||
// to do - implement can_view_multiple(), so this can be enabled
|
|
||||||
//$ids = array_keys(array_filter(self::can_view_multiple($ids, $memberID)));
|
|
||||||
|
|
||||||
// Get the groups that the given member belongs to
|
|
||||||
//Debug::message("can_edit_multiple");
|
|
||||||
$groupIDs = DataObject::get_by_id('Member', $memberID)->Groups()->column("ID");
|
|
||||||
$SQL_groupList = implode(", ", $groupIDs);
|
|
||||||
|
|
||||||
// Get the uninherited permissions
|
|
||||||
$uninheritedPermissions = DataObject::get("SiteTree", "(CanEditType = 'LoggedInUsers' OR
|
|
||||||
(CanEditType = 'OnlyTheseUsers' AND \"SiteTree_EditorGroups\".SiteTreeID IS NOT NULL))
|
|
||||||
AND \"SiteTree\".ID IN ($SQL_idList)",
|
|
||||||
"",
|
|
||||||
"LEFT JOIN \"SiteTree_EditorGroups\"
|
|
||||||
ON \"SiteTree_EditorGroups\".\"SiteTreeID\" = \"SiteTree\".\"ID\"
|
|
||||||
AND \"SiteTree_EditorGroups\".\"GroupID\" IN ($SQL_groupList)");
|
|
||||||
|
|
||||||
if($uninheritedPermissions) {
|
|
||||||
// Set all the relevant items in $result to true
|
|
||||||
$result = array_fill_keys($uninheritedPermissions->column('ID'), true) + $result;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get permissions that are inherited
|
|
||||||
$potentiallyInherited = DataObject::get("SiteTree", "CanEditType = 'Inherit'
|
|
||||||
AND \"SiteTree\".ID IN ($SQL_idList)");
|
|
||||||
|
|
||||||
if($potentiallyInherited) {
|
|
||||||
// Group $potentiallyInherited by ParentID; we'll look at the permission of all those
|
|
||||||
// parents and then see which ones the user has permission on
|
|
||||||
foreach($potentiallyInherited as $item) {
|
|
||||||
$groupedByParent[$item->ParentID][] = $item->ID;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$actuallyInherited = self::can_edit_multiple(array_keys($groupedByParent), $memberID);
|
// If a member doesn't have CMS_ACCESS_CMSMain permission then they can't edit anything
|
||||||
if($actuallyInherited) {
|
if(!$memberID || !Permission::checkMember($memberID, 'CMS_ACCESS_CMSMain')) {
|
||||||
$parentIDs = array_keys(array_filter($actuallyInherited));
|
return $result;
|
||||||
foreach($parentIDs as $parentID) {
|
}
|
||||||
// Set all the relevant items in $result to true
|
|
||||||
$result = array_fill_keys($groupedByParent[$parentID], true) + $result;
|
// Sanitise the IDs
|
||||||
|
$ids = array_filter($ids, 'is_numeric');
|
||||||
|
$SQL_idList = implode($ids, ", ");
|
||||||
|
|
||||||
|
// if page can't be viewed, don't grant edit permissions
|
||||||
|
// to do - implement can_view_multiple(), so this can be enabled
|
||||||
|
//$ids = array_keys(array_filter(self::can_view_multiple($ids, $memberID)));
|
||||||
|
|
||||||
|
// Get the groups that the given member belongs to
|
||||||
|
//Debug::message("can_edit_multiple");
|
||||||
|
$groupIDs = DataObject::get_by_id('Member', $memberID)->Groups()->column("ID");
|
||||||
|
$SQL_groupList = implode(", ", $groupIDs);
|
||||||
|
|
||||||
|
// Get the uninherited permissions
|
||||||
|
$uninheritedPermissions = DataObject::get("SiteTree", "(CanEditType = 'LoggedInUsers' OR
|
||||||
|
(CanEditType = 'OnlyTheseUsers' AND \"SiteTree_EditorGroups\".SiteTreeID IS NOT NULL))
|
||||||
|
AND \"SiteTree\".ID IN ($SQL_idList)",
|
||||||
|
"",
|
||||||
|
"LEFT JOIN \"SiteTree_EditorGroups\"
|
||||||
|
ON \"SiteTree_EditorGroups\".\"SiteTreeID\" = \"SiteTree\".\"ID\"
|
||||||
|
AND \"SiteTree_EditorGroups\".\"GroupID\" IN ($SQL_groupList)");
|
||||||
|
|
||||||
|
if($uninheritedPermissions) {
|
||||||
|
// Set all the relevant items in $result to true
|
||||||
|
$result = array_fill_keys($uninheritedPermissions->column('ID'), true) + $result;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get permissions that are inherited
|
||||||
|
$potentiallyInherited = DataObject::get("SiteTree", "CanEditType = 'Inherit'
|
||||||
|
AND \"SiteTree\".ID IN ($SQL_idList)");
|
||||||
|
|
||||||
|
if($potentiallyInherited) {
|
||||||
|
// Group $potentiallyInherited by ParentID; we'll look at the permission of all those
|
||||||
|
// parents and then see which ones the user has permission on
|
||||||
|
foreach($potentiallyInherited as $item) {
|
||||||
|
$groupedByParent[$item->ParentID][] = $item->ID;
|
||||||
|
}
|
||||||
|
|
||||||
|
$actuallyInherited = self::can_edit_multiple(array_keys($groupedByParent), $memberID);
|
||||||
|
if($actuallyInherited) {
|
||||||
|
$parentIDs = array_keys(array_filter($actuallyInherited));
|
||||||
|
foreach($parentIDs as $parentID) {
|
||||||
|
// Set all the relevant items in $result to true
|
||||||
|
$result = array_fill_keys($groupedByParent[$parentID], true) + $result;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1001,6 +1003,8 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||||||
} else {
|
} else {
|
||||||
$deletable = $editableIDs;
|
$deletable = $editableIDs;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
$deletable = array();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Convert the array of deletable IDs into a map of the original IDs with true/false as the
|
// Convert the array of deletable IDs into a map of the original IDs with true/false as the
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user