FEATURE Added ability to restrict security groups to IP address ranges.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53453 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 14:05:37 +02:00 · 2008-04-26 06:27:15 +00:00 · 2008-04-26 06:27:15 +00:00 · 53dc73465d
commit 53dc73465d
parent 211563eb27
1 changed files with 17 additions and 1 deletions
--- a/security/Group.php
+++ b/security/Group.php
@ -78,11 +78,27 @@ class Group extends DataObject {
 						null,
 						"GroupID = {$this->ID}"
 					)
+				),
+
+				new Tab(_t('Security.IPADDRESSES', 'IP Addresses'),
+					new LiteralField("", _t('SecurityAdmin.IPADDRESSESHELP',"<p>You can restrict this group to a particular 
+						IP address range.  Enter 1 range per line.  Ranges can be in any of the following 4 forms: <br />
+						203.96.152.12<br />
+						203.96.152/24<br />
+						203.96/16<br />
+						203/8<br /><br />If you enter one or more IP address ranges in this box, then members will only get
+						the rights of being in this group if they log on from one of the valid IP addresses.  It won't prevent
+						people from logging in.  This is because the same user might have to log in to access parts of the
+						system without IP address restrictions.")),
+					new TextareaField("IPRestrictions", "IP Ranges", 10)
 				)
 			)
 		);

-		if(!Permission::check('EDIT_PERMISSIONS')) $fields->removeFieldFromTab('Root', 'Permissions');
+		if(!Permission::check('EDIT_PERMISSIONS')) {
+			$fields->removeFieldFromTab('Root', 'Permissions');
+			$fields->removeFieldFromTab('Root', 'IP Addresses');
+		}
 		
 		$memberList->setController($this);
 		$memberList->setPermissions(array('show', 'edit', 'delete', 'export', 'add'));