tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Don't use session and FormSchema to manage server-side React validation responses

Browse Source
This commit is contained in:
Sam Minnee 2016-11-23 10:29:15 +13:00 committed by Damian Mooyman
parent f39c4d94f2
commit 6650561dac
19 changed files with 5985 additions and 5715 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

816
src/Assets/Storage/DBFile.php
View File

@ -24,552 +24,552 @@ use SilverStripe\Core\Convert;
class DBFile extends DBComposite implements AssetContainer, Thumbnail
{
use ImageManipulation;
use ImageManipulation;
/**
* List of allowed file categories.
*
* {@see File::$app_categories}
*
* @var array
*/
protected $allowedCategories = array();
/**
* List of allowed file categories.
*
* {@see File::$app_categories}
*
* @var array
*/
protected $allowedCategories = array();
/**
* List of image mime types supported by the image manipulations API
*
* {@see File::app_categories} for matching extensions.
*
* @config
* @var array
*/
private static $supported_images = array(
'image/jpeg',
'image/gif',
'image/png'
);
/**
* List of image mime types supported by the image manipulations API
*
* {@see File::app_categories} for matching extensions.
*
* @config
* @var array
*/
private static $supported_images = array(
'image/jpeg',
'image/gif',
'image/png'
);
/**
* Create a new image manipulation
*
* @param string $name
* @param array|string $allowed List of allowed file categories (not extensions), as per File::$app_categories
*/
/**
* Create a new image manipulation
*
* @param string $name
* @param array|string $allowed List of allowed file categories (not extensions), as per File::$app_categories
*/
public function __construct($name = null, $allowed = array())
{
parent::__construct($name);
$this->setAllowedCategories($allowed);
}
parent::__construct($name);
$this->setAllowedCategories($allowed);
}
/**
* Determine if a valid non-empty image exists behind this asset, which is a format
* compatible with image manipulations
*
* @return boolean
*/
/**
* Determine if a valid non-empty image exists behind this asset, which is a format
* compatible with image manipulations
*
* @return boolean
*/
public function getIsImage()
{
// Check file type
$mime = $this->getMimeType();
return $mime && in_array($mime, $this->config()->supported_images);
}
// Check file type
$mime = $this->getMimeType();
return $mime && in_array($mime, $this->config()->supported_images);
}
/**
* @return AssetStore
*/
/**
* @return AssetStore
*/
protected function getStore()
{
return Injector::inst()->get('AssetStore');
}
return Injector::inst()->get('AssetStore');
}
private static $composite_db = array(
"Hash" => "Varchar(255)", // SHA of the base content
"Filename" => "Varchar(255)", // Path identifier of the base content
"Variant" => "Varchar(255)", // Identifier of the variant to the base, if given
);
private static $composite_db = array(
"Hash" => "Varchar(255)", // SHA of the base content
"Filename" => "Varchar(255)", // Path identifier of the base content
"Variant" => "Varchar(255)", // Identifier of the variant to the base, if given
);
private static $casting = array(
'URL' => 'Varchar',
'AbsoluteURL' => 'Varchar',
'Basename' => 'Varchar',
'Title' => 'Varchar',
'MimeType' => 'Varchar',
'String' => 'Text',
'Tag' => 'HTMLFragment',
'Size' => 'Varchar'
);
private static $casting = array(
'URL' => 'Varchar',
'AbsoluteURL' => 'Varchar',
'Basename' => 'Varchar',
'Title' => 'Varchar',
'MimeType' => 'Varchar',
'String' => 'Text',
'Tag' => 'HTMLFragment',
'Size' => 'Varchar'
);
public function scaffoldFormField($title = null, $params = null)
{
return AssetField::create($this->getName(), $title);
}
return AssetField::create($this->getName(), $title);
}
/**
* Return a html5 tag of the appropriate for this file (normally img or a)
*
* @return string
*/
/**
* Return a html5 tag of the appropriate for this file (normally img or a)
*
* @return string
*/
public function XML()
{
return $this->getTag() ?: '';
}
return $this->getTag() ?: '';
}
/**
* Return a html5 tag of the appropriate for this file (normally img or a)
*
* @return string
*/
/**
* Return a html5 tag of the appropriate for this file (normally img or a)
*
* @return string
*/
public function getTag()
{
$template = $this->getFrontendTemplate();
if (empty($template)) {
return '';
}
return (string)$this->renderWith($template);
}
$template = $this->getFrontendTemplate();
if(empty($template)) {
return '';
}
return (string)$this->renderWith($template);
}
/**
* Determine the template to render as on the frontend
*
* @return string Name of template
*/
/**
* Determine the template to render as on the frontend
*
* @return string Name of template
*/
public function getFrontendTemplate()
{
// Check that path is available
$url = $this->getURL();
if (empty($url)) {
return null;
}
// Check that path is available
$url = $this->getURL();
if(empty($url)) {
return null;
}
// Image template for supported images
if ($this->getIsImage()) {
return 'DBFile_image';
}
// Image template for supported images
if($this->getIsImage()) {
return 'DBFile_image';
}
// Default download
return 'DBFile_download';
}
// Default download
return 'DBFile_download';
}
/**
* Get trailing part of filename
*
* @return string
*/
/**
* Get trailing part of filename
*
* @return string
*/
public function getBasename()
{
if (!$this->exists()) {
return null;
}
return basename($this->getSourceURL());
}
if(!$this->exists()) {
return null;
}
return basename($this->getSourceURL());
}
/**
* Get file extension
*
* @return string
*/
/**
* Get file extension
*
* @return string
*/
public function getExtension()
{
if (!$this->exists()) {
return null;
}
return pathinfo($this->Filename, PATHINFO_EXTENSION);
}
if(!$this->exists()) {
return null;
}
return pathinfo($this->Filename, PATHINFO_EXTENSION);
}
/**
* Alt title for this
*
* @return string
*/
/**
* Alt title for this
*
* @return string
*/
public function getTitle()
{
// If customised, use the customised title
if ($this->failover && ($title = $this->failover->Title)) {
return $title;
}
// fallback to using base name
return $this->getBasename();
}
// If customised, use the customised title
if($this->failover && ($title = $this->failover->Title)) {
return $title;
}
// fallback to using base name
return $this->getBasename();
}
public function setFromLocalFile($path, $filename = null, $hash = null, $variant = null, $config = array())
{
$this->assertFilenameValid($filename ?: $path);
$result = $this
->getStore()
->setFromLocalFile($path, $filename, $hash, $variant, $config);
// Update from result
if ($result) {
$this->setValue($result);
}
return $result;
}
$this->assertFilenameValid($filename ?: $path);
$result = $this
->getStore()
->setFromLocalFile($path, $filename, $hash, $variant, $config);
// Update from result
if($result) {
$this->setValue($result);
}
return $result;
}
public function setFromStream($stream, $filename, $hash = null, $variant = null, $config = array())
{
$this->assertFilenameValid($filename);
$result = $this
->getStore()
->setFromStream($stream, $filename, $hash, $variant, $config);
// Update from result
if ($result) {
$this->setValue($result);
}
return $result;
}
$this->assertFilenameValid($filename);
$result = $this
->getStore()
->setFromStream($stream, $filename, $hash, $variant, $config);
// Update from result
if($result) {
$this->setValue($result);
}
return $result;
}
public function setFromString($data, $filename, $hash = null, $variant = null, $config = array())
{
$this->assertFilenameValid($filename);
$result = $this
->getStore()
->setFromString($data, $filename, $hash, $variant, $config);
// Update from result
if ($result) {
$this->setValue($result);
}
return $result;
}
$this->assertFilenameValid($filename);
$result = $this
->getStore()
->setFromString($data, $filename, $hash, $variant, $config);
// Update from result
if($result) {
$this->setValue($result);
}
return $result;
}
public function getStream()
{
if (!$this->exists()) {
return null;
}
return $this
->getStore()
->getAsStream($this->Filename, $this->Hash, $this->Variant);
}
if(!$this->exists()) {
return null;
}
return $this
->getStore()
->getAsStream($this->Filename, $this->Hash, $this->Variant);
}
public function getString()
{
if (!$this->exists()) {
return null;
}
return $this
->getStore()
->getAsString($this->Filename, $this->Hash, $this->Variant);
}
if(!$this->exists()) {
return null;
}
return $this
->getStore()
->getAsString($this->Filename, $this->Hash, $this->Variant);
}
public function getURL($grant = true)
{
if (!$this->exists()) {
return null;
}
$url = $this->getSourceURL($grant);
$this->updateURL($url);
$this->extend('updateURL', $url);
return $url;
}
if(!$this->exists()) {
return null;
}
$url = $this->getSourceURL($grant);
$this->updateURL($url);
$this->extend('updateURL', $url);
return $url;
}
/**
* Get URL, but without resampling.
* Note that this will return the url even if the file does not exist.
*
* @param bool $grant Ensures that the url for any protected assets is granted for the current user.
* @return string
*/
/**
* Get URL, but without resampling.
* Note that this will return the url even if the file does not exist.
*
* @param bool $grant Ensures that the url for any protected assets is granted for the current user.
* @return string
*/
public function getSourceURL($grant = true)
{
return $this
->getStore()
->getAsURL($this->Filename, $this->Hash, $this->Variant, $grant);
}
return $this
->getStore()
->getAsURL($this->Filename, $this->Hash, $this->Variant, $grant);
}
/**
* Get the absolute URL to this resource
*
* @return string
*/
/**
* Get the absolute URL to this resource
*
* @return string
*/
public function getAbsoluteURL()
{
if (!$this->exists()) {
return null;
}
return Director::absoluteURL($this->getURL());
}
if(!$this->exists()) {
return null;
}
return Director::absoluteURL($this->getURL());
}
public function getMetaData()
{
if (!$this->exists()) {
return null;
}
return $this
->getStore()
->getMetadata($this->Filename, $this->Hash, $this->Variant);
}
if(!$this->exists()) {
return null;
}
return $this
->getStore()
->getMetadata($this->Filename, $this->Hash, $this->Variant);
}
public function getMimeType()
{
if (!$this->exists()) {
return null;
}
return $this
->getStore()
->getMimeType($this->Filename, $this->Hash, $this->Variant);
}
if(!$this->exists()) {
return null;
}
return $this
->getStore()
->getMimeType($this->Filename, $this->Hash, $this->Variant);
}
public function getValue()
{
if (!$this->exists()) {
return null;
}
return array(
'Filename' => $this->Filename,
'Hash' => $this->Hash,
'Variant' => $this->Variant
);
}
if(!$this->exists()) {
return null;
}
return array(
'Filename' => $this->Filename,
'Hash' => $this->Hash,
'Variant' => $this->Variant
);
}
public function getVisibility()
{
if (empty($this->Filename)) {
return null;
}
return $this
->getStore()
->getVisibility($this->Filename, $this->Hash);
}
if(empty($this->Filename)) {
return null;
}
return $this
->getStore()
->getVisibility($this->Filename, $this->Hash);
}
public function exists()
{
if (empty($this->Filename)) {
return false;
}
return $this
->getStore()
->exists($this->Filename, $this->Hash, $this->Variant);
}
if(empty($this->Filename)) {
return false;
}
return $this
->getStore()
->exists($this->Filename, $this->Hash, $this->Variant);
}
public function getFilename()
{
return $this->getField('Filename');
}
return $this->getField('Filename');
}
public function getHash()
{
return $this->getField('Hash');
}
return $this->getField('Hash');
}
public function getVariant()
{
return $this->getField('Variant');
}
return $this->getField('Variant');
}
/**
* Return file size in bytes.
*
* @return int
*/
/**
* Return file size in bytes.
*
* @return int
*/
public function getAbsoluteSize()
{
$metadata = $this->getMetaData();
if (isset($metadata['size'])) {
return $metadata['size'];
}
return 0;
}
$metadata = $this->getMetaData();
if(isset($metadata['size'])) {
return $metadata['size'];
}
return 0;
}
/**
* Customise this object with an "original" record for getting other customised fields
*
* @param AssetContainer $original
* @return $this
*/
/**
* Customise this object with an "original" record for getting other customised fields
*
* @param AssetContainer $original
* @return $this
*/
public function setOriginal($original)
{
$this->failover = $original;
return $this;
}
$this->failover = $original;
return $this;
}
/**
* Get list of allowed file categories
*
* @return array
*/
/**
* Get list of allowed file categories
*
* @return array
*/
public function getAllowedCategories()
{
return $this->allowedCategories;
}
return $this->allowedCategories;
}
/**
* Assign allowed categories
*
* @param array|string $categories
* @return $this
*/
/**
* Assign allowed categories
*
* @param array|string $categories
* @return $this
*/
public function setAllowedCategories($categories)
{
if (is_string($categories)) {
$categories = preg_split('/\s*,\s*/', $categories);
}
$this->allowedCategories = (array)$categories;
return $this;
}
if(is_string($categories)) {
$categories = preg_split('/\s*,\s*/', $categories);
}
$this->allowedCategories = (array)$categories;
return $this;
}
/**
* Gets the list of extensions (if limited) for this field. Empty list
* means there is no restriction on allowed types.
*
* @return array
*/
/**
* Gets the list of extensions (if limited) for this field. Empty list
* means there is no restriction on allowed types.
*
* @return array
*/
protected function getAllowedExtensions()
{
$categories = $this->getAllowedCategories();
return File::get_category_extensions($categories);
}
$categories = $this->getAllowedCategories();
return File::get_category_extensions($categories);
}
/**
* Validate that this DBFile accepts this filename as valid
*
* @param string $filename
* @throws ValidationException
* @return bool
*/
/**
* Validate that this DBFile accepts this filename as valid
*
* @param string $filename
* @throws ValidationException
* @return bool
*/
protected function isValidFilename($filename)
{
$extension = strtolower(File::get_file_extension($filename));
$extension = strtolower(File::get_file_extension($filename));
// Validate true if within the list of allowed extensions
$allowed = $this->getAllowedExtensions();
if ($allowed) {
return in_array($extension, $allowed);
}
// Validate true if within the list of allowed extensions
$allowed = $this->getAllowedExtensions();
if($allowed) {
return in_array($extension, $allowed);
}
// If no extensions are configured, fallback to global list
$globalList = File::config()->allowed_extensions;
if (in_array($extension, $globalList)) {
return true;
}
// If no extensions are configured, fallback to global list
$globalList = File::config()->allowed_extensions;
if(in_array($extension, $globalList)) {
return true;
}
// Only admins can bypass global rules
return !File::config()->apply_restrictions_to_admin && Permission::check('ADMIN');
}
// Only admins can bypass global rules
return !File::config()->apply_restrictions_to_admin && Permission::check('ADMIN');
}
/**
* Check filename, and raise a ValidationException if invalid
*
* @param string $filename
* @throws ValidationException
*/
/**
* Check filename, and raise a ValidationException if invalid
*
* @param string $filename
* @throws ValidationException
*/
protected function assertFilenameValid($filename)
{
$result = new ValidationResult();
$this->validate($result, $filename);
if (!$result->valid()) {
throw new ValidationException($result);
}
}
$result = new ValidationResult();
$this->validate($result, $filename);
if(!$result->valid()) {
throw new ValidationException($result);
}
}
/**
* Hook to validate this record against a validation result
*
* @param ValidationResult $result
* @param string $filename Optional filename to validate. If omitted, the current value is validated.
* @return bool Valid flag
*/
/**
* Hook to validate this record against a validation result
*
* @param ValidationResult $result
* @param string $filename Optional filename to validate. If omitted, the current value is validated.
* @return bool Valid flag
*/
public function validate(ValidationResult $result, $filename = null)
{
if (empty($filename)) {
$filename = $this->getFilename();
}
if (empty($filename) || $this->isValidFilename($filename)) {
return true;
}
if(empty($filename)) {
$filename = $this->getFilename();
}
if(empty($filename) || $this->isValidFilename($filename)) {
return true;
}
// Check allowed extensions
$extensions = $this->getAllowedExtensions();
if (empty($extensions)) {
$extensions = File::config()->allowed_extensions;
}
sort($extensions);
$message = _t(
'File.INVALIDEXTENSION',
'Extension is not allowed (valid: {extensions})',
'Argument 1: Comma-separated list of valid extensions',
array('extensions' => wordwrap(implode(', ', $extensions)))
);
$result->error($message);
return false;
}
// Check allowed extensions
$extensions = $this->getAllowedExtensions();
if(empty($extensions)) {
$extensions = File::config()->allowed_extensions;
}
sort($extensions);
$message = _t(
'File.INVALIDEXTENSION',
'Extension is not allowed (valid: {extensions})',
'Argument 1: Comma-separated list of valid extensions',
array('extensions' => wordwrap(implode(', ',$extensions)))
);
$result->addError($message);
return false;
}
public function setField($field, $value, $markChanged = true)
{
// Catch filename validation on direct assignment
if ($field === 'Filename' && $value) {
$this->assertFilenameValid($value);
}
// Catch filename validation on direct assignment
if($field === 'Filename' && $value) {
$this->assertFilenameValid($value);
}
return parent::setField($field, $value, $markChanged);
}
return parent::setField($field, $value, $markChanged);
}
/**
* Returns the size of the file type in an appropriate format.
*
* @return string|false String value, or false if doesn't exist
*/
/**
* Returns the size of the file type in an appropriate format.
*
* @return string|false String value, or false if doesn't exist
*/
public function getSize()
{
$size = $this->getAbsoluteSize();
if ($size) {
return File::format_size($size);
}
return false;
}
$size = $this->getAbsoluteSize();
if($size) {
return File::format_size($size);
}
return false;
}
public function deleteFile()
{
if (!$this->Filename) {
return false;
}
if(!$this->Filename) {
return false;
}
return $this
->getStore()
->delete($this->Filename, $this->Hash);
}
return $this
->getStore()
->delete($this->Filename, $this->Hash);
}
public function publishFile()
{
if ($this->Filename) {
$this
->getStore()
->publish($this->Filename, $this->Hash);
}
}
if($this->Filename) {
$this
->getStore()
->publish($this->Filename, $this->Hash);
}
}
public function protectFile()
{
if ($this->Filename) {
$this
->getStore()
->protect($this->Filename, $this->Hash);
}
}
if($this->Filename) {
$this
->getStore()
->protect($this->Filename, $this->Hash);
}
}
public function grantFile()
{
if ($this->Filename) {
$this
->getStore()
->grant($this->Filename, $this->Hash);
}
}
if($this->Filename) {
$this
->getStore()
->grant($this->Filename, $this->Hash);
}
}
public function revokeFile()
{
if ($this->Filename) {
$this
->getStore()
->revoke($this->Filename, $this->Hash);
}
}
if($this->Filename) {
$this
->getStore()
->revoke($this->Filename, $this->Hash);
}
}
public function canViewFile()
{
return $this->Filename
&& $this
->getStore()
->canView($this->Filename, $this->Hash);
}
return $this->Filename
&& $this
->getStore()
->canView($this->Filename, $this->Hash);
}
}

618
src/Dev/FunctionalTest.php
View File

@ -33,378 +33,374 @@ use SimpleXMLElement;
*/
class FunctionalTest extends SapphireTest
{
/**
* Set this to true on your sub-class to disable the use of themes in this test.
* This can be handy for functional testing of modules without having to worry about whether a user has changed
* behaviour by replacing the theme.
*
* @var bool
*/
protected static $disable_themes = false;
/**
* Set this to true on your sub-class to disable the use of themes in this test.
* This can be handy for functional testing of modules without having to worry about whether a user has changed
* behaviour by replacing the theme.
*
* @var bool
*/
protected static $disable_themes = false;
/**
* Set this to true on your sub-class to use the draft site by default for every test in this class.
*
* @var bool
*/
protected static $use_draft_site = false;
/**
* Set this to true on your sub-class to use the draft site by default for every test in this class.
*
* @var bool
*/
protected static $use_draft_site = false;
/**
* @var TestSession
*/
protected $mainSession = null;
/**
* @var TestSession
*/
protected $mainSession = null;
/**
* CSSContentParser for the most recently requested page.
*
* @var CSSContentParser
*/
protected $cssParser = null;
/**
* CSSContentParser for the most recently requested page.
*
* @var CSSContentParser
*/
protected $cssParser = null;
/**
* If this is true, then 30x Location headers will be automatically followed.
* If not, then you will have to manaully call $this->mainSession->followRedirection() to follow them.
* However, this will let you inspect the intermediary headers
*
* @var bool
*/
protected $autoFollowRedirection = true;
/**
* If this is true, then 30x Location headers will be automatically followed.
* If not, then you will have to manaully call $this->mainSession->followRedirection() to follow them.
* However, this will let you inspect the intermediary headers
*
* @var bool
*/
protected $autoFollowRedirection = true;
/**
* Returns the {@link Session} object for this test
*
* @return Session
*/
/**
* Returns the {@link Session} object for this test
*
* @return Session
*/
public function session()
{
return $this->mainSession->session();
}
return $this->mainSession->session();
}
public function setUp()
{
// Skip calling FunctionalTest directly.
if (get_class($this) == __CLASS__) {
$this->markTestSkipped(sprintf('Skipping %s ', get_class($this)));
}
// Skip calling FunctionalTest directly.
if(get_class($this) == __CLASS__) {
$this->markTestSkipped(sprintf('Skipping %s ', get_class($this)));
}
parent::setUp();
$this->mainSession = new TestSession();
parent::setUp();
$this->mainSession = new TestSession();
// Disable theme, if necessary
if (static::get_disable_themes()) {
SSViewer::config()->update('theme_enabled', false);
}
// Disable theme, if necessary
if(static::get_disable_themes()) {
SSViewer::config()->update('theme_enabled', false);
}
// Switch to draft site, if necessary
if (static::get_use_draft_site()) {
$this->useDraftSite();
}
// Switch to draft site, if necessary
if(static::get_use_draft_site()) {
$this->useDraftSite();
}
// Unprotect the site, tests are running with the assumption it's off. They will enable it on a case-by-case
// basis.
BasicAuth::protect_entire_site(false);
// Unprotect the site, tests are running with the assumption it's off. They will enable it on a case-by-case
// basis.
BasicAuth::protect_entire_site(false);
SecurityToken::disable();
}
SecurityToken::disable();
}
public function tearDown()
{
SecurityToken::enable();
SecurityToken::enable();
parent::tearDown();
unset($this->mainSession);
}
parent::tearDown();
unset($this->mainSession);
}
/**
* Run a test while mocking the base url with the provided value
* @param string $url The base URL to use for this test
* @param callable $callback The test to run
*/
/**
* Run a test while mocking the base url with the provided value
* @param string $url The base URL to use for this test
* @param callable $callback The test to run
*/
protected function withBaseURL($url, $callback)
{
$oldBase = Config::inst()->get('SilverStripe\\Control\\Director', 'alternate_base_url');
Config::inst()->update('SilverStripe\\Control\\Director', 'alternate_base_url', $url);
$callback($this);
Config::inst()->update('SilverStripe\\Control\\Director', 'alternate_base_url', $oldBase);
}
$oldBase = Config::inst()->get('SilverStripe\\Control\\Director', 'alternate_base_url');
Config::inst()->update('SilverStripe\\Control\\Director', 'alternate_base_url', $url);
$callback($this);
Config::inst()->update('SilverStripe\\Control\\Director', 'alternate_base_url', $oldBase);
}
/**
* Run a test while mocking the base folder with the provided value
* @param string $folder The base folder to use for this test
* @param callable $callback The test to run
*/
/**
* Run a test while mocking the base folder with the provided value
* @param string $folder The base folder to use for this test
* @param callable $callback The test to run
*/
protected function withBaseFolder($folder, $callback)
{
$oldFolder = Config::inst()->get('SilverStripe\\Control\\Director', 'alternate_base_folder');
Config::inst()->update('SilverStripe\\Control\\Director', 'alternate_base_folder', $folder);
$callback($this);
Config::inst()->update('SilverStripe\\Control\\Director', 'alternate_base_folder', $oldFolder);
}
$oldFolder = Config::inst()->get('SilverStripe\\Control\\Director', 'alternate_base_folder');
Config::inst()->update('SilverStripe\\Control\\Director', 'alternate_base_folder', $folder);
$callback($this);
Config::inst()->update('SilverStripe\\Control\\Director', 'alternate_base_folder', $oldFolder);
}
/**
* Submit a get request
* @uses Director::test()
*
* @param string $url
* @param Session $session
* @param array $headers
* @param array $cookies
* @return HTTPResponse
*/
/**
* Submit a get request
* @uses Director::test()
*
* @param string $url
* @param Session $session
* @param array $headers
* @param array $cookies
* @return HTTPResponse
*/
public function get($url, $session = null, $headers = null, $cookies = null)
{
$this->cssParser = null;
$response = $this->mainSession->get($url, $session, $headers, $cookies);
if ($this->autoFollowRedirection && is_object($response) && $response->getHeader('Location')) {
$response = $this->mainSession->followRedirection();
}
return $response;
}
$this->cssParser = null;
$response = $this->mainSession->get($url, $session, $headers, $cookies);
if($this->autoFollowRedirection && is_object($response) && $response->getHeader('Location')) {
$response = $this->mainSession->followRedirection();
}
return $response;
}
/**
* Submit a post request
*
* @uses Director::test()
* @param string $url
* @param array $data
* @param array $headers
* @param Session $session
* @param string $body
* @param array $cookies
* @return HTTPResponse
*/
/**
* Submit a post request
*
* @uses Director::test()
* @param string $url
* @param array $data
* @param array $headers
* @param Session $session
* @param string $body
* @param array $cookies
* @return HTTPResponse
*/
public function post($url, $data, $headers = null, $session = null, $body = null, $cookies = null)
{
$this->cssParser = null;
$response = $this->mainSession->post($url, $data, $headers, $session, $body, $cookies);
if ($this->autoFollowRedirection && is_object($response) && $response->getHeader('Location')) {
$response = $this->mainSession->followRedirection();
}
return $response;
}
$this->cssParser = null;
$response = $this->mainSession->post($url, $data, $headers, $session, $body, $cookies);
if($this->autoFollowRedirection && is_object($response) && $response->getHeader('Location')) {
$response = $this->mainSession->followRedirection();
}
return $response;
}
/**
* Submit the form with the given HTML ID, filling it out with the given data.
* Acts on the most recent response.
*
* Any data parameters have to be present in the form, with exact form field name
* and values, otherwise they are removed from the submission.
*
* Caution: Parameter names have to be formatted
* as they are in the form submission, not as they are interpreted by PHP.
* Wrong: array('mycheckboxvalues' => array(1 => 'one', 2 => 'two'))
* Right: array('mycheckboxvalues[1]' => 'one', 'mycheckboxvalues[2]' => 'two')
*
* @see http://www.simpletest.org/en/form_testing_documentation.html
*
* @param string $formID HTML 'id' attribute of a form (loaded through a previous response)
* @param string $button HTML 'name' attribute of the button (NOT the 'id' attribute)
* @param array $data Map of GET/POST data.
* @return HTTPResponse
*/
/**
* Submit the form with the given HTML ID, filling it out with the given data.
* Acts on the most recent response.
*
* Any data parameters have to be present in the form, with exact form field name
* and values, otherwise they are removed from the submission.
*
* Caution: Parameter names have to be formatted
* as they are in the form submission, not as they are interpreted by PHP.
* Wrong: array('mycheckboxvalues' => array(1 => 'one', 2 => 'two'))
* Right: array('mycheckboxvalues[1]' => 'one', 'mycheckboxvalues[2]' => 'two')
*
* @see http://www.simpletest.org/en/form_testing_documentation.html
*
* @param string $formID HTML 'id' attribute of a form (loaded through a previous response)
* @param string $button HTML 'name' attribute of the button (NOT the 'id' attribute)
* @param array $data Map of GET/POST data.
* @return HTTPResponse
*/
public function submitForm($formID, $button = null, $data = array())
{
$this->cssParser = null;
$response = $this->mainSession->submitForm($formID, $button, $data);
if ($this->autoFollowRedirection && is_object($response) && $response->getHeader('Location')) {
$response = $this->mainSession->followRedirection();
}
return $response;
}
$this->cssParser = null;
$response = $this->mainSession->submitForm($formID, $button, $data);
if($this->autoFollowRedirection && is_object($response) && $response->getHeader('Location')) {
$response = $this->mainSession->followRedirection();
}
return $response;
}
/**
* Return the most recent content
*
* @return string
*/
/**
* Return the most recent content
*
* @return string
*/
public function content()
{
return $this->mainSession->lastContent();
}
return $this->mainSession->lastContent();
}
/**
* Find an attribute in a SimpleXMLElement object by name.
* @param SimpleXMLElement $object
* @param string $attribute Name of attribute to find
* @return SimpleXMLElement object of the attribute
*/
/**
* Find an attribute in a SimpleXMLElement object by name.
* @param SimpleXMLElement $object
* @param string $attribute Name of attribute to find
* @return SimpleXMLElement object of the attribute
*/
public function findAttribute($object, $attribute)
{
$found = false;
foreach ($object->attributes() as $a => $b) {
if ($a == $attribute) {
$found = $b;
}
}
return $found;
}
$found = false;
foreach($object->attributes() as $a => $b) {
if($a == $attribute) {
$found = $b;
}
}
return $found;
}
/**
* Return a CSSContentParser for the most recent content.
*
* @return CSSContentParser
*/
/**
* Return a CSSContentParser for the most recent content.
*
* @return CSSContentParser
*/
public function cssParser()
{
if (!$this->cssParser) {
$this->cssParser = new CSSContentParser($this->mainSession->lastContent());
}
return $this->cssParser;
}
return $this->cssParser;
}
/**
* Assert that the most recently queried page contains a number of content tags specified by a CSS selector.
* The given CSS selector will be applied to the HTML of the most recent page. The content of every matching tag
* will be examined. The assertion fails if one of the expectedMatches fails to appear.
*
* Note:   characters are stripped from the content; make sure that your assertions take this into account.
*
* @param string $selector A basic CSS selector, e.g. 'li.jobs h3'
* @param array|string $expectedMatches The content of at least one of the matched tags
* @throws PHPUnit_Framework_AssertionFailedError
* @return boolean
*/
/**
* Assert that the most recently queried page contains a number of content tags specified by a CSS selector.
* The given CSS selector will be applied to the HTML of the most recent page. The content of every matching tag
* will be examined. The assertion fails if one of the expectedMatches fails to appear.
*
* Note:   characters are stripped from the content; make sure that your assertions take this into account.
*
* @param string $selector A basic CSS selector, e.g. 'li.jobs h3'
* @param array|string $expectedMatches The content of at least one of the matched tags
* @throws PHPUnit_Framework_AssertionFailedError
* @return boolean
*/
public function assertPartialMatchBySelector($selector, $expectedMatches)
{
if (is_string($expectedMatches)) {
$expectedMatches = array($expectedMatches);
}
$items = $this->cssParser()->getBySelector($selector);
$items = $this->cssParser()->getBySelector($selector);
$actuals = array();
if ($items) {
foreach ($items as $item) {
$actuals[trim(preg_replace("/[ \n\r\t]+/", " ", $item. ''))] = true;
}
}
$actuals = array();
if($items) foreach($items as $item) $actuals[trim(preg_replace("/\s+/", " ", (string)$item))] = true;
foreach ($expectedMatches as $match) {
$this->assertTrue(
isset($actuals[$match]),
"Failed asserting the CSS selector '$selector' has a partial match to the expected elements:\n'"
. implode("'\n'", $expectedMatches) . "'\n\n"
. "Instead the following elements were found:\n'" . implode("'\n'", array_keys($actuals)) . "'"
);
return false;
}
foreach($expectedMatches as $match) {
$this->assertTrue(
isset($actuals[$match]),
"Failed asserting the CSS selector '$selector' has a partial match to the expected elements:\n'"
. implode("'\n'", $expectedMatches) . "'\n\n"
. "Instead the following elements were found:\n'" . implode("'\n'", array_keys($actuals)) . "'"
);
return false;
}
return true;
}
return true;
}
/**
* Assert that the most recently queried page contains a number of content tags specified by a CSS selector.
* The given CSS selector will be applied to the HTML of the most recent page. The full HTML of every matching tag
* will be examined. The assertion fails if one of the expectedMatches fails to appear.
*
* Note:   characters are stripped from the content; make sure that your assertions take this into account.
*
* @param string $selector A basic CSS selector, e.g. 'li.jobs h3'
* @param array|string $expectedMatches The content of *all* matching tags as an array
* @throws PHPUnit_Framework_AssertionFailedError
* @return boolean
*/
/**
* Assert that the most recently queried page contains a number of content tags specified by a CSS selector.
* The given CSS selector will be applied to the HTML of the most recent page. The full HTML of every matching tag
* will be examined. The assertion fails if one of the expectedMatches fails to appear.
*
* Note:   characters are stripped from the content; make sure that your assertions take this into account.
*
* @param string $selector A basic CSS selector, e.g. 'li.jobs h3'
* @param array|string $expectedMatches The content of *all* matching tags as an array
* @throws PHPUnit_Framework_AssertionFailedError
* @return boolean
*/
public function assertExactMatchBySelector($selector, $expectedMatches)
{
if (is_string($expectedMatches)) {
$expectedMatches = array($expectedMatches);
}
$items = $this->cssParser()->getBySelector($selector);
$items = $this->cssParser()->getBySelector($selector);
$actuals = array();
$actuals = array();
if ($items) {
foreach ($items as $item) {
$actuals[] = trim(preg_replace("/[ \n\r\t]+/", " ", $item. ''));
}
}
$this->assertTrue(
$expectedMatches == $actuals,
"Failed asserting the CSS selector '$selector' has an exact match to the expected elements:\n'"
. implode("'\n'", $expectedMatches) . "'\n\n"
. "Instead the following elements were found:\n'" . implode("'\n'", $actuals) . "'"
);
$this->assertTrue(
$expectedMatches == $actuals,
"Failed asserting the CSS selector '$selector' has an exact match to the expected elements:\n'"
. implode("'\n'", $expectedMatches) . "'\n\n"
. "Instead the following elements were found:\n'" . implode("'\n'", $actuals) . "'"
);
return true;
}
return true;
}
/**
* Assert that the most recently queried page contains a number of content tags specified by a CSS selector.
* The given CSS selector will be applied to the HTML of the most recent page. The content of every matching tag
* will be examined. The assertion fails if one of the expectedMatches fails to appear.
*
* Note:   characters are stripped from the content; make sure that your assertions take this into account.
*
* @param string $selector A basic CSS selector, e.g. 'li.jobs h3'
* @param array|string $expectedMatches The content of at least one of the matched tags
* @throws PHPUnit_Framework_AssertionFailedError
* @return boolean
*/
/**
* Assert that the most recently queried page contains a number of content tags specified by a CSS selector.
* The given CSS selector will be applied to the HTML of the most recent page. The content of every matching tag
* will be examined. The assertion fails if one of the expectedMatches fails to appear.
*
* Note:   characters are stripped from the content; make sure that your assertions take this into account.
*
* @param string $selector A basic CSS selector, e.g. 'li.jobs h3'
* @param array|string $expectedMatches The content of at least one of the matched tags
* @throws PHPUnit_Framework_AssertionFailedError
* @return boolean
*/
public function assertPartialHTMLMatchBySelector($selector, $expectedMatches)
{
if (is_string($expectedMatches)) {
$expectedMatches = array($expectedMatches);
}
$items = $this->cssParser()->getBySelector($selector);
$items = $this->cssParser()->getBySelector($selector);
$actuals = array();
if ($items) {
/** @var SimpleXMLElement $item */
foreach ($items as $item) {
$actuals[$item->asXML()] = true;
}
}
$actuals = array();
if($items) {
/** @var SimpleXMLElement $item */
foreach($items as $item) {
$actuals[$item->asXML()] = true;
}
}
foreach ($expectedMatches as $match) {
$this->assertTrue(
isset($actuals[$match]),
"Failed asserting the CSS selector '$selector' has a partial match to the expected elements:\n'"
. implode("'\n'", $expectedMatches) . "'\n\n"
. "Instead the following elements were found:\n'" . implode("'\n'", array_keys($actuals)) . "'"
);
}
foreach($expectedMatches as $match) {
$this->assertTrue(
isset($actuals[$match]),
"Failed asserting the CSS selector '$selector' has a partial match to the expected elements:\n'"
. implode("'\n'", $expectedMatches) . "'\n\n"
. "Instead the following elements were found:\n'" . implode("'\n'", array_keys($actuals)) . "'"
);
}
return true;
}
return true;
}
/**
* Assert that the most recently queried page contains a number of content tags specified by a CSS selector.
* The given CSS selector will be applied to the HTML of the most recent page. The full HTML of every matching tag
* will be examined. The assertion fails if one of the expectedMatches fails to appear.
*
* Note:   characters are stripped from the content; make sure that your assertions take this into account.
*
* @param string $selector A basic CSS selector, e.g. 'li.jobs h3'
* @param array|string $expectedMatches The content of *all* matched tags as an array
* @throws PHPUnit_Framework_AssertionFailedError
*/
/**
* Assert that the most recently queried page contains a number of content tags specified by a CSS selector.
* The given CSS selector will be applied to the HTML of the most recent page. The full HTML of every matching tag
* will be examined. The assertion fails if one of the expectedMatches fails to appear.
*
* Note:   characters are stripped from the content; make sure that your assertions take this into account.
*
* @param string $selector A basic CSS selector, e.g. 'li.jobs h3'
* @param array|string $expectedMatches The content of *all* matched tags as an array
* @throws PHPUnit_Framework_AssertionFailedError
*/
public function assertExactHTMLMatchBySelector($selector, $expectedMatches)
{
$items = $this->cssParser()->getBySelector($selector);
$items = $this->cssParser()->getBySelector($selector);
$actuals = array();
if ($items) {
/** @var SimpleXMLElement $item */
foreach ($items as $item) {
$actuals[] = $item->asXML();
}
}
$actuals = array();
if($items) {
/** @var SimpleXMLElement $item */
foreach($items as $item) {
$actuals[] = $item->asXML();
}
}
$this->assertTrue(
$expectedMatches == $actuals,
"Failed asserting the CSS selector '$selector' has an exact match to the expected elements:\n'"
. implode("'\n'", $expectedMatches) . "'\n\n"
. "Instead the following elements were found:\n'" . implode("'\n'", $actuals) . "'"
);
}
$this->assertTrue(
$expectedMatches == $actuals,
"Failed asserting the CSS selector '$selector' has an exact match to the expected elements:\n'"
. implode("'\n'", $expectedMatches) . "'\n\n"
. "Instead the following elements were found:\n'" . implode("'\n'", $actuals) . "'"
);
}
/**
* Log in as the given member
*
* @param Member|int|string $member The ID, fixture codename, or Member object of the member that you want to log in
*/
/**
* Log in as the given member
*
* @param Member|int|string $member The ID, fixture codename, or Member object of the member that you want to log in
*/
public function logInAs($member)
{
if (is_object($member)) {
@ -415,40 +411,40 @@ class FunctionalTest extends SapphireTest
$memberID = $this->idFromFixture('SilverStripe\\Security\\Member', $member);
}
$this->session()->inst_set('loggedInAs', $memberID);
}
$this->session()->inst_set('loggedInAs', $memberID);
}
/**
* Use the draft (stage) site for testing.
* This is helpful if you're not testing publication functionality and don't want "stage management" cluttering
* your test.
*
* @param bool $enabled toggle the use of the draft site
*/
/**
* Use the draft (stage) site for testing.
* This is helpful if you're not testing publication functionality and don't want "stage management" cluttering
* your test.
*
* @param bool $enabled toggle the use of the draft site
*/
public function useDraftSite($enabled = true)
{
if ($enabled) {
$this->session()->inst_set('readingMode', 'Stage.Stage');
$this->session()->inst_set('unsecuredDraftSite', true);
if($enabled) {
$this->session()->inst_set('readingMode', 'Stage.Stage');
$this->session()->inst_set('unsecuredDraftSite', true);
} else {
$this->session()->inst_set('readingMode', 'Stage.Live');
$this->session()->inst_set('unsecuredDraftSite', false);
}
}
$this->session()->inst_set('readingMode', 'Stage.Live');
$this->session()->inst_set('unsecuredDraftSite', false);
}
}
/**
* @return bool
*/
/**
* @return bool
*/
public static function get_disable_themes()
{
return static::$disable_themes;
}
return static::$disable_themes;
}
/**
* @return bool
*/
/**
* @return bool
*/
public static function get_use_draft_site()
{
return static::$use_draft_site;
}
return static::$use_draft_site;
}
}

2994
src/Forms/Form.php
View File

@ -67,409 +67,405 @@ use SilverStripe\View\SSViewer;
class Form extends RequestHandler
{
const ENC_TYPE_URLENCODED = 'application/x-www-form-urlencoded';
const ENC_TYPE_MULTIPART = 'multipart/form-data';
const ENC_TYPE_URLENCODED = 'application/x-www-form-urlencoded';
const ENC_TYPE_MULTIPART = 'multipart/form-data';
/**
* Accessed by Form.ss; modified by {@link formHtmlContent()}.
* A performance enhancement over the generate-the-form-tag-and-then-remove-it code that was there previously
*
* @var bool
*/
public $IncludeFormTag = true;
/**
* Accessed by Form.ss; modified by {@link formHtmlContent()}.
* A performance enhancement over the generate-the-form-tag-and-then-remove-it code that was there previously
*
* @var bool
*/
public $IncludeFormTag = true;
/**
* @var FieldList
*/
protected $fields;
/**
* @var FieldList
*/
protected $fields;
/**
* @var FieldList
*/
protected $actions;
/**
* @var FieldList
*/
protected $actions;
/**
* @var Controller
*/
protected $controller;
/**
* @var Controller
*/
protected $controller;
/**
* @var string
*/
protected $name;
/**
* @var string
*/
protected $name;
/**
* @var Validator
*/
protected $validator;
/**
* @var Validator
*/
protected $validator;
/**
* @var callable {@see setValidationResponseCallback()}
*/
protected $validationResponseCallback;
/**
* @var callable {@see setValidationResponseCallback()}
*/
protected $validationResponseCallback;
/**
* @var string
*/
protected $formMethod = "POST";
/**
* @var string
*/
protected $formMethod = "POST";
/**
* @var boolean
*/
protected $strictFormMethodCheck = false;
/**
* @var boolean
*/
protected $strictFormMethodCheck = false;
/**
* @var DataObject|null $record Populated by {@link loadDataFrom()}.
*/
protected $record;
/**
* @var DataObject|null $record Populated by {@link loadDataFrom()}.
*/
protected $record;
/**
* Keeps track of whether this form has a default action or not.
* Set to false by $this->disableDefaultAction();
*
* @var boolean
*/
protected $hasDefaultAction = true;
/**
* Keeps track of whether this form has a default action or not.
* Set to false by $this->disableDefaultAction();
*
* @var boolean
*/
protected $hasDefaultAction = true;
/**
* Target attribute of form-tag.
* Useful to open a new window upon
* form submission.
*
* @var string|null
*/
protected $target;
/**
* Target attribute of form-tag.
* Useful to open a new window upon
* form submission.
*
* @var string|null
*/
protected $target;
/**
* Legend value, to be inserted into the
* <legend> element before the <fieldset>
* in Form.ss template.
*
* @var string|null
*/
protected $legend;
/**
* Legend value, to be inserted into the
* <legend> element before the <fieldset>
* in Form.ss template.
*
* @var string|null
*/
protected $legend;
/**
* The SS template to render this form HTML into.
* Default is "Form", but this can be changed to
* another template for customisation.
*
* @see Form->setTemplate()
* @var string|null
*/
protected $template;
/**
* The SS template to render this form HTML into.
* Default is "Form", but this can be changed to
* another template for customisation.
*
* @see Form->setTemplate()
* @var string|null
*/
protected $template;
/**
* @var callable|null
*/
protected $buttonClickedFunc;
/**
* @var callable|null
*/
protected $buttonClickedFunc;
/**
* @var string|null
*/
protected $message;
/**
* @var string|null
*/
protected $message;
/**
* @var string|null
*/
protected $messageType;
/**
* @var string|null
*/
protected $messageType;
/**
* Should we redirect the user back down to the
* the form on validation errors rather then just the page
*
* @var bool
*/
protected $redirectToFormOnValidationError = false;
/**
* Should we redirect the user back down to the
* the form on validation errors rather then just the page
*
* @var bool
*/
protected $redirectToFormOnValidationError = false;
/**
* @var bool
*/
protected $security = true;
/**
* @var bool
*/
protected $security = true;
/**
* @var SecurityToken|null
*/
protected $securityToken = null;
/**
* @var SecurityToken|null
*/
protected $securityToken = null;
/**
* @var array $extraClasses List of additional CSS classes for the form tag.
*/
protected $extraClasses = array();
/**
* @var array $extraClasses List of additional CSS classes for the form tag.
*/
protected $extraClasses = array();
/**
* @config
* @var array $default_classes The default classes to apply to the Form
*/
private static $default_classes = array();
/**
* @config
* @var array $default_classes The default classes to apply to the Form
*/
private static $default_classes = array();
/**
* @var string|null
*/
protected $encType;
/**
* @var string|null
*/
protected $encType;
/**
* @var array Any custom form attributes set through {@link setAttributes()}.
* Some attributes are calculated on the fly, so please use {@link getAttributes()} to access them.
*/
protected $attributes = array();
/**
* @var array Any custom form attributes set through {@link setAttributes()}.
* Some attributes are calculated on the fly, so please use {@link getAttributes()} to access them.
*/
protected $attributes = array();
/**
* @var array
*/
protected $validationExemptActions = array();
/**
* @var array
*/
protected $validationExemptActions = array();
private static $allowed_actions = array(
'handleField',
'httpSubmission',
'forTemplate',
);
private static $allowed_actions = array(
'handleField',
'httpSubmission',
'forTemplate',
);
private static $casting = array(
'AttributesHTML' => 'HTMLFragment',
'FormAttributes' => 'HTMLFragment',
'MessageType' => 'Text',
'Message' => 'HTMLFragment',
'FormName' => 'Text',
'Legend' => 'HTMLFragment',
);
private static $casting = array(
'AttributesHTML' => 'HTMLFragment',
'FormAttributes' => 'HTMLFragment',
'MessageType' => 'Text',
'Message' => 'HTMLFragment',
'FormName' => 'Text',
'Legend' => 'HTMLFragment',
);
/**
* @var FormTemplateHelper
*/
private $templateHelper = null;
/**
* @var FormTemplateHelper
*/
private $templateHelper = null;
/**
* @ignore
*/
private $htmlID = null;
/**
* @ignore
*/
private $htmlID = null;
/**
* @ignore
*/
private $formActionPath = false;
/**
* @ignore
*/
private $formActionPath = false;
/**
* @var bool
*/
protected $securityTokenAdded = false;
/**
* @var bool
*/
protected $securityTokenAdded = false;
/**
* Create a new form, with the given fields an action buttons.
*
* @param Controller $controller The parent controller, necessary to create the appropriate form action tag.
* @param string $name The method on the controller that will return this form object.
* @param FieldList $fields All of the fields in the form - a {@link FieldList} of {@link FormField} objects.
* @param FieldList $actions All of the action buttons in the form - a {@link FieldLis} of
* {@link FormAction} objects
* @param Validator|null $validator Override the default validator instance (Default: {@link RequiredFields})
*/
/**
* Create a new form, with the given fields an action buttons.
*
* @param Controller $controller The parent controller, necessary to create the appropriate form action tag.
* @param string $name The method on the controller that will return this form object.
* @param FieldList $fields All of the fields in the form - a {@link FieldList} of {@link FormField} objects.
* @param FieldList $actions All of the action buttons in the form - a {@link FieldLis} of
* {@link FormAction} objects
* @param Validator|null $validator Override the default validator instance (Default: {@link RequiredFields})
*/
public function __construct($controller, $name, FieldList $fields, FieldList $actions, Validator $validator = null)
{
parent::__construct();
parent::__construct();
$fields->setForm($this);
$actions->setForm($this);
$fields->setForm($this);
$actions->setForm($this);
$this->fields = $fields;
$this->actions = $actions;
$this->controller = $controller;
$this->setName($name);
$this->fields = $fields;
$this->actions = $actions;
$this->controller = $controller;
$this->setName($name);
if (!$this->controller) {
user_error("$this->class form created without a controller", E_USER_ERROR);
}
// Form validation
$this->validator = ($validator) ? $validator : new RequiredFields();
$this->validator->setForm($this);
// Form validation
$this->validator = ($validator) ? $validator : new RequiredFields();
$this->validator->setForm($this);
// Form error controls
$this->setupFormErrors();
// Form error controls
$this->setupFormErrors();
// Check if CSRF protection is enabled, either on the parent controller or from the default setting. Note that
// method_exists() is used as some controllers (e.g. GroupTest) do not always extend from Object.
if (method_exists($controller, 'securityTokenEnabled') || (method_exists($controller, 'hasMethod')
&& $controller->hasMethod('securityTokenEnabled'))) {
$securityEnabled = $controller->securityTokenEnabled();
} else {
$securityEnabled = SecurityToken::is_enabled();
}
// Check if CSRF protection is enabled, either on the parent controller or from the default setting. Note that
// method_exists() is used as some controllers (e.g. GroupTest) do not always extend from Object.
if(method_exists($controller, 'securityTokenEnabled') || (method_exists($controller, 'hasMethod')
&& $controller->hasMethod('securityTokenEnabled'))) {
$securityEnabled = $controller->securityTokenEnabled();
} else {
$securityEnabled = SecurityToken::is_enabled();
}
$this->securityToken = ($securityEnabled) ? new SecurityToken() : new NullSecurityToken();
$this->securityToken = ($securityEnabled) ? new SecurityToken() : new NullSecurityToken();
$this->setupDefaultClasses();
}
$this->setupDefaultClasses();
}
/**
* @var array
*/
private static $url_handlers = array(
'field/$FieldName!' => 'handleField',
'POST ' => 'httpSubmission',
'GET ' => 'httpSubmission',
'HEAD ' => 'httpSubmission',
);
/**
* @var array
*/
private static $url_handlers = array(
'field/$FieldName!' => 'handleField',
'POST ' => 'httpSubmission',
'GET ' => 'httpSubmission',
'HEAD ' => 'httpSubmission',
);
/**
* Set up current form errors in session to
* the current form if appropriate.
*
* @return $this
*/
public function setupFormErrors()
{
$errorInfo = Session::get("FormInfo.{$this->FormName()}");
/**
* Take errors from a ValidationResult and populate the form with the appropriate message.
*
* @param ValidationResult $result The erroneous ValidationResult. If none passed, this will be atken
* from the session
*/
public function setupFormErrors($result = null, $data = null) {
if(!$result) $result = Session::get("FormInfo.{$this->FormName()}.result");
if(!$result) return;
if (isset($errorInfo['errors']) && is_array($errorInfo['errors'])) {
foreach ($errorInfo['errors'] as $error) {
$field = $this->fields->dataFieldByName($error['fieldName']);
foreach($result->fieldErrors() as $fieldName => $fieldError) {
$field = $this->fields->dataFieldByName($fieldName);
$field->setError($fieldError['message'], $fieldError['messageType']);
}
if (!$field) {
$errorInfo['message'] = $error['message'];
$errorInfo['type'] = $error['messageType'];
} else {
$field->setError($error['message'], $error['messageType']);
}
}
//don't escape the HTML as it should have been escaped when adding it to the validation result
$this->setMessage($result->overallMessage(), $result->valid() ? 'good' : 'bad', false);
// load data in from previous submission upon error
if (isset($errorInfo['data'])) {
$this->loadDataFrom($errorInfo['data']);
}
}
// load data in from previous submission upon error
if(!$data) $data = Session::get("FormInfo.{$this->FormName()}.data");
if($data) $this->loadDataFrom($data);
}
if (isset($errorInfo['message']) && isset($errorInfo['type'])) {
$this->setMessage($errorInfo['message'], $errorInfo['type']);
}
/**
* Save information to the session to be picked up by {@link setUpFormErrors()}
*/
public function saveFormErrorsToSession($result = null, $data = null) {
Session::set("FormInfo.{$this->FormName()}.result", $result);
Session::set("FormInfo.{$this->FormName()}.data", $data);
}
return $this;
}
/**
* set up the default classes for the form. This is done on construct so that the default classes can be removed
* after instantiation
*/
/**
* set up the default classes for the form. This is done on construct so that the default classes can be removed
* after instantiation
*/
protected function setupDefaultClasses()
{
$defaultClasses = self::config()->get('default_classes');
if ($defaultClasses) {
foreach ($defaultClasses as $class) {
$this->addExtraClass($class);
}
}
}
$defaultClasses = self::config()->get('default_classes');
if ($defaultClasses) {
foreach ($defaultClasses as $class) {
$this->addExtraClass($class);
}
}
}
/**
* Handle a form submission. GET and POST requests behave identically.
* Populates the form with {@link loadDataFrom()}, calls {@link validate()},
* and only triggers the requested form action/method
* if the form is valid.
*
* @param HTTPRequest $request
* @throws HTTPResponse_Exception
*/
/**
* Handle a form submission. GET and POST requests behave identically.
* Populates the form with {@link loadDataFrom()}, calls {@link validate()},
* and only triggers the requested form action/method
* if the form is valid.
*
* @param HTTPRequest $request
* @throws HTTPResponse_Exception
*/
public function httpSubmission($request)
{
// Strict method check
if ($this->strictFormMethodCheck) {
// Throws an error if the method is bad...
if ($this->formMethod != $request->httpMethod()) {
$response = Controller::curr()->getResponse();
$response->addHeader('Allow', $this->formMethod);
$this->httpError(405, _t("Form.BAD_METHOD", "This form requires a ".$this->formMethod." submission"));
}
// Strict method check
if($this->strictFormMethodCheck) {
// Throws an error if the method is bad...
if($this->formMethod != $request->httpMethod()) {
$response = Controller::curr()->getResponse();
$response->addHeader('Allow', $this->formMethod);
$this->httpError(405, _t("Form.BAD_METHOD", "This form requires a ".$this->formMethod." submission"));
}
// ...and only uses the variables corresponding to that method type
$vars = $this->formMethod == 'GET' ? $request->getVars() : $request->postVars();
} else {
$vars = $request->requestVars();
}
// ...and only uses the variables corresponding to that method type
$vars = $this->formMethod == 'GET' ? $request->getVars() : $request->postVars();
} else {
$vars = $request->requestVars();
}
// Ensure we only process saveable fields (non structural, readonly, or disabled)
$allowedFields = array_keys($this->Fields()->saveableFields());
// Populate the form
// Populate the form
$this->loadDataFrom($vars, true, $allowedFields);
// Protection against CSRF attacks
$token = $this->getSecurityToken();
if (! $token->checkRequest($request)) {
$securityID = $token->getName();
if (empty($vars[$securityID])) {
// Protection against CSRF attacks
$token = $this->getSecurityToken();
if( ! $token->checkRequest($request)) {
$securityID = $token->getName();
if (empty($vars[$securityID])) {
$this->httpError(400, _t(
"Form.CSRF_FAILED_MESSAGE",
"There seems to have been a technical problem. Please click the back button, ".
"refresh your browser, and try again."
));
} else {
// Clear invalid token on refresh
$data = $this->getData();
unset($data[$securityID]);
Session::set("FormInfo.{$this->FormName()}.data", $data);
Session::set("FormInfo.{$this->FormName()}.errors", array());
$this->sessionMessage(
_t("Form.CSRF_EXPIRED_MESSAGE", "Your session has expired. Please re-submit the form."),
"warning"
);
return $this->controller->redirectBack();
}
}
"There seems to have been a technical problem. Please click the back button, ".
"refresh your browser, and try again."
));
} else {
// Clear invalid token on refresh
$data = $this->getData();
unset($data[$securityID]);
Session::set("FormInfo.{$this->FormName()}.data", $data);
Session::set("FormInfo.{$this->FormName()}.errors", array());
$this->sessionMessage(
_t("Form.CSRF_EXPIRED_MESSAGE", "Your session has expired. Please re-submit the form."),
"warning"
);
return $this->controller->redirectBack();
}
}
// Determine the action button clicked
$funcName = null;
foreach ($vars as $paramName => $paramVal) {
if (substr($paramName, 0, 7) == 'action_') {
// Break off querystring arguments included in the action
if (strpos($paramName, '?') !== false) {
list($paramName, $paramVars) = explode('?', $paramName, 2);
$newRequestParams = array();
parse_str($paramVars, $newRequestParams);
$vars = array_merge((array)$vars, (array)$newRequestParams);
}
// Determine the action button clicked
$funcName = null;
foreach($vars as $paramName => $paramVal) {
if(substr($paramName,0,7) == 'action_') {
// Break off querystring arguments included in the action
if(strpos($paramName,'?') !== false) {
list($paramName, $paramVars) = explode('?', $paramName, 2);
$newRequestParams = array();
parse_str($paramVars, $newRequestParams);
$vars = array_merge((array)$vars, (array)$newRequestParams);
}
// Cleanup action_, _x and _y from image fields
$funcName = preg_replace(array('/^action_/','/_x$|_y$/'), '', $paramName);
break;
}
}
// Cleanup action_, _x and _y from image fields
$funcName = preg_replace(array('/^action_/','/_x$|_y$/'),'',$paramName);
break;
}
}
// If the action wasn't set, choose the default on the form.
if (!isset($funcName) && $defaultAction = $this->defaultAction()) {
$funcName = $defaultAction->actionName();
}
// If the action wasn't set, choose the default on the form.
if(!isset($funcName) && $defaultAction = $this->defaultAction()){
$funcName = $defaultAction->actionName();
}
if (isset($funcName)) {
$this->setButtonClicked($funcName);
}
if(isset($funcName)) {
$this->setButtonClicked($funcName);
}
// Permission checks (first on controller, then falling back to form)
// Permission checks (first on controller, then falling back to form)
if (// Ensure that the action is actually a button or method on the form,
// and not just a method on the controller.
$this->controller->hasMethod($funcName)
&& !$this->controller->checkAccessAction($funcName)
// If a button exists, allow it on the controller
// buttonClicked() validates that the action set above is valid
&& !$this->buttonClicked()
) {
return $this->httpError(
403,
sprintf('Action "%s" not allowed on controller (Class: %s)', $funcName, get_class($this->controller))
);
// and not just a method on the controller.
$this->controller->hasMethod($funcName)
&& !$this->controller->checkAccessAction($funcName)
// If a button exists, allow it on the controller
// buttonClicked() validates that the action set above is valid
&& !$this->buttonClicked()
) {
return $this->httpError(
403,
sprintf('Action "%s" not allowed on controller (Class: %s)', $funcName, get_class($this->controller))
);
} elseif ($this->hasMethod($funcName)
&& !$this->checkAccessAction($funcName)
// No checks for button existence or $allowed_actions is performed -
// all form methods are callable (e.g. the legacy "callfieldmethod()")
) {
return $this->httpError(
403,
sprintf('Action "%s" not allowed on form (Name: "%s")', $funcName, $this->name)
);
}
// TODO : Once we switch to a stricter policy regarding allowed_actions (meaning actions must be set
// explicitly in allowed_actions in order to run)
// Uncomment the following for checking security against running actions on form fields
/* else {
&& !$this->checkAccessAction($funcName)
// No checks for button existence or $allowed_actions is performed -
// all form methods are callable (e.g. the legacy "callfieldmethod()")
) {
return $this->httpError(
403,
sprintf('Action "%s" not allowed on form (Name: "%s")', $funcName, $this->name)
);
}
// TODO : Once we switch to a stricter policy regarding allowed_actions (meaning actions must be set
// explicitly in allowed_actions in order to run)
// Uncomment the following for checking security against running actions on form fields
/* else {
// Try to find a field that has the action, and allows it
$fieldsHaveMethod = false;
foreach ($this->Fields() as $field){
@ -485,1527 +481,1567 @@ class Form extends RequestHandler
}
}*/
// Validate the form
if (!$this->validate()) {
return $this->getValidationErrorResponse();
}
// Action handlers may throw ValidationExceptions.
try {
// Or we can use the Valiator attached to the form
$result = $this->validationResult();
if(!$result->valid()) {
return $this->getValidationErrorResponse($result);
}
// First, try a handler method on the controller (has been checked for allowed_actions above already)
if ($this->controller->hasMethod($funcName)) {
return $this->controller->$funcName($vars, $this, $request);
// Otherwise, try a handler method on the form object.
} elseif ($this->hasMethod($funcName)) {
return $this->$funcName($vars, $this, $request);
} elseif ($field = $this->checkFieldsForAction($this->Fields(), $funcName)) {
return $field->$funcName($vars, $this, $request);
}
// First, try a handler method on the controller (has been checked for allowed_actions above already)
if($this->controller->hasMethod($funcName)) {
return $this->controller->$funcName($vars, $this, $request);
// Otherwise, try a handler method on the form object.
} elseif($this->hasMethod($funcName)) {
return $this->$funcName($vars, $this, $request);
} elseif($field = $this->checkFieldsForAction($this->Fields(), $funcName)) {
return $field->$funcName($vars, $this, $request);
}
return $this->httpError(404);
}
} catch(ValidationException $e) {
// The ValdiationResult contains all the relevant metadata
$result = $e->getResult();
return $this->getValidationErrorResponse($result);
}
/**
* @param string $action
* @return bool
*/
// First, try a handler method on the controller (has been checked for allowed_actions above already)
if($this->controller->hasMethod($funcName)) {
return $this->controller->$funcName($vars, $this, $request);
// Otherwise, try a handler method on the form object.
} elseif($this->hasMethod($funcName)) {
return $this->$funcName($vars, $this, $request);
} elseif($field = $this->checkFieldsForAction($this->Fields(), $funcName)) {
return $field->$funcName($vars, $this, $request);
}
return $this->httpError(404);
}
/**
* @param string $action
* @return bool
*/
public function checkAccessAction($action)
{
if (parent::checkAccessAction($action)) {
return true;
}
if (parent::checkAccessAction($action)) {
return true;
}
$actions = $this->getAllActions();
foreach ($actions as $formAction) {
if ($formAction->actionName() === $action) {
return true;
}
}
$actions = $this->getAllActions();
foreach ($actions as $formAction) {
if ($formAction->actionName() === $action) {
return true;
}
}
// Always allow actions on fields
$field = $this->checkFieldsForAction($this->Fields(), $action);
if ($field && $field->checkAccessAction($action)) {
return true;
}
// Always allow actions on fields
$field = $this->checkFieldsForAction($this->Fields(), $action);
if ($field && $field->checkAccessAction($action)) {
return true;
}
return false;
}
return false;
}
/**
* @return callable
*/
/**
* @return callable
*/
public function getValidationResponseCallback()
{
return $this->validationResponseCallback;
}
return $this->validationResponseCallback;
}
/**
* Overrules validation error behaviour in {@link httpSubmission()}
* when validation has failed. Useful for optional handling of a certain accepted content type.
*
* The callback can opt out of handling specific responses by returning NULL,
* in which case the default form behaviour will kick in.
*
* @param $callback
* @return self
*/
/**
* Overrules validation error behaviour in {@link httpSubmission()}
* when validation has failed. Useful for optional handling of a certain accepted content type.
*
* The callback can opt out of handling specific responses by returning NULL,
* in which case the default form behaviour will kick in.
*
* @param $callback
* @return self
*/
public function setValidationResponseCallback($callback)
{
$this->validationResponseCallback = $callback;
$this->validationResponseCallback = $callback;
return $this;
}
return $this;
}
/**
* Returns the appropriate response up the controller chain
* if {@link validate()} fails (which is checked prior to executing any form actions).
* By default, returns different views for ajax/non-ajax request, and
* handles 'application/json' requests with a JSON object containing the error messages.
* Behaviour can be influenced by setting {@link $redirectToFormOnValidationError},
* and can be overruled by setting {@link $validationResponseCallback}.
*
* @return HTTPResponse|string
*/
protected function getValidationErrorResponse()
{
$callback = $this->getValidationResponseCallback();
if ($callback && $callbackResponse = $callback()) {
return $callbackResponse;
}
/**
* Returns the appropriate response up the controller chain
* if {@link validate()} fails (which is checked prior to executing any form actions).
* By default, returns different views for ajax/non-ajax request, and
* handles 'application/json' requests with a JSON object containing the error messages.
* Behaviour can be influenced by setting {@link $redirectToFormOnValidationError},
* and can be overruled by setting {@link $validationResponseCallback}.
*
* @param ValidationResult $result
* @return HTTPResponse|string
*/
protected function getValidationErrorResponse(ValidationResult $result) {
$callback = $this->getValidationResponseCallback();
if($callback && $callbackResponse = $callback($result)) {
return $callbackResponse;
}
$request = $this->getRequest();
if ($request->isAjax()) {
// Special case for legacy Validator.js implementation
// (assumes eval'ed javascript collected through FormResponse)
$acceptType = $request->getHeader('Accept');
$request = $this->getRequest();
if($request->isAjax()) {
// Special case for legacy Validator.js implementation
// (assumes eval'ed javascript collected through FormResponse)
$acceptType = $request->getHeader('Accept');
if (strpos($acceptType, 'application/json') !== false) {
// Send validation errors back as JSON with a flag at the start
$response = new HTTPResponse(Convert::array2json($this->validator->getErrors()));
$response->addHeader('Content-Type', 'application/json');
} else {
$this->setupFormErrors();
// Send the newly rendered form tag as HTML
$response = new HTTPResponse($this->forTemplate());
$response->addHeader('Content-Type', 'text/html');
}
// Send validation errors back as JSON with a flag at the start
$response = new HTTPResponse(Convert::array2json($result->getErrorMetaData()));
$response->addHeader('Content-Type', 'application/json');
return $response;
} else {
if ($this->getRedirectToFormOnValidationError()) {
if ($pageURL = $request->getHeader('Referer')) {
if (Director::is_site_url($pageURL)) {
// Remove existing pragmas
$pageURL = preg_replace('/(#.*)/', '', $pageURL);
$pageURL = Director::absoluteURL($pageURL, true);
return $this->controller->redirect($pageURL . '#' . $this->FormName());
}
}
}
return $this->controller->redirectBack();
}
}
} else {
$this->setupFormErrors($result, $this->getData());
// Send the newly rendered form tag as HTML
$response = new HTTPResponse($this->forTemplate());
$response->addHeader('Content-Type', 'text/html');
}
/**
* Fields can have action to, let's check if anyone of the responds to $funcname them
*
* @param SS_List|array $fields
* @param callable $funcName
* @return FormField
*/
return $response;
} else {
// Save the relevant information in the session
$this->saveFormErrorsToSession($result, $this->getData());
// Redirect back to the form
if($this->getRedirectToFormOnValidationError()) {
if($pageURL = $request->getHeader('Referer')) {
if(Director::is_site_url($pageURL)) {
// Remove existing pragmas
$pageURL = preg_replace('/(#.*)/', '', $pageURL);
$pageURL = Director::absoluteURL($pageURL, true);
return $this->controller->redirect($pageURL . '#' . $this->FormName());
}
}
}
return $this->controller->redirectBack();
}
}
/**
* Fields can have action to, let's check if anyone of the responds to $funcname them
*
* @param SS_List|array $fields
* @param callable $funcName
* @return FormField
*/
protected function checkFieldsForAction($fields, $funcName)
{
foreach ($fields as $field) {
/** @skipUpgrade */
if (method_exists($field, 'FieldList')) {
if ($field = $this->checkFieldsForAction($field->FieldList(), $funcName)) {
return $field;
}
} elseif ($field->hasMethod($funcName) && $field->checkAccessAction($funcName)) {
return $field;
}
}
return null;
}
foreach($fields as $field){
/** @skipUpgrade */
if(method_exists($field, 'FieldList')) {
if($field = $this->checkFieldsForAction($field->FieldList(), $funcName)) {
return $field;
}
} elseif ($field->hasMethod($funcName) && $field->checkAccessAction($funcName)) {
return $field;
}
}
return null;
}
/**
* Handle a field request.
* Uses {@link Form->dataFieldByName()} to find a matching field,
* and falls back to {@link FieldList->fieldByName()} to look
* for tabs instead. This means that if you have a tab and a
* formfield with the same name, this method gives priority
* to the formfield.
*
* @param HTTPRequest $request
* @return FormField
*/
/**
* Handle a field request.
* Uses {@link Form->dataFieldByName()} to find a matching field,
* and falls back to {@link FieldList->fieldByName()} to look
* for tabs instead. This means that if you have a tab and a
* formfield with the same name, this method gives priority
* to the formfield.
*
* @param HTTPRequest $request
* @return FormField
*/
public function handleField($request)
{
$field = $this->Fields()->dataFieldByName($request->param('FieldName'));
$field = $this->Fields()->dataFieldByName($request->param('FieldName'));
if ($field) {
return $field;
} else {
// falling back to fieldByName, e.g. for getting tabs
return $this->Fields()->fieldByName($request->param('FieldName'));
}
}
if($field) {
return $field;
} else {
// falling back to fieldByName, e.g. for getting tabs
return $this->Fields()->fieldByName($request->param('FieldName'));
}
}
/**
* Convert this form into a readonly form
*/
/**
* Convert this form into a readonly form
*/
public function makeReadonly()
{
$this->transform(new ReadonlyTransformation());
}
$this->transform(new ReadonlyTransformation());
}
/**
* Set whether the user should be redirected back down to the
* form on the page upon validation errors in the form or if
* they just need to redirect back to the page
*
* @param bool $bool Redirect to form on error?
* @return $this
*/
/**
* Set whether the user should be redirected back down to the
* form on the page upon validation errors in the form or if
* they just need to redirect back to the page
*
* @param bool $bool Redirect to form on error?
* @return $this
*/
public function setRedirectToFormOnValidationError($bool)
{
$this->redirectToFormOnValidationError = $bool;
return $this;
}
$this->redirectToFormOnValidationError = $bool;
return $this;
}
/**
* Get whether the user should be redirected back down to the
* form on the page upon validation errors
*
* @return bool
*/
/**
* Get whether the user should be redirected back down to the
* form on the page upon validation errors
*
* @return bool
*/
public function getRedirectToFormOnValidationError()
{
return $this->redirectToFormOnValidationError;
}
return $this->redirectToFormOnValidationError;
}
/**
* Add a plain text error message to a field on this form. It will be saved into the session
* and used the next time this form is displayed.
* @param string $fieldName
* @param string $message
* @param string $messageType
* @param bool $escapeHtml
*/
public function addErrorMessage($fieldName, $message, $messageType, $escapeHtml = true)
{
Session::add_to_array("FormInfo.{$this->FormName()}.errors", array(
'fieldName' => $fieldName,
'message' => $escapeHtml ? Convert::raw2xml($message) : $message,
'messageType' => $messageType,
));
}
/**
* Add a plain text error message to a field on this form. It will be saved into the session
* and used the next time this form is displayed.
*
* @deprecated 3.2
*/
public function addErrorMessage($fieldName, $message, $messageType) {
Deprecation::notice('3.2', 'Throw a ValidationException instead.');
/**
* @param FormTransformation $trans
*/
$this->getSessionValidationResult()->addFieldError($fieldName, $message, $messageType);
}
/**
* @param FormTransformation $trans
*/
public function transform(FormTransformation $trans)
{
$newFields = new FieldList();
foreach ($this->fields as $field) {
$newFields->push($field->transform($trans));
}
$this->fields = $newFields;
$newFields = new FieldList();
foreach($this->fields as $field) {
$newFields->push($field->transform($trans));
}
$this->fields = $newFields;
$newActions = new FieldList();
foreach ($this->actions as $action) {
$newActions->push($action->transform($trans));
}
$this->actions = $newActions;
$newActions = new FieldList();
foreach($this->actions as $action) {
$newActions->push($action->transform($trans));
}
$this->actions = $newActions;
// We have to remove validation, if the fields are not editable ;-)
// We have to remove validation, if the fields are not editable ;-)
if ($this->validator) {
$this->validator->removeValidation();
}
$this->validator->removeValidation();
}
}
/**
* Get the {@link Validator} attached to this form.
* @return Validator
*/
/**
* Get the {@link Validator} attached to this form.
* @return Validator
*/
public function getValidator()
{
return $this->validator;
}
return $this->validator;
}
/**
* Set the {@link Validator} on this form.
* @param Validator $validator
* @return $this
*/
/**
* Set the {@link Validator} on this form.
* @param Validator $validator
* @return $this
*/
public function setValidator(Validator $validator)
{
if ($validator) {
$this->validator = $validator;
$this->validator->setForm($this);
}
return $this;
}
if($validator) {
$this->validator = $validator;
$this->validator->setForm($this);
}
return $this;
}
/**
* Remove the {@link Validator} from this from.
*/
/**
* Remove the {@link Validator} from this from.
*/
public function unsetValidator()
{
$this->validator = null;
return $this;
}
$this->validator = null;
return $this;
}
/**
* Set actions that are exempt from validation
*
* @param array
* @return $this
*/
/**
* Set actions that are exempt from validation
*
* @param array
* @return $this
*/
public function setValidationExemptActions($actions)
{
$this->validationExemptActions = $actions;
return $this;
}
$this->validationExemptActions = $actions;
return $this;
}
/**
* Get a list of actions that are exempt from validation
*
* @return array
*/
/**
* Get a list of actions that are exempt from validation
*
* @return array
*/
public function getValidationExemptActions()
{
return $this->validationExemptActions;
}
return $this->validationExemptActions;
}
/**
* Passed a FormAction, returns true if that action is exempt from Form validation
*
* @param FormAction $action
* @return bool
*/
/**
* Passed a FormAction, returns true if that action is exempt from Form validation
*
* @param FormAction $action
* @return bool
*/
public function actionIsValidationExempt($action)
{
if ($action->getValidationExempt()) {
return true;
}
if (in_array($action->actionName(), $this->getValidationExemptActions())) {
return true;
}
return false;
}
if ($action->getValidationExempt()) {
return true;
}
if (in_array($action->actionName(), $this->getValidationExemptActions())) {
return true;
}
return false;
}
/**
* Generate extra special fields - namely the security token field (if required).
*
* @return FieldList
*/
/**
* Generate extra special fields - namely the security token field (if required).
*
* @return FieldList
*/
public function getExtraFields()
{
$extraFields = new FieldList();
$extraFields = new FieldList();
$token = $this->getSecurityToken();
if ($token) {
$tokenField = $token->updateFieldSet($this->fields);
$token = $this->getSecurityToken();
if ($token) {
$tokenField = $token->updateFieldSet($this->fields);
if ($tokenField) {
$tokenField->setForm($this);
}
}
}
$this->securityTokenAdded = true;
$this->securityTokenAdded = true;
// add the "real" HTTP method if necessary (for PUT, DELETE and HEAD)
if (strtoupper($this->FormMethod()) != $this->FormHttpMethod()) {
$methodField = new HiddenField('_method', '', $this->FormHttpMethod());
$methodField->setForm($this);
$extraFields->push($methodField);
}
// add the "real" HTTP method if necessary (for PUT, DELETE and HEAD)
if (strtoupper($this->FormMethod()) != $this->FormHttpMethod()) {
$methodField = new HiddenField('_method', '', $this->FormHttpMethod());
$methodField->setForm($this);
$extraFields->push($methodField);
}
return $extraFields;
}
return $extraFields;
}
/**
* Return the form's fields - used by the templates
*
* @return FieldList The form fields
*/
/**
* Return the form's fields - used by the templates
*
* @return FieldList The form fields
*/
public function Fields()
{
foreach ($this->getExtraFields() as $field) {
foreach($this->getExtraFields() as $field) {
if (!$this->fields->fieldByName($field->getName())) {
$this->fields->push($field);
}
}
}
return $this->fields;
}
return $this->fields;
}
/**
* Return all <input type="hidden"> fields
* in a form - including fields nested in {@link CompositeFields}.
* Useful when doing custom field layouts.
*
* @return FieldList
*/
/**
* Return all <input type="hidden"> fields
* in a form - including fields nested in {@link CompositeFields}.
* Useful when doing custom field layouts.
*
* @return FieldList
*/
public function HiddenFields()
{
return $this->Fields()->HiddenFields();
}
return $this->Fields()->HiddenFields();
}
/**
* Return all fields except for the hidden fields.
* Useful when making your own simplified form layouts.
*/
/**
* Return all fields except for the hidden fields.
* Useful when making your own simplified form layouts.
*/
public function VisibleFields()
{
return $this->Fields()->VisibleFields();
}
return $this->Fields()->VisibleFields();
}
/**
* Setter for the form fields.
*
* @param FieldList $fields
* @return $this
*/
/**
* Setter for the form fields.
*
* @param FieldList $fields
* @return $this
*/
public function setFields($fields)
{
$this->fields = $fields;
return $this;
}
$this->fields = $fields;
return $this;
}
/**
* Return the form's action buttons - used by the templates
*
* @return FieldList The action list
*/
/**
* Return the form's action buttons - used by the templates
*
* @return FieldList The action list
*/
public function Actions()
{
return $this->actions;
}
return $this->actions;
}
/**
* Setter for the form actions.
*
* @param FieldList $actions
* @return $this
*/
/**
* Setter for the form actions.
*
* @param FieldList $actions
* @return $this
*/
public function setActions($actions)
{
$this->actions = $actions;
return $this;
}
$this->actions = $actions;
return $this;
}
/**
* Unset all form actions
*/
/**
* Unset all form actions
*/
public function unsetAllActions()
{
$this->actions = new FieldList();
return $this;
}
$this->actions = new FieldList();
return $this;
}
/**
* @param string $name
* @param string $value
* @return $this
*/
/**
* @param string $name
* @param string $value
* @return $this
*/
public function setAttribute($name, $value)
{
$this->attributes[$name] = $value;
return $this;
}
$this->attributes[$name] = $value;
return $this;
}
/**
* @param string $name
* @return string
*/
/**
* @param string $name
* @return string
*/
public function getAttribute($name)
{
if (isset($this->attributes[$name])) {
return $this->attributes[$name];
}
return null;
}
if(isset($this->attributes[$name])) {
return $this->attributes[$name];
}
return null;
}
/**
* @return array
*/
/**
* @return array
*/
public function getAttributes()
{
$attrs = array(
'id' => $this->FormName(),
'action' => $this->FormAction(),
'method' => $this->FormMethod(),
'enctype' => $this->getEncType(),
'target' => $this->target,
'class' => $this->extraClass(),
);
$attrs = array(
'id' => $this->FormName(),
'action' => $this->FormAction(),
'method' => $this->FormMethod(),
'enctype' => $this->getEncType(),
'target' => $this->target,
'class' => $this->extraClass(),
);
if ($this->validator && $this->validator->getErrors()) {
if($this->validator && $this->validator->getErrors()) {
if (!isset($attrs['class'])) {
$attrs['class'] = '';
}
$attrs['class'] .= ' validationerror';
}
$attrs['class'] .= ' validationerror';
}
$attrs = array_merge($attrs, $this->attributes);
$attrs = array_merge($attrs, $this->attributes);
return $attrs;
}
return $attrs;
}
/**
* Return the attributes of the form tag - used by the templates.
*
* @param array $attrs Custom attributes to process. Falls back to {@link getAttributes()}.
* If at least one argument is passed as a string, all arguments act as excludes by name.
*
* @return string HTML attributes, ready for insertion into an HTML tag
*/
/**
* Return the attributes of the form tag - used by the templates.
*
* @param array $attrs Custom attributes to process. Falls back to {@link getAttributes()}.
* If at least one argument is passed as a string, all arguments act as excludes by name.
*
* @return string HTML attributes, ready for insertion into an HTML tag
*/
public function getAttributesHTML($attrs = null)
{
$exclude = (is_string($attrs)) ? func_get_args() : null;
$exclude = (is_string($attrs)) ? func_get_args() : null;
// Figure out if we can cache this form
// - forms with validation shouldn't be cached, cos their error messages won't be shown
// - forms with security tokens shouldn't be cached because security tokens expire
$needsCacheDisabled = false;
// Figure out if we can cache this form
// - forms with validation shouldn't be cached, cos their error messages won't be shown
// - forms with security tokens shouldn't be cached because security tokens expire
$needsCacheDisabled = false;
if ($this->getSecurityToken()->isEnabled()) {
$needsCacheDisabled = true;
}
if ($this->FormMethod() != 'GET') {
$needsCacheDisabled = true;
}
if (!($this->validator instanceof RequiredFields) || count($this->validator->getRequired())) {
$needsCacheDisabled = true;
}
if (!($this->validator instanceof RequiredFields) || count($this->validator->getRequired())) {
$needsCacheDisabled = true;
}
// If we need to disable cache, do it
// If we need to disable cache, do it
if ($needsCacheDisabled) {
HTTP::set_cache_age(0);
}
$attrs = $this->getAttributes();
$attrs = $this->getAttributes();
// Remove empty
$attrs = array_filter((array)$attrs, create_function('$v', 'return ($v || $v === 0);'));
// Remove empty
$attrs = array_filter((array)$attrs, create_function('$v', 'return ($v || $v === 0);'));
// Remove excluded
// Remove excluded
if ($exclude) {
$attrs = array_diff_key($attrs, array_flip($exclude));
}
// Prepare HTML-friendly 'method' attribute (lower-case)
if (isset($attrs['method'])) {
$attrs['method'] = strtolower($attrs['method']);
}
// Prepare HTML-friendly 'method' attribute (lower-case)
if (isset($attrs['method'])) {
$attrs['method'] = strtolower($attrs['method']);
}
// Create markup
$parts = array();
foreach ($attrs as $name => $value) {
$parts[] = ($value === true) ? "{$name}=\"{$name}\"" : "{$name}=\"" . Convert::raw2att($value) . "\"";
}
// Create markup
$parts = array();
foreach($attrs as $name => $value) {
$parts[] = ($value === true) ? "{$name}=\"{$name}\"" : "{$name}=\"" . Convert::raw2att($value) . "\"";
}
return implode(' ', $parts);
}
return implode(' ', $parts);
}
public function FormAttributes()
{
return $this->getAttributesHTML();
}
return $this->getAttributesHTML();
}
/**
* Set the target of this form to any value - useful for opening the form contents in a new window or refreshing
* another frame
*
* @param string|FormTemplateHelper
*/
/**
* Set the target of this form to any value - useful for opening the form contents in a new window or refreshing
* another frame
*
* @param string|FormTemplateHelper
*/
public function setTemplateHelper($helper)
{
$this->templateHelper = $helper;
}
$this->templateHelper = $helper;
}
/**
* Return a {@link FormTemplateHelper} for this form. If one has not been
* set, return the default helper.
*
* @return FormTemplateHelper
*/
/**
* Return a {@link FormTemplateHelper} for this form. If one has not been
* set, return the default helper.
*
* @return FormTemplateHelper
*/
public function getTemplateHelper()
{
if ($this->templateHelper) {
if (is_string($this->templateHelper)) {
return Injector::inst()->get($this->templateHelper);
}
if($this->templateHelper) {
if(is_string($this->templateHelper)) {
return Injector::inst()->get($this->templateHelper);
}
return $this->templateHelper;
}
return $this->templateHelper;
}
return FormTemplateHelper::singleton();
}
return FormTemplateHelper::singleton();
}
/**
* Set the target of this form to any value - useful for opening the form
* contents in a new window or refreshing another frame.
*
* @param string $target The value of the target
* @return $this
*/
/**
* Set the target of this form to any value - useful for opening the form
* contents in a new window or refreshing another frame.
*
* @param string $target The value of the target
* @return $this
*/
public function setTarget($target)
{
$this->target = $target;
$this->target = $target;
return $this;
}
return $this;
}
/**
* Set the legend value to be inserted into
* the <legend> element in the Form.ss template.
* @param string $legend
* @return $this
*/
/**
* Set the legend value to be inserted into
* the <legend> element in the Form.ss template.
* @param string $legend
* @return $this
*/
public function setLegend($legend)
{
$this->legend = $legend;
return $this;
}
$this->legend = $legend;
return $this;
}
/**
* Set the SS template that this form should use
* to render with. The default is "Form".
*
* @param string $template The name of the template (without the .ss extension)
* @return $this
*/
/**
* Set the SS template that this form should use
* to render with. The default is "Form".
*
* @param string $template The name of the template (without the .ss extension)
* @return $this
*/
public function setTemplate($template)
{
$this->template = $template;
return $this;
}
$this->template = $template;
return $this;
}
/**
* Return the template to render this form with.
*
* @return string
*/
/**
* Return the template to render this form with.
*
* @return string
*/
public function getTemplate()
{
return $this->template;
}
return $this->template;
}
/**
* Returs the ordered list of preferred templates for rendering this form
* If the template isn't set, then default to the
* form class name e.g "Form".
*
* @return array
*/
/**
* Returs the ordered list of preferred templates for rendering this form
* If the template isn't set, then default to the
* form class name e.g "Form".
*
* @return array
*/
public function getTemplates()
{
$templates = SSViewer::get_templates_by_class(get_class($this), '', __CLASS__);
// Prefer any custom template
if ($this->getTemplate()) {
array_unshift($templates, $this->getTemplate());
}
return $templates;
}
$templates = SSViewer::get_templates_by_class(get_class($this), '', __CLASS__);
// Prefer any custom template
if($this->getTemplate()) {
array_unshift($templates, $this->getTemplate());
}
return $templates;
}
/**
* Returns the encoding type for the form.
*
* By default this will be URL encoded, unless there is a file field present
* in which case multipart is used. You can also set the enc type using
* {@link setEncType}.
*/
/**
* Returns the encoding type for the form.
*
* By default this will be URL encoded, unless there is a file field present
* in which case multipart is used. You can also set the enc type using
* {@link setEncType}.
*/
public function getEncType()
{
if ($this->encType) {
return $this->encType;
}
if ($this->encType) {
return $this->encType;
}
if ($fields = $this->fields->dataFields()) {
foreach ($fields as $field) {
if ($fields = $this->fields->dataFields()) {
foreach ($fields as $field) {
if ($field instanceof FileField) {
return self::ENC_TYPE_MULTIPART;
}
}
}
}
}
return self::ENC_TYPE_URLENCODED;
}
return self::ENC_TYPE_URLENCODED;
}
/**
* Sets the form encoding type. The most common encoding types are defined
* in {@link ENC_TYPE_URLENCODED} and {@link ENC_TYPE_MULTIPART}.
*
* @param string $encType
* @return $this
*/
/**
* Sets the form encoding type. The most common encoding types are defined
* in {@link ENC_TYPE_URLENCODED} and {@link ENC_TYPE_MULTIPART}.
*
* @param string $encType
* @return $this
*/
public function setEncType($encType)
{
$this->encType = $encType;
return $this;
}
$this->encType = $encType;
return $this;
}
/**
* Returns the real HTTP method for the form:
* GET, POST, PUT, DELETE or HEAD.
* As most browsers only support GET and POST in
* form submissions, all other HTTP methods are
* added as a hidden field "_method" that
* gets evaluated in {@link Director::direct()}.
* See {@link FormMethod()} to get a HTTP method
* for safe insertion into a <form> tag.
*
* @return string HTTP method
*/
/**
* Returns the real HTTP method for the form:
* GET, POST, PUT, DELETE or HEAD.
* As most browsers only support GET and POST in
* form submissions, all other HTTP methods are
* added as a hidden field "_method" that
* gets evaluated in {@link Director::direct()}.
* See {@link FormMethod()} to get a HTTP method
* for safe insertion into a <form> tag.
*
* @return string HTTP method
*/
public function FormHttpMethod()
{
return $this->formMethod;
}
return $this->formMethod;
}
/**
* Returns the form method to be used in the <form> tag.
* See {@link FormHttpMethod()} to get the "real" method.
*
* @return string Form HTTP method restricted to 'GET' or 'POST'
*/
/**
* Returns the form method to be used in the <form> tag.
* See {@link FormHttpMethod()} to get the "real" method.
*
* @return string Form HTTP method restricted to 'GET' or 'POST'
*/
public function FormMethod()
{
if (in_array($this->formMethod, array('GET','POST'))) {
return $this->formMethod;
} else {
return 'POST';
}
}
if(in_array($this->formMethod,array('GET','POST'))) {
return $this->formMethod;
} else {
return 'POST';
}
}
/**
* Set the form method: GET, POST, PUT, DELETE.
*
* @param string $method
* @param bool $strict If non-null, pass value to {@link setStrictFormMethodCheck()}.
* @return $this
*/
/**
* Set the form method: GET, POST, PUT, DELETE.
*
* @param string $method
* @param bool $strict If non-null, pass value to {@link setStrictFormMethodCheck()}.
* @return $this
*/
public function setFormMethod($method, $strict = null)
{
$this->formMethod = strtoupper($method);
$this->formMethod = strtoupper($method);
if ($strict !== null) {
$this->setStrictFormMethodCheck($strict);
}
return $this;
}
return $this;
}
/**
* If set to true, enforce the matching of the form method.
*
* This will mean two things:
* - GET vars will be ignored by a POST form, and vice versa
* - A submission where the HTTP method used doesn't match the form will return a 400 error.
*
* If set to false (the default), then the form method is only used to construct the default
* form.
*
* @param $bool boolean
* @return $this
*/
/**
* If set to true, enforce the matching of the form method.
*
* This will mean two things:
* - GET vars will be ignored by a POST form, and vice versa
* - A submission where the HTTP method used doesn't match the form will return a 400 error.
*
* If set to false (the default), then the form method is only used to construct the default
* form.
*
* @param $bool boolean
* @return $this
*/
public function setStrictFormMethodCheck($bool)
{
$this->strictFormMethodCheck = (bool)$bool;
return $this;
}
$this->strictFormMethodCheck = (bool)$bool;
return $this;
}
/**
* @return boolean
*/
/**
* @return boolean
*/
public function getStrictFormMethodCheck()
{
return $this->strictFormMethodCheck;
}
return $this->strictFormMethodCheck;
}
/**
* Return the form's action attribute.
* This is build by adding an executeForm get variable to the parent controller's Link() value
*
* @return string
*/
/**
* Return the form's action attribute.
* This is build by adding an executeForm get variable to the parent controller's Link() value
*
* @return string
*/
public function FormAction()
{
if ($this->formActionPath) {
return $this->formActionPath;
} elseif ($this->controller->hasMethod("FormObjectLink")) {
return $this->controller->FormObjectLink($this->name);
} else {
return Controller::join_links($this->controller->Link(), $this->name);
}
}
if ($this->formActionPath) {
return $this->formActionPath;
} elseif($this->controller->hasMethod("FormObjectLink")) {
return $this->controller->FormObjectLink($this->name);
} else {
return Controller::join_links($this->controller->Link(), $this->name);
}
}
/**
* Set the form action attribute to a custom URL.
*
* Note: For "normal" forms, you shouldn't need to use this method. It is
* recommended only for situations where you have two relatively distinct
* parts of the system trying to communicate via a form post.
*
* @param string $path
* @return $this
*/
/**
* Set the form action attribute to a custom URL.
*
* Note: For "normal" forms, you shouldn't need to use this method. It is
* recommended only for situations where you have two relatively distinct
* parts of the system trying to communicate via a form post.
*
* @param string $path
* @return $this
*/
public function setFormAction($path)
{
$this->formActionPath = $path;
$this->formActionPath = $path;
return $this;
}
return $this;
}
/**
* Returns the name of the form.
*
* @return string
*/
/**
* Returns the name of the form.
*
* @return string
*/
public function FormName()
{
return $this->getTemplateHelper()->generateFormID($this);
}
return $this->getTemplateHelper()->generateFormID($this);
}
/**
* Set the HTML ID attribute of the form.
*
* @param string $id
* @return $this
*/
/**
* Set the HTML ID attribute of the form.
*
* @param string $id
* @return $this
*/
public function setHTMLID($id)
{
$this->htmlID = $id;
$this->htmlID = $id;
return $this;
}
return $this;
}
/**
* @return string
*/
/**
* @return string
*/
public function getHTMLID()
{
return $this->htmlID;
}
return $this->htmlID;
}
/**
* Get the controller.
*
* @return Controller
*/
/**
* Get the controller.
*
* @return Controller
*/
public function getController()
{
return $this->controller;
}
return $this->controller;
}
/**
* Set the controller.
*
* @param Controller $controller
* @return Form
*/
/**
* Set the controller.
*
* @param Controller $controller
* @return Form
*/
public function setController($controller)
{
$this->controller = $controller;
$this->controller = $controller;
return $this;
}
return $this;
}
/**
* Get the name of the form.
*
* @return string
*/
/**
* Get the name of the form.
*
* @return string
*/
public function getName()
{
return $this->name;
}
return $this->name;
}
/**
* Set the name of the form.
*
* @param string $name
* @return Form
*/
/**
* Set the name of the form.
*
* @param string $name
* @return Form
*/
public function setName($name)
{
$this->name = $name;
$this->name = $name;
return $this;
}
return $this;
}
/**
* Returns an object where there is a method with the same name as each data
* field on the form.
*
* That method will return the field itself.
*
* It means that you can execute $firstName = $form->FieldMap()->FirstName()
*/
/**
* Returns an object where there is a method with the same name as each data
* field on the form.
*
* That method will return the field itself.
*
* It means that you can execute $firstName = $form->FieldMap()->FirstName()
*/
public function FieldMap()
{
return new Form_FieldMap($this);
}
return new Form_FieldMap($this);
}
/**
* The next functions store and modify the forms
* message attributes. messages are stored in session under
* $_SESSION[formname][message];
*
* @return string
*/
public function Message()
{
$this->getMessageFromSession();
/**
* The next functions store and modify the forms
* message attributes. messages are stored in session under
* $_SESSION[formname][message];
*
* @return string
*/
public function Message() {
return $this->message;
}
return $this->message;
}
/**
* @return string
*/
public function MessageType() {
return $this->messageType;
}
/**
* @return string
*/
public function MessageType()
{
$this->getMessageFromSession();
return $this->messageType;
}
/**
* @return string
*/
protected function getMessageFromSession()
{
if ($this->message || $this->messageType) {
return $this->message;
} else {
$this->message = Session::get("FormInfo.{$this->FormName()}.formError.message");
$this->messageType = Session::get("FormInfo.{$this->FormName()}.formError.type");
return $this->message;
}
}
/**
* Set a status message for the form.
*
* @param string $message the text of the message
* @param string $type Should be set to good, bad, or warning.
* @param boolean $escapeHtml Automatically sanitize the message. Set to FALSE if the message contains HTML.
* In that case, you might want to use {@link Convert::raw2xml()} to escape any
* user supplied data in the message.
* @return $this
*/
/**
* Set a status message for the form.
*
* @param string $message the text of the message
* @param string $type Should be set to good, bad, or warning.
* @param boolean $escapeHtml Automatically sanitize the message. Set to FALSE if the message contains HTML.
* In that case, you might want to use {@link Convert::raw2xml()} to escape any
* user supplied data in the message.
* @return $this
*/
public function setMessage($message, $type, $escapeHtml = true)
{
$this->message = ($escapeHtml) ? Convert::raw2xml($message) : $message;
$this->messageType = $type;
return $this;
}
$this->message = ($escapeHtml) ? Convert::raw2xml($message) : $message;
$this->messageType = $type;
return $this;
}
/**
* Set a message to the session, for display next time this form is shown.
*
* @param string $message the text of the message
* @param string $type Should be set to good, bad, or warning.
* @param boolean $escapeHtml Automatically sanitize the message. Set to FALSE if the message contains HTML.
* In that case, you might want to use {@link Convert::raw2xml()} to escape any
* user supplied data in the message.
*/
/**
* Set a message to the session, for display next time this form is shown.
*
* @param string $message the text of the message
* @param string $type Should be set to good, bad, or warning.
* @param boolean $escapeHtml Automatically sanitize the message. Set to FALSE if the message contains HTML.
* In that case, you might want to use {@link Convert::raw2xml()} to escape any
* user supplied data in the message.
*/
public function sessionMessage($message, $type, $escapeHtml = true)
{
Session::set(
"FormInfo.{$this->FormName()}.formError.message",
$escapeHtml ? Convert::raw2xml($message) : $message
);
Session::set("FormInfo.{$this->FormName()}.formError.type", $type);
}
// Benign message
if($type == "good") {
$this->getSessionValidationResult()->addMessage($message, $type, null, $escapeHtml);
public static function messageForForm($formName, $message, $type, $escapeHtml = true)
{
Session::set(
"FormInfo.{$formName}.formError.message",
$escapeHtml ? Convert::raw2xml($message) : $message
);
Session::set("FormInfo.{$formName}.formError.type", $type);
}
// Bad message causing a validation error
} else {
$this->getSessionValidationResult()->addError($message, $type, null, $escapeHtml
);
}
}
/**
* @deprecated 3.1
*/
public static function messageForForm($formName, $message, $type) {
Deprecation::notice('3.1', 'Create an instance of the form you wish to attach a message to.');
}
/**
* Returns the ValidationResult stored in the session.
* You can use this to modify messages without throwing a ValidationException.
* If a ValidationResult doesn't yet exist, a new one will be created
*
* @return ValidationResult The ValidationResult object stored in the session
*/
public function getSessionValidationResult() {
$result = Session::get("FormInfo.{$this->FormName()}.result");
if(!$result || !($result instanceof ValidationResult)) {
$result = new ValidationResult;
Session::set("FormInfo.{$this->FormName()}.result", $result);
}
return $result;
}
/**
* Sets the ValidationResult in the session to be used with the next view of this form.
* @param ValidationResult $result The result to save
* @param boolean $combineWithExisting If true, then this will be added to the existing result.
*/
public function setSessionValidationResult(ValidationResult $result, $combineWithExisting = false) {
if($combineWithExisting) {
$existingResult = $this->getSessionValidationResult();
$existingResult->combineAnd($result);
} else {
Session::set("FormInfo.{$this->FormName()}.result", $result);
}
}
public function clearMessage()
{
$this->message = null;
Session::clear("FormInfo.{$this->FormName()}.errors");
Session::clear("FormInfo.{$this->FormName()}.formError");
Session::clear("FormInfo.{$this->FormName()}.data");
}
$this->message = null;
Session::clear("FormInfo.{$this->FormName()}.result");
Session::clear("FormInfo.{$this->FormName()}.data");
}
public function resetValidation()
{
Session::clear("FormInfo.{$this->FormName()}.errors");
Session::clear("FormInfo.{$this->FormName()}.data");
}
public function resetValidation() {
Session::clear("FormInfo.{$this->FormName()}.data");
Session::clear("FormInfo.{$this->FormName()}.result");
}
/**
* Returns the DataObject that has given this form its data
* through {@link loadDataFrom()}.
*
* @return DataObject
*/
/**
* Returns the DataObject that has given this form its data
* through {@link loadDataFrom()}.
*
* @return DataObject
*/
public function getRecord()
{
return $this->record;
}
return $this->record;
}
/**
* Get the legend value to be inserted into the
* <legend> element in Form.ss
*
* @return string
*/
/**
* Get the legend value to be inserted into the
* <legend> element in Form.ss
*
* @return string
*/
public function getLegend()
{
return $this->legend;
}
return $this->legend;
}
/**
* Processing that occurs before a form is executed.
*
* This includes form validation, if it fails, we redirect back
* to the form with appropriate error messages.
* Always return true if the current form action is exempt from validation
*
* Triggered through {@link httpSubmission()}.
*
* Note that CSRF protection takes place in {@link httpSubmission()},
* if it fails the form data will never reach this method.
*
* @return boolean
*/
public function validate()
{
$action = $this->buttonClicked();
if ($action && $this->actionIsValidationExempt($action)) {
return true;
}
/**
* Processing that occurs before a form is executed.
*
* This includes form validation, if it fails, we throw a ValidationException
*
* This includes form validation, if it fails, we redirect back
* to the form with appropriate error messages.
* Always return true if the current form action is exempt from validation
*
* Triggered through {@link httpSubmission()}.
*
*
* Note that CSRF protection takes place in {@link httpSubmission()},
* if it fails the form data will never reach this method.
*
* @return boolean
*/
public function validate(){
$result = $this->validationResult();
if ($this->validator) {
$errors = $this->validator->validate();
// Valid
if($result->valid()) {
return true;
if ($errors) {
// Load errors into session and post back
$data = $this->getData();
// Invalid
} else {
$this->saveFormErrorsToSession($result, $this->getData());
return false;
}
}
// Encode validation messages as XML before saving into session state
// As per Form::addErrorMessage()
$errors = array_map(function ($error) {
// Encode message as XML by default
if ($error['message'] instanceof DBField) {
$error['message'] = $error['message']->forTemplate();
;
} else {
$error['message'] = Convert::raw2xml($error['message']);
}
return $error;
}, $errors);
/**
* Experimental method - return a ValidationResult for the validator
* @return [type] [description]
*/
private function validationResult() {
// Start with a "valid" validation result
$result = ValidationResult::create();
Session::set("FormInfo.{$this->FormName()}.errors", $errors);
Session::set("FormInfo.{$this->FormName()}.data", $data);
// Opportunity to invalidate via validator
$action = $this->buttonClicked();
if($action && $this->actionIsValidationExempt($action)) {
return $result;
}
return false;
}
}
if($this->validator){
$errors = $this->validator->validate();
return true;
}
// Convert the old-style Validator result into a ValidationResult
if($errors){
foreach($errors as $error) {
$result->addFieldError($error['fieldName'], $error['message'], $error['messageType']);
}
}
}
const MERGE_DEFAULT = 0;
const MERGE_CLEAR_MISSING = 1;
const MERGE_IGNORE_FALSEISH = 2;
return $result;
}
/**
* Load data from the given DataObject or array.
*
* It will call $object->MyField to get the value of MyField.
* If you passed an array, it will call $object[MyField].
* Doesn't save into dataless FormFields ({@link DatalessField}),
* as determined by {@link FieldList->dataFields()}.
*
* By default, if a field isn't set (as determined by isset()),
* its value will not be saved to the field, retaining
* potential existing values.
*
* Passed data should not be escaped, and is saved to the FormField instances unescaped.
* Escaping happens automatically on saving the data through {@link saveInto()}.
*
* Escaping happens automatically on saving the data through
* {@link saveInto()}.
*
* @uses FieldList->dataFields()
* @uses FormField->setValue()
*
* @param array|DataObject $data
* @param int $mergeStrategy
* For every field, {@link $data} is interrogated whether it contains a relevant property/key, and
* what that property/key's value is.
*
* By default, if {@link $data} does contain a property/key, the fields value is always replaced by {@link $data}'s
* value, even if that value is null/false/etc. Fields which don't match any property/key in {@link $data} are
* "left alone", meaning they retain any previous value.
*
* You can pass a bitmask here to change this behaviour.
*
* Passing CLEAR_MISSING means that any fields that don't match any property/key in
* {@link $data} are cleared.
*
* Passing IGNORE_FALSEISH means that any false-ish value in {@link $data} won't replace
* a field's value.
*
* For backwards compatibility reasons, this parameter can also be set to === true, which is the same as passing
* CLEAR_MISSING
*
* @param array $fieldList An optional list of fields to process. This can be useful when you have a
* form that has some fields that save to one object, and some that save to another.
* @return Form
*/
const MERGE_DEFAULT = 0;
const MERGE_CLEAR_MISSING = 1;
const MERGE_IGNORE_FALSEISH = 2;
/**
* Load data from the given DataObject or array.
*
* It will call $object->MyField to get the value of MyField.
* If you passed an array, it will call $object[MyField].
* Doesn't save into dataless FormFields ({@link DatalessField}),
* as determined by {@link FieldList->dataFields()}.
*
* By default, if a field isn't set (as determined by isset()),
* its value will not be saved to the field, retaining
* potential existing values.
*
* Passed data should not be escaped, and is saved to the FormField instances unescaped.
* Escaping happens automatically on saving the data through {@link saveInto()}.
*
* Escaping happens automatically on saving the data through
* {@link saveInto()}.
*
* @uses FieldList->dataFields()
* @uses FormField->setValue()
*
* @param array|DataObject $data
* @param int $mergeStrategy
* For every field, {@link $data} is interrogated whether it contains a relevant property/key, and
* what that property/key's value is.
*
* By default, if {@link $data} does contain a property/key, the fields value is always replaced by {@link $data}'s
* value, even if that value is null/false/etc. Fields which don't match any property/key in {@link $data} are
* "left alone", meaning they retain any previous value.
*
* You can pass a bitmask here to change this behaviour.
*
* Passing CLEAR_MISSING means that any fields that don't match any property/key in
* {@link $data} are cleared.
*
* Passing IGNORE_FALSEISH means that any false-ish value in {@link $data} won't replace
* a field's value.
*
* For backwards compatibility reasons, this parameter can also be set to === true, which is the same as passing
* CLEAR_MISSING
*
* @param array $fieldList An optional list of fields to process. This can be useful when you have a
* form that has some fields that save to one object, and some that save to another.
* @return Form
*/
public function loadDataFrom($data, $mergeStrategy = 0, $fieldList = null)
{
if (!is_object($data) && !is_array($data)) {
user_error("Form::loadDataFrom() not passed an array or an object", E_USER_WARNING);
return $this;
}
if(!is_object($data) && !is_array($data)) {
user_error("Form::loadDataFrom() not passed an array or an object", E_USER_WARNING);
return $this;
}
// Handle the backwards compatible case of passing "true" as the second argument
if ($mergeStrategy === true) {
$mergeStrategy = self::MERGE_CLEAR_MISSING;
// Handle the backwards compatible case of passing "true" as the second argument
if ($mergeStrategy === true) {
$mergeStrategy = self::MERGE_CLEAR_MISSING;
} elseif ($mergeStrategy === false) {
$mergeStrategy = 0;
}
$mergeStrategy = 0;
}
// if an object is passed, save it for historical reference through {@link getRecord()}
// if an object is passed, save it for historical reference through {@link getRecord()}
if (is_object($data)) {
$this->record = $data;
}
// dont include fields without data
$dataFields = $this->Fields()->dataFields();
// dont include fields without data
$dataFields = $this->Fields()->dataFields();
if ($dataFields) {
foreach ($dataFields as $field) {
$name = $field->getName();
$name = $field->getName();
// Skip fields that have been excluded
if ($fieldList && !in_array($name, $fieldList)) {
continue;
}
// Skip fields that have been excluded
if($fieldList && !in_array($name, $fieldList)) {
continue;
}
// First check looks for (fieldname)_unchanged, an indicator that we shouldn't overwrite the field value
// First check looks for (fieldname)_unchanged, an indicator that we shouldn't overwrite the field value
if (is_array($data) && isset($data[$name . '_unchanged'])) {
continue;
}
// Does this property exist on $data?
$exists = false;
// The value from $data for this field
$val = null;
// Does this property exist on $data?
$exists = false;
// The value from $data for this field
$val = null;
if (is_object($data)) {
$exists = (
isset($data->$name) ||
$data->hasMethod($name) ||
($data->hasMethod('hasField') && $data->hasField($name))
);
if(is_object($data)) {
$exists = (
isset($data->$name) ||
$data->hasMethod($name) ||
($data->hasMethod('hasField') && $data->hasField($name))
);
if ($exists) {
$val = $data->__get($name);
}
if ($exists) {
$val = $data->__get($name);
}
} elseif (is_array($data)) {
if (array_key_exists($name, $data)) {
$exists = true;
$val = $data[$name];
if(array_key_exists($name, $data)) {
$exists = true;
$val = $data[$name];
} // If field is in array-notation we need to access nested data
elseif (strpos($name, '[')) {
// First encode data using PHP's method of converting nested arrays to form data
$flatData = urldecode(http_build_query($data));
// Then pull the value out from that flattened string
preg_match('/' . addcslashes($name, '[]') . '=([^&]*)/', $flatData, $matches);
else if(strpos($name,'[')) {
// First encode data using PHP's method of converting nested arrays to form data
$flatData = urldecode(http_build_query($data));
// Then pull the value out from that flattened string
preg_match('/' . addcslashes($name,'[]') . '=([^&]*)/', $flatData, $matches);
if (isset($matches[1])) {
$exists = true;
$val = $matches[1];
}
}
}
if (isset($matches[1])) {
$exists = true;
$val = $matches[1];
}
}
}
// save to the field if either a value is given, or loading of blank/undefined values is forced
if ($exists) {
if ($val != false || ($mergeStrategy & self::MERGE_IGNORE_FALSEISH) != self::MERGE_IGNORE_FALSEISH) {
// pass original data as well so composite fields can act on the additional information
$field->setValue($val, $data);
}
// save to the field if either a value is given, or loading of blank/undefined values is forced
if($exists){
if ($val != false || ($mergeStrategy & self::MERGE_IGNORE_FALSEISH) != self::MERGE_IGNORE_FALSEISH){
// pass original data as well so composite fields can act on the additional information
$field->setValue($val, $data);
}
} elseif (($mergeStrategy & self::MERGE_CLEAR_MISSING) == self::MERGE_CLEAR_MISSING) {
$field->setValue($val, $data);
}
}
}
}
}
}
return $this;
}
return $this;
}
/**
* Save the contents of this form into the given data object.
* It will make use of setCastedField() to do this.
*
* @param DataObjectInterface $dataObject The object to save data into
* @param FieldList $fieldList An optional list of fields to process. This can be useful when you have a
* form that has some fields that save to one object, and some that save to another.
*/
/**
* Save the contents of this form into the given data object.
* It will make use of setCastedField() to do this.
*
* @param DataObjectInterface $dataObject The object to save data into
* @param FieldList $fieldList An optional list of fields to process. This can be useful when you have a
* form that has some fields that save to one object, and some that save to another.
*/
public function saveInto(DataObjectInterface $dataObject, $fieldList = null)
{
$dataFields = $this->fields->saveableFields();
$lastField = null;
$dataFields = $this->fields->saveableFields();
$lastField = null;
if ($dataFields) {
foreach ($dataFields as $field) {
// Skip fields that have been excluded
// Skip fields that have been excluded
if ($fieldList && is_array($fieldList) && !in_array($field->getName(), $fieldList)) {
continue;
}
$saveMethod = "save{$field->getName()}";
$saveMethod = "save{$field->getName()}";
if ($field->getName() == "ClassName") {
$lastField = $field;
} elseif ($dataObject->hasMethod($saveMethod)) {
$dataObject->$saveMethod( $field->dataValue());
} elseif ($field->getName() != "ID") {
$field->saveInto($dataObject);
}
}
if($field->getName() == "ClassName"){
$lastField = $field;
}else if( $dataObject->hasMethod( $saveMethod ) ){
$dataObject->$saveMethod( $field->dataValue());
} else if($field->getName() != "ID"){
$field->saveInto($dataObject);
}
}
}
if ($lastField) {
$lastField->saveInto($dataObject);
}
}
}
/**
* Get the submitted data from this form through
* {@link FieldList->dataFields()}, which filters out
* any form-specific data like form-actions.
* Calls {@link FormField->dataValue()} on each field,
* which returns a value suitable for insertion into a DataObject
* property.
*
* @return array
*/
/**
* Get the submitted data from this form through
* {@link FieldList->dataFields()}, which filters out
* any form-specific data like form-actions.
* Calls {@link FormField->dataValue()} on each field,
* which returns a value suitable for insertion into a DataObject
* property.
*
* @return array
*/
public function getData()
{
$dataFields = $this->fields->dataFields();
$data = array();
$dataFields = $this->fields->dataFields();
$data = array();
if ($dataFields) {
foreach ($dataFields as $field) {
if ($field->getName()) {
$data[$field->getName()] = $field->dataValue();
}
}
}
if($dataFields){
foreach($dataFields as $field) {
if($field->getName()) {
$data[$field->getName()] = $field->dataValue();
}
}
}
return $data;
}
return $data;
}
/**
* Return a rendered version of this form.
*
* This is returned when you access a form as $FormObject rather
* than <% with FormObject %>
*
* @return DBHTMLText
*/
/**
* Return a rendered version of this form.
*
* This is returned when you access a form as $FormObject rather
* than <% with FormObject %>
*
* @return DBHTMLText
*/
public function forTemplate()
{
$return = $this->renderWith($this->getTemplates());
$return = $this->renderWith($this->getTemplates());
// Now that we're rendered, clear message
$this->clearMessage();
// Now that we're rendered, clear message
$this->clearMessage();
return $return;
}
return $return;
}
/**
* Return a rendered version of this form, suitable for ajax post-back.
*
* It triggers slightly different behaviour, such as disabling the rewriting
* of # links.
*
* @return DBHTMLText
*/
/**
* Return a rendered version of this form, suitable for ajax post-back.
*
* It triggers slightly different behaviour, such as disabling the rewriting
* of # links.
*
* @return DBHTMLText
*/
public function forAjaxTemplate()
{
$view = new SSViewer($this->getTemplates());
$view = new SSViewer($this->getTemplates());
$return = $view->dontRewriteHashlinks()->process($this);
$return = $view->dontRewriteHashlinks()->process($this);
// Now that we're rendered, clear message
$this->clearMessage();
// Now that we're rendered, clear message
$this->clearMessage();
return $return;
}
return $return;
}
/**
* Returns an HTML rendition of this form, without the <form> tag itself.
*
* Attaches 3 extra hidden files, _form_action, _form_name, _form_method,
* and _form_enctype. These are the attributes of the form. These fields
* can be used to send the form to Ajax.
*
* @deprecated 5.0
* @return string
*/
/**
* Returns an HTML rendition of this form, without the <form> tag itself.
*
* Attaches 3 extra hidden files, _form_action, _form_name, _form_method,
* and _form_enctype. These are the attributes of the form. These fields
* can be used to send the form to Ajax.
*
* @deprecated 5.0
* @return string
*/
public function formHtmlContent()
{
Deprecation::notice('5.0');
$this->IncludeFormTag = false;
$content = $this->forTemplate();
$this->IncludeFormTag = true;
Deprecation::notice('5.0');
$this->IncludeFormTag = false;
$content = $this->forTemplate();
$this->IncludeFormTag = true;
$content .= "<input type=\"hidden\" name=\"_form_action\" id=\"" . $this->FormName . "_form_action\""
. " value=\"" . $this->FormAction() . "\" />\n";
$content .= "<input type=\"hidden\" name=\"_form_name\" value=\"" . $this->FormName() . "\" />\n";
$content .= "<input type=\"hidden\" name=\"_form_method\" value=\"" . $this->FormMethod() . "\" />\n";
$content .= "<input type=\"hidden\" name=\"_form_enctype\" value=\"" . $this->getEncType() . "\" />\n";
$content .= "<input type=\"hidden\" name=\"_form_action\" id=\"" . $this->FormName . "_form_action\""
. " value=\"" . $this->FormAction() . "\" />\n";
$content .= "<input type=\"hidden\" name=\"_form_name\" value=\"" . $this->FormName() . "\" />\n";
$content .= "<input type=\"hidden\" name=\"_form_method\" value=\"" . $this->FormMethod() . "\" />\n";
$content .= "<input type=\"hidden\" name=\"_form_enctype\" value=\"" . $this->getEncType() . "\" />\n";
return $content;
}
return $content;
}
/**
* Render this form using the given template, and return the result as a string
* You can pass either an SSViewer or a template name
* @param string|array $template
* @return DBHTMLText
*/
/**
* Render this form using the given template, and return the result as a string
* You can pass either an SSViewer or a template name
* @param string|array $template
* @return DBHTMLText
*/
public function renderWithoutActionButton($template)
{
$custom = $this->customise(array(
"Actions" => "",
));
$custom = $this->customise(array(
"Actions" => "",
));
if (is_string($template)) {
$template = new SSViewer($template);
}
if(is_string($template)) {
$template = new SSViewer($template);
}
return $template->process($custom);
}
return $template->process($custom);
}
/**
* Sets the button that was clicked. This should only be called by the Controller.
*
* @param callable $funcName The name of the action method that will be called.
* @return $this
*/
/**
* Sets the button that was clicked. This should only be called by the Controller.
*
* @param callable $funcName The name of the action method that will be called.
* @return $this
*/
public function setButtonClicked($funcName)
{
$this->buttonClickedFunc = $funcName;
$this->buttonClickedFunc = $funcName;
return $this;
}
return $this;
}
/**
* @return FormAction
*/
/**
* @return FormAction
*/
public function buttonClicked()
{
$actions = $this->getAllActions();
foreach ($actions as $action) {
if ($this->buttonClickedFunc === $action->actionName()) {
return $action;
}
}
$actions = $this->getAllActions();
foreach ($actions as $action) {
if ($this->buttonClickedFunc === $action->actionName()) {
return $action;
}
}
return null;
}
return null;
}
/**
* Get a list of all actions, including those in the main "fields" FieldList
*
* @return array
*/
/**
* Get a list of all actions, including those in the main "fields" FieldList
*
* @return array
*/
protected function getAllActions()
{
$fields = $this->fields->dataFields() ?: array();
$actions = $this->actions->dataFields() ?: array();
$fields = $this->fields->dataFields() ?: array();
$actions = $this->actions->dataFields() ?: array();
$fieldsAndActions = array_merge($fields, $actions);
$actions = array_filter($fieldsAndActions, function ($fieldOrAction) {
return $fieldOrAction instanceof FormAction;
});
$fieldsAndActions = array_merge($fields, $actions);
$actions = array_filter($fieldsAndActions, function($fieldOrAction) {
return $fieldOrAction instanceof FormAction;
});
return $actions;
}
return $actions;
}
/**
* Return the default button that should be clicked when another one isn't
* available.
*
* @return FormAction
*/
/**
* Return the default button that should be clicked when another one isn't
* available.
*
* @return FormAction
*/
public function defaultAction()
{
if ($this->hasDefaultAction && $this->actions) {
return $this->actions->first();
}
return null;
}
if($this->hasDefaultAction && $this->actions) {
return $this->actions->first();
}
return null;
}
/**
* Disable the default button.
*
* Ordinarily, when a form is processed and no action_XXX button is
* available, then the first button in the actions list will be pressed.
* However, if this is "delete", for example, this isn't such a good idea.
*
* @return Form
*/
/**
* Disable the default button.
*
* Ordinarily, when a form is processed and no action_XXX button is
* available, then the first button in the actions list will be pressed.
* However, if this is "delete", for example, this isn't such a good idea.
*
* @return Form
*/
public function disableDefaultAction()
{
$this->hasDefaultAction = false;
$this->hasDefaultAction = false;
return $this;
}
return $this;
}
/**
* Disable the requirement of a security token on this form instance. This
* security protects against CSRF attacks, but you should disable this if
* you don't want to tie a form to a session - eg a search form.
*
* Check for token state with {@link getSecurityToken()} and
* {@link SecurityToken->isEnabled()}.
*
* @return Form
*/
/**
* Disable the requirement of a security token on this form instance. This
* security protects against CSRF attacks, but you should disable this if
* you don't want to tie a form to a session - eg a search form.
*
* Check for token state with {@link getSecurityToken()} and
* {@link SecurityToken->isEnabled()}.
*
* @return Form
*/
public function disableSecurityToken()
{
$this->securityToken = new NullSecurityToken();
$this->securityToken = new NullSecurityToken();
return $this;
}
return $this;
}
/**
* Enable {@link SecurityToken} protection for this form instance.
*
* Check for token state with {@link getSecurityToken()} and
* {@link SecurityToken->isEnabled()}.
*
* @return Form
*/
/**
* Enable {@link SecurityToken} protection for this form instance.
*
* Check for token state with {@link getSecurityToken()} and
* {@link SecurityToken->isEnabled()}.
*
* @return Form
*/
public function enableSecurityToken()
{
$this->securityToken = new SecurityToken();
$this->securityToken = new SecurityToken();
return $this;
}
return $this;
}
/**
* Returns the security token for this form (if any exists).
*
* Doesn't check for {@link securityTokenEnabled()}.
*
* Use {@link SecurityToken::inst()} to get a global token.
*
* @return SecurityToken|null
*/
/**
* Returns the security token for this form (if any exists).
*
* Doesn't check for {@link securityTokenEnabled()}.
*
* Use {@link SecurityToken::inst()} to get a global token.
*
* @return SecurityToken|null
*/
public function getSecurityToken()
{
return $this->securityToken;
}
return $this->securityToken;
}
/**
* Compiles all CSS-classes.
*
* @return string
*/
/**
* Compiles all CSS-classes.
*
* @return string
*/
public function extraClass()
{
return implode(array_unique($this->extraClasses), ' ');
}
return implode(array_unique($this->extraClasses), ' ');
}
/**
* Add a CSS-class to the form-container. If needed, multiple classes can
* be added by delimiting a string with spaces.
*
* @param string $class A string containing a classname or several class
* names delimited by a single space.
* @return $this
*/
/**
* Add a CSS-class to the form-container. If needed, multiple classes can
* be added by delimiting a string with spaces.
*
* @param string $class A string containing a classname or several class
* names delimited by a single space.
* @return $this
*/
public function addExtraClass($class)
{
//split at white space
$classes = preg_split('/\s+/', $class);
foreach ($classes as $class) {
//add classes one by one
$this->extraClasses[$class] = $class;
}
return $this;
}
//split at white space
$classes = preg_split('/\s+/', $class);
foreach($classes as $class) {
//add classes one by one
$this->extraClasses[$class] = $class;
}
return $this;
}
/**
* Remove a CSS-class from the form-container. Multiple class names can
* be passed through as a space delimited string
*
* @param string $class
* @return $this
*/
/**
* Remove a CSS-class from the form-container. Multiple class names can
* be passed through as a space delimited string
*
* @param string $class
* @return $this
*/
public function removeExtraClass($class)
{
//split at white space
$classes = preg_split('/\s+/', $class);
foreach ($classes as $class) {
//unset one by one
unset($this->extraClasses[$class]);
}
return $this;
}
//split at white space
$classes = preg_split('/\s+/', $class);
foreach ($classes as $class) {
//unset one by one
unset($this->extraClasses[$class]);
}
return $this;
}
public function debug()
{
$result = "<h3>$this->class</h3><ul>";
foreach ($this->fields as $field) {
$result .= "<li>$field" . $field->debug() . "</li>";
}
$result .= "</ul>";
$result = "<h3>$this->class</h3><ul>";
foreach($this->fields as $field) {
$result .= "<li>$field" . $field->debug() . "</li>";
}
$result .= "</ul>";
if ($this->validator) {
/** @skipUpgrade */
$result .= '<h3>' . _t('Form.VALIDATOR', 'Validator') . '</h3>' . $this->validator->debug();
}
if( $this->validator ) {
/** @skipUpgrade */
$result .= '<h3>' . _t('Form.VALIDATOR', 'Validator') . '</h3>' . $this->validator->debug();
}
return $result;
}
return $result;
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// TESTING HELPERS
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// TESTING HELPERS
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/**
* Test a submission of this form.
* @param string $action
* @param array $data
* @return HTTPResponse the response object that the handling controller produces. You can interrogate this in
* your unit test.
* @throws HTTPResponse_Exception
*/
/**
* Test a submission of this form.
* @param string $action
* @param array $data
* @return HTTPResponse the response object that the handling controller produces. You can interrogate this in
* your unit test.
* @throws HTTPResponse_Exception
*/
public function testSubmission($action, $data)
{
$data['action_' . $action] = true;
$data['action_' . $action] = true;
return Director::test($this->FormAction(), $data, Controller::curr()->getSession());
}
return Director::test($this->FormAction(), $data, Controller::curr()->getSession());
}
/**
* Test an ajax submission of this form.
*
* @param string $action
* @param array $data
* @return HTTPResponse the response object that the handling controller produces. You can interrogate this in
* your unit test.
*/
/**
* Test an ajax submission of this form.
*
* @param string $action
* @param array $data
* @return HTTPResponse the response object that the handling controller produces. You can interrogate this in
* your unit test.
*/
public function testAjaxSubmission($action, $data)
{
$data['ajax'] = 1;
return $this->testSubmission($action, $data);
}
$data['ajax'] = 1;
return $this->testSubmission($action, $data);
}
}

236
src/Forms/GridField/GridFieldDeleteAction.php
View File

@ -24,101 +24,101 @@ use SilverStripe\ORM\ValidationException;
class GridFieldDeleteAction implements GridField_ColumnProvider, GridField_ActionProvider
{
/**
* If this is set to true, this {@link GridField_ActionProvider} will
* remove the object from the list, instead of deleting.
*
* In the case of a has one, has many or many many list it will uncouple
* the item from the list.
*
* @var boolean
*/
protected $removeRelation = false;
/**
* If this is set to true, this {@link GridField_ActionProvider} will
* remove the object from the list, instead of deleting.
*
* In the case of a has one, has many or many many list it will uncouple
* the item from the list.
*
* @var boolean
*/
protected $removeRelation = false;
/**
*
* @param boolean $removeRelation - true if removing the item from the list, but not deleting it
*/
/**
*
* @param boolean $removeRelation - true if removing the item from the list, but not deleting it
*/
public function __construct($removeRelation = false)
{
$this->removeRelation = $removeRelation;
}
$this->removeRelation = $removeRelation;
}
/**
* Add a column 'Delete'
*
* @param GridField $gridField
* @param array $columns
*/
/**
* Add a column 'Delete'
*
* @param GridField $gridField
* @param array $columns
*/
public function augmentColumns($gridField, &$columns)
{
if (!in_array('Actions', $columns)) {
$columns[] = 'Actions';
}
}
if(!in_array('Actions', $columns)) {
$columns[] = 'Actions';
}
}
/**
* Return any special attributes that will be used for FormField::create_tag()
*
* @param GridField $gridField
* @param DataObject $record
* @param string $columnName
* @return array
*/
/**
* Return any special attributes that will be used for FormField::create_tag()
*
* @param GridField $gridField
* @param DataObject $record
* @param string $columnName
* @return array
*/
public function getColumnAttributes($gridField, $record, $columnName)
{
return array('class' => 'grid-field__col-compact');
}
return array('class' => 'grid-field__col-compact');
}
/**
* Add the title
*
* @param GridField $gridField
* @param string $columnName
* @return array
*/
/**
* Add the title
*
* @param GridField $gridField
* @param string $columnName
* @return array
*/
public function getColumnMetadata($gridField, $columnName)
{
if ($columnName == 'Actions') {
return array('title' => '');
}
}
if($columnName == 'Actions') {
return array('title' => '');
}
}
/**
* Which columns are handled by this component
*
* @param GridField $gridField
* @return array
*/
/**
* Which columns are handled by this component
*
* @param GridField $gridField
* @return array
*/
public function getColumnsHandled($gridField)
{
return array('Actions');
}
return array('Actions');
}
/**
* Which GridField actions are this component handling
*
* @param GridField $gridField
* @return array
*/
/**
* Which GridField actions are this component handling
*
* @param GridField $gridField
* @return array
*/
public function getActions($gridField)
{
return array('deleterecord', 'unlinkrelation');
}
return array('deleterecord', 'unlinkrelation');
}
/**
*
* @param GridField $gridField
* @param DataObject $record
* @param string $columnName
* @return string the HTML for the column
*/
/**
*
* @param GridField $gridField
* @param DataObject $record
* @param string $columnName
* @return string the HTML for the column
*/
public function getColumnContent($gridField, $record, $columnName)
{
if ($this->removeRelation) {
if (!$record->canEdit()) {
return null;
}
if($this->removeRelation) {
if(!$record->canEdit()) {
return null;
}
$field = GridField_FormAction::create(
$gridField,
@ -127,12 +127,12 @@ class GridFieldDeleteAction implements GridField_ColumnProvider, GridField_Actio
"unlinkrelation",
array('RecordID' => $record->ID)
)
->addExtraClass('btn btn--no-text btn--icon-md font-icon-link-broken grid-field__icon-action gridfield-button-unlink')
->setAttribute('title', _t('GridAction.UnlinkRelation', "Unlink"));
} else {
if (!$record->canDelete()) {
return null;
}
->addExtraClass('btn btn--no-text btn--icon-md font-icon-link-broken grid-field__icon-action gridfield-button-unlink')
->setAttribute('title', _t('GridAction.UnlinkRelation', "Unlink"));
} else {
if(!$record->canDelete()) {
return null;
}
$field = GridField_FormAction::create(
$gridField,
@ -141,50 +141,46 @@ class GridFieldDeleteAction implements GridField_ColumnProvider, GridField_Actio
"deleterecord",
array('RecordID' => $record->ID)
)
->addExtraClass('gridfield-button-delete btn--icon-md font-icon-trash-bin btn--no-text grid-field__icon-action')
->setAttribute('title', _t('GridAction.Delete', "Delete"))
->setDescription(_t('GridAction.DELETE_DESCRIPTION', 'Delete'));
}
return $field->Field();
}
->addExtraClass('gridfield-button-delete btn--icon-md font-icon-trash-bin btn--no-text grid-field__icon-action')
->setAttribute('title', _t('GridAction.Delete', "Delete"))
->setDescription(_t('GridAction.DELETE_DESCRIPTION','Delete'));
}
return $field->Field();
}
/**
* Handle the actions and apply any changes to the GridField
*
* @param GridField $gridField
* @param string $actionName
* @param mixed $arguments
* @param array $data - form data
* @throws ValidationException
*/
/**
* Handle the actions and apply any changes to the GridField
*
* @param GridField $gridField
* @param string $actionName
* @param mixed $arguments
* @param array $data - form data
* @throws ValidationException
*/
public function handleAction(GridField $gridField, $actionName, $arguments, $data)
{
if ($actionName == 'deleterecord' || $actionName == 'unlinkrelation') {
/** @var DataObject $item */
$item = $gridField->getList()->byID($arguments['RecordID']);
if (!$item) {
return;
}
if($actionName == 'deleterecord' || $actionName == 'unlinkrelation') {
/** @var DataObject $item */
$item = $gridField->getList()->byID($arguments['RecordID']);
if(!$item) {
return;
}
if ($actionName == 'deleterecord') {
if (!$item->canDelete()) {
throw new ValidationException(
_t('GridFieldAction_Delete.DeletePermissionsFailure', "No delete permissions"),
0
);
}
if($actionName == 'deleterecord') {
if(!$item->canDelete()) {
throw new ValidationException(
_t('GridFieldAction_Delete.DeletePermissionsFailure',"No delete permissions"));
}
$item->delete();
} else {
if (!$item->canEdit()) {
throw new ValidationException(
_t('GridFieldAction_Delete.EditPermissionsFailure', "No permission to unlink record"),
0
);
}
$item->delete();
} else {
if(!$item->canEdit()) {
throw new ValidationException(
_t('GridFieldAction_Delete.EditPermissionsFailure',"No permission to unlink record"));
}
$gridField->getList()->remove($item);
}
}
}
$gridField->getList()->remove($item);
}
}
}
}

1082
src/Forms/GridField/GridFieldDetailForm_ItemRequest.php
View File

@ -26,622 +26,620 @@ use SilverStripe\View\SSViewer;
class GridFieldDetailForm_ItemRequest extends RequestHandler
{
private static $allowed_actions = array(
'edit',
'view',
'ItemEditForm'
);
private static $allowed_actions = array(
'edit',
'view',
'ItemEditForm'
);
/**
*
* @var GridField
*/
protected $gridField;
/**
*
* @var GridField
*/
protected $gridField;
/**
*
* @var GridFieldDetailForm
*/
protected $component;
/**
*
* @var GridFieldDetailForm
*/
protected $component;
/**
*
* @var DataObject
*/
protected $record;
/**
*
* @var DataObject
*/
protected $record;
/**
* This represents the current parent RequestHandler (which does not necessarily need to be a Controller).
* It allows us to traverse the RequestHandler chain upwards to reach the Controller stack.
*
* @var RequestHandler
*/
protected $popupController;
/**
* This represents the current parent RequestHandler (which does not necessarily need to be a Controller).
* It allows us to traverse the RequestHandler chain upwards to reach the Controller stack.
*
* @var RequestHandler
*/
protected $popupController;
/**
*
* @var string
*/
protected $popupFormName;
/**
*
* @var string
*/
protected $popupFormName;
/**
* @var String
*/
protected $template = null;
/**
* @var String
*/
protected $template = null;
private static $url_handlers = array(
'$Action!' => '$Action',
'' => 'edit',
);
private static $url_handlers = array(
'$Action!' => '$Action',
'' => 'edit',
);
/**
*
* @param GridField $gridField
* @param GridFieldDetailForm $component
* @param DataObject $record
* @param RequestHandler $requestHandler
* @param string $popupFormName
*/
public function __construct($gridField, $component, $record, $requestHandler, $popupFormName)
{
$this->gridField = $gridField;
$this->component = $component;
$this->record = $record;
$this->popupController = $requestHandler;
$this->popupFormName = $popupFormName;
parent::__construct();
}
/**
*
* @param GridField $gridField
* @param GridFieldDetailForm $component
* @param DataObject $record
* @param RequestHandler $requestHandler
* @param string $popupFormName
*/
public function __construct($gridField, $component, $record, $requestHandler, $popupFormName)
{
$this->gridField = $gridField;
$this->component = $component;
$this->record = $record;
$this->popupController = $requestHandler;
$this->popupFormName = $popupFormName;
parent::__construct();
}
public function Link($action = null)
{
public function Link($action = null)
{
return Controller::join_links(
$this->gridField->Link('item'),
$this->record->ID ? $this->record->ID : 'new',
$action
);
}
}
/**
* @param HTTPRequest $request
* @return mixed
*/
public function view($request)
{
if (!$this->record->canView()) {
$this->httpError(403);
}
/**
* @param HTTPRequest $request
* @return mixed
*/
public function view($request)
{
if (!$this->record->canView()) {
$this->httpError(403);
}
$controller = $this->getToplevelController();
$controller = $this->getToplevelController();
$form = $this->ItemEditForm();
$form->makeReadonly();
$form = $this->ItemEditForm();
$form->makeReadonly();
$data = new ArrayData(array(
'Backlink' => $controller->Link(),
'ItemEditForm' => $form
));
$return = $data->renderWith($this->getTemplates());
$data = new ArrayData(array(
'Backlink' => $controller->Link(),
'ItemEditForm' => $form
));
$return = $data->renderWith($this->getTemplates());
if ($request->isAjax()) {
return $return;
} else {
return $controller->customise(array('Content' => $return));
}
}
if ($request->isAjax()) {
return $return;
} else {
return $controller->customise(array('Content' => $return));
}
}
/**
* @param HTTPRequest $request
* @return mixed
*/
public function edit($request)
{
$controller = $this->getToplevelController();
$form = $this->ItemEditForm();
/**
* @param HTTPRequest $request
* @return mixed
*/
public function edit($request)
{
$controller = $this->getToplevelController();
$form = $this->ItemEditForm();
$return = $this->customise(array(
'Backlink' => $controller->hasMethod('Backlink') ? $controller->Backlink() : $controller->Link(),
'ItemEditForm' => $form,
))->renderWith($this->getTemplates());
$return = $this->customise(array(
'Backlink' => $controller->hasMethod('Backlink') ? $controller->Backlink() : $controller->Link(),
'ItemEditForm' => $form,
))->renderWith($this->getTemplates());
if ($request->isAjax()) {
return $return;
} else {
// If not requested by ajax, we need to render it within the controller context+template
return $controller->customise(array(
// TODO CMS coupling
'Content' => $return,
));
}
}
if ($request->isAjax()) {
return $return;
} else {
// If not requested by ajax, we need to render it within the controller context+template
return $controller->customise(array(
// TODO CMS coupling
'Content' => $return,
));
}
}
/**
* Builds an item edit form. The arguments to getCMSFields() are the popupController and
* popupFormName, however this is an experimental API and may change.
*
* @todo In the future, we will probably need to come up with a tigher object representing a partially
* complete controller with gaps for extra functionality. This, for example, would be a better way
* of letting Security/login put its log-in form inside a UI specified elsewhere.
*
* @return Form
*/
public function ItemEditForm()
{
$list = $this->gridField->getList();
/**
* Builds an item edit form. The arguments to getCMSFields() are the popupController and
* popupFormName, however this is an experimental API and may change.
*
* @todo In the future, we will probably need to come up with a tigher object representing a partially
* complete controller with gaps for extra functionality. This, for example, would be a better way
* of letting Security/login put its log-in form inside a UI specified elsewhere.
*
* @return Form
*/
public function ItemEditForm()
{
$list = $this->gridField->getList();
if (empty($this->record)) {
$controller = $this->getToplevelController();
$url = $controller->getRequest()->getURL();
$noActionURL = $controller->removeAction($url);
$controller->getResponse()->removeHeader('Location'); //clear the existing redirect
return $controller->redirect($noActionURL, 302);
}
if (empty($this->record)) {
$controller = $this->getToplevelController();
$url = $controller->getRequest()->getURL();
$noActionURL = $controller->removeAction($url);
$controller->getResponse()->removeHeader('Location'); //clear the existing redirect
return $controller->redirect($noActionURL, 302);
}
$canView = $this->record->canView();
$canEdit = $this->record->canEdit();
$canDelete = $this->record->canDelete();
$canCreate = $this->record->canCreate();
$canView = $this->record->canView();
$canEdit = $this->record->canEdit();
$canDelete = $this->record->canDelete();
$canCreate = $this->record->canCreate();
if (!$canView) {
$controller = $this->getToplevelController();
// TODO More friendly error
return $controller->httpError(403);
}
if (!$canView) {
$controller = $this->getToplevelController();
// TODO More friendly error
return $controller->httpError(403);
}
// Build actions
$actions = $this->getFormActions();
// Build actions
$actions = $this->getFormActions();
// If we are creating a new record in a has-many list, then
// pre-populate the record's foreign key.
if ($list instanceof HasManyList && !$this->record->isInDB()) {
$key = $list->getForeignKey();
$id = $list->getForeignID();
$this->record->$key = $id;
}
// If we are creating a new record in a has-many list, then
// pre-populate the record's foreign key.
if ($list instanceof HasManyList && !$this->record->isInDB()) {
$key = $list->getForeignKey();
$id = $list->getForeignID();
$this->record->$key = $id;
}
$fields = $this->component->getFields();
if (!$fields) {
$fields = $this->record->getCMSFields();
}
$fields = $this->component->getFields();
if (!$fields) {
$fields = $this->record->getCMSFields();
}
// If we are creating a new record in a has-many list, then
// Disable the form field as it has no effect.
if ($list instanceof HasManyList) {
$key = $list->getForeignKey();
// If we are creating a new record in a has-many list, then
// Disable the form field as it has no effect.
if ($list instanceof HasManyList) {
$key = $list->getForeignKey();
if ($field = $fields->dataFieldByName($key)) {
$fields->makeFieldReadonly($field);
}
}
if ($field = $fields->dataFieldByName($key)) {
$fields->makeFieldReadonly($field);
}
}
// Caution: API violation. Form expects a Controller, but we are giving it a RequestHandler instead.
// Thanks to this however, we are able to nest GridFields, and also access the initial Controller by
// dereferencing GridFieldDetailForm_ItemRequest->getController() multiple times. See getToplevelController
// below.
$form = new Form(
$this,
'ItemEditForm',
$fields,
$actions,
$this->component->getValidator()
);
// Caution: API violation. Form expects a Controller, but we are giving it a RequestHandler instead.
// Thanks to this however, we are able to nest GridFields, and also access the initial Controller by
// dereferencing GridFieldDetailForm_ItemRequest->getController() multiple times. See getToplevelController
// below.
$form = new Form(
$this,
'ItemEditForm',
$fields,
$actions,
$this->component->getValidator()
);
$form->loadDataFrom($this->record, $this->record->ID == 0 ? Form::MERGE_IGNORE_FALSEISH : Form::MERGE_DEFAULT);
$form->loadDataFrom($this->record, $this->record->ID == 0 ? Form::MERGE_IGNORE_FALSEISH : Form::MERGE_DEFAULT);
if ($this->record->ID && !$canEdit) {
// Restrict editing of existing records
$form->makeReadonly();
// Hack to re-enable delete button if user can delete
if ($canDelete) {
$form->Actions()->fieldByName('action_doDelete')->setReadonly(false);
}
} elseif (!$this->record->ID && !$canCreate) {
// Restrict creation of new records
$form->makeReadonly();
}
if ($this->record->ID && !$canEdit) {
// Restrict editing of existing records
$form->makeReadonly();
// Hack to re-enable delete button if user can delete
if ($canDelete) {
$form->Actions()->fieldByName('action_doDelete')->setReadonly(false);
}
} elseif (!$this->record->ID && !$canCreate) {
// Restrict creation of new records
$form->makeReadonly();
}
// Load many_many extraData for record.
// Fields with the correct 'ManyMany' namespace need to be added manually through getCMSFields().
if ($list instanceof ManyManyList) {
$extraData = $list->getExtraData('', $this->record->ID);
$form->loadDataFrom(array('ManyMany' => $extraData));
}
// Load many_many extraData for record.
// Fields with the correct 'ManyMany' namespace need to be added manually through getCMSFields().
if ($list instanceof ManyManyList) {
$extraData = $list->getExtraData('', $this->record->ID);
$form->loadDataFrom(array('ManyMany' => $extraData));
}
// TODO Coupling with CMS
$toplevelController = $this->getToplevelController();
if ($toplevelController && $toplevelController instanceof LeftAndMain) {
// Always show with base template (full width, no other panels),
// regardless of overloaded CMS controller templates.
// TODO Allow customization, e.g. to display an edit form alongside a search form from the CMS controller
$form->setTemplate([
'type' => 'Includes',
'SilverStripe\\Admin\\LeftAndMain_EditForm',
]);
$form->addExtraClass('cms-content cms-edit-form center fill-height flexbox-area-grow');
$form->setAttribute('data-pjax-fragment', 'CurrentForm Content');
if ($form->Fields()->hasTabSet()) {
$form->Fields()->findOrMakeTab('Root')->setTemplate('SilverStripe\\Forms\\CMSTabSet');
$form->addExtraClass('cms-tabset');
}
// TODO Coupling with CMS
$toplevelController = $this->getToplevelController();
if ($toplevelController && $toplevelController instanceof LeftAndMain) {
// Always show with base template (full width, no other panels),
// regardless of overloaded CMS controller templates.
// TODO Allow customization, e.g. to display an edit form alongside a search form from the CMS controller
$form->setTemplate([
'type' => 'Includes',
'SilverStripe\\Admin\\LeftAndMain_EditForm',
]);
$form->addExtraClass('cms-content cms-edit-form center fill-height flexbox-area-grow');
$form->setAttribute('data-pjax-fragment', 'CurrentForm Content');
if ($form->Fields()->hasTabSet()) {
$form->Fields()->findOrMakeTab('Root')->setTemplate('SilverStripe\\Forms\\CMSTabSet');
$form->addExtraClass('cms-tabset');
}
$form->Backlink = $this->getBackLink();
}
$form->Backlink = $this->getBackLink();
}
$cb = $this->component->getItemEditFormCallback();
if ($cb) {
$cb($form, $this);
}
$this->extend("updateItemEditForm", $form);
return $form;
}
$cb = $this->component->getItemEditFormCallback();
if ($cb) {
$cb($form, $this);
}
$this->extend("updateItemEditForm", $form);
return $form;
}
/**
* Build the set of form field actions for this DataObject
*
* @return FieldList
*/
protected function getFormActions()
{
$canEdit = $this->record->canEdit();
$canDelete = $this->record->canDelete();
$actions = new FieldList();
if ($this->record->ID !== 0) {
if ($canEdit) {
$actions->push(FormAction::create('doSave', _t('GridFieldDetailForm.Save', 'Save'))
->setUseButtonTag(true)
->addExtraClass('ss-ui-action-constructive')
->setAttribute('data-icon', 'accept'));
}
/**
* Build the set of form field actions for this DataObject
*
* @return FieldList
*/
protected function getFormActions()
{
$canEdit = $this->record->canEdit();
$canDelete = $this->record->canDelete();
$actions = new FieldList();
if ($this->record->ID !== 0) {
if ($canEdit) {
$actions->push(FormAction::create('doSave', _t('GridFieldDetailForm.Save', 'Save'))
->setUseButtonTag(true)
->addExtraClass('ss-ui-action-constructive')
->setAttribute('data-icon', 'accept'));
}
if ($canDelete) {
$actions->push(FormAction::create('doDelete', _t('GridFieldDetailForm.Delete', 'Delete'))
->setUseButtonTag(true)
->addExtraClass('ss-ui-action-destructive action-delete'));
}
} else { // adding new record
//Change the Save label to 'Create'
$actions->push(FormAction::create('doSave', _t('GridFieldDetailForm.Create', 'Create'))
->setUseButtonTag(true)
->addExtraClass('ss-ui-action-constructive')
->setAttribute('data-icon', 'add'));
if ($canDelete) {
$actions->push(FormAction::create('doDelete', _t('GridFieldDetailForm.Delete', 'Delete'))
->setUseButtonTag(true)
->addExtraClass('ss-ui-action-destructive action-delete'));
}
} else { // adding new record
//Change the Save label to 'Create'
$actions->push(FormAction::create('doSave', _t('GridFieldDetailForm.Create', 'Create'))
->setUseButtonTag(true)
->addExtraClass('ss-ui-action-constructive')
->setAttribute('data-icon', 'add'));
// Add a Cancel link which is a button-like link and link back to one level up.
$crumbs = $this->Breadcrumbs();
if ($crumbs && $crumbs->count() >= 2) {
$oneLevelUp = $crumbs->offsetGet($crumbs->count() - 2);
$text = sprintf(
"<a class=\"%s\" href=\"%s\">%s</a>",
"crumb ss-ui-button ss-ui-action-destructive cms-panel-link ui-corner-all", // CSS classes
$oneLevelUp->Link, // url
_t('GridFieldDetailForm.CancelBtn', 'Cancel') // label
);
$actions->push(new LiteralField('cancelbutton', $text));
}
}
$this->extend('updateFormActions', $actions);
return $actions;
}
// Add a Cancel link which is a button-like link and link back to one level up.
$crumbs = $this->Breadcrumbs();
if ($crumbs && $crumbs->count() >= 2) {
$oneLevelUp = $crumbs->offsetGet($crumbs->count() - 2);
$text = sprintf(
"<a class=\"%s\" href=\"%s\">%s</a>",
"crumb ss-ui-button ss-ui-action-destructive cms-panel-link ui-corner-all", // CSS classes
$oneLevelUp->Link, // url
_t('GridFieldDetailForm.CancelBtn', 'Cancel') // label
);
$actions->push(new LiteralField('cancelbutton', $text));
}
}
$this->extend('updateFormActions', $actions);
return $actions;
}
/**
* Traverse the nested RequestHandlers until we reach something that's not GridFieldDetailForm_ItemRequest.
* This allows us to access the Controller responsible for invoking the top-level GridField.
* This should be equivalent to getting the controller off the top of the controller stack via Controller::curr(),
* but allows us to avoid accessing the global state.
*
* GridFieldDetailForm_ItemRequests are RequestHandlers, and as such they are not part of the controller stack.
*
* @return Controller
*/
protected function getToplevelController()
{
$c = $this->popupController;
while ($c && $c instanceof GridFieldDetailForm_ItemRequest) {
$c = $c->getController();
}
return $c;
}
/**
* Traverse the nested RequestHandlers until we reach something that's not GridFieldDetailForm_ItemRequest.
* This allows us to access the Controller responsible for invoking the top-level GridField.
* This should be equivalent to getting the controller off the top of the controller stack via Controller::curr(),
* but allows us to avoid accessing the global state.
*
* GridFieldDetailForm_ItemRequests are RequestHandlers, and as such they are not part of the controller stack.
*
* @return Controller
*/
protected function getToplevelController()
{
$c = $this->popupController;
while ($c && $c instanceof GridFieldDetailForm_ItemRequest) {
$c = $c->getController();
}
return $c;
}
protected function getBackLink()
{
// TODO Coupling with CMS
$backlink = '';
$toplevelController = $this->getToplevelController();
if ($toplevelController && $toplevelController instanceof LeftAndMain) {
if ($toplevelController->hasMethod('Backlink')) {
$backlink = $toplevelController->Backlink();
} elseif ($this->popupController->hasMethod('Breadcrumbs')) {
$parents = $this->popupController->Breadcrumbs(false)->items;
$backlink = array_pop($parents)->Link;
}
}
if (!$backlink) {
$backlink = $toplevelController->Link();
}
protected function getBackLink()
{
// TODO Coupling with CMS
$backlink = '';
$toplevelController = $this->getToplevelController();
if ($toplevelController && $toplevelController instanceof LeftAndMain) {
if ($toplevelController->hasMethod('Backlink')) {
$backlink = $toplevelController->Backlink();
} elseif ($this->popupController->hasMethod('Breadcrumbs')) {
$parents = $this->popupController->Breadcrumbs(false)->items;
$backlink = array_pop($parents)->Link;
}
}
if (!$backlink) {
$backlink = $toplevelController->Link();
}
return $backlink;
}
return $backlink;
}
/**
* Get the list of extra data from the $record as saved into it by
* {@see Form::saveInto()}
*
* Handles detection of falsey values explicitly saved into the
* DataObject by formfields
*
* @param DataObject $record
* @param SS_List $list
* @return array List of data to write to the relation
*/
protected function getExtraSavedData($record, $list)
{
// Skip extra data if not ManyManyList
if (!($list instanceof ManyManyList)) {
return null;
}
/**
* Get the list of extra data from the $record as saved into it by
* {@see Form::saveInto()}
*
* Handles detection of falsey values explicitly saved into the
* DataObject by formfields
*
* @param DataObject $record
* @param SS_List $list
* @return array List of data to write to the relation
*/
protected function getExtraSavedData($record, $list)
{
// Skip extra data if not ManyManyList
if (!($list instanceof ManyManyList)) {
return null;
}
$data = array();
foreach ($list->getExtraFields() as $field => $dbSpec) {
$savedField = "ManyMany[{$field}]";
if ($record->hasField($savedField)) {
$data[$field] = $record->getField($savedField);
}
}
return $data;
}
$data = array();
foreach ($list->getExtraFields() as $field => $dbSpec) {
$savedField = "ManyMany[{$field}]";
if ($record->hasField($savedField)) {
$data[$field] = $record->getField($savedField);
}
}
return $data;
}
public function doSave($data, $form)
{
$isNewRecord = $this->record->ID == 0;
public function doSave($data, $form)
{
$isNewRecord = $this->record->ID == 0;
// Check permission
if (!$this->record->canEdit()) {
return $this->httpError(403);
}
// Check permission
if (!$this->record->canEdit()) {
return $this->httpError(403);
}
// Save from form data
try {
$this->saveFormIntoRecord($data, $form);
} catch (ValidationException $e) {
return $this->generateValidationResponse($form, $e);
}
// Save from form data
try {
$this->saveFormIntoRecord($data, $form);
} catch (ValidationException $e) {
return $this->generateValidationResponse($form, $e);
}
$link = '<a href="' . $this->Link('edit') . '">"'
. htmlspecialchars($this->record->Title, ENT_QUOTES)
. '"</a>';
$message = _t(
'GridFieldDetailForm.Saved',
'Saved {name} {link}',
array(
'name' => $this->record->i18n_singular_name(),
'link' => $link
)
);
$link = '<a href="' . $this->Link('edit') . '">"'
. htmlspecialchars($this->record->Title, ENT_QUOTES)
. '"</a>';
$message = _t(
'GridFieldDetailForm.Saved',
'Saved {name} {link}',
array(
'name' => $this->record->i18n_singular_name(),
'link' => $link
)
);
$form->sessionMessage($message, 'good', false);
$form->sessionMessage($message, 'good', false);
// Redirect after save
return $this->redirectAfterSave($isNewRecord);
}
// Redirect after save
return $this->redirectAfterSave($isNewRecord);
}
/**
* Response object for this request after a successful save
*
* @param bool $isNewRecord True if this record was just created
* @return HTTPResponse|DBHTMLText
*/
protected function redirectAfterSave($isNewRecord)
{
$controller = $this->getToplevelController();
if ($isNewRecord) {
return $controller->redirect($this->Link());
} elseif ($this->gridField->getList()->byID($this->record->ID)) {
// Return new view, as we can't do a "virtual redirect" via the CMS Ajax
// to the same URL (it assumes that its content is already current, and doesn't reload)
return $this->edit($controller->getRequest());
} else {
// Changes to the record properties might've excluded the record from
// a filtered list, so return back to the main view if it can't be found
$url = $controller->getRequest()->getURL();
$noActionURL = $controller->removeAction($url);
$controller->getRequest()->addHeader('X-Pjax', 'Content');
return $controller->redirect($noActionURL, 302);
}
}
/**
* Response object for this request after a successful save
*
* @param bool $isNewRecord True if this record was just created
* @return HTTPResponse|DBHTMLText
*/
protected function redirectAfterSave($isNewRecord)
{
$controller = $this->getToplevelController();
if ($isNewRecord) {
return $controller->redirect($this->Link());
} elseif ($this->gridField->getList()->byID($this->record->ID)) {
// Return new view, as we can't do a "virtual redirect" via the CMS Ajax
// to the same URL (it assumes that its content is already current, and doesn't reload)
return $this->edit($controller->getRequest());
} else {
// Changes to the record properties might've excluded the record from
// a filtered list, so return back to the main view if it can't be found
$url = $controller->getRequest()->getURL();
$noActionURL = $controller->removeAction($url);
$controller->getRequest()->addHeader('X-Pjax', 'Content');
return $controller->redirect($noActionURL, 302);
}
}
public function httpError($errorCode, $errorMessage = null)
{
$controller = $this->getToplevelController();
return $controller->httpError($errorCode, $errorMessage);
}
public function httpError($errorCode, $errorMessage = null)
{
$controller = $this->getToplevelController();
return $controller->httpError($errorCode, $errorMessage);
}
/**
* Loads the given form data into the underlying dataobject and relation
*
* @param array $data
* @param Form $form
* @throws ValidationException On error
* @return DataObject Saved record
*/
protected function saveFormIntoRecord($data, $form)
{
$list = $this->gridField->getList();
/**
* Loads the given form data into the underlying dataobject and relation
*
* @param array $data
* @param Form $form
* @throws ValidationException On error
* @return DataObject Saved record
*/
protected function saveFormIntoRecord($data, $form)
{
$list = $this->gridField->getList();
// Check object matches the correct classname
if (isset($data['ClassName']) && $data['ClassName'] != $this->record->ClassName) {
$newClassName = $data['ClassName'];
// The records originally saved attribute was overwritten by $form->saveInto($record) before.
// This is necessary for newClassInstance() to work as expected, and trigger change detection
// on the ClassName attribute
$this->record->setClassName($this->record->ClassName);
// Replace $record with a new instance
$this->record = $this->record->newClassInstance($newClassName);
}
// Check object matches the correct classname
if (isset($data['ClassName']) && $data['ClassName'] != $this->record->ClassName) {
$newClassName = $data['ClassName'];
// The records originally saved attribute was overwritten by $form->saveInto($record) before.
// This is necessary for newClassInstance() to work as expected, and trigger change detection
// on the ClassName attribute
$this->record->setClassName($this->record->ClassName);
// Replace $record with a new instance
$this->record = $this->record->newClassInstance($newClassName);
}
// Save form and any extra saved data into this dataobject
$form->saveInto($this->record);
$this->record->write();
$extraData = $this->getExtraSavedData($this->record, $list);
$list->add($this->record, $extraData);
// Save form and any extra saved data into this dataobject
$form->saveInto($this->record);
$this->record->write();
$extraData = $this->getExtraSavedData($this->record, $list);
$list->add($this->record, $extraData);
return $this->record;
}
return $this->record;
}
/**
* Generate a response object for a form validation error
*
* @param Form $form The source form
* @param ValidationException $e The validation error message
* @return HTTPResponse
* @throws HTTPResponse_Exception
*/
protected function generateValidationResponse($form, $e)
{
$controller = $this->getToplevelController();
/**
* Generate a response object for a form validation error
*
* @param Form $form The source form
* @param ValidationException $e The validation error message
* @return HTTPResponse
* @throws HTTPResponse_Exception
*/
protected function generateValidationResponse($form, $e)
{
$controller = $this->getToplevelController();
$form->sessionMessage($e->getResult()->message(), 'bad', false);
$responseNegotiator = new PjaxResponseNegotiator(array(
'CurrentForm' => function () use (&$form) {
return $form->forTemplate();
},
'default' => function () use (&$controller) {
return $controller->redirectBack();
}
));
if ($controller->getRequest()->isAjax()) {
$controller->getRequest()->addHeader('X-Pjax', 'CurrentForm');
}
return $responseNegotiator->respond($controller->getRequest());
}
$form->sessionMessage($e->getResult()->message(), 'bad', false);
$responseNegotiator = new PjaxResponseNegotiator(array(
'CurrentForm' => function () use (&$form) {
return $form->forTemplate();
},
'default' => function () use (&$controller) {
return $controller->redirectBack();
}
));
if ($controller->getRequest()->isAjax()) {
$controller->getRequest()->addHeader('X-Pjax', 'CurrentForm');
}
return $responseNegotiator->respond($controller->getRequest());
}
/**
* @param array $data
* @param Form $form
* @return HTTPResponse
*/
public function doDelete($data, $form)
{
$title = $this->record->Title;
try {
if (!$this->record->canDelete()) {
throw new ValidationException(
_t('GridFieldDetailForm.DeletePermissionsFailure', "No delete permissions"),
0
);
}
/**
* @param array $data
* @param Form $form
* @return HTTPResponse
*/
public function doDelete($data, $form)
{
$title = $this->record->Title;
try {
if (!$this->record->canDelete()) {
throw new ValidationException(
_t('GridFieldDetailForm.DeletePermissionsFailure',"No delete permissions"));
}
$this->record->delete();
} catch (ValidationException $e) {
$form->sessionMessage($e->getResult()->message(), 'bad', false);
return $this->getToplevelController()->redirectBack();
}
$this->record->delete();
} catch (ValidationException $e) {
$form->sessionMessage($e->getResult()->message(), 'bad', false);
return $this->getToplevelController()->redirectBack();
}
$message = sprintf(
_t('GridFieldDetailForm.Deleted', 'Deleted %s %s'),
$this->record->i18n_singular_name(),
htmlspecialchars($title, ENT_QUOTES)
);
$message = sprintf(
_t('GridFieldDetailForm.Deleted', 'Deleted %s %s'),
$this->record->i18n_singular_name(),
htmlspecialchars($title, ENT_QUOTES)
);
$toplevelController = $this->getToplevelController();
if ($toplevelController && $toplevelController instanceof LeftAndMain) {
$backForm = $toplevelController->getEditForm();
$backForm->sessionMessage($message, 'good', false);
} else {
$form->sessionMessage($message, 'good', false);
}
$toplevelController = $this->getToplevelController();
if ($toplevelController && $toplevelController instanceof LeftAndMain) {
$backForm = $toplevelController->getEditForm();
$backForm->sessionMessage($message, 'good', false);
} else {
$form->sessionMessage($message, 'good', false);
}
//when an item is deleted, redirect to the parent controller
$controller = $this->getToplevelController();
$controller->getRequest()->addHeader('X-Pjax', 'Content'); // Force a content refresh
//when an item is deleted, redirect to the parent controller
$controller = $this->getToplevelController();
$controller->getRequest()->addHeader('X-Pjax', 'Content'); // Force a content refresh
return $controller->redirect($this->getBackLink(), 302); //redirect back to admin section
}
return $controller->redirect($this->getBackLink(), 302); //redirect back to admin section
}
/**
* @param string $template
* @return $this
*/
public function setTemplate($template)
{
$this->template = $template;
return $this;
}
/**
* @param string $template
* @return $this
*/
public function setTemplate($template)
{
$this->template = $template;
return $this;
}
/**
* @return string
*/
public function getTemplate()
{
return $this->template;
}
/**
* @return string
*/
public function getTemplate()
{
return $this->template;
}
/**
* Get list of templates to use
*
* @return array
*/
public function getTemplates()
{
$templates = SSViewer::get_templates_by_class($this, '', __CLASS__);
// Prefer any custom template
if ($this->getTemplate()) {
array_unshift($templates, $this->getTemplate());
}
return $templates;
}
/**
* Get list of templates to use
*
* @return array
*/
public function getTemplates()
{
$templates = SSViewer::get_templates_by_class($this, '', __CLASS__);
// Prefer any custom template
if($this->getTemplate()) {
array_unshift($templates, $this->getTemplate());
}
return $templates;
}
/**
* @return Controller
*/
public function getController()
{
return $this->popupController;
}
/**
* @return Controller
*/
public function getController()
{
return $this->popupController;
}
/**
* @return GridField
*/
public function getGridField()
{
return $this->gridField;
}
/**
* @return GridField
*/
public function getGridField()
{
return $this->gridField;
}
/**
* @return DataObject
*/
public function getRecord()
{
return $this->record;
}
/**
* @return DataObject
*/
public function getRecord()
{
return $this->record;
}
/**
* CMS-specific functionality: Passes through navigation breadcrumbs
* to the template, and includes the currently edited record (if any).
* see {@link LeftAndMain->Breadcrumbs()} for details.
*
* @param boolean $unlinked
* @return ArrayList
*/
public function Breadcrumbs($unlinked = false)
{
if (!$this->popupController->hasMethod('Breadcrumbs')) {
return null;
}
/**
* CMS-specific functionality: Passes through navigation breadcrumbs
* to the template, and includes the currently edited record (if any).
* see {@link LeftAndMain->Breadcrumbs()} for details.
*
* @param boolean $unlinked
* @return ArrayList
*/
public function Breadcrumbs($unlinked = false)
{
if (!$this->popupController->hasMethod('Breadcrumbs')) {
return null;
}
/** @var ArrayList $items */
$items = $this->popupController->Breadcrumbs($unlinked);
if ($this->record && $this->record->ID) {
$title = ($this->record->Title) ? $this->record->Title : "#{$this->record->ID}";
$items->push(new ArrayData(array(
'Title' => $title,
'Link' => $this->Link()
)));
} else {
$items->push(new ArrayData(array(
'Title' => sprintf(_t('GridField.NewRecord', 'New %s'), $this->record->i18n_singular_name()),
'Link' => false
)));
}
/** @var ArrayList $items */
$items = $this->popupController->Breadcrumbs($unlinked);
if ($this->record && $this->record->ID) {
$title = ($this->record->Title) ? $this->record->Title : "#{$this->record->ID}";
$items->push(new ArrayData(array(
'Title' => $title,
'Link' => $this->Link()
)));
} else {
$items->push(new ArrayData(array(
'Title' => sprintf(_t('GridField.NewRecord', 'New %s'), $this->record->i18n_singular_name()),
'Link' => false
)));
}
return $items;
}
return $items;
}
}

1499
src/ORM/Hierarchy/Hierarchy.php
View File

@ -25,198 +25,199 @@ use Exception;
class Hierarchy extends DataExtension
{
protected $markedNodes;
protected $markedNodes;
protected $markingFilter;
protected $markingFilter;
/** @var int */
protected $_cache_numChildren;
/** @var int */
protected $_cache_numChildren;
/**
* The lower bounds for the amount of nodes to mark. If set, the logic will expand nodes until it reaches at least
* this number, and then stops. Root nodes will always show regardless of this settting. Further nodes can be
* lazy-loaded via ajax. This isn't a hard limit. Example: On a value of 10, with 20 root nodes, each having 30
* children, the actual node count will be 50 (all root nodes plus first expanded child).
*
* @config
* @var int
*/
private static $node_threshold_total = 50;
/**
* The lower bounds for the amount of nodes to mark. If set, the logic will expand nodes until it reaches at least
* this number, and then stops. Root nodes will always show regardless of this settting. Further nodes can be
* lazy-loaded via ajax. This isn't a hard limit. Example: On a value of 10, with 20 root nodes, each having 30
* children, the actual node count will be 50 (all root nodes plus first expanded child).
*
* @config
* @var int
*/
private static $node_threshold_total = 50;
/**
* Limit on the maximum children a specific node can display. Serves as a hard limit to avoid exceeding available
* server resources in generating the tree, and browser resources in rendering it. Nodes with children exceeding
* this value typically won't display any children, although this is configurable through the $nodeCountCallback
* parameter in {@link getChildrenAsUL()}. "Root" nodes will always show all children, regardless of this setting.
*
* @config
* @var int
*/
private static $node_threshold_leaf = 250;
/**
* Limit on the maximum children a specific node can display. Serves as a hard limit to avoid exceeding available
* server resources in generating the tree, and browser resources in rendering it. Nodes with children exceeding
* this value typically won't display any children, although this is configurable through the $nodeCountCallback
* parameter in {@link getChildrenAsUL()}. "Root" nodes will always show all children, regardless of this setting.
*
* @config
* @var int
*/
private static $node_threshold_leaf = 250;
/**
* A list of classnames to exclude from display in both the CMS and front end
* displays. ->Children() and ->AllChildren affected.
* Especially useful for big sets of pages like listings
* If you use this, and still need the classes to be editable
* then add a model admin for the class
* Note: Does not filter subclasses (non-inheriting)
*
* @var array
* @config
*/
private static $hide_from_hierarchy = array();
/**
* A list of classnames to exclude from display in both the CMS and front end
* displays. ->Children() and ->AllChildren affected.
* Especially useful for big sets of pages like listings
* If you use this, and still need the classes to be editable
* then add a model admin for the class
* Note: Does not filter subclasses (non-inheriting)
*
* @var array
* @config
*/
private static $hide_from_hierarchy = array();
/**
* A list of classnames to exclude from display in the page tree views of the CMS,
* unlike $hide_from_hierarchy above which effects both CMS and front end.
* Especially useful for big sets of pages like listings
* If you use this, and still need the classes to be editable
* then add a model admin for the class
* Note: Does not filter subclasses (non-inheriting)
*
* @var array
* @config
*/
private static $hide_from_cms_tree = array();
/**
* A list of classnames to exclude from display in the page tree views of the CMS,
* unlike $hide_from_hierarchy above which effects both CMS and front end.
* Especially useful for big sets of pages like listings
* If you use this, and still need the classes to be editable
* then add a model admin for the class
* Note: Does not filter subclasses (non-inheriting)
*
* @var array
* @config
*/
private static $hide_from_cms_tree = array();
public static function get_extra_config($class, $extension, $args)
{
return array(
'has_one' => array('Parent' => $class)
);
}
return array(
'has_one' => array('Parent' => $class)
);
}
/**
* Validate the owner object - check for existence of infinite loops.
*
* @param ValidationResult $validationResult
*/
/**
* Validate the owner object - check for existence of infinite loops.
*
* @param ValidationResult $validationResult
*/
public function validate(ValidationResult $validationResult)
{
// The object is new, won't be looping.
// The object is new, won't be looping.
if (!$this->owner->ID) {
return;
}
// The object has no parent, won't be looping.
// The object has no parent, won't be looping.
if (!$this->owner->ParentID) {
return;
}
// The parent has not changed, skip the check for performance reasons.
// The parent has not changed, skip the check for performance reasons.
if (!$this->owner->isChanged('ParentID')) {
return;
}
// Walk the hierarchy upwards until we reach the top, or until we reach the originating node again.
$node = $this->owner;
while ($node) {
if ($node->ParentID==$this->owner->ID) {
// Hierarchy is looping.
$validationResult->error(
_t(
'Hierarchy.InfiniteLoopNotAllowed',
'Infinite loop found within the "{type}" hierarchy. Please change the parent to resolve this',
'First argument is the class that makes up the hierarchy.',
array('type' => $this->owner->class)
),
'INFINITE_LOOP'
);
break;
}
$node = $node->ParentID ? $node->Parent() : null;
}
// Walk the hierarchy upwards until we reach the top, or until we reach the originating node again.
$node = $this->owner;
while($node) {
if ($node->ParentID==$this->owner->ID) {
// Hierarchy is looping.
$validationResult->addError(
_t(
'Hierarchy.InfiniteLoopNotAllowed',
'Infinite loop found within the "{type}" hierarchy. Please change the parent to resolve this',
'First argument is the class that makes up the hierarchy.',
array('type' => $this->owner->class)
),
'bad',
'INFINITE_LOOP'
);
break;
}
$node = $node->ParentID ? $node->Parent() : null;
}
// At this point the $validationResult contains the response.
}
// At this point the $validationResult contains the response.
}
/**
* Returns the children of this DataObject as an XHTML UL. This will be called recursively on each child, so if they
* have children they will be displayed as a UL inside a LI.
*
* @param string $attributes Attributes to add to the UL
* @param string|callable $titleEval PHP code to evaluate to start each child - this should include '<li>'
* @param string $extraArg Extra arguments that will be passed on to children, for if they overload this function
* @param bool $limitToMarked Display only marked children
* @param string $childrenMethod The name of the method used to get children from each object
* @param string $numChildrenMethod
* @param bool $rootCall Set to true for this first call, and then to false for calls inside the recursion.
* You should not change this.
* @param int $nodeCountThreshold See {@link self::$node_threshold_total}
* @param callable $nodeCountCallback Called with the node count, which gives the callback an opportunity to
* intercept the query. Useful e.g. to avoid excessive children listings (Arguments: $parent, $numChildren)
* @return string
*/
public function getChildrenAsUL(
$attributes = "",
$titleEval = '"<li>" . $child->Title',
$extraArg = null,
$limitToMarked = false,
$childrenMethod = "AllChildrenIncludingDeleted",
$numChildrenMethod = "numChildren",
$rootCall = true,
$nodeCountThreshold = null,
$nodeCountCallback = null
) {
if (!is_numeric($nodeCountThreshold)) {
$nodeCountThreshold = Config::inst()->get(__CLASS__, 'node_threshold_total');
}
/**
* Returns the children of this DataObject as an XHTML UL. This will be called recursively on each child, so if they
* have children they will be displayed as a UL inside a LI.
*
* @param string $attributes Attributes to add to the UL
* @param string|callable $titleEval PHP code to evaluate to start each child - this should include '<li>'
* @param string $extraArg Extra arguments that will be passed on to children, for if they overload this function
* @param bool $limitToMarked Display only marked children
* @param string $childrenMethod The name of the method used to get children from each object
* @param string $numChildrenMethod
* @param bool $rootCall Set to true for this first call, and then to false for calls inside the recursion.
* You should not change this.
* @param int $nodeCountThreshold See {@link self::$node_threshold_total}
* @param callable $nodeCountCallback Called with the node count, which gives the callback an opportunity to
* intercept the query. Useful e.g. to avoid excessive children listings (Arguments: $parent, $numChildren)
* @return string
*/
public function getChildrenAsUL(
$attributes = "",
$titleEval = '"<li>" . $child->Title',
$extraArg = null,
$limitToMarked = false,
$childrenMethod = "AllChildrenIncludingDeleted",
$numChildrenMethod = "numChildren",
$rootCall = true,
$nodeCountThreshold = null,
$nodeCountCallback = null
) {
if(!is_numeric($nodeCountThreshold)) {
$nodeCountThreshold = Config::inst()->get(__CLASS__, 'node_threshold_total');
}
if ($limitToMarked && $rootCall) {
$this->markingFinished($numChildrenMethod);
}
if($limitToMarked && $rootCall) {
$this->markingFinished($numChildrenMethod);
}
if ($nodeCountCallback) {
$nodeCountWarning = $nodeCountCallback($this->owner, $this->owner->$numChildrenMethod());
if($nodeCountCallback) {
$nodeCountWarning = $nodeCountCallback($this->owner, $this->owner->$numChildrenMethod());
if ($nodeCountWarning) {
return $nodeCountWarning;
}
}
}
if ($this->owner->hasMethod($childrenMethod)) {
$children = $this->owner->$childrenMethod($extraArg);
} else {
$children = null;
if($this->owner->hasMethod($childrenMethod)) {
$children = $this->owner->$childrenMethod($extraArg);
} else {
$children = null;
user_error(sprintf(
"Can't find the method '%s' on class '%s' for getting tree children",
$childrenMethod,
get_class($this->owner)
), E_USER_ERROR);
}
}
$output = null;
if ($children) {
if ($attributes) {
$attributes = " $attributes";
}
$output = null;
if($children) {
if($attributes) {
$attributes = " $attributes";
}
$output = "<ul$attributes>\n";
$output = "<ul$attributes>\n";
foreach ($children as $child) {
if (!$limitToMarked || $child->isMarked()) {
$foundAChild = true;
if (is_callable($titleEval)) {
$output .= $titleEval($child, $numChildrenMethod);
} else {
$output .= eval("return $titleEval;");
}
$output .= "\n";
foreach($children as $child) {
if(!$limitToMarked || $child->isMarked()) {
$foundAChild = true;
if(is_callable($titleEval)) {
$output .= $titleEval($child, $numChildrenMethod);
} else {
$output .= eval("return $titleEval;");
}
$output .= "\n";
$numChildren = $child->$numChildrenMethod();
$numChildren = $child->$numChildrenMethod();
if (// Always traverse into opened nodes (they might be exposed as parents of search results)
$child->isExpanded()
// Only traverse into children if we haven't reached the maximum node count already.
// Otherwise, the remaining nodes are lazy loaded via ajax.
&& $child->isMarked()
) {
// Additionally check if node count requirements are met
$nodeCountWarning = $nodeCountCallback ? $nodeCountCallback($child, $numChildren) : null;
if ($nodeCountWarning) {
$output .= $nodeCountWarning;
$child->markClosed();
} else {
$child->isExpanded()
// Only traverse into children if we haven't reached the maximum node count already.
// Otherwise, the remaining nodes are lazy loaded via ajax.
&& $child->isMarked()
) {
// Additionally check if node count requirements are met
$nodeCountWarning = $nodeCountCallback ? $nodeCountCallback($child, $numChildren) : null;
if($nodeCountWarning) {
$output .= $nodeCountWarning;
$child->markClosed();
} else {
$output .= $child->getChildrenAsUL(
"",
$titleEval,
@ -227,770 +228,770 @@ class Hierarchy extends DataExtension
false,
$nodeCountThreshold
);
}
} elseif ($child->isTreeOpened()) {
// Since we're not loading children, don't mark it as open either
$child->markClosed();
}
$output .= "</li>\n";
}
}
}
} elseif($child->isTreeOpened()) {
// Since we're not loading children, don't mark it as open either
$child->markClosed();
}
$output .= "</li>\n";
}
}
$output .= "</ul>\n";
}
$output .= "</ul>\n";
}
if (isset($foundAChild) && $foundAChild) {
return $output;
}
return null;
}
if(isset($foundAChild) && $foundAChild) {
return $output;
}
return null;
}
/**
* Mark a segment of the tree, by calling mark().
*
* The method performs a breadth-first traversal until the number of nodes is more than minCount. This is used to
* get a limited number of tree nodes to show in the CMS initially.
*
* This method returns the number of nodes marked. After this method is called other methods can check
* {@link isExpanded()} and {@link isMarked()} on individual nodes.
*
* @param int $nodeCountThreshold See {@link getChildrenAsUL()}
* @param mixed $context
* @param string $childrenMethod
* @param string $numChildrenMethod
* @return int The actual number of nodes marked.
*/
public function markPartialTree(
$nodeCountThreshold = 30,
$context = null,
$childrenMethod = "AllChildrenIncludingDeleted",
$numChildrenMethod = "numChildren"
) {
/**
* Mark a segment of the tree, by calling mark().
*
* The method performs a breadth-first traversal until the number of nodes is more than minCount. This is used to
* get a limited number of tree nodes to show in the CMS initially.
*
* This method returns the number of nodes marked. After this method is called other methods can check
* {@link isExpanded()} and {@link isMarked()} on individual nodes.
*
* @param int $nodeCountThreshold See {@link getChildrenAsUL()}
* @param mixed $context
* @param string $childrenMethod
* @param string $numChildrenMethod
* @return int The actual number of nodes marked.
*/
public function markPartialTree(
$nodeCountThreshold = 30,
$context = null,
$childrenMethod = "AllChildrenIncludingDeleted",
$numChildrenMethod = "numChildren"
) {
if (!is_numeric($nodeCountThreshold)) {
$nodeCountThreshold = 30;
}
$this->markedNodes = array($this->owner->ID => $this->owner);
$this->owner->markUnexpanded();
$this->markedNodes = array($this->owner->ID => $this->owner);
$this->owner->markUnexpanded();
// foreach can't handle an ever-growing $nodes list
while (list($id, $node) = each($this->markedNodes)) {
$children = $this->markChildren($node, $context, $childrenMethod, $numChildrenMethod);
if ($nodeCountThreshold && sizeof($this->markedNodes) > $nodeCountThreshold) {
// Undo marking children as opened since they're lazy loaded
// foreach can't handle an ever-growing $nodes list
while(list($id, $node) = each($this->markedNodes)) {
$children = $this->markChildren($node, $context, $childrenMethod, $numChildrenMethod);
if($nodeCountThreshold && sizeof($this->markedNodes) > $nodeCountThreshold) {
// Undo marking children as opened since they're lazy loaded
if ($children) {
foreach ($children as $child) {
$child->markClosed();
}
}
break;
}
}
return sizeof($this->markedNodes);
}
break;
}
}
return sizeof($this->markedNodes);
}
/**
* Filter the marking to only those object with $node->$parameterName == $parameterValue
*
* @param string $parameterName The parameter on each node to check when marking.
* @param mixed $parameterValue The value the parameter must be to be marked.
*/
/**
* Filter the marking to only those object with $node->$parameterName == $parameterValue
*
* @param string $parameterName The parameter on each node to check when marking.
* @param mixed $parameterValue The value the parameter must be to be marked.
*/
public function setMarkingFilter($parameterName, $parameterValue)
{
$this->markingFilter = array(
"parameter" => $parameterName,
"value" => $parameterValue
);
}
$this->markingFilter = array(
"parameter" => $parameterName,
"value" => $parameterValue
);
}
/**
* Filter the marking to only those where the function returns true. The node in question will be passed to the
* function.
*
* @param string $funcName The name of the function to call
*/
/**
* Filter the marking to only those where the function returns true. The node in question will be passed to the
* function.
*
* @param string $funcName The name of the function to call
*/
public function setMarkingFilterFunction($funcName)
{
$this->markingFilter = array(
"func" => $funcName,
);
}
$this->markingFilter = array(
"func" => $funcName,
);
}
/**
* Returns true if the marking filter matches on the given node.
*
* @param DataObject $node Node to check
* @return bool
*/
/**
* Returns true if the marking filter matches on the given node.
*
* @param DataObject $node Node to check
* @return bool
*/
public function markingFilterMatches($node)
{
if (!$this->markingFilter) {
return true;
}
if(!$this->markingFilter) {
return true;
}
if (isset($this->markingFilter['parameter']) && $parameterName = $this->markingFilter['parameter']) {
if (is_array($this->markingFilter['value'])) {
$ret = false;
foreach ($this->markingFilter['value'] as $value) {
$ret = $ret||$node->$parameterName==$value;
if ($ret == true) {
break;
}
}
return $ret;
} else {
return ($node->$parameterName == $this->markingFilter['value']);
}
} elseif ($func = $this->markingFilter['func']) {
return call_user_func($func, $node);
}
}
if(isset($this->markingFilter['parameter']) && $parameterName = $this->markingFilter['parameter']) {
if(is_array($this->markingFilter['value'])){
$ret = false;
foreach($this->markingFilter['value'] as $value) {
$ret = $ret||$node->$parameterName==$value;
if($ret == true) {
break;
}
}
return $ret;
} else {
return ($node->$parameterName == $this->markingFilter['value']);
}
} else if ($func = $this->markingFilter['func']) {
return call_user_func($func, $node);
}
}
/**
* Mark all children of the given node that match the marking filter.
*
* @param DataObject $node Parent node
* @param mixed $context
* @param string $childrenMethod The name of the instance method to call to get the object's list of children
* @param string $numChildrenMethod The name of the instance method to call to count the object's children
* @return DataList
*/
public function markChildren(
$node,
$context = null,
$childrenMethod = "AllChildrenIncludingDeleted",
$numChildrenMethod = "numChildren"
) {
if ($node->hasMethod($childrenMethod)) {
$children = $node->$childrenMethod($context);
} else {
$children = null;
/**
* Mark all children of the given node that match the marking filter.
*
* @param DataObject $node Parent node
* @param mixed $context
* @param string $childrenMethod The name of the instance method to call to get the object's list of children
* @param string $numChildrenMethod The name of the instance method to call to count the object's children
* @return DataList
*/
public function markChildren(
$node,
$context = null,
$childrenMethod = "AllChildrenIncludingDeleted",
$numChildrenMethod = "numChildren"
) {
if($node->hasMethod($childrenMethod)) {
$children = $node->$childrenMethod($context);
} else {
$children = null;
user_error(sprintf(
"Can't find the method '%s' on class '%s' for getting tree children",
$childrenMethod,
get_class($node)
), E_USER_ERROR);
}
}
$node->markExpanded();
if ($children) {
foreach ($children as $child) {
$markingMatches = $this->markingFilterMatches($child);
if ($markingMatches) {
// Mark a child node as unexpanded if it has children and has not already been expanded
if ($child->$numChildrenMethod() && !$child->isExpanded()) {
$child->markUnexpanded();
} else {
$child->markExpanded();
}
$this->markedNodes[$child->ID] = $child;
}
}
}
$node->markExpanded();
if($children) {
foreach($children as $child) {
$markingMatches = $this->markingFilterMatches($child);
if($markingMatches) {
// Mark a child node as unexpanded if it has children and has not already been expanded
if($child->$numChildrenMethod() && !$child->isExpanded()) {
$child->markUnexpanded();
} else {
$child->markExpanded();
}
$this->markedNodes[$child->ID] = $child;
}
}
}
return $children;
}
return $children;
}
/**
* Ensure marked nodes that have children are also marked expanded. Call this after marking but before iterating
* over the tree.
*
* @param string $numChildrenMethod The name of the instance method to call to count the object's children
*/
/**
* Ensure marked nodes that have children are also marked expanded. Call this after marking but before iterating
* over the tree.
*
* @param string $numChildrenMethod The name of the instance method to call to count the object's children
*/
protected function markingFinished($numChildrenMethod = "numChildren")
{
// Mark childless nodes as expanded.
if ($this->markedNodes) {
foreach ($this->markedNodes as $id => $node) {
if (!$node->isExpanded() && !$node->$numChildrenMethod()) {
$node->markExpanded();
}
}
}
}
// Mark childless nodes as expanded.
if($this->markedNodes) {
foreach($this->markedNodes as $id => $node) {
if(!$node->isExpanded() && !$node->$numChildrenMethod()) {
$node->markExpanded();
}
}
}
}
/**
* Return CSS classes of 'unexpanded', 'closed', both, or neither, as well as a 'jstree-*' state depending on the
* marking of this DataObject.
*
* @param string $numChildrenMethod The name of the instance method to call to count the object's children
* @return string
*/
/**
* Return CSS classes of 'unexpanded', 'closed', both, or neither, as well as a 'jstree-*' state depending on the
* marking of this DataObject.
*
* @param string $numChildrenMethod The name of the instance method to call to count the object's children
* @return string
*/
public function markingClasses($numChildrenMethod = "numChildren")
{
$classes = '';
if (!$this->isExpanded()) {
$classes .= " unexpanded";
}
$classes = '';
if(!$this->isExpanded()) {
$classes .= " unexpanded";
}
// Set jstree open state, or mark it as a leaf (closed) if there are no children
if (!$this->owner->$numChildrenMethod()) {
$classes .= " jstree-leaf closed";
} elseif ($this->isTreeOpened()) {
$classes .= " jstree-open";
} else {
$classes .= " jstree-closed closed";
}
return $classes;
}
// Set jstree open state, or mark it as a leaf (closed) if there are no children
if(!$this->owner->$numChildrenMethod()) {
$classes .= " jstree-leaf closed";
} elseif($this->isTreeOpened()) {
$classes .= " jstree-open";
} else {
$classes .= " jstree-closed closed";
}
return $classes;
}
/**
* Mark the children of the DataObject with the given ID.
*
* @param int $id ID of parent node
* @param bool $open If this is true, mark the parent node as opened
* @return bool
*/
/**
* Mark the children of the DataObject with the given ID.
*
* @param int $id ID of parent node
* @param bool $open If this is true, mark the parent node as opened
* @return bool
*/
public function markById($id, $open = false)
{
if (isset($this->markedNodes[$id])) {
$this->markChildren($this->markedNodes[$id]);
if ($open) {
$this->markedNodes[$id]->markOpened();
}
return true;
} else {
return false;
}
}
if(isset($this->markedNodes[$id])) {
$this->markChildren($this->markedNodes[$id]);
if($open) {
$this->markedNodes[$id]->markOpened();
}
return true;
} else {
return false;
}
}
/**
* Expose the given object in the tree, by marking this page and all it ancestors.
*
* @param DataObject $childObj
*/
/**
* Expose the given object in the tree, by marking this page and all it ancestors.
*
* @param DataObject $childObj
*/
public function markToExpose($childObj)
{
if (is_object($childObj)) {
$stack = array_reverse($childObj->parentStack());
foreach ($stack as $stackItem) {
$this->markById($stackItem->ID, true);
}
}
}
if(is_object($childObj)){
$stack = array_reverse($childObj->parentStack());
foreach($stack as $stackItem) {
$this->markById($stackItem->ID, true);
}
}
}
/**
* Return the IDs of all the marked nodes.
*
* @return array
*/
/**
* Return the IDs of all the marked nodes.
*
* @return array
*/
public function markedNodeIDs()
{
return array_keys($this->markedNodes);
}
return array_keys($this->markedNodes);
}
/**
* Return an array of this page and its ancestors, ordered item -> root.
*
* @return SiteTree[]
*/
/**
* Return an array of this page and its ancestors, ordered item -> root.
*
* @return SiteTree[]
*/
public function parentStack()
{
$p = $this->owner;
$p = $this->owner;
while ($p) {
$stack[] = $p;
$p = $p->ParentID ? $p->Parent() : null;
}
while($p) {
$stack[] = $p;
$p = $p->ParentID ? $p->Parent() : null;
}
return $stack;
}
return $stack;
}
/**
* Cache of DataObjects' marked statuses: [ClassName][ID] = bool
* @var array
*/
protected static $marked = array();
/**
* Cache of DataObjects' marked statuses: [ClassName][ID] = bool
* @var array
*/
protected static $marked = array();
/**
* Cache of DataObjects' expanded statuses: [ClassName][ID] = bool
* @var array
*/
protected static $expanded = array();
/**
* Cache of DataObjects' expanded statuses: [ClassName][ID] = bool
* @var array
*/
protected static $expanded = array();
/**
* Cache of DataObjects' opened statuses: [ClassName][ID] = bool
* @var array
*/
protected static $treeOpened = array();
/**
* Cache of DataObjects' opened statuses: [ClassName][ID] = bool
* @var array
*/
protected static $treeOpened = array();
/**
* Mark this DataObject as expanded.
*/
/**
* Mark this DataObject as expanded.
*/
public function markExpanded()
{
self::$marked[$this->owner->baseClass()][$this->owner->ID] = true;
self::$expanded[$this->owner->baseClass()][$this->owner->ID] = true;
}
self::$marked[$this->owner->baseClass()][$this->owner->ID] = true;
self::$expanded[$this->owner->baseClass()][$this->owner->ID] = true;
}
/**
* Mark this DataObject as unexpanded.
*/
/**
* Mark this DataObject as unexpanded.
*/
public function markUnexpanded()
{
self::$marked[$this->owner->baseClass()][$this->owner->ID] = true;
self::$expanded[$this->owner->baseClass()][$this->owner->ID] = false;
}
self::$marked[$this->owner->baseClass()][$this->owner->ID] = true;
self::$expanded[$this->owner->baseClass()][$this->owner->ID] = false;
}
/**
* Mark this DataObject's tree as opened.
*/
/**
* Mark this DataObject's tree as opened.
*/
public function markOpened()
{
self::$marked[$this->owner->baseClass()][$this->owner->ID] = true;
self::$treeOpened[$this->owner->baseClass()][$this->owner->ID] = true;
}
self::$marked[$this->owner->baseClass()][$this->owner->ID] = true;
self::$treeOpened[$this->owner->baseClass()][$this->owner->ID] = true;
}
/**
* Mark this DataObject's tree as closed.
*/
/**
* Mark this DataObject's tree as closed.
*/
public function markClosed()
{
if (isset(self::$treeOpened[$this->owner->baseClass()][$this->owner->ID])) {
unset(self::$treeOpened[$this->owner->baseClass()][$this->owner->ID]);
}
}
if(isset(self::$treeOpened[$this->owner->baseClass()][$this->owner->ID])) {
unset(self::$treeOpened[$this->owner->baseClass()][$this->owner->ID]);
}
}
/**
* Check if this DataObject is marked.
*
* @return bool
*/
/**
* Check if this DataObject is marked.
*
* @return bool
*/
public function isMarked()
{
$baseClass = $this->owner->baseClass();
$id = $this->owner->ID;
return isset(self::$marked[$baseClass][$id]) ? self::$marked[$baseClass][$id] : false;
}
$baseClass = $this->owner->baseClass();
$id = $this->owner->ID;
return isset(self::$marked[$baseClass][$id]) ? self::$marked[$baseClass][$id] : false;
}
/**
* Check if this DataObject is expanded.
*
* @return bool
*/
/**
* Check if this DataObject is expanded.
*
* @return bool
*/
public function isExpanded()
{
$baseClass = $this->owner->baseClass();
$id = $this->owner->ID;
return isset(self::$expanded[$baseClass][$id]) ? self::$expanded[$baseClass][$id] : false;
}
$baseClass = $this->owner->baseClass();
$id = $this->owner->ID;
return isset(self::$expanded[$baseClass][$id]) ? self::$expanded[$baseClass][$id] : false;
}
/**
* Check if this DataObject's tree is opened.
*
* @return bool
*/
/**
* Check if this DataObject's tree is opened.
*
* @return bool
*/
public function isTreeOpened()
{
$baseClass = $this->owner->baseClass();
$id = $this->owner->ID;
return isset(self::$treeOpened[$baseClass][$id]) ? self::$treeOpened[$baseClass][$id] : false;
}
$baseClass = $this->owner->baseClass();
$id = $this->owner->ID;
return isset(self::$treeOpened[$baseClass][$id]) ? self::$treeOpened[$baseClass][$id] : false;
}
/**
* Get a list of this DataObject's and all it's descendants IDs.
*
* @return int[]
*/
/**
* Get a list of this DataObject's and all it's descendants IDs.
*
* @return int[]
*/
public function getDescendantIDList()
{
$idList = array();
$this->loadDescendantIDListInto($idList);
return $idList;
}
$idList = array();
$this->loadDescendantIDListInto($idList);
return $idList;
}
/**
* Get a list of this DataObject's and all it's descendants ID, and put them in $idList.
*
* @param array $idList Array to put results in.
*/
/**
* Get a list of this DataObject's and all it's descendants ID, and put them in $idList.
*
* @param array $idList Array to put results in.
*/
public function loadDescendantIDListInto(&$idList)
{
if ($children = $this->AllChildren()) {
foreach ($children as $child) {
if (in_array($child->ID, $idList)) {
continue;
}
$idList[] = $child->ID;
/** @var Hierarchy $ext */
$ext = $child->getExtensionInstance('SilverStripe\ORM\Hierarchy\Hierarchy');
$ext->setOwner($child);
$ext->loadDescendantIDListInto($idList);
$ext->clearOwner();
}
}
}
if($children = $this->AllChildren()) {
foreach($children as $child) {
if(in_array($child->ID, $idList)) {
continue;
}
$idList[] = $child->ID;
/** @var Hierarchy $ext */
$ext = $child->getExtensionInstance('SilverStripe\ORM\Hierarchy\Hierarchy');
$ext->setOwner($child);
$ext->loadDescendantIDListInto($idList);
$ext->clearOwner();
}
}
}
/**
* Get the children for this DataObject.
*
* @return DataList
*/
/**
* Get the children for this DataObject.
*
* @return DataList
*/
public function Children()
{
if (!(isset($this->_cache_children) && $this->_cache_children)) {
$result = $this->owner->stageChildren(false);
$children = array();
foreach ($result as $record) {
if ($record->canView()) {
$children[] = $record;
}
}
$this->_cache_children = new ArrayList($children);
}
return $this->_cache_children;
}
if(!(isset($this->_cache_children) && $this->_cache_children)) {
$result = $this->owner->stageChildren(false);
$children = array();
foreach ($result as $record) {
if ($record->canView()) {
$children[] = $record;
}
}
$this->_cache_children = new ArrayList($children);
}
return $this->_cache_children;
}
/**
* Return all children, including those 'not in menus'.
*
* @return DataList
*/
/**
* Return all children, including those 'not in menus'.
*
* @return DataList
*/
public function AllChildren()
{
return $this->owner->stageChildren(true);
}
return $this->owner->stageChildren(true);
}
/**
* Return all children, including those that have been deleted but are still in live.
* - Deleted children will be marked as "DeletedFromStage"
* - Added children will be marked as "AddedToStage"
* - Modified children will be marked as "ModifiedOnStage"
* - Everything else has "SameOnStage" set, as an indicator that this information has been looked up.
*
* @param mixed $context
* @return ArrayList
*/
/**
* Return all children, including those that have been deleted but are still in live.
* - Deleted children will be marked as "DeletedFromStage"
* - Added children will be marked as "AddedToStage"
* - Modified children will be marked as "ModifiedOnStage"
* - Everything else has "SameOnStage" set, as an indicator that this information has been looked up.
*
* @param mixed $context
* @return ArrayList
*/
public function AllChildrenIncludingDeleted($context = null)
{
return $this->doAllChildrenIncludingDeleted($context);
}
return $this->doAllChildrenIncludingDeleted($context);
}
/**
* @see AllChildrenIncludingDeleted
*
* @param mixed $context
* @return ArrayList
*/
/**
* @see AllChildrenIncludingDeleted
*
* @param mixed $context
* @return ArrayList
*/
public function doAllChildrenIncludingDeleted($context = null)
{
if (!$this->owner) {
user_error('Hierarchy::doAllChildrenIncludingDeleted() called without $this->owner');
}
$baseClass = $this->owner->baseClass();
if ($baseClass) {
$stageChildren = $this->owner->stageChildren(true);
$baseClass = $this->owner->baseClass();
if($baseClass) {
$stageChildren = $this->owner->stageChildren(true);
// Add live site content that doesn't exist on the stage site, if required.
if ($this->owner->hasExtension('SilverStripe\ORM\Versioning\Versioned')) {
// Next, go through the live children. Only some of these will be listed
$liveChildren = $this->owner->liveChildren(true, true);
if ($liveChildren) {
$merged = new ArrayList();
$merged->merge($stageChildren);
$merged->merge($liveChildren);
$stageChildren = $merged;
}
}
// Add live site content that doesn't exist on the stage site, if required.
if($this->owner->hasExtension('SilverStripe\ORM\Versioning\Versioned')) {
// Next, go through the live children. Only some of these will be listed
$liveChildren = $this->owner->liveChildren(true, true);
if($liveChildren) {
$merged = new ArrayList();
$merged->merge($stageChildren);
$merged->merge($liveChildren);
$stageChildren = $merged;
}
}
$this->owner->extend("augmentAllChildrenIncludingDeleted", $stageChildren, $context);
} else {
$this->owner->extend("augmentAllChildrenIncludingDeleted", $stageChildren, $context);
} else {
user_error(
"Hierarchy::AllChildren() Couldn't determine base class for '{$this->owner->class}'",
E_USER_ERROR
);
}
}
return $stageChildren;
}
return $stageChildren;
}
/**
* Return all the children that this page had, including pages that were deleted from both stage & live.
*
* @return DataList
* @throws Exception
*/
/**
* Return all the children that this page had, including pages that were deleted from both stage & live.
*
* @return DataList
* @throws Exception
*/
public function AllHistoricalChildren()
{
if (!$this->owner->hasExtension('SilverStripe\ORM\Versioning\Versioned')) {
throw new Exception('Hierarchy->AllHistoricalChildren() only works with Versioned extension applied');
}
if(!$this->owner->hasExtension('SilverStripe\ORM\Versioning\Versioned')) {
throw new Exception('Hierarchy->AllHistoricalChildren() only works with Versioned extension applied');
}
$baseTable = $this->owner->baseTable();
$parentIDColumn = $this->owner->getSchema()->sqlColumnForField($this->owner, 'ParentID');
return Versioned::get_including_deleted(
$this->owner->baseClass(),
[ $parentIDColumn => $this->owner->ID ],
"\"{$baseTable}\".\"ID\" ASC"
);
}
$baseTable = $this->owner->baseTable();
$parentIDColumn = $this->owner->getSchema()->sqlColumnForField($this->owner, 'ParentID');
return Versioned::get_including_deleted(
$this->owner->baseClass(),
[ $parentIDColumn => $this->owner->ID ],
"\"{$baseTable}\".\"ID\" ASC"
);
}
/**
* Return the number of children that this page ever had, including pages that were deleted.
*
* @return int
* @throws Exception
*/
/**
* Return the number of children that this page ever had, including pages that were deleted.
*
* @return int
* @throws Exception
*/
public function numHistoricalChildren()
{
if (!$this->owner->hasExtension('SilverStripe\ORM\Versioning\Versioned')) {
throw new Exception('Hierarchy->AllHistoricalChildren() only works with Versioned extension applied');
}
if(!$this->owner->hasExtension('SilverStripe\ORM\Versioning\Versioned')) {
throw new Exception('Hierarchy->AllHistoricalChildren() only works with Versioned extension applied');
}
return $this->AllHistoricalChildren()->count();
}
return $this->AllHistoricalChildren()->count();
}
/**
* Return the number of direct children. By default, values are cached after the first invocation. Can be
* augumented by {@link augmentNumChildrenCountQuery()}.
*
* @param bool $cache Whether to retrieve values from cache
* @return int
*/
/**
* Return the number of direct children. By default, values are cached after the first invocation. Can be
* augumented by {@link augmentNumChildrenCountQuery()}.
*
* @param bool $cache Whether to retrieve values from cache
* @return int
*/
public function numChildren($cache = true)
{
// Build the cache for this class if it doesn't exist.
if (!$cache || !is_numeric($this->_cache_numChildren)) {
// Hey, this is efficient now!
// We call stageChildren(), because Children() has canView() filtering
$this->_cache_numChildren = (int)$this->owner->stageChildren(true)->Count();
}
// Build the cache for this class if it doesn't exist.
if(!$cache || !is_numeric($this->_cache_numChildren)) {
// Hey, this is efficient now!
// We call stageChildren(), because Children() has canView() filtering
$this->_cache_numChildren = (int)$this->owner->stageChildren(true)->Count();
}
// If theres no value in the cache, it just means that it doesn't have any children.
return $this->_cache_numChildren;
}
// If theres no value in the cache, it just means that it doesn't have any children.
return $this->_cache_numChildren;
}
/**
* Checks if we're on a controller where we should filter. ie. Are we loading the SiteTree?
*
* @return bool
*/
/**
* Checks if we're on a controller where we should filter. ie. Are we loading the SiteTree?
*
* @return bool
*/
public function showingCMSTree()
{
if (!Controller::has_curr()) {
return false;
}
$controller = Controller::curr();
return $controller instanceof LeftAndMain
&& in_array($controller->getAction(), array("treeview", "listview", "getsubtree"));
}
$controller = Controller::curr();
return $controller instanceof LeftAndMain
&& in_array($controller->getAction(), array("treeview", "listview", "getsubtree"));
}
/**
* Return children in the stage site.
*
* @param bool $showAll Include all of the elements, even those not shown in the menus. Only applicable when
* extension is applied to {@link SiteTree}.
* @return DataList
*/
/**
* Return children in the stage site.
*
* @param bool $showAll Include all of the elements, even those not shown in the menus. Only applicable when
* extension is applied to {@link SiteTree}.
* @return DataList
*/
public function stageChildren($showAll = false)
{
$baseClass = $this->owner->baseClass();
$hide_from_hierarchy = $this->owner->config()->hide_from_hierarchy;
$hide_from_cms_tree = $this->owner->config()->hide_from_cms_tree;
$staged = $baseClass::get()
->filter('ParentID', (int)$this->owner->ID)
->exclude('ID', (int)$this->owner->ID);
if ($hide_from_hierarchy) {
$staged = $staged->exclude('ClassName', $hide_from_hierarchy);
}
if ($hide_from_cms_tree && $this->showingCMSTree()) {
$staged = $staged->exclude('ClassName', $hide_from_cms_tree);
}
if (!$showAll && DataObject::getSchema()->fieldSpec($this->owner, 'ShowInMenus')) {
$staged = $staged->filter('ShowInMenus', 1);
}
$this->owner->extend("augmentStageChildren", $staged, $showAll);
return $staged;
}
$baseClass = $this->owner->baseClass();
$hide_from_hierarchy = $this->owner->config()->hide_from_hierarchy;
$hide_from_cms_tree = $this->owner->config()->hide_from_cms_tree;
$staged = $baseClass::get()
->filter('ParentID', (int)$this->owner->ID)
->exclude('ID', (int)$this->owner->ID);
if ($hide_from_hierarchy) {
$staged = $staged->exclude('ClassName', $hide_from_hierarchy);
}
if ($hide_from_cms_tree && $this->showingCMSTree()) {
$staged = $staged->exclude('ClassName', $hide_from_cms_tree);
}
if (!$showAll && DataObject::getSchema()->fieldSpec($this->owner, 'ShowInMenus')) {
$staged = $staged->filter('ShowInMenus', 1);
}
$this->owner->extend("augmentStageChildren", $staged, $showAll);
return $staged;
}
/**
* Return children in the live site, if it exists.
*
* @param bool $showAll Include all of the elements, even those not shown in the menus. Only
* applicable when extension is applied to {@link SiteTree}.
* @param bool $onlyDeletedFromStage Only return items that have been deleted from stage
* @return DataList
* @throws Exception
*/
/**
* Return children in the live site, if it exists.
*
* @param bool $showAll Include all of the elements, even those not shown in the menus. Only
* applicable when extension is applied to {@link SiteTree}.
* @param bool $onlyDeletedFromStage Only return items that have been deleted from stage
* @return DataList
* @throws Exception
*/
public function liveChildren($showAll = false, $onlyDeletedFromStage = false)
{
if (!$this->owner->hasExtension(Versioned::class)) {
throw new Exception('Hierarchy->liveChildren() only works with Versioned extension applied');
}
if(!$this->owner->hasExtension(Versioned::class)) {
throw new Exception('Hierarchy->liveChildren() only works with Versioned extension applied');
}
$baseClass = $this->owner->baseClass();
$hide_from_hierarchy = $this->owner->config()->hide_from_hierarchy;
$hide_from_cms_tree = $this->owner->config()->hide_from_cms_tree;
$children = $baseClass::get()
->filter('ParentID', (int)$this->owner->ID)
->exclude('ID', (int)$this->owner->ID)
->setDataQueryParam(array(
'Versioned.mode' => $onlyDeletedFromStage ? 'stage_unique' : 'stage',
'Versioned.stage' => 'Live'
));
if ($hide_from_hierarchy) {
$children = $children->exclude('ClassName', $hide_from_hierarchy);
}
if ($hide_from_cms_tree && $this->showingCMSTree()) {
$children = $children->exclude('ClassName', $hide_from_cms_tree);
}
if (!$showAll && DataObject::getSchema()->fieldSpec($this->owner, 'ShowInMenus')) {
$children = $children->filter('ShowInMenus', 1);
}
$baseClass = $this->owner->baseClass();
$hide_from_hierarchy = $this->owner->config()->hide_from_hierarchy;
$hide_from_cms_tree = $this->owner->config()->hide_from_cms_tree;
$children = $baseClass::get()
->filter('ParentID', (int)$this->owner->ID)
->exclude('ID', (int)$this->owner->ID)
->setDataQueryParam(array(
'Versioned.mode' => $onlyDeletedFromStage ? 'stage_unique' : 'stage',
'Versioned.stage' => 'Live'
));
if ($hide_from_hierarchy) {
$children = $children->exclude('ClassName', $hide_from_hierarchy);
}
if ($hide_from_cms_tree && $this->showingCMSTree()) {
$children = $children->exclude('ClassName', $hide_from_cms_tree);
}
if(!$showAll && DataObject::getSchema()->fieldSpec($this->owner, 'ShowInMenus')) {
$children = $children->filter('ShowInMenus', 1);
}
return $children;
}
return $children;
}
/**
* Get this object's parent, optionally filtered by an SQL clause. If the clause doesn't match the parent, nothing
* is returned.
*
* @param string $filter
* @return DataObject
*/
/**
* Get this object's parent, optionally filtered by an SQL clause. If the clause doesn't match the parent, nothing
* is returned.
*
* @param string $filter
* @return DataObject
*/
public function getParent($filter = null)
{
$parentID = $this->owner->ParentID;
if (empty($parentID)) {
return null;
}
$idSQL = $this->owner->getSchema()->sqlColumnForField($this->owner, 'ID');
return DataObject::get_one($this->owner->class, array(
array($idSQL => $parentID),
$filter
));
}
$parentID = $this->owner->ParentID;
if(empty($parentID)) {
return null;
}
$idSQL = $this->owner->getSchema()->sqlColumnForField($this->owner, 'ID');
return DataObject::get_one($this->owner->class, array(
array($idSQL => $parentID),
$filter
));
}
/**
* Return all the parents of this class in a set ordered from the lowest to highest parent.
*
* @return ArrayList
*/
/**
* Return all the parents of this class in a set ordered from the lowest to highest parent.
*
* @return ArrayList
*/
public function getAncestors()
{
$ancestors = new ArrayList();
$object = $this->owner;
$ancestors = new ArrayList();
$object = $this->owner;
while ($object = $object->getParent()) {
$ancestors->push($object);
}
while($object = $object->getParent()) {
$ancestors->push($object);
}
return $ancestors;
}
return $ancestors;
}
/**
* Returns a human-readable, flattened representation of the path to the object, using its {@link Title} attribute.
*
* @param string $separator
* @return string
*/
/**
* Returns a human-readable, flattened representation of the path to the object, using its {@link Title} attribute.
*
* @param string $separator
* @return string
*/
public function getBreadcrumbs($separator = ' &raquo; ')
{
$crumbs = array();
$ancestors = array_reverse($this->owner->getAncestors()->toArray());
$crumbs = array();
$ancestors = array_reverse($this->owner->getAncestors()->toArray());
foreach ($ancestors as $ancestor) {
$crumbs[] = $ancestor->Title;
}
$crumbs[] = $this->owner->Title;
return implode($separator, $crumbs);
}
$crumbs[] = $this->owner->Title;
return implode($separator, $crumbs);
}
/**
* Get the next node in the tree of the type. If there is no instance of the className descended from this node,
* then search the parents.
*
* @todo Write!
*
* @param string $className Class name of the node to find
* @param DataObject $afterNode Used for recursive calls to this function
* @return DataObject
*/
/**
* Get the next node in the tree of the type. If there is no instance of the className descended from this node,
* then search the parents.
*
* @todo Write!
*
* @param string $className Class name of the node to find
* @param DataObject $afterNode Used for recursive calls to this function
* @return DataObject
*/
public function naturalPrev($className, $afterNode = null)
{
return null;
}
return null;
}
/**
* Get the next node in the tree of the type. If there is no instance of the className descended from this node,
* then search the parents.
* @param string $className Class name of the node to find.
* @param string|int $root ID/ClassName of the node to limit the search to
* @param DataObject $afterNode Used for recursive calls to this function
* @return DataObject
*/
/**
* Get the next node in the tree of the type. If there is no instance of the className descended from this node,
* then search the parents.
* @param string $className Class name of the node to find.
* @param string|int $root ID/ClassName of the node to limit the search to
* @param DataObject $afterNode Used for recursive calls to this function
* @return DataObject
*/
public function naturalNext($className = null, $root = 0, $afterNode = null)
{
// If this node is not the node we are searching from, then we can possibly return this node as a solution
if ($afterNode && $afterNode->ID != $this->owner->ID) {
if (!$className || ($className && $this->owner->class == $className)) {
return $this->owner;
}
}
// If this node is not the node we are searching from, then we can possibly return this node as a solution
if($afterNode && $afterNode->ID != $this->owner->ID) {
if(!$className || ($className && $this->owner->class == $className)) {
return $this->owner;
}
}
$nextNode = null;
$baseClass = $this->owner->baseClass();
$nextNode = null;
$baseClass = $this->owner->baseClass();
$children = $baseClass::get()
->filter('ParentID', (int)$this->owner->ID)
->sort('"Sort"', 'ASC');
if ($afterNode) {
$children = $children->filter('Sort:GreaterThan', $afterNode->Sort);
}
$children = $baseClass::get()
->filter('ParentID', (int)$this->owner->ID)
->sort('"Sort"', 'ASC');
if ($afterNode) {
$children = $children->filter('Sort:GreaterThan', $afterNode->Sort);
}
// Try all the siblings of this node after the given node
/*if( $siblings = DataObject::get( $this->owner->baseClass(),
// Try all the siblings of this node after the given node
/*if( $siblings = DataObject::get( $this->owner->baseClass(),
"\"ParentID\"={$this->owner->ParentID}" . ( $afterNode ) ? "\"Sort\"
> {$afterNode->Sort}" : "" , '\"Sort\" ASC' ) ) $searchNodes->merge( $siblings );*/
if ($children) {
foreach ($children as $node) {
if ($nextNode = $node->naturalNext($className, $node->ID, $this->owner)) {
break;
}
}
if($children) {
foreach($children as $node) {
if($nextNode = $node->naturalNext($className, $node->ID, $this->owner)) {
break;
}
}
if ($nextNode) {
return $nextNode;
}
}
if($nextNode) {
return $nextNode;
}
}
// if this is not an instance of the root class or has the root id, search the parent
if (!(is_numeric($root) && $root == $this->owner->ID || $root == $this->owner->class)
&& ($parent = $this->owner->Parent())) {
return $parent->naturalNext($className, $root, $this->owner);
}
// if this is not an instance of the root class or has the root id, search the parent
if(!(is_numeric($root) && $root == $this->owner->ID || $root == $this->owner->class)
&& ($parent = $this->owner->Parent())) {
return $parent->naturalNext( $className, $root, $this->owner );
}
return null;
}
return null;
}
/**
* Flush all Hierarchy caches:
* - Children (instance)
* - NumChildren (instance)
* - Marked (global)
* - Expanded (global)
* - TreeOpened (global)
*/
/**
* Flush all Hierarchy caches:
* - Children (instance)
* - NumChildren (instance)
* - Marked (global)
* - Expanded (global)
* - TreeOpened (global)
*/
public function flushCache()
{
$this->_cache_children = null;
$this->_cache_numChildren = null;
self::$marked = array();
self::$expanded = array();
self::$treeOpened = array();
}
$this->_cache_children = null;
$this->_cache_numChildren = null;
self::$marked = array();
self::$expanded = array();
self::$treeOpened = array();
}
/**
* Reset global Hierarchy caches:
* - Marked
* - Expanded
* - TreeOpened
*/
/**
* Reset global Hierarchy caches:
* - Marked
* - Expanded
* - TreeOpened
*/
public static function reset()
{
self::$marked = array();
self::$expanded = array();
self::$treeOpened = array();
}
self::$marked = array();
self::$expanded = array();
self::$treeOpened = array();
}
}

102
src/ORM/ValidationException.php
View File

@ -12,52 +12,72 @@ use Exception;
class ValidationException extends Exception
{
/**
* The contained ValidationResult related to this error
*
* @var ValidationResult
*/
protected $result;
/**
* The contained ValidationResult related to this error
*
* @var ValidationResult
*/
protected $result;
/**
* Construct a new ValidationException with an optional ValidationResult object
*
* @param ValidationResult|string $result The ValidationResult containing the
* failed result. Can be substituted with an error message instead if no
* ValidationResult exists.
* @param string|integer $message The error message. If $result was given the
* message string rather than a ValidationResult object then this will have
* the error code number.
* @param integer $code The error code number, if not given in the second parameter
*/
public function __construct($result = null, $message = null, $code = 0)
{
/**
* Construct a new ValidationException with an optional ValidationResult object
*
* @param ValidationResult|string $result The ValidationResult containing the
* failed result. Can be substituted with an error message instead if no
* ValidationResult exists.
* @param string|integer $message The error message. If $result was given the
* message string rather than a ValidationResult object then this will have
* the error code number.
* @param integer $code The error code number, if not given in the second parameter
*/
public function __construct($result = null, $code = 0, $dummy = null) {
$exceptionMessage = null;
// Check arguments
if (!($result instanceof ValidationResult)) {
// Shift parameters if no ValidationResult is given
$code = $message;
$message = $result;
// Backwards compatibiliy failover. The 2nd argument used to be $message, and $code the 3rd.
// For callers using that, we ditch the message
if(!is_numeric($code)) {
$exceptionMessage = $code;
if($dummy) $code = $dummy;
}
// Infer ValidationResult from parameters
$result = new ValidationResult(false, $message);
} elseif (empty($message)) {
// Infer message if not given
$message = $result->message();
}
if($result instanceof ValidationResult) {
$this->result = $result;
// Construct
$this->result = $result;
parent::__construct($message, $code);
}
} else if(is_string($result)) {
$this->result = ValidationResult::create()->addError($result);
/**
* Retrieves the ValidationResult related to this error
*
* @return ValidationResult
*/
} else if(!$result) {
$this->result = ValidationResult::create()->addError(_t("ValdiationExcetpion.DEFAULT_ERROR", "Validation error"));
} else {
throw new InvalidArgumentException(
"ValidationExceptions must be passed a ValdiationResult, a string, or nothing at all");
}
// Construct
parent::__construct($exceptionMessage ? $exceptionMessage : $this->result->message(), $code);
}
/**
* Create a ValidationException with a message for a single field-specific error message.
*
* @param string $field The field name
* @param string $message The error message
* @return ValidationException
*/
static function create_for_field($field, $message) {
$result = new ValidationResult;
$result->addFieldError($field, $message);
return new ValidationException($result);
}
/**
* Retrieves the ValidationResult related to this error
*
* @return ValidationResult
*/
public function getResult()
{
return $this->result;
}
return $this->result;
}
}

300
src/ORM/ValidationResult.php
View File

@ -10,121 +10,251 @@ use SilverStripe\Core\Object;
*/
class ValidationResult extends Object
{
/**
* @var bool - is the result valid or not
*/
protected $isValid;
/**
* @var bool - is the result valid or not
*/
protected $isValid = true;
/**
* @var array of errors
*/
protected $errorList = array();
/**
* @var array of errors
*/
protected $errorList = array();
/**
* Create a new ValidationResult.
* By default, it is a successful result. Call $this->error() to record errors.
* @param bool $valid
* @param string|null $message
*/
public function __construct($valid = true, $message = null)
{
$this->isValid = $valid;
/**
* Create a new ValidationResult.
* By default, it is a successful result. Call $this->error() to record errors.
*
* @param void $valid @deprecated
* @param void $message @deprecated
*/
public function __construct($valid = null, $message = null) {
if ($message !== null) {
Deprecation::notice('3.2', '$message parameter is deprecated please use addMessage or addError instead', false);
$this->addError($message);
}
if ($valid !== null) {
Deprecation::notice('3.2', '$valid parameter is deprecated please addError to mark the result as invalid', false);
$this->isValid = $valid;
if ($message) {
$this->errorList[] = $message;
}
parent::__construct();
}
parent::__construct();
}
/**
* Record an error against this validation result,
* @param string $message The validation error message
* @param string $code An optional error code string, that can be accessed with {@link $this->codeList()}.
* @return $this
*/
public function error($message, $code = null)
{
$this->isValid = false;
/**
* Return the full error meta-data, suitable for combining with another ValidationResult.
*/
function getErrorMetaData() {
return $this->errorList;
}
if ($code) {
if (!is_numeric($code)) {
$this->errorList[$code] = $message;
} else {
user_error("ValidationResult::error() - Don't use a numeric code '$code'. Use a string."
. "I'm going to ignore it.", E_USER_WARNING);
$this->errorList[$code] = $message;
}
} else {
$this->errorList[] = $message;
}
/**
* Record a
* against this validation result.
*
* It's better to use addError, addFeildError, addMessage, or addFieldMessage instead.
*
* @param string $message The message string.
* @param string $code A codename for this error. Only one message per codename will be added.
* This can be usedful for ensuring no duplicate messages
* @param string $fieldName The field to link the message to. If omitted; a form-wide message is assumed.
* @param string $messageType The type of message: e.g. "bad", "warning", "good", or "required". Passed as a CSS
* class to the form, so other values can be used if desired.
* @param bool $escapeHtml Automatically sanitize the message. Set to FALSE if the message contains HTML.
* In that case, you might want to use {@link Convert::raw2xml()} to escape any
* user supplied data in the message.
*
* @deprecated 3.2
*/
public function error($message, $code = null, $fieldName = null, $messageType = "bad", $escapeHtml = true) {
Deprecation::notice('3.2', 'Use addError or addFieldError instead.');
return $this;
}
return $this->addFieldError($fieldName, $message, $messageType, $code, $escapeHtml);
}
/**
* Returns true if the result is valid.
* @return boolean
*/
/**
* Record an error against this validation result,
*
* @param string $message The message string.
* @param string $messageType The type of message: e.g. "bad", "warning", "good", or "required". Passed as a CSS
* class to the form, so other values can be used if desired.
* @param string $code A codename for this error. Only one message per codename will be added.
* This can be usedful for ensuring no duplicate messages
* @param bool $escapeHtml Automatically sanitize the message. Set to FALSE if the message contains HTML.
* In that case, you might want to use {@link Convert::raw2xml()} to escape any
* user supplied data in the message.
*/
public function addError($message, $messageType = "bad", $code = null, $escapeHtml = true) {
return $this->addFieldError(null, $message, $messageType, $code, $escapeHtml);
}
/**
* Record an error against this validation result,
*
* @param string $fieldName The field to link the message to. If omitted; a form-wide message is assumed.
* @param string $message The message string.
* @param string $messageType The type of message: e.g. "bad", "warning", "good", or "required". Passed as a CSS
* class to the form, so other values can be used if desired.
* @param string $code A codename for this error. Only one message per codename will be added.
* This can be usedful for ensuring no duplicate messages
* @param bool $escapeHtml Automatically sanitize the message. Set to FALSE if the message contains HTML.
* In that case, you might want to use {@link Convert::raw2xml()} to escape any
* user supplied data in the message.
*/
public function addFieldError($fieldName = null, $message, $messageType = "bad", $code = null, $escapeHtml = true) {
$this->isValid = false;
return $this->addFieldMessage($fieldName, $message, $messageType, $code, $escapeHtml);
}
/**
* Add a message to this ValidationResult without necessarily marking it as an error
*
* @param string $message The message string.
* @param string $messageType The type of message: e.g. "bad", "warning", "good", or "required". Passed as a CSS
* class to the form, so other values can be used if desired.
* @param string $code A codename for this error. Only one message per codename will be added.
* This can be usedful for ensuring no duplicate messages
* @param bool $escapeHtml Automatically sanitize the message. Set to FALSE if the message contains HTML.
* In that case, you might want to use {@link Convert::raw2xml()} to escape any
* user supplied data in the message.
*/
public function addMessage($message, $messageType = "bad", $code = null, $escapeHtml = true) {
return $this->addFieldMessage(null, $message, $messageType, $code, $escapeHtml);
}
/**
* Add a message to this ValidationResult without necessarily marking it as an error
*
* @param string $fieldName The field to link the message to. If omitted; a form-wide message is assumed.
* @param string $message The message string.
* @param string $messageType The type of message: e.g. "bad", "warning", "good", or "required". Passed as a CSS
* class to the form, so other values can be used if desired.
* @param string $code A codename for this error. Only one message per codename will be added.
* This can be usedful for ensuring no duplicate messages
* @param bool $escapeHtml Automatically sanitize the message. Set to FALSE if the message contains HTML.
* In that case, you might want to use {@link Convert::raw2xml()} to escape any
* user supplied data in the message.
*/
public function addFieldMessage($fieldName, $message, $messageType = "bad", $code = null, $escapeHtml = true) {
$metadata = array(
'message' => $escapeHtml ? Convert::raw2xml($message) : $message,
'fieldName' => $fieldName,
'messageType' => $messageType,
);
if($code) {
if(!is_numeric($code)) {
$this->errorList[$code] = $metadata;
} else {
throw new InvalidArgumentException(
"ValidationResult::error() - Don't use a numeric code '$code'. Use a string.");
}
} else {
$this->errorList[] = $metadata;
}
return $this;
}
/**
* Returns true if the result is valid.
* @return boolean
*/
public function valid()
{
return $this->isValid;
}
return $this->isValid;
}
/**
* Get an array of errors
* @return array
*/
/**
* Get an array of errors
* @return array
*/
public function messageList()
{
return $this->errorList;
}
$list = array();
foreach($this->errorList as $key => $item) {
if(is_numeric($key)) $list[] = $item['message'];
else $list[$key] = $item['message'];
}
return $list;
}
/**
* Get an array of error codes
* @return array
*/
/**
* Get the field-specific messages as a map.
* Keys will be field names, and values will be a 2 element map with keys 'messsage', and 'messageType'
*/
public function fieldErrors() {
$output = array();
foreach($this->errorList as $key => $item) {
if($item['fieldName']) {
$output[$item['fieldName']] = array(
'message' => $item['message'],
'messageType' => $item['messageType']
);
}
}
return $output;
}
/**
* Get an array of error codes
* @return array
*/
public function codeList()
{
$codeList = array();
$codeList = array();
foreach ($this->errorList as $k => $v) {
if (!is_numeric($k)) {
$codeList[] = $k;
}
}
return $codeList;
}
return $codeList;
}
/**
* Get the error message as a string.
* @return string
*/
/**
* Get the error message as a string.
* @return string
*/
public function message()
{
return implode("; ", $this->errorList);
}
return implode("; ", $this->messageList());
}
/**
* Get a starred list of all messages
* @return string
*/
/**
* The the error message that's not related to a field as a string
*/
public function overallMessage() {
$messages = array();
foreach($this->errorList as $item) {
if(!$item['fieldName']) $messages[] = $item['message'];
}
return implode("; ", $messages);
}
/**
* Get a starred list of all messages
* @return string
*/
public function starredList()
{
return " * " . implode("\n * ", $this->errorList);
}
return " * " . implode("\n * ", $this->messageList());
}
/**
* Combine this Validation Result with the ValidationResult given in other.
* It will be valid if both this and the other result are valid.
* This object will be modified to contain the new validation information.
*
* @param ValidationResult $other the validation result object to combine
* @return $this
*/
/**
* Combine this Validation Result with the ValidationResult given in other.
* It will be valid if both this and the other result are valid.
* This object will be modified to contain the new validation information.
*
* @param ValidationResult $other the validation result object to combine
* @return $this
*/
public function combineAnd(ValidationResult $other)
{
$this->isValid = $this->isValid && $other->valid();
$this->errorList = array_merge($this->errorList, $other->messageList());
return $this;
}
$this->isValid = $this->isValid && $other->valid();
$this->errorList = array_merge($this->errorList, $other->getErrorMetaData());
return $this;
}
}

784
src/Security/Group.php
View File

@ -53,436 +53,436 @@ use SilverStripe\View\Requirements;
class Group extends DataObject
{
private static $db = array(
"Title" => "Varchar(255)",
"Description" => "Text",
"Code" => "Varchar(255)",
"Locked" => "Boolean",
"Sort" => "Int",
"HtmlEditorConfig" => "Text"
);
private static $db = array(
"Title" => "Varchar(255)",
"Description" => "Text",
"Code" => "Varchar(255)",
"Locked" => "Boolean",
"Sort" => "Int",
"HtmlEditorConfig" => "Text"
);
private static $has_one = array(
"Parent" => "SilverStripe\\Security\\Group",
);
private static $has_one = array(
"Parent" => "SilverStripe\\Security\\Group",
);
private static $has_many = array(
"Permissions" => "SilverStripe\\Security\\Permission",
"Groups" => "SilverStripe\\Security\\Group"
);
private static $has_many = array(
"Permissions" => "SilverStripe\\Security\\Permission",
"Groups" => "SilverStripe\\Security\\Group"
);
private static $many_many = array(
"Members" => "SilverStripe\\Security\\Member",
"Roles" => "SilverStripe\\Security\\PermissionRole",
);
private static $many_many = array(
"Members" => "SilverStripe\\Security\\Member",
"Roles" => "SilverStripe\\Security\\PermissionRole",
);
private static $extensions = array(
"SilverStripe\\ORM\\Hierarchy\\Hierarchy",
);
private static $extensions = array(
"SilverStripe\\ORM\\Hierarchy\\Hierarchy",
);
private static $table_name = "Group";
private static $table_name = "Group";
public function populateDefaults()
{
parent::populateDefaults();
parent::populateDefaults();
if (!$this->Title) {
$this->Title = _t('SecurityAdmin.NEWGROUP', "New Group");
}
}
}
public function getAllChildren()
{
$doSet = new ArrayList();
$doSet = new ArrayList();
$children = Group::get()->filter("ParentID", $this->ID);
foreach ($children as $child) {
$doSet->push($child);
$doSet->merge($child->getAllChildren());
}
$children = Group::get()->filter("ParentID", $this->ID);
foreach($children as $child) {
$doSet->push($child);
$doSet->merge($child->getAllChildren());
}
return $doSet;
}
return $doSet;
}
/**
* Caution: Only call on instances, not through a singleton.
* The "root group" fields will be created through {@link SecurityAdmin->EditForm()}.
*
* @return FieldList
*/
/**
* Caution: Only call on instances, not through a singleton.
* The "root group" fields will be created through {@link SecurityAdmin->EditForm()}.
*
* @return FieldList
*/
public function getCMSFields()
{
$fields = new FieldList(
$fields = new FieldList(
new TabSet(
"Root",
new Tab(
'Members',
_t('SecurityAdmin.MEMBERS', 'Members'),
new TextField("Title", $this->fieldLabel('Title')),
new TextField("Title", $this->fieldLabel('Title')),
$parentidfield = DropdownField::create(
'ParentID',
$this->fieldLabel('Parent'),
Group::get()->exclude('ID', $this->ID)->map('ID', 'Breadcrumbs')
)->setEmptyString(' '),
new TextareaField('Description', $this->fieldLabel('Description'))
),
$this->fieldLabel('Parent'),
Group::get()->exclude('ID', $this->ID)->map('ID', 'Breadcrumbs')
)->setEmptyString(' '),
new TextareaField('Description', $this->fieldLabel('Description'))
),
$permissionsTab = new Tab(
'Permissions',
_t('SecurityAdmin.PERMISSIONS', 'Permissions'),
$permissionsField = new PermissionCheckboxSetField(
'Permissions',
false,
'SilverStripe\\Security\\Permission',
'GroupID',
$this
)
)
)
);
$permissionsField = new PermissionCheckboxSetField(
'Permissions',
false,
'SilverStripe\\Security\\Permission',
'GroupID',
$this
)
)
)
);
$parentidfield->setDescription(
_t('Group.GroupReminder', 'If you choose a parent group, this group will take all it\'s roles')
);
$parentidfield->setDescription(
_t('Group.GroupReminder', 'If you choose a parent group, this group will take all it\'s roles')
);
// Filter permissions
// TODO SecurityAdmin coupling, not easy to get to the form fields through GridFieldDetailForm
$permissionsField->setHiddenPermissions((array)Config::inst()->get('SilverStripe\\Admin\\SecurityAdmin', 'hidden_permissions'));
// Filter permissions
// TODO SecurityAdmin coupling, not easy to get to the form fields through GridFieldDetailForm
$permissionsField->setHiddenPermissions((array)Config::inst()->get('SilverStripe\\Admin\\SecurityAdmin', 'hidden_permissions'));
if ($this->ID) {
$group = $this;
$config = GridFieldConfig_RelationEditor::create();
$config->addComponent(new GridFieldButtonRow('after'));
$config->addComponents(new GridFieldExportButton('buttons-after-left'));
$config->addComponents(new GridFieldPrintButton('buttons-after-left'));
/** @var GridFieldAddExistingAutocompleter $autocompleter */
$autocompleter = $config->getComponentByType('SilverStripe\\Forms\\GridField\\GridFieldAddExistingAutocompleter');
/** @skipUpgrade */
$autocompleter
->setResultsFormat('$Title ($Email)')
->setSearchFields(array('FirstName', 'Surname', 'Email'));
/** @var GridFieldDetailForm $detailForm */
$detailForm = $config->getComponentByType('SilverStripe\\Forms\\GridField\\GridFieldDetailForm');
$detailForm
->setValidator(Member_Validator::create())
->setItemEditFormCallback(function ($form, $component) use ($group) {
/** @var Form $form */
$record = $form->getRecord();
$groupsField = $form->Fields()->dataFieldByName('DirectGroups');
if ($groupsField) {
// If new records are created in a group context,
// set this group by default.
if ($record && !$record->ID) {
$groupsField->setValue($group->ID);
} elseif ($record && $record->ID) {
// TODO Mark disabled once chosen.js supports it
// $groupsField->setDisabledItems(array($group->ID));
if($this->ID) {
$group = $this;
$config = GridFieldConfig_RelationEditor::create();
$config->addComponent(new GridFieldButtonRow('after'));
$config->addComponents(new GridFieldExportButton('buttons-after-left'));
$config->addComponents(new GridFieldPrintButton('buttons-after-left'));
/** @var GridFieldAddExistingAutocompleter $autocompleter */
$autocompleter = $config->getComponentByType('SilverStripe\\Forms\\GridField\\GridFieldAddExistingAutocompleter');
/** @skipUpgrade */
$autocompleter
->setResultsFormat('$Title ($Email)')
->setSearchFields(array('FirstName', 'Surname', 'Email'));
/** @var GridFieldDetailForm $detailForm */
$detailForm = $config->getComponentByType('SilverStripe\\Forms\\GridField\\GridFieldDetailForm');
$detailForm
->setValidator(Member_Validator::create())
->setItemEditFormCallback(function($form, $component) use($group) {
/** @var Form $form */
$record = $form->getRecord();
$groupsField = $form->Fields()->dataFieldByName('DirectGroups');
if($groupsField) {
// If new records are created in a group context,
// set this group by default.
if($record && !$record->ID) {
$groupsField->setValue($group->ID);
} elseif($record && $record->ID) {
// TODO Mark disabled once chosen.js supports it
// $groupsField->setDisabledItems(array($group->ID));
$form->Fields()->replaceField(
'DirectGroups',
$groupsField->performReadonlyTransformation()
);
}
}
});
$memberList = GridField::create('Members', false, $this->DirectMembers(), $config)
->addExtraClass('members_grid');
// @todo Implement permission checking on GridField
//$memberList->setPermissions(array('edit', 'delete', 'export', 'add', 'inlineadd'));
$fields->addFieldToTab('Root.Members', $memberList);
}
}
}
});
$memberList = GridField::create('Members',false, $this->DirectMembers(), $config)
->addExtraClass('members_grid');
// @todo Implement permission checking on GridField
//$memberList->setPermissions(array('edit', 'delete', 'export', 'add', 'inlineadd'));
$fields->addFieldToTab('Root.Members', $memberList);
}
// Only add a dropdown for HTML editor configurations if more than one is available.
// Otherwise Member->getHtmlEditorConfigForCMS() will default to the 'cms' configuration.
$editorConfigMap = HTMLEditorConfig::get_available_configs_map();
if (count($editorConfigMap) > 1) {
// Only add a dropdown for HTML editor configurations if more than one is available.
// Otherwise Member->getHtmlEditorConfigForCMS() will default to the 'cms' configuration.
$editorConfigMap = HTMLEditorConfig::get_available_configs_map();
if(count($editorConfigMap) > 1) {
$fields->addFieldToTab(
'Root.Permissions',
new DropdownField(
'HtmlEditorConfig',
'HTML Editor Configuration',
$editorConfigMap
),
'Permissions'
);
}
new DropdownField(
'HtmlEditorConfig',
'HTML Editor Configuration',
$editorConfigMap
),
'Permissions'
);
}
if (!Permission::check('EDIT_PERMISSIONS')) {
$fields->removeFieldFromTab('Root', 'Permissions');
}
if(!Permission::check('EDIT_PERMISSIONS')) {
$fields->removeFieldFromTab('Root', 'Permissions');
}
// Only show the "Roles" tab if permissions are granted to edit them,
// and at least one role exists
if (Permission::check('APPLY_ROLES') && DataObject::get('SilverStripe\\Security\\PermissionRole')) {
$fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.ROLES', 'Roles'));
// Only show the "Roles" tab if permissions are granted to edit them,
// and at least one role exists
if(Permission::check('APPLY_ROLES') && DataObject::get('SilverStripe\\Security\\PermissionRole')) {
$fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.ROLES', 'Roles'));
$fields->addFieldToTab(
'Root.Roles',
new LiteralField(
"",
"<p>" .
_t(
'SecurityAdmin.ROLESDESCRIPTION',
"Roles are predefined sets of permissions, and can be assigned to groups.<br />"
. "They are inherited from parent groups if required."
) . '<br />' .
sprintf(
'<a href="%s" class="add-role">%s</a>',
SecurityAdmin::singleton()->Link('show/root#Root_Roles'),
// TODO This should include #Root_Roles to switch directly to the tab,
// but tabstrip.js doesn't display tabs when directly adressed through a URL pragma
_t('Group.RolesAddEditLink', 'Manage roles')
) .
"</p>"
)
);
new LiteralField(
"",
"<p>" .
_t(
'SecurityAdmin.ROLESDESCRIPTION',
"Roles are predefined sets of permissions, and can be assigned to groups.<br />"
. "They are inherited from parent groups if required."
) . '<br />' .
sprintf(
'<a href="%s" class="add-role">%s</a>',
SecurityAdmin::singleton()->Link('show/root#Root_Roles'),
// TODO This should include #Root_Roles to switch directly to the tab,
// but tabstrip.js doesn't display tabs when directly adressed through a URL pragma
_t('Group.RolesAddEditLink', 'Manage roles')
) .
"</p>"
)
);
// Add roles (and disable all checkboxes for inherited roles)
$allRoles = PermissionRole::get();
if (!Permission::check('ADMIN')) {
$allRoles = $allRoles->filter("OnlyAdminCanApply", 0);
}
if ($this->ID) {
$groupRoles = $this->Roles();
$inheritedRoles = new ArrayList();
$ancestors = $this->getAncestors();
foreach ($ancestors as $ancestor) {
$ancestorRoles = $ancestor->Roles();
// Add roles (and disable all checkboxes for inherited roles)
$allRoles = PermissionRole::get();
if(!Permission::check('ADMIN')) {
$allRoles = $allRoles->filter("OnlyAdminCanApply", 0);
}
if($this->ID) {
$groupRoles = $this->Roles();
$inheritedRoles = new ArrayList();
$ancestors = $this->getAncestors();
foreach($ancestors as $ancestor) {
$ancestorRoles = $ancestor->Roles();
if ($ancestorRoles) {
$inheritedRoles->merge($ancestorRoles);
}
}
}
$groupRoleIDs = $groupRoles->column('ID') + $inheritedRoles->column('ID');
$inheritedRoleIDs = $inheritedRoles->column('ID');
} else {
$groupRoleIDs = array();
$inheritedRoleIDs = array();
}
$groupRoleIDs = $groupRoles->column('ID') + $inheritedRoles->column('ID');
$inheritedRoleIDs = $inheritedRoles->column('ID');
} else {
$groupRoleIDs = array();
$inheritedRoleIDs = array();
}
$rolesField = ListboxField::create('Roles', false, $allRoles->map()->toArray())
->setDefaultItems($groupRoleIDs)
->setAttribute('data-placeholder', _t('Group.AddRole', 'Add a role for this group'))
->setDisabledItems($inheritedRoleIDs);
if (!$allRoles->count()) {
$rolesField->setAttribute('data-placeholder', _t('Group.NoRoles', 'No roles found'));
}
$fields->addFieldToTab('Root.Roles', $rolesField);
}
$rolesField = ListboxField::create('Roles', false, $allRoles->map()->toArray())
->setDefaultItems($groupRoleIDs)
->setAttribute('data-placeholder', _t('Group.AddRole', 'Add a role for this group'))
->setDisabledItems($inheritedRoleIDs);
if(!$allRoles->count()) {
$rolesField->setAttribute('data-placeholder', _t('Group.NoRoles', 'No roles found'));
}
$fields->addFieldToTab('Root.Roles', $rolesField);
}
$fields->push($idField = new HiddenField("ID"));
$fields->push($idField = new HiddenField("ID"));
$this->extend('updateCMSFields', $fields);
$this->extend('updateCMSFields', $fields);
return $fields;
}
return $fields;
}
/**
* @param bool $includerelations Indicate if the labels returned include relation fields
* @return array
*/
/**
* @param bool $includerelations Indicate if the labels returned include relation fields
* @return array
*/
public function fieldLabels($includerelations = true)
{
$labels = parent::fieldLabels($includerelations);
$labels['Title'] = _t('SecurityAdmin.GROUPNAME', 'Group name');
$labels['Description'] = _t('Group.Description', 'Description');
$labels['Code'] = _t('Group.Code', 'Group Code', 'Programmatical code identifying a group');
$labels['Locked'] = _t('Group.Locked', 'Locked?', 'Group is locked in the security administration area');
$labels['Sort'] = _t('Group.Sort', 'Sort Order');
if ($includerelations) {
$labels['Parent'] = _t('Group.Parent', 'Parent Group', 'One group has one parent group');
$labels['Permissions'] = _t('Group.has_many_Permissions', 'Permissions', 'One group has many permissions');
$labels['Members'] = _t('Group.many_many_Members', 'Members', 'One group has many members');
}
$labels = parent::fieldLabels($includerelations);
$labels['Title'] = _t('SecurityAdmin.GROUPNAME', 'Group name');
$labels['Description'] = _t('Group.Description', 'Description');
$labels['Code'] = _t('Group.Code', 'Group Code', 'Programmatical code identifying a group');
$labels['Locked'] = _t('Group.Locked', 'Locked?', 'Group is locked in the security administration area');
$labels['Sort'] = _t('Group.Sort', 'Sort Order');
if($includerelations){
$labels['Parent'] = _t('Group.Parent', 'Parent Group', 'One group has one parent group');
$labels['Permissions'] = _t('Group.has_many_Permissions', 'Permissions', 'One group has many permissions');
$labels['Members'] = _t('Group.many_many_Members', 'Members', 'One group has many members');
}
return $labels;
}
return $labels;
}
/**
* Get many-many relation to {@link Member},
* including all members which are "inherited" from children groups of this record.
* See {@link DirectMembers()} for retrieving members without any inheritance.
*
* @param String $filter
* @return ManyManyList
*/
/**
* Get many-many relation to {@link Member},
* including all members which are "inherited" from children groups of this record.
* See {@link DirectMembers()} for retrieving members without any inheritance.
*
* @param String $filter
* @return ManyManyList
*/
public function Members($filter = '')
{
// First get direct members as a base result
$result = $this->DirectMembers();
// First get direct members as a base result
$result = $this->DirectMembers();
// Unsaved group cannot have child groups because its ID is still 0.
// Unsaved group cannot have child groups because its ID is still 0.
if (!$this->exists()) {
return $result;
}
// Remove the default foreign key filter in prep for re-applying a filter containing all children groups.
// Filters are conjunctive in DataQuery by default, so this filter would otherwise overrule any less specific
// ones.
if (!($result instanceof UnsavedRelationList)) {
$result = $result->alterDataQuery(function ($query) {
/** @var DataQuery $query */
$query->removeFilterOn('Group_Members');
});
}
// Now set all children groups as a new foreign key
$groups = Group::get()->byIDs($this->collateFamilyIDs());
$result = $result->forForeignID($groups->column('ID'))->where($filter);
// Remove the default foreign key filter in prep for re-applying a filter containing all children groups.
// Filters are conjunctive in DataQuery by default, so this filter would otherwise overrule any less specific
// ones.
if(!($result instanceof UnsavedRelationList)) {
$result = $result->alterDataQuery(function($query){
/** @var DataQuery $query */
$query->removeFilterOn('Group_Members');
});
}
// Now set all children groups as a new foreign key
$groups = Group::get()->byIDs($this->collateFamilyIDs());
$result = $result->forForeignID($groups->column('ID'))->where($filter);
return $result;
}
return $result;
}
/**
* Return only the members directly added to this group
*/
/**
* Return only the members directly added to this group
*/
public function DirectMembers()
{
return $this->getManyManyComponents('Members');
}
return $this->getManyManyComponents('Members');
}
/**
* Return a set of this record's "family" of IDs - the IDs of
* this record and all its descendants.
*
* @return array
*/
/**
* Return a set of this record's "family" of IDs - the IDs of
* this record and all its descendants.
*
* @return array
*/
public function collateFamilyIDs()
{
if (!$this->exists()) {
throw new \InvalidArgumentException("Cannot call collateFamilyIDs on unsaved Group.");
}
if (!$this->exists()) {
throw new \InvalidArgumentException("Cannot call collateFamilyIDs on unsaved Group.");
}
$familyIDs = array();
$chunkToAdd = array($this->ID);
$familyIDs = array();
$chunkToAdd = array($this->ID);
while ($chunkToAdd) {
$familyIDs = array_merge($familyIDs, $chunkToAdd);
while($chunkToAdd) {
$familyIDs = array_merge($familyIDs,$chunkToAdd);
// Get the children of *all* the groups identified in the previous chunk.
// This minimises the number of SQL queries necessary
$chunkToAdd = Group::get()->filter("ParentID", $chunkToAdd)->column('ID');
}
// Get the children of *all* the groups identified in the previous chunk.
// This minimises the number of SQL queries necessary
$chunkToAdd = Group::get()->filter("ParentID", $chunkToAdd)->column('ID');
}
return $familyIDs;
}
return $familyIDs;
}
/**
* Returns an array of the IDs of this group and all its parents
*
* @return array
*/
/**
* Returns an array of the IDs of this group and all its parents
*
* @return array
*/
public function collateAncestorIDs()
{
$parent = $this;
$items = [];
while (isset($parent) && $parent instanceof Group) {
$items[] = $parent->ID;
$parent = $parent->Parent;
}
return $items;
}
$parent = $this;
$items = [];
while(isset($parent) && $parent instanceof Group) {
$items[] = $parent->ID;
$parent = $parent->Parent;
}
return $items;
}
/**
* This isn't a decendant of SiteTree, but needs this in case
* the group is "reorganised";
*/
/**
* This isn't a decendant of SiteTree, but needs this in case
* the group is "reorganised";
*/
public function cmsCleanup_parentChanged()
{
}
}
/**
* Override this so groups are ordered in the CMS
*/
/**
* Override this so groups are ordered in the CMS
*/
public function stageChildren()
{
return Group::get()
->filter("ParentID", $this->ID)
->exclude("ID", $this->ID)
->sort('"Sort"');
}
return Group::get()
->filter("ParentID", $this->ID)
->exclude("ID", $this->ID)
->sort('"Sort"');
}
public function getTreeTitle()
{
if ($this->hasMethod('alternateTreeTitle')) {
return $this->alternateTreeTitle();
}
return htmlspecialchars($this->Title, ENT_QUOTES);
}
if($this->hasMethod('alternateTreeTitle')) {
return $this->alternateTreeTitle();
}
return htmlspecialchars($this->Title, ENT_QUOTES);
}
/**
* Overloaded to ensure the code is always descent.
*
* @param string
*/
/**
* Overloaded to ensure the code is always descent.
*
* @param string
*/
public function setCode($val)
{
$this->setField("Code", Convert::raw2url($val));
}
$this->setField("Code", Convert::raw2url($val));
}
public function validate()
{
$result = parent::validate();
$result = parent::validate();
// Check if the new group hierarchy would add certain "privileged permissions",
// and require an admin to perform this change in case it does.
// This prevents "sub-admin" users with group editing permissions to increase their privileges.
if ($this->Parent()->exists() && !Permission::check('ADMIN')) {
$inheritedCodes = Permission::get()
->filter('GroupID', $this->Parent()->collateAncestorIDs())
->column('Code');
$privilegedCodes = Config::inst()->get('SilverStripe\\Security\\Permission', 'privileged_permissions');
if (array_intersect($inheritedCodes, $privilegedCodes)) {
$result->error(sprintf(
_t(
'Group.HierarchyPermsError',
'Can\'t assign parent group "%s" with privileged permissions (requires ADMIN access)'
),
$this->Parent()->Title
));
}
}
// Check if the new group hierarchy would add certain "privileged permissions",
// and require an admin to perform this change in case it does.
// This prevents "sub-admin" users with group editing permissions to increase their privileges.
if($this->Parent()->exists() && !Permission::check('ADMIN')) {
$inheritedCodes = Permission::get()
->filter('GroupID', $this->Parent()->collateAncestorIDs())
->column('Code');
$privilegedCodes = Config::inst()->get('SilverStripe\\Security\\Permission', 'privileged_permissions');
if(array_intersect($inheritedCodes, $privilegedCodes)) {
$result->addError(sprintf(
_t(
'Group.HierarchyPermsError',
'Can\'t assign parent group "%s" with privileged permissions (requires ADMIN access)'
),
$this->Parent()->Title
));
}
}
return $result;
}
return $result;
}
public function onBeforeWrite()
{
parent::onBeforeWrite();
parent::onBeforeWrite();
// Only set code property when the group has a custom title, and no code exists.
// The "Code" attribute is usually treated as a more permanent identifier than database IDs
// in custom application logic, so can't be changed after its first set.
if (!$this->Code && $this->Title != _t('SecurityAdmin.NEWGROUP', "New Group")) {
$this->setCode($this->Title);
}
}
// Only set code property when the group has a custom title, and no code exists.
// The "Code" attribute is usually treated as a more permanent identifier than database IDs
// in custom application logic, so can't be changed after its first set.
if(!$this->Code && $this->Title != _t('SecurityAdmin.NEWGROUP',"New Group")) {
$this->setCode($this->Title);
}
}
public function onBeforeDelete()
{
parent::onBeforeDelete();
parent::onBeforeDelete();
// if deleting this group, delete it's children as well
foreach ($this->Groups() as $group) {
$group->delete();
}
// if deleting this group, delete it's children as well
foreach($this->Groups() as $group) {
$group->delete();
}
// Delete associated permissions
foreach ($this->Permissions() as $permission) {
$permission->delete();
}
}
// Delete associated permissions
foreach($this->Permissions() as $permission) {
$permission->delete();
}
}
/**
* Checks for permission-code CMS_ACCESS_SecurityAdmin.
* If the group has ADMIN permissions, it requires the user to have ADMIN permissions as well.
*
* @param $member Member
* @return boolean
*/
/**
* Checks for permission-code CMS_ACCESS_SecurityAdmin.
* If the group has ADMIN permissions, it requires the user to have ADMIN permissions as well.
*
* @param $member Member
* @return boolean
*/
public function canEdit($member = null)
{
if (!$member || !(is_a($member, 'SilverStripe\\Security\\Member')) || is_numeric($member)) {
$member = Member::currentUser();
}
// extended access checks
$results = $this->extend('canEdit', $member);
// extended access checks
$results = $this->extend('canEdit', $member);
if ($results && is_array($results)) {
if (!min($results)) {
return false;
@ -490,48 +490,48 @@ class Group extends DataObject
}
if (// either we have an ADMIN
(bool)Permission::checkMember($member, "ADMIN")
|| (
// or a privileged CMS user and a group without ADMIN permissions.
// without this check, a user would be able to add himself to an administrators group
// with just access to the "Security" admin interface
Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin") &&
!Permission::get()->filter(array('GroupID' => $this->ID, 'Code' => 'ADMIN'))->exists()
)
) {
return true;
}
(bool)Permission::checkMember($member, "ADMIN")
|| (
// or a privileged CMS user and a group without ADMIN permissions.
// without this check, a user would be able to add himself to an administrators group
// with just access to the "Security" admin interface
Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin") &&
!Permission::get()->filter(array('GroupID' => $this->ID, 'Code' => 'ADMIN'))->exists()
)
) {
return true;
}
return false;
}
return false;
}
/**
* Checks for permission-code CMS_ACCESS_SecurityAdmin.
*
* @param $member Member
* @return boolean
*/
/**
* Checks for permission-code CMS_ACCESS_SecurityAdmin.
*
* @param $member Member
* @return boolean
*/
public function canView($member = null)
{
if (!$member || !(is_a($member, 'SilverStripe\\Security\\Member')) || is_numeric($member)) {
$member = Member::currentUser();
}
// extended access checks
$results = $this->extend('canView', $member);
// extended access checks
$results = $this->extend('canView', $member);
if ($results && is_array($results)) {
if (!min($results)) {
return false;
}
}
// user needs access to CMS_ACCESS_SecurityAdmin
// user needs access to CMS_ACCESS_SecurityAdmin
if (Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin")) {
return true;
}
return false;
}
return false;
}
public function canDelete($member = null)
{
@ -539,30 +539,30 @@ class Group extends DataObject
$member = Member::currentUser();
}
// extended access checks
$results = $this->extend('canDelete', $member);
// extended access checks
$results = $this->extend('canDelete', $member);
if ($results && is_array($results)) {
if (!min($results)) {
return false;
}
}
return $this->canEdit($member);
}
return $this->canEdit($member);
}
/**
* Returns all of the children for the CMS Tree.
* Filters to only those groups that the current user can edit
*/
/**
* Returns all of the children for the CMS Tree.
* Filters to only those groups that the current user can edit
*/
public function AllChildrenIncludingDeleted()
{
/** @var Hierarchy $extInstance */
$extInstance = $this->getExtensionInstance('SilverStripe\\ORM\\Hierarchy\\Hierarchy');
$extInstance->setOwner($this);
$children = $extInstance->AllChildrenIncludingDeleted();
$extInstance->clearOwner();
/** @var Hierarchy $extInstance */
$extInstance = $this->getExtensionInstance('SilverStripe\\ORM\\Hierarchy\\Hierarchy');
$extInstance->setOwner($this);
$children = $extInstance->AllChildrenIncludingDeleted();
$extInstance->clearOwner();
$filteredChildren = new ArrayList();
$filteredChildren = new ArrayList();
if ($children) {
foreach ($children as $child) {
@ -570,46 +570,46 @@ class Group extends DataObject
$filteredChildren->push($child);
}
}
}
}
return $filteredChildren;
}
return $filteredChildren;
}
/**
* Add default records to database.
*
* This function is called whenever the database is built, after the
* database tables have all been created.
*/
/**
* Add default records to database.
*
* This function is called whenever the database is built, after the
* database tables have all been created.
*/
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
parent::requireDefaultRecords();
// Add default author group if no other group exists
$allGroups = DataObject::get('SilverStripe\\Security\\Group');
if (!$allGroups->count()) {
$authorGroup = new Group();
$authorGroup->Code = 'content-authors';
$authorGroup->Title = _t('Group.DefaultGroupTitleContentAuthors', 'Content Authors');
$authorGroup->Sort = 1;
$authorGroup->write();
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CMSMain');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_AssetAdmin');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_ReportAdmin');
Permission::grant($authorGroup->ID, 'SITETREE_REORGANISE');
}
// Add default author group if no other group exists
$allGroups = DataObject::get('SilverStripe\\Security\\Group');
if(!$allGroups->count()) {
$authorGroup = new Group();
$authorGroup->Code = 'content-authors';
$authorGroup->Title = _t('Group.DefaultGroupTitleContentAuthors', 'Content Authors');
$authorGroup->Sort = 1;
$authorGroup->write();
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CMSMain');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_AssetAdmin');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_ReportAdmin');
Permission::grant($authorGroup->ID, 'SITETREE_REORGANISE');
}
// Add default admin group if none with permission code ADMIN exists
$adminGroups = Permission::get_groups_by_permission('ADMIN');
if (!$adminGroups->count()) {
$adminGroup = new Group();
$adminGroup->Code = 'administrators';
$adminGroup->Title = _t('Group.DefaultGroupTitleAdministrators', 'Administrators');
$adminGroup->Sort = 0;
$adminGroup->write();
Permission::grant($adminGroup->ID, 'ADMIN');
}
// Add default admin group if none with permission code ADMIN exists
$adminGroups = Permission::get_groups_by_permission('ADMIN');
if(!$adminGroups->count()) {
$adminGroup = new Group();
$adminGroup->Code = 'administrators';
$adminGroup->Title = _t('Group.DefaultGroupTitleAdministrators', 'Administrators');
$adminGroup->Sort = 0;
$adminGroup->write();
Permission::grant($adminGroup->ID, 'ADMIN');
}
// Members are populated through Member->requireDefaultRecords()
}
// Members are populated through Member->requireDefaultRecords()
}
}

2552
src/Security/Member.php
View File

@ -63,380 +63,380 @@ use Zend_Locale_Format;
class Member extends DataObject implements TemplateGlobalProvider
{
private static $db = array(
'FirstName' => 'Varchar',
'Surname' => 'Varchar',
'Email' => 'Varchar(254)', // See RFC 5321, Section 4.5.3.1.3. (256 minus the < and > character)
'TempIDHash' => 'Varchar(160)', // Temporary id used for cms re-authentication
'TempIDExpired' => 'Datetime', // Expiry of temp login
'Password' => 'Varchar(160)',
'AutoLoginHash' => 'Varchar(160)', // Used to auto-login the user on password reset
'AutoLoginExpired' => 'Datetime',
// This is an arbitrary code pointing to a PasswordEncryptor instance,
// not an actual encryption algorithm.
// Warning: Never change this field after its the first password hashing without
// providing a new cleartext password as well.
'PasswordEncryption' => "Varchar(50)",
'Salt' => 'Varchar(50)',
'PasswordExpiry' => 'Date',
'LockedOutUntil' => 'Datetime',
'Locale' => 'Varchar(6)',
// handled in registerFailedLogin(), only used if $lock_out_after_incorrect_logins is set
'FailedLoginCount' => 'Int',
// In ISO format
'DateFormat' => 'Varchar(30)',
'TimeFormat' => 'Varchar(30)',
);
private static $db = array(
'FirstName' => 'Varchar',
'Surname' => 'Varchar',
'Email' => 'Varchar(254)', // See RFC 5321, Section 4.5.3.1.3. (256 minus the < and > character)
'TempIDHash' => 'Varchar(160)', // Temporary id used for cms re-authentication
'TempIDExpired' => 'Datetime', // Expiry of temp login
'Password' => 'Varchar(160)',
'AutoLoginHash' => 'Varchar(160)', // Used to auto-login the user on password reset
'AutoLoginExpired' => 'Datetime',
// This is an arbitrary code pointing to a PasswordEncryptor instance,
// not an actual encryption algorithm.
// Warning: Never change this field after its the first password hashing without
// providing a new cleartext password as well.
'PasswordEncryption' => "Varchar(50)",
'Salt' => 'Varchar(50)',
'PasswordExpiry' => 'Date',
'LockedOutUntil' => 'Datetime',
'Locale' => 'Varchar(6)',
// handled in registerFailedLogin(), only used if $lock_out_after_incorrect_logins is set
'FailedLoginCount' => 'Int',
// In ISO format
'DateFormat' => 'Varchar(30)',
'TimeFormat' => 'Varchar(30)',
);
private static $belongs_many_many = array(
'Groups' => 'SilverStripe\\Security\\Group',
);
private static $belongs_many_many = array(
'Groups' => 'SilverStripe\\Security\\Group',
);
private static $has_many = array(
'LoggedPasswords' => 'SilverStripe\\Security\\MemberPassword',
'RememberLoginHashes' => 'SilverStripe\\Security\\RememberLoginHash'
);
private static $has_many = array(
'LoggedPasswords' => 'SilverStripe\\Security\\MemberPassword',
'RememberLoginHashes' => 'SilverStripe\\Security\\RememberLoginHash'
);
private static $table_name = "Member";
private static $table_name = "Member";
private static $default_sort = '"Surname", "FirstName"';
private static $default_sort = '"Surname", "FirstName"';
private static $indexes = array(
'Email' => true,
//Removed due to duplicate null values causing MSSQL problems
//'AutoLoginHash' => Array('type'=>'unique', 'value'=>'AutoLoginHash', 'ignoreNulls'=>true)
);
private static $indexes = array(
'Email' => true,
//Removed due to duplicate null values causing MSSQL problems
//'AutoLoginHash' => Array('type'=>'unique', 'value'=>'AutoLoginHash', 'ignoreNulls'=>true)
);
/**
* @config
* @var boolean
*/
private static $notify_password_change = false;
/**
* @config
* @var boolean
*/
private static $notify_password_change = false;
/**
* All searchable database columns
* in this object, currently queried
* with a "column LIKE '%keywords%'
* statement.
*
* @var array
* @todo Generic implementation of $searchable_fields on DataObject,
* with definition for different searching algorithms
* (LIKE, FULLTEXT) and default FormFields to construct a searchform.
*/
private static $searchable_fields = array(
'FirstName',
'Surname',
'Email',
);
/**
* All searchable database columns
* in this object, currently queried
* with a "column LIKE '%keywords%'
* statement.
*
* @var array
* @todo Generic implementation of $searchable_fields on DataObject,
* with definition for different searching algorithms
* (LIKE, FULLTEXT) and default FormFields to construct a searchform.
*/
private static $searchable_fields = array(
'FirstName',
'Surname',
'Email',
);
/**
* @config
* @var array
*/
private static $summary_fields = array(
'FirstName',
'Surname',
'Email',
);
/**
* @config
* @var array
*/
private static $summary_fields = array(
'FirstName',
'Surname',
'Email',
);
/**
* @config
* @var array
*/
private static $casting = array(
'Name' => 'Varchar',
);
/**
* @config
* @var array
*/
private static $casting = array(
'Name' => 'Varchar',
);
/**
* Internal-use only fields
*
* @config
* @var array
*/
private static $hidden_fields = array(
'AutoLoginHash',
'AutoLoginExpired',
'PasswordEncryption',
'PasswordExpiry',
'LockedOutUntil',
'TempIDHash',
'TempIDExpired',
'Salt',
);
/**
* Internal-use only fields
*
* @config
* @var array
*/
private static $hidden_fields = array(
'AutoLoginHash',
'AutoLoginExpired',
'PasswordEncryption',
'PasswordExpiry',
'LockedOutUntil',
'TempIDHash',
'TempIDExpired',
'Salt',
);
/**
* @config
* @var array See {@link set_title_columns()}
*/
private static $title_format = null;
/**
* @config
* @var array See {@link set_title_columns()}
*/
private static $title_format = null;
/**
* The unique field used to identify this member.
* By default, it's "Email", but another common
* field could be Username.
*
* @config
* @var string
* @skipUpgrade
*/
private static $unique_identifier_field = 'Email';
/**
* The unique field used to identify this member.
* By default, it's "Email", but another common
* field could be Username.
*
* @config
* @var string
* @skipUpgrade
*/
private static $unique_identifier_field = 'Email';
/**
* Object for validating user's password
*
* @config
* @var PasswordValidator
*/
private static $password_validator = null;
/**
* Object for validating user's password
*
* @config
* @var PasswordValidator
*/
private static $password_validator = null;
/**
* @config
* The number of days that a password should be valid for.
* By default, this is null, which means that passwords never expire
*/
private static $password_expiry_days = null;
/**
* @config
* The number of days that a password should be valid for.
* By default, this is null, which means that passwords never expire
*/
private static $password_expiry_days = null;
/**
* @config
* @var Int Number of incorrect logins after which
* the user is blocked from further attempts for the timespan
* defined in {@link $lock_out_delay_mins}.
*/
private static $lock_out_after_incorrect_logins = 10;
/**
* @config
* @var Int Number of incorrect logins after which
* the user is blocked from further attempts for the timespan
* defined in {@link $lock_out_delay_mins}.
*/
private static $lock_out_after_incorrect_logins = 10;
/**
* @config
* @var integer Minutes of enforced lockout after incorrect password attempts.
* Only applies if {@link $lock_out_after_incorrect_logins} greater than 0.
*/
private static $lock_out_delay_mins = 15;
/**
* @config
* @var integer Minutes of enforced lockout after incorrect password attempts.
* Only applies if {@link $lock_out_after_incorrect_logins} greater than 0.
*/
private static $lock_out_delay_mins = 15;
/**
* @config
* @var String If this is set, then a session cookie with the given name will be set on log-in,
* and cleared on logout.
*/
private static $login_marker_cookie = null;
/**
* @config
* @var String If this is set, then a session cookie with the given name will be set on log-in,
* and cleared on logout.
*/
private static $login_marker_cookie = null;
/**
* Indicates that when a {@link Member} logs in, Member:session_regenerate_id()
* should be called as a security precaution.
*
* This doesn't always work, especially if you're trying to set session cookies
* across an entire site using the domain parameter to session_set_cookie_params()
*
* @config
* @var boolean
*/
private static $session_regenerate_id = true;
/**
* Indicates that when a {@link Member} logs in, Member:session_regenerate_id()
* should be called as a security precaution.
*
* This doesn't always work, especially if you're trying to set session cookies
* across an entire site using the domain parameter to session_set_cookie_params()
*
* @config
* @var boolean
*/
private static $session_regenerate_id = true;
/**
* Default lifetime of temporary ids.
*
* This is the period within which a user can be re-authenticated within the CMS by entering only their password
* and without losing their workspace.
*
* Any session expiration outside of this time will require them to login from the frontend using their full
* username and password.
*
* Defaults to 72 hours. Set to zero to disable expiration.
*
* @config
* @var int Lifetime in seconds
*/
private static $temp_id_lifetime = 259200;
/**
* Default lifetime of temporary ids.
*
* This is the period within which a user can be re-authenticated within the CMS by entering only their password
* and without losing their workspace.
*
* Any session expiration outside of this time will require them to login from the frontend using their full
* username and password.
*
* Defaults to 72 hours. Set to zero to disable expiration.
*
* @config
* @var int Lifetime in seconds
*/
private static $temp_id_lifetime = 259200;
/**
* Ensure the locale is set to something sensible by default.
*/
/**
* Ensure the locale is set to something sensible by default.
*/
public function populateDefaults()
{
parent::populateDefaults();
$this->Locale = i18n::get_closest_translation(i18n::get_locale());
}
parent::populateDefaults();
$this->Locale = i18n::get_closest_translation(i18n::get_locale());
}
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
// Default groups should've been built by Group->requireDefaultRecords() already
static::default_admin();
}
parent::requireDefaultRecords();
// Default groups should've been built by Group->requireDefaultRecords() already
static::default_admin();
}
/**
* Get the default admin record if it exists, or creates it otherwise if enabled
*
* @return Member
*/
/**
* Get the default admin record if it exists, or creates it otherwise if enabled
*
* @return Member
*/
public static function default_admin()
{
// Check if set
// Check if set
if (!Security::has_default_admin()) {
return null;
}
// Find or create ADMIN group
Group::singleton()->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
// Find or create ADMIN group
Group::singleton()->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
// Find member
/** @skipUpgrade */
$admin = Member::get()
->filter('Email', Security::default_admin_username())
->first();
if (!$admin) {
// 'Password' is not set to avoid creating
// persistent logins in the database. See Security::setDefaultAdmin().
// Set 'Email' to identify this as the default admin
$admin = Member::create();
$admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
$admin->Email = Security::default_admin_username();
$admin->write();
}
// Find member
/** @skipUpgrade */
$admin = Member::get()
->filter('Email', Security::default_admin_username())
->first();
if(!$admin) {
// 'Password' is not set to avoid creating
// persistent logins in the database. See Security::setDefaultAdmin().
// Set 'Email' to identify this as the default admin
$admin = Member::create();
$admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
$admin->Email = Security::default_admin_username();
$admin->write();
}
// Ensure this user is in the admin group
if (!$admin->inGroup($adminGroup)) {
// Add member to group instead of adding group to member
// This bypasses the privilege escallation code in Member_GroupSet
$adminGroup
->DirectMembers()
->add($admin);
}
// Ensure this user is in the admin group
if(!$admin->inGroup($adminGroup)) {
// Add member to group instead of adding group to member
// This bypasses the privilege escallation code in Member_GroupSet
$adminGroup
->DirectMembers()
->add($admin);
}
return $admin;
}
return $admin;
}
/**
* Check if the passed password matches the stored one (if the member is not locked out).
*
* @param string $password
* @return ValidationResult
*/
/**
* Check if the passed password matches the stored one (if the member is not locked out).
*
* @param string $password
* @return ValidationResult
*/
public function checkPassword($password)
{
$result = $this->canLogIn();
$result = $this->canLogIn();
// Short-circuit the result upon failure, no further checks needed.
if (!$result->valid()) {
return $result;
}
// Short-circuit the result upon failure, no further checks needed.
if (!$result->valid()) {
return $result;
}
// Allow default admin to login as self
if ($this->isDefaultAdmin() && Security::check_default_admin($this->Email, $password)) {
return $result;
}
// Allow default admin to login as self
if($this->isDefaultAdmin() && Security::check_default_admin($this->Email, $password)) {
return $result;
}
// Check a password is set on this member
if (empty($this->Password) && $this->exists()) {
$result->error(_t('Member.NoPassword', 'There is no password on this member.'));
return $result;
}
// Check a password is set on this member
if(empty($this->Password) && $this->exists()) {
$result->addError(_t('Member.NoPassword','There is no password on this member.'));
return $result;
}
$e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption);
if (!$e->check($this->Password, $password, $this->Salt, $this)) {
$result->error(_t(
'Member.ERRORWRONGCRED',
'The provided details don\'t seem to be correct. Please try again.'
));
}
$e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption);
if(!$e->check($this->Password, $password, $this->Salt, $this)) {
$result->addError(_t (
'Member.ERRORWRONGCRED',
'The provided details don\'t seem to be correct. Please try again.'
));
}
return $result;
}
return $result;
}
/**
* Check if this user is the currently configured default admin
*
* @return bool
*/
/**
* Check if this user is the currently configured default admin
*
* @return bool
*/
public function isDefaultAdmin()
{
return Security::has_default_admin()
&& $this->Email === Security::default_admin_username();
}
return Security::has_default_admin()
&& $this->Email === Security::default_admin_username();
}
/**
* Returns a valid {@link ValidationResult} if this member can currently log in, or an invalid
* one with error messages to display if the member is locked out.
*
* You can hook into this with a "canLogIn" method on an attached extension.
*
* @return ValidationResult
*/
/**
* Returns a valid {@link ValidationResult} if this member can currently log in, or an invalid
* one with error messages to display if the member is locked out.
*
* You can hook into this with a "canLogIn" method on an attached extension.
*
* @return ValidationResult
*/
public function canLogIn()
{
$result = ValidationResult::create();
$result = ValidationResult::create();
if ($this->isLockedOut()) {
$result->error(
_t(
'Member.ERRORLOCKEDOUT2',
'Your account has been temporarily disabled because of too many failed attempts at ' .
'logging in. Please try again in {count} minutes.',
null,
array('count' => $this->config()->lock_out_delay_mins)
)
);
}
if($this->isLockedOut()) {
$result->addError(
_t(
'Member.ERRORLOCKEDOUT2',
'Your account has been temporarily disabled because of too many failed attempts at ' .
'logging in. Please try again in {count} minutes.',
null,
array('count' => $this->config()->lock_out_delay_mins)
)
);
}
$this->extend('canLogIn', $result);
return $result;
}
$this->extend('canLogIn', $result);
return $result;
}
/**
* Returns true if this user is locked out
*/
/**
* Returns true if this user is locked out
*/
public function isLockedOut()
{
return $this->LockedOutUntil && DBDatetime::now()->Format('U') < strtotime($this->LockedOutUntil);
}
return $this->LockedOutUntil && DBDatetime::now()->Format('U') < strtotime($this->LockedOutUntil);
}
/**
* Regenerate the session_id.
* This wrapper is here to make it easier to disable calls to session_regenerate_id(), should you need to.
* They have caused problems in certain
* quirky problems (such as using the Windmill 0.3.6 proxy).
*/
/**
* Regenerate the session_id.
* This wrapper is here to make it easier to disable calls to session_regenerate_id(), should you need to.
* They have caused problems in certain
* quirky problems (such as using the Windmill 0.3.6 proxy).
*/
public static function session_regenerate_id()
{
if (!self::config()->session_regenerate_id) {
return;
}
// This can be called via CLI during testing.
// This can be called via CLI during testing.
if (Director::is_cli()) {
return;
}
$file = '';
$line = '';
$file = '';
$line = '';
// @ is to supress win32 warnings/notices when session wasn't cleaned up properly
// There's nothing we can do about this, because it's an operating system function!
// @ is to supress win32 warnings/notices when session wasn't cleaned up properly
// There's nothing we can do about this, because it's an operating system function!
if (!headers_sent($file, $line)) {
@session_regenerate_id(true);
}
}
}
/**
* Set a {@link PasswordValidator} object to use to validate member's passwords.
*
* @param PasswordValidator $pv
*/
/**
* Set a {@link PasswordValidator} object to use to validate member's passwords.
*
* @param PasswordValidator $pv
*/
public static function set_password_validator($pv)
{
self::$password_validator = $pv;
}
self::$password_validator = $pv;
}
/**
* Returns the current {@link PasswordValidator}
*
* @return PasswordValidator
*/
/**
* Returns the current {@link PasswordValidator}
*
* @return PasswordValidator
*/
public static function password_validator()
{
return self::$password_validator;
}
return self::$password_validator;
}
public function isPasswordExpired()
@ -444,176 +444,176 @@ class Member extends DataObject implements TemplateGlobalProvider
if (!$this->PasswordExpiry) {
return false;
}
return strtotime(date('Y-m-d')) >= strtotime($this->PasswordExpiry);
}
return strtotime(date('Y-m-d')) >= strtotime($this->PasswordExpiry);
}
/**
* Logs this member in
*
* @param bool $remember If set to TRUE, the member will be logged in automatically the next time.
*/
/**
* Logs this member in
*
* @param bool $remember If set to TRUE, the member will be logged in automatically the next time.
*/
public function logIn($remember = false)
{
$this->extend('beforeMemberLoggedIn');
$this->extend('beforeMemberLoggedIn');
self::session_regenerate_id();
self::session_regenerate_id();
Session::set("loggedInAs", $this->ID);
// This lets apache rules detect whether the user has logged in
Session::set("loggedInAs", $this->ID);
// This lets apache rules detect whether the user has logged in
if (Member::config()->login_marker_cookie) {
Cookie::set(Member::config()->login_marker_cookie, 1, 0);
}
if (Security::config()->autologin_enabled) {
// Cleans up any potential previous hash for this member on this device
if ($alcDevice = Cookie::get('alc_device')) {
RememberLoginHash::get()->filter('DeviceID', $alcDevice)->removeAll();
}
if ($remember) {
$rememberLoginHash = RememberLoginHash::generate($this);
$tokenExpiryDays = Config::inst()->get(
'SilverStripe\\Security\\RememberLoginHash',
'token_expiry_days'
);
$deviceExpiryDays = Config::inst()->get(
'SilverStripe\\Security\\RememberLoginHash',
'device_expiry_days'
);
Cookie::set(
'alc_enc',
$this->ID . ':' . $rememberLoginHash->getToken(),
$tokenExpiryDays,
null,
null,
null,
true
);
Cookie::set('alc_device', $rememberLoginHash->DeviceID, $deviceExpiryDays, null, null, null, true);
if (Security::config()->autologin_enabled) {
// Cleans up any potential previous hash for this member on this device
if ($alcDevice = Cookie::get('alc_device')) {
RememberLoginHash::get()->filter('DeviceID', $alcDevice)->removeAll();
}
if($remember) {
$rememberLoginHash = RememberLoginHash::generate($this);
$tokenExpiryDays = Config::inst()->get(
'SilverStripe\\Security\\RememberLoginHash',
'token_expiry_days'
);
$deviceExpiryDays = Config::inst()->get(
'SilverStripe\\Security\\RememberLoginHash',
'device_expiry_days'
);
Cookie::set(
'alc_enc',
$this->ID . ':' . $rememberLoginHash->getToken(),
$tokenExpiryDays,
null,
null,
null,
true
);
Cookie::set('alc_device', $rememberLoginHash->DeviceID, $deviceExpiryDays, null, null, null, true);
} else {
Cookie::set('alc_enc', null);
Cookie::set('alc_device', null);
Cookie::force_expiry('alc_enc');
Cookie::force_expiry('alc_device');
}
}
// Clear the incorrect log-in count
$this->registerSuccessfulLogin();
Cookie::set('alc_enc', null);
Cookie::set('alc_device', null);
Cookie::force_expiry('alc_enc');
Cookie::force_expiry('alc_device');
}
}
// Clear the incorrect log-in count
$this->registerSuccessfulLogin();
$this->LockedOutUntil = null;
$this->LockedOutUntil = null;
$this->regenerateTempID();
$this->regenerateTempID();
$this->write();
$this->write();
// Audit logging hook
$this->extend('memberLoggedIn');
}
// Audit logging hook
$this->extend('memberLoggedIn');
}
/**
* Trigger regeneration of TempID.
*
* This should be performed any time the user presents their normal identification (normally Email)
* and is successfully authenticated.
*/
/**
* Trigger regeneration of TempID.
*
* This should be performed any time the user presents their normal identification (normally Email)
* and is successfully authenticated.
*/
public function regenerateTempID()
{
$generator = new RandomGenerator();
$this->TempIDHash = $generator->randomToken('sha1');
$this->TempIDExpired = self::config()->temp_id_lifetime
? date('Y-m-d H:i:s', strtotime(DBDatetime::now()->getValue()) + self::config()->temp_id_lifetime)
: null;
$this->write();
}
$generator = new RandomGenerator();
$this->TempIDHash = $generator->randomToken('sha1');
$this->TempIDExpired = self::config()->temp_id_lifetime
? date('Y-m-d H:i:s', strtotime(DBDatetime::now()->getValue()) + self::config()->temp_id_lifetime)
: null;
$this->write();
}
/**
* Check if the member ID logged in session actually
* has a database record of the same ID. If there is
* no logged in user, FALSE is returned anyway.
*
* @return boolean TRUE record found FALSE no record found
*/
/**
* Check if the member ID logged in session actually
* has a database record of the same ID. If there is
* no logged in user, FALSE is returned anyway.
*
* @return boolean TRUE record found FALSE no record found
*/
public static function logged_in_session_exists()
{
if ($id = Member::currentUserID()) {
if ($member = DataObject::get_by_id('SilverStripe\\Security\\Member', $id)) {
if($id = Member::currentUserID()) {
if($member = DataObject::get_by_id('SilverStripe\\Security\\Member', $id)) {
if ($member->exists()) {
return true;
}
}
}
}
}
return false;
}
return false;
}
/**
* Log the user in if the "remember login" cookie is set
*
* The <i>remember login token</i> will be changed on every successful
* auto-login.
*/
/**
* Log the user in if the "remember login" cookie is set
*
* The <i>remember login token</i> will be changed on every successful
* auto-login.
*/
public static function autoLogin()
{
// Don't bother trying this multiple times
if (!class_exists('SilverStripe\\Dev\\SapphireTest', false) || !SapphireTest::is_running_test()) {
self::$_already_tried_to_auto_log_in = true;
}
// Don't bother trying this multiple times
if (!class_exists('SilverStripe\\Dev\\SapphireTest', false) || !SapphireTest::is_running_test()) {
self::$_already_tried_to_auto_log_in = true;
}
if (!Security::config()->autologin_enabled
|| strpos(Cookie::get('alc_enc'), ':') === false
|| Session::get("loggedInAs")
|| !Security::database_is_ready()
) {
return;
}
if(!Security::config()->autologin_enabled
|| strpos(Cookie::get('alc_enc'), ':') === false
|| Session::get("loggedInAs")
|| !Security::database_is_ready()
) {
return;
}
if (strpos(Cookie::get('alc_enc'), ':') && Cookie::get('alc_device') && !Session::get("loggedInAs")) {
list($uid, $token) = explode(':', Cookie::get('alc_enc'), 2);
if(strpos(Cookie::get('alc_enc'), ':') && Cookie::get('alc_device') && !Session::get("loggedInAs")) {
list($uid, $token) = explode(':', Cookie::get('alc_enc'), 2);
if (!$uid || !$token) {
return;
}
if (!$uid || !$token) {
return;
}
$deviceID = Cookie::get('alc_device');
$deviceID = Cookie::get('alc_device');
/** @var Member $member */
$member = Member::get()->byID($uid);
/** @var Member $member */
$member = Member::get()->byID($uid);
/** @var RememberLoginHash $rememberLoginHash */
$rememberLoginHash = null;
/** @var RememberLoginHash $rememberLoginHash */
$rememberLoginHash = null;
// check if autologin token matches
if ($member) {
$hash = $member->encryptWithUserSettings($token);
$rememberLoginHash = RememberLoginHash::get()
->filter(array(
'MemberID' => $member->ID,
'DeviceID' => $deviceID,
'Hash' => $hash
))->first();
if (!$rememberLoginHash) {
$member = null;
} else {
// Check for expired token
$expiryDate = new DateTime($rememberLoginHash->ExpiryDate);
$now = DBDatetime::now();
$now = new DateTime($now->Rfc2822());
if ($now > $expiryDate) {
$member = null;
}
}
}
// check if autologin token matches
if($member) {
$hash = $member->encryptWithUserSettings($token);
$rememberLoginHash = RememberLoginHash::get()
->filter(array(
'MemberID' => $member->ID,
'DeviceID' => $deviceID,
'Hash' => $hash
))->first();
if(!$rememberLoginHash) {
$member = null;
} else {
// Check for expired token
$expiryDate = new DateTime($rememberLoginHash->ExpiryDate);
$now = DBDatetime::now();
$now = new DateTime($now->Rfc2822());
if ($now > $expiryDate) {
$member = null;
}
}
}
if ($member) {
self::session_regenerate_id();
Session::set("loggedInAs", $member->ID);
// This lets apache rules detect whether the user has logged in
if (Member::config()->login_marker_cookie) {
Cookie::set(Member::config()->login_marker_cookie, 1, 0, null, null, false, true);
}
if($member) {
self::session_regenerate_id();
Session::set("loggedInAs", $member->ID);
// This lets apache rules detect whether the user has logged in
if(Member::config()->login_marker_cookie) {
Cookie::set(Member::config()->login_marker_cookie, 1, 0, null, null, false, true);
}
if ($rememberLoginHash) {
$rememberLoginHash->renew();
$tokenExpiryDays = RememberLoginHash::config()->get('token_expiry_days');
if ($rememberLoginHash) {
$rememberLoginHash->renew();
$tokenExpiryDays = RememberLoginHash::config()->get('token_expiry_days');
Cookie::set(
'alc_enc',
$member->ID . ':' . $rememberLoginHash->getToken(),
@ -623,272 +623,272 @@ class Member extends DataObject implements TemplateGlobalProvider
false,
true
);
}
}
$member->write();
$member->write();
// Audit logging hook
$member->extend('memberAutoLoggedIn');
}
}
}
// Audit logging hook
$member->extend('memberAutoLoggedIn');
}
}
}
/**
* Logs this member out.
*/
/**
* Logs this member out.
*/
public function logOut()
{
$this->extend('beforeMemberLoggedOut');
$this->extend('beforeMemberLoggedOut');
Session::clear("loggedInAs");
Session::clear("loggedInAs");
if (Member::config()->login_marker_cookie) {
Cookie::set(Member::config()->login_marker_cookie, null, 0);
}
Session::destroy();
Session::destroy();
$this->extend('memberLoggedOut');
$this->extend('memberLoggedOut');
// Clears any potential previous hashes for this member
RememberLoginHash::clear($this, Cookie::get('alc_device'));
// Clears any potential previous hashes for this member
RememberLoginHash::clear($this, Cookie::get('alc_device'));
Cookie::set('alc_enc', null); // // Clear the Remember Me cookie
Cookie::force_expiry('alc_enc');
Cookie::set('alc_device', null);
Cookie::force_expiry('alc_device');
Cookie::set('alc_enc', null); // // Clear the Remember Me cookie
Cookie::force_expiry('alc_enc');
Cookie::set('alc_device', null);
Cookie::force_expiry('alc_device');
// Switch back to live in order to avoid infinite loops when
// redirecting to the login screen (if this login screen is versioned)
Session::clear('readingMode');
// Switch back to live in order to avoid infinite loops when
// redirecting to the login screen (if this login screen is versioned)
Session::clear('readingMode');
$this->write();
$this->write();
// Audit logging hook
$this->extend('memberLoggedOut');
}
// Audit logging hook
$this->extend('memberLoggedOut');
}
/**
* Utility for generating secure password hashes for this member.
*
* @param string $string
* @return string
* @throws PasswordEncryptor_NotFoundException
*/
/**
* Utility for generating secure password hashes for this member.
*
* @param string $string
* @return string
* @throws PasswordEncryptor_NotFoundException
*/
public function encryptWithUserSettings($string)
{
if (!$string) {
return null;
}
// If the algorithm or salt is not available, it means we are operating
// on legacy account with unhashed password. Do not hash the string.
if (!$this->PasswordEncryption) {
return $string;
}
// If the algorithm or salt is not available, it means we are operating
// on legacy account with unhashed password. Do not hash the string.
if (!$this->PasswordEncryption) {
return $string;
}
// We assume we have PasswordEncryption and Salt available here.
$e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption);
return $e->encrypt($string, $this->Salt);
}
// We assume we have PasswordEncryption and Salt available here.
$e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption);
return $e->encrypt($string, $this->Salt);
}
/**
* Generate an auto login token which can be used to reset the password,
* at the same time hashing it and storing in the database.
*
* @param int $lifetime The lifetime of the auto login hash in days (by default 2 days)
*
* @returns string Token that should be passed to the client (but NOT persisted).
*
* @todo Make it possible to handle database errors such as a "duplicate key" error
*/
/**
* Generate an auto login token which can be used to reset the password,
* at the same time hashing it and storing in the database.
*
* @param int $lifetime The lifetime of the auto login hash in days (by default 2 days)
*
* @returns string Token that should be passed to the client (but NOT persisted).
*
* @todo Make it possible to handle database errors such as a "duplicate key" error
*/
public function generateAutologinTokenAndStoreHash($lifetime = 2)
{
do {
$generator = new RandomGenerator();
$token = $generator->randomToken();
$hash = $this->encryptWithUserSettings($token);
} while (DataObject::get_one('SilverStripe\\Security\\Member', array(
'"Member"."AutoLoginHash"' => $hash
)));
do {
$generator = new RandomGenerator();
$token = $generator->randomToken();
$hash = $this->encryptWithUserSettings($token);
} while(DataObject::get_one('SilverStripe\\Security\\Member', array(
'"Member"."AutoLoginHash"' => $hash
)));
$this->AutoLoginHash = $hash;
$this->AutoLoginExpired = date('Y-m-d H:i:s', time() + (86400 * $lifetime));
$this->AutoLoginHash = $hash;
$this->AutoLoginExpired = date('Y-m-d H:i:s', time() + (86400 * $lifetime));
$this->write();
$this->write();
return $token;
}
return $token;
}
/**
* Check the token against the member.
*
* @param string $autologinToken
*
* @returns bool Is token valid?
*/
/**
* Check the token against the member.
*
* @param string $autologinToken
*
* @returns bool Is token valid?
*/
public function validateAutoLoginToken($autologinToken)
{
$hash = $this->encryptWithUserSettings($autologinToken);
$member = self::member_from_autologinhash($hash, false);
return (bool)$member;
}
$hash = $this->encryptWithUserSettings($autologinToken);
$member = self::member_from_autologinhash($hash, false);
return (bool)$member;
}
/**
* Return the member for the auto login hash
*
* @param string $hash The hash key
* @param bool $login Should the member be logged in?
*
* @return Member the matching member, if valid
* @return Member
*/
/**
* Return the member for the auto login hash
*
* @param string $hash The hash key
* @param bool $login Should the member be logged in?
*
* @return Member the matching member, if valid
* @return Member
*/
public static function member_from_autologinhash($hash, $login = false)
{
$nowExpression = DB::get_conn()->now();
/** @var Member $member */
$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
"\"Member\".\"AutoLoginHash\"" => $hash,
"\"Member\".\"AutoLoginExpired\" > $nowExpression" // NOW() can't be parameterised
));
$nowExpression = DB::get_conn()->now();
/** @var Member $member */
$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
"\"Member\".\"AutoLoginHash\"" => $hash,
"\"Member\".\"AutoLoginExpired\" > $nowExpression" // NOW() can't be parameterised
));
if ($login && $member) {
$member->logIn();
}
return $member;
}
return $member;
}
/**
* Find a member record with the given TempIDHash value
*
* @param string $tempid
* @return Member
*/
/**
* Find a member record with the given TempIDHash value
*
* @param string $tempid
* @return Member
*/
public static function member_from_tempid($tempid)
{
$members = Member::get()
->filter('TempIDHash', $tempid);
$members = Member::get()
->filter('TempIDHash', $tempid);
// Exclude expired
if (static::config()->temp_id_lifetime) {
$members = $members->filter('TempIDExpired:GreaterThan', DBDatetime::now()->getValue());
}
// Exclude expired
if(static::config()->temp_id_lifetime) {
$members = $members->filter('TempIDExpired:GreaterThan', DBDatetime::now()->getValue());
}
return $members->first();
}
return $members->first();
}
/**
* Returns the fields for the member form - used in the registration/profile module.
* It should return fields that are editable by the admin and the logged-in user.
*
* @return FieldList Returns a {@link FieldList} containing the fields for
* the member form.
*/
/**
* Returns the fields for the member form - used in the registration/profile module.
* It should return fields that are editable by the admin and the logged-in user.
*
* @return FieldList Returns a {@link FieldList} containing the fields for
* the member form.
*/
public function getMemberFormFields()
{
$fields = parent::getFrontEndFields();
$fields = parent::getFrontEndFields();
$fields->replaceField('Password', $this->getMemberPasswordField());
$fields->replaceField('Password', $this->getMemberPasswordField());
$fields->replaceField('Locale', new DropdownField(
'Locale',
$this->fieldLabel('Locale'),
i18n::get_existing_translations()
));
$fields->replaceField('Locale', new DropdownField (
'Locale',
$this->fieldLabel('Locale'),
i18n::get_existing_translations()
));
$fields->removeByName(static::config()->hidden_fields);
$fields->removeByName('FailedLoginCount');
$fields->removeByName(static::config()->hidden_fields);
$fields->removeByName('FailedLoginCount');
$this->extend('updateMemberFormFields', $fields);
return $fields;
}
$this->extend('updateMemberFormFields', $fields);
return $fields;
}
/**
* Builds "Change / Create Password" field for this member
*
* @return ConfirmedPasswordField
*/
/**
* Builds "Change / Create Password" field for this member
*
* @return ConfirmedPasswordField
*/
public function getMemberPasswordField()
{
$editingPassword = $this->isInDB();
$label = $editingPassword
? _t('Member.EDIT_PASSWORD', 'New Password')
: $this->fieldLabel('Password');
/** @var ConfirmedPasswordField $password */
$password = ConfirmedPasswordField::create(
'Password',
$label,
null,
null,
$editingPassword
);
$editingPassword = $this->isInDB();
$label = $editingPassword
? _t('Member.EDIT_PASSWORD', 'New Password')
: $this->fieldLabel('Password');
/** @var ConfirmedPasswordField $password */
$password = ConfirmedPasswordField::create(
'Password',
$label,
null,
null,
$editingPassword
);
// If editing own password, require confirmation of existing
if ($editingPassword && $this->ID == Member::currentUserID()) {
$password->setRequireExistingPassword(true);
}
// If editing own password, require confirmation of existing
if($editingPassword && $this->ID == Member::currentUserID()) {
$password->setRequireExistingPassword(true);
}
$password->setCanBeEmpty(true);
$this->extend('updateMemberPasswordField', $password);
return $password;
}
$password->setCanBeEmpty(true);
$this->extend('updateMemberPasswordField', $password);
return $password;
}
/**
* Returns the {@link RequiredFields} instance for the Member object. This
* Validator is used when saving a {@link CMSProfileController} or added to
* any form responsible for saving a users data.
*
* To customize the required fields, add a {@link DataExtension} to member
* calling the `updateValidator()` method.
*
* @return Member_Validator
*/
/**
* Returns the {@link RequiredFields} instance for the Member object. This
* Validator is used when saving a {@link CMSProfileController} or added to
* any form responsible for saving a users data.
*
* To customize the required fields, add a {@link DataExtension} to member
* calling the `updateValidator()` method.
*
* @return Member_Validator
*/
public function getValidator()
{
$validator = Injector::inst()->create('SilverStripe\\Security\\Member_Validator');
$validator->setForMember($this);
$this->extend('updateValidator', $validator);
$validator = Injector::inst()->create('SilverStripe\\Security\\Member_Validator');
$validator->setForMember($this);
$this->extend('updateValidator', $validator);
return $validator;
}
return $validator;
}
/**
* Returns the current logged in user
*
* @return Member
*/
/**
* Returns the current logged in user
*
* @return Member
*/
public static function currentUser()
{
$id = Member::currentUserID();
$id = Member::currentUserID();
if ($id) {
return DataObject::get_by_id('SilverStripe\\Security\\Member', $id);
}
}
if($id) {
return DataObject::get_by_id('SilverStripe\\Security\\Member', $id);
}
}
/**
* Get the ID of the current logged in user
*
* @return int Returns the ID of the current logged in user or 0.
*/
/**
* Get the ID of the current logged in user
*
* @return int Returns the ID of the current logged in user or 0.
*/
public static function currentUserID()
{
$id = Session::get("loggedInAs");
if (!$id && !self::$_already_tried_to_auto_log_in) {
self::autoLogin();
$id = Session::get("loggedInAs");
}
$id = Session::get("loggedInAs");
if(!$id && !self::$_already_tried_to_auto_log_in) {
self::autoLogin();
$id = Session::get("loggedInAs");
}
return is_numeric($id) ? $id : 0;
}
private static $_already_tried_to_auto_log_in = false;
return is_numeric($id) ? $id : 0;
}
private static $_already_tried_to_auto_log_in = false;
/*
/*
* Generate a random password, with randomiser to kick in if there's no words file on the
* filesystem.
*
@ -896,178 +896,178 @@ class Member extends DataObject implements TemplateGlobalProvider
*/
public static function create_new_password()
{
$words = Config::inst()->get('SilverStripe\\Security\\Security', 'word_list');
$words = Config::inst()->get('SilverStripe\\Security\\Security', 'word_list');
if ($words && file_exists($words)) {
$words = file($words);
if($words && file_exists($words)) {
$words = file($words);
list($usec, $sec) = explode(' ', microtime());
srand($sec + ((float) $usec * 100000));
list($usec, $sec) = explode(' ', microtime());
srand($sec + ((float) $usec * 100000));
$word = trim($words[rand(0, sizeof($words)-1)]);
$number = rand(10, 999);
$word = trim($words[rand(0,sizeof($words)-1)]);
$number = rand(10,999);
return $word . $number;
} else {
$random = rand();
$string = md5($random);
$output = substr($string, 0, 8);
return $output;
}
}
return $word . $number;
} else {
$random = rand();
$string = md5($random);
$output = substr($string, 0, 8);
return $output;
}
}
/**
* Event handler called before writing to the database.
*/
/**
* Event handler called before writing to the database.
*/
public function onBeforeWrite()
{
if ($this->SetPassword) {
$this->Password = $this->SetPassword;
}
// If a member with the same "unique identifier" already exists with a different ID, don't allow merging.
// Note: This does not a full replacement for safeguards in the controller layer (e.g. in a registration form),
// but rather a last line of defense against data inconsistencies.
$identifierField = Member::config()->unique_identifier_field;
if ($this->$identifierField) {
// Note: Same logic as Member_Validator class
$filter = array("\"$identifierField\"" => $this->$identifierField);
if ($this->ID) {
$filter[] = array('"Member"."ID" <> ?' => $this->ID);
}
$existingRecord = DataObject::get_one('SilverStripe\\Security\\Member', $filter);
// If a member with the same "unique identifier" already exists with a different ID, don't allow merging.
// Note: This does not a full replacement for safeguards in the controller layer (e.g. in a registration form),
// but rather a last line of defense against data inconsistencies.
$identifierField = Member::config()->unique_identifier_field;
if($this->$identifierField) {
// Note: Same logic as Member_Validator class
$filter = array("\"$identifierField\"" => $this->$identifierField);
if($this->ID) {
$filter[] = array('"Member"."ID" <> ?' => $this->ID);
}
$existingRecord = DataObject::get_one('SilverStripe\\Security\\Member', $filter);
if ($existingRecord) {
throw new ValidationException(ValidationResult::create(false, _t(
'Member.ValidationIdentifierFailed',
'Can\'t overwrite existing member #{id} with identical identifier ({name} = {value}))',
'Values in brackets show "fieldname = value", usually denoting an existing email address',
array(
'id' => $existingRecord->ID,
'name' => $identifierField,
'value' => $this->$identifierField
)
)));
}
}
if($existingRecord) {
throw new ValidationException(ValidationResult::create()->adderror(_t(
'Member.ValidationIdentifierFailed',
'Can\'t overwrite existing member #{id} with identical identifier ({name} = {value}))',
'Values in brackets show "fieldname = value", usually denoting an existing email address',
array(
'id' => $existingRecord->ID,
'name' => $identifierField,
'value' => $this->$identifierField
)
)));
}
}
// We don't send emails out on dev/tests sites to prevent accidentally spamming users.
// However, if TestMailer is in use this isn't a risk.
// We don't send emails out on dev/tests sites to prevent accidentally spamming users.
// However, if TestMailer is in use this isn't a risk.
if ((Director::isLive() || Email::mailer() instanceof TestMailer)
&& $this->isChanged('Password')
&& $this->record['Password']
&& $this->config()->notify_password_change
) {
/** @var Email $e */
$e = Email::create();
$e->setSubject(_t('Member.SUBJECTPASSWORDCHANGED', "Your password has been changed", 'Email subject'));
$e->setTemplate('ChangePasswordEmail');
$e->populateTemplate($this);
$e->setTo($this->Email);
$e->send();
}
&& $this->isChanged('Password')
&& $this->record['Password']
&& $this->config()->notify_password_change
) {
/** @var Email $e */
$e = Email::create();
$e->setSubject(_t('Member.SUBJECTPASSWORDCHANGED', "Your password has been changed", 'Email subject'));
$e->setTemplate('ChangePasswordEmail');
$e->populateTemplate($this);
$e->setTo($this->Email);
$e->send();
}
// The test on $this->ID is used for when records are initially created.
// Note that this only works with cleartext passwords, as we can't rehash
// existing passwords.
if ((!$this->ID && $this->Password) || $this->isChanged('Password')) {
//reset salt so that it gets regenerated - this will invalidate any persistant login cookies
// or other information encrypted with this Member's settings (see self::encryptWithUserSettings)
$this->Salt = '';
// Password was changed: encrypt the password according the settings
$encryption_details = Security::encrypt_password(
$this->Password, // this is assumed to be cleartext
$this->Salt,
($this->PasswordEncryption) ?
$this->PasswordEncryption : Security::config()->password_encryption_algorithm,
$this
);
// The test on $this->ID is used for when records are initially created.
// Note that this only works with cleartext passwords, as we can't rehash
// existing passwords.
if((!$this->ID && $this->Password) || $this->isChanged('Password')) {
//reset salt so that it gets regenerated - this will invalidate any persistant login cookies
// or other information encrypted with this Member's settings (see self::encryptWithUserSettings)
$this->Salt = '';
// Password was changed: encrypt the password according the settings
$encryption_details = Security::encrypt_password(
$this->Password, // this is assumed to be cleartext
$this->Salt,
($this->PasswordEncryption) ?
$this->PasswordEncryption : Security::config()->password_encryption_algorithm,
$this
);
// Overwrite the Password property with the hashed value
$this->Password = $encryption_details['password'];
$this->Salt = $encryption_details['salt'];
$this->PasswordEncryption = $encryption_details['algorithm'];
// Overwrite the Password property with the hashed value
$this->Password = $encryption_details['password'];
$this->Salt = $encryption_details['salt'];
$this->PasswordEncryption = $encryption_details['algorithm'];
// If we haven't manually set a password expiry
if (!$this->isChanged('PasswordExpiry')) {
// then set it for us
if (self::config()->password_expiry_days) {
$this->PasswordExpiry = date('Y-m-d', time() + 86400 * self::config()->password_expiry_days);
} else {
$this->PasswordExpiry = null;
}
}
}
// If we haven't manually set a password expiry
if(!$this->isChanged('PasswordExpiry')) {
// then set it for us
if(self::config()->password_expiry_days) {
$this->PasswordExpiry = date('Y-m-d', time() + 86400 * self::config()->password_expiry_days);
} else {
$this->PasswordExpiry = null;
}
}
}
// save locale
if (!$this->Locale) {
$this->Locale = i18n::get_locale();
}
// save locale
if(!$this->Locale) {
$this->Locale = i18n::get_locale();
}
parent::onBeforeWrite();
}
parent::onBeforeWrite();
}
public function onAfterWrite()
{
parent::onAfterWrite();
parent::onAfterWrite();
Permission::flush_permission_cache();
Permission::flush_permission_cache();
if ($this->isChanged('Password')) {
MemberPassword::log($this);
}
}
if($this->isChanged('Password')) {
MemberPassword::log($this);
}
}
public function onAfterDelete()
{
parent::onAfterDelete();
parent::onAfterDelete();
//prevent orphaned records remaining in the DB
$this->deletePasswordLogs();
}
//prevent orphaned records remaining in the DB
$this->deletePasswordLogs();
}
/**
* Delete the MemberPassword objects that are associated to this user
*
* @return $this
*/
/**
* Delete the MemberPassword objects that are associated to this user
*
* @return $this
*/
protected function deletePasswordLogs()
{
foreach ($this->LoggedPasswords() as $password) {
$password->delete();
$password->destroy();
}
return $this;
}
foreach ($this->LoggedPasswords() as $password) {
$password->delete();
$password->destroy();
}
return $this;
}
/**
* Filter out admin groups to avoid privilege escalation,
* If any admin groups are requested, deny the whole save operation.
*
* @param array $ids Database IDs of Group records
* @return bool True if the change can be accepted
*/
/**
* Filter out admin groups to avoid privilege escalation,
* If any admin groups are requested, deny the whole save operation.
*
* @param array $ids Database IDs of Group records
* @return bool True if the change can be accepted
*/
public function onChangeGroups($ids)
{
// unless the current user is an admin already OR the logged in user is an admin
if (Permission::check('ADMIN') || Permission::checkMember($this, 'ADMIN')) {
return true;
}
// unless the current user is an admin already OR the logged in user is an admin
if(Permission::check('ADMIN') || Permission::checkMember($this, 'ADMIN')) {
return true;
}
// If there are no admin groups in this set then it's ok
$adminGroups = Permission::get_groups_by_permission('ADMIN');
$adminGroupIDs = ($adminGroups) ? $adminGroups->column('ID') : array();
return count(array_intersect($ids, $adminGroupIDs)) == 0;
}
// If there are no admin groups in this set then it's ok
$adminGroups = Permission::get_groups_by_permission('ADMIN');
$adminGroupIDs = ($adminGroups) ? $adminGroups->column('ID') : array();
return count(array_intersect($ids, $adminGroupIDs)) == 0;
}
/**
* Check if the member is in one of the given groups.
*
* @param array|SS_List $groups Collection of {@link Group} DataObjects to check
* @param boolean $strict Only determine direct group membership if set to true (Default: false)
* @return bool Returns TRUE if the member is in one of the given groups, otherwise FALSE.
*/
/**
* Check if the member is in one of the given groups.
*
* @param array|SS_List $groups Collection of {@link Group} DataObjects to check
* @param boolean $strict Only determine direct group membership if set to true (Default: false)
* @return bool Returns TRUE if the member is in one of the given groups, otherwise FALSE.
*/
public function inGroups($groups, $strict = false)
{
if ($groups) {
@ -1076,608 +1076,608 @@ class Member extends DataObject implements TemplateGlobalProvider
return true;
}
}
}
}
return false;
}
return false;
}
/**
* Check if the member is in the given group or any parent groups.
*
* @param int|Group|string $group Group instance, Group Code or ID
* @param boolean $strict Only determine direct group membership if set to TRUE (Default: FALSE)
* @return bool Returns TRUE if the member is in the given group, otherwise FALSE.
*/
/**
* Check if the member is in the given group or any parent groups.
*
* @param int|Group|string $group Group instance, Group Code or ID
* @param boolean $strict Only determine direct group membership if set to TRUE (Default: FALSE)
* @return bool Returns TRUE if the member is in the given group, otherwise FALSE.
*/
public function inGroup($group, $strict = false)
{
if (is_numeric($group)) {
$groupCheckObj = DataObject::get_by_id('SilverStripe\\Security\\Group', $group);
} elseif (is_string($group)) {
$groupCheckObj = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => $group
));
} elseif ($group instanceof Group) {
$groupCheckObj = $group;
} else {
user_error('Member::inGroup(): Wrong format for $group parameter', E_USER_ERROR);
}
if(is_numeric($group)) {
$groupCheckObj = DataObject::get_by_id('SilverStripe\\Security\\Group', $group);
} elseif(is_string($group)) {
$groupCheckObj = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => $group
));
} elseif($group instanceof Group) {
$groupCheckObj = $group;
} else {
user_error('Member::inGroup(): Wrong format for $group parameter', E_USER_ERROR);
}
if (!$groupCheckObj) {
return false;
}
$groupCandidateObjs = ($strict) ? $this->getManyManyComponents("Groups") : $this->Groups();
$groupCandidateObjs = ($strict) ? $this->getManyManyComponents("Groups") : $this->Groups();
if ($groupCandidateObjs) {
foreach ($groupCandidateObjs as $groupCandidateObj) {
if ($groupCandidateObj->ID == $groupCheckObj->ID) {
return true;
}
}
}
}
return false;
}
return false;
}
/**
* Adds the member to a group. This will create the group if the given
* group code does not return a valid group object.
*
* @param string $groupcode
* @param string $title Title of the group
*/
/**
* Adds the member to a group. This will create the group if the given
* group code does not return a valid group object.
*
* @param string $groupcode
* @param string $title Title of the group
*/
public function addToGroupByCode($groupcode, $title = "")
{
$group = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => $groupcode
));
$group = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => $groupcode
));
if ($group) {
$this->Groups()->add($group);
} else {
if($group) {
$this->Groups()->add($group);
} else {
if (!$title) {
$title = $groupcode;
}
$group = new Group();
$group->Code = $groupcode;
$group->Title = $title;
$group->write();
$group = new Group();
$group->Code = $groupcode;
$group->Title = $title;
$group->write();
$this->Groups()->add($group);
}
}
$this->Groups()->add($group);
}
}
/**
* Removes a member from a group.
*
* @param string $groupcode
*/
/**
* Removes a member from a group.
*
* @param string $groupcode
*/
public function removeFromGroupByCode($groupcode)
{
$group = Group::get()->filter(array('Code' => $groupcode))->first();
$group = Group::get()->filter(array('Code' => $groupcode))->first();
if ($group) {
$this->Groups()->remove($group);
}
}
if($group) {
$this->Groups()->remove($group);
}
}
/**
* @param array $columns Column names on the Member record to show in {@link getTitle()}.
* @param String $sep Separator
*/
/**
* @param array $columns Column names on the Member record to show in {@link getTitle()}.
* @param String $sep Separator
*/
public static function set_title_columns($columns, $sep = ' ')
{
if (!is_array($columns)) {
$columns = array($columns);
}
self::config()->title_format = array('columns' => $columns, 'sep' => $sep);
}
self::config()->title_format = array('columns' => $columns, 'sep' => $sep);
}
//------------------- HELPER METHODS -----------------------------------//
//------------------- HELPER METHODS -----------------------------------//
/**
* Get the complete name of the member, by default in the format "<Surname>, <FirstName>".
* Falls back to showing either field on its own.
*
* You can overload this getter with {@link set_title_format()}
* and {@link set_title_sql()}.
*
* @return string Returns the first- and surname of the member. If the ID
* of the member is equal 0, only the surname is returned.
*/
/**
* Get the complete name of the member, by default in the format "<Surname>, <FirstName>".
* Falls back to showing either field on its own.
*
* You can overload this getter with {@link set_title_format()}
* and {@link set_title_sql()}.
*
* @return string Returns the first- and surname of the member. If the ID
* of the member is equal 0, only the surname is returned.
*/
public function getTitle()
{
$format = $this->config()->title_format;
if ($format) {
$values = array();
foreach ($format['columns'] as $col) {
$values[] = $this->getField($col);
}
return join($format['sep'], $values);
}
$format = $this->config()->title_format;
if ($format) {
$values = array();
foreach($format['columns'] as $col) {
$values[] = $this->getField($col);
}
return join($format['sep'], $values);
}
if ($this->getField('ID') === 0) {
return $this->getField('Surname');
return $this->getField('Surname');
} else {
if ($this->getField('Surname') && $this->getField('FirstName')) {
return $this->getField('Surname') . ', ' . $this->getField('FirstName');
} elseif ($this->getField('Surname')) {
return $this->getField('Surname');
} elseif ($this->getField('FirstName')) {
return $this->getField('FirstName');
} else {
return null;
}
}
}
if($this->getField('Surname') && $this->getField('FirstName')){
return $this->getField('Surname') . ', ' . $this->getField('FirstName');
}elseif($this->getField('Surname')){
return $this->getField('Surname');
}elseif($this->getField('FirstName')){
return $this->getField('FirstName');
}else{
return null;
}
}
}
/**
* Return a SQL CONCAT() fragment suitable for a SELECT statement.
* Useful for custom queries which assume a certain member title format.
*
* @return String SQL
*/
/**
* Return a SQL CONCAT() fragment suitable for a SELECT statement.
* Useful for custom queries which assume a certain member title format.
*
* @return String SQL
*/
public static function get_title_sql()
{
// This should be abstracted to SSDatabase concatOperator or similar.
$op = (DB::get_conn() instanceof MSSQLDatabase) ? " + " : " || ";
// This should be abstracted to SSDatabase concatOperator or similar.
$op = (DB::get_conn() instanceof MSSQLDatabase) ? " + " : " || ";
// Get title_format with fallback to default
$format = static::config()->title_format;
if (!$format) {
$format = [
'columns' => ['Surname', 'FirstName'],
'sep' => ' ',
];
}
// Get title_format with fallback to default
$format = static::config()->title_format;
if (!$format) {
$format = [
'columns' => ['Surname', 'FirstName'],
'sep' => ' ',
];
}
$columnsWithTablename = array();
foreach ($format['columns'] as $column) {
$columnsWithTablename[] = static::getSchema()->sqlColumnForField(__CLASS__, $column);
}
$columnsWithTablename = array();
foreach($format['columns'] as $column) {
$columnsWithTablename[] = static::getSchema()->sqlColumnForField(__CLASS__, $column);
}
$sepSQL = Convert::raw2sql($format['sep'], true);
return "(".join(" $op $sepSQL $op ", $columnsWithTablename).")";
}
$sepSQL = Convert::raw2sql($format['sep'], true);
return "(".join(" $op $sepSQL $op ", $columnsWithTablename).")";
}
/**
* Get the complete name of the member
*
* @return string Returns the first- and surname of the member.
*/
/**
* Get the complete name of the member
*
* @return string Returns the first- and surname of the member.
*/
public function getName()
{
return ($this->Surname) ? trim($this->FirstName . ' ' . $this->Surname) : $this->FirstName;
}
return ($this->Surname) ? trim($this->FirstName . ' ' . $this->Surname) : $this->FirstName;
}
/**
* Set first- and surname
*
* This method assumes that the last part of the name is the surname, e.g.
* <i>A B C</i> will result in firstname <i>A B</i> and surname <i>C</i>
*
* @param string $name The name
*/
/**
* Set first- and surname
*
* This method assumes that the last part of the name is the surname, e.g.
* <i>A B C</i> will result in firstname <i>A B</i> and surname <i>C</i>
*
* @param string $name The name
*/
public function setName($name)
{
$nameParts = explode(' ', $name);
$this->Surname = array_pop($nameParts);
$this->FirstName = join(' ', $nameParts);
}
$nameParts = explode(' ', $name);
$this->Surname = array_pop($nameParts);
$this->FirstName = join(' ', $nameParts);
}
/**
* Alias for {@link setName}
*
* @param string $name The name
* @see setName()
*/
/**
* Alias for {@link setName}
*
* @param string $name The name
* @see setName()
*/
public function splitName($name)
{
return $this->setName($name);
}
return $this->setName($name);
}
/**
* Override the default getter for DateFormat so the
* default format for the user's locale is used
* if the user has not defined their own.
*
* @return string ISO date format
*/
/**
* Override the default getter for DateFormat so the
* default format for the user's locale is used
* if the user has not defined their own.
*
* @return string ISO date format
*/
public function getDateFormat()
{
if ($this->getField('DateFormat')) {
return $this->getField('DateFormat');
} else {
return i18n::config()->get('date_format');
}
}
if($this->getField('DateFormat')) {
return $this->getField('DateFormat');
} else {
return i18n::config()->get('date_format');
}
}
/**
* Override the default getter for TimeFormat so the
* default format for the user's locale is used
* if the user has not defined their own.
*
* @return string ISO date format
*/
/**
* Override the default getter for TimeFormat so the
* default format for the user's locale is used
* if the user has not defined their own.
*
* @return string ISO date format
*/
public function getTimeFormat()
{
if ($this->getField('TimeFormat')) {
return $this->getField('TimeFormat');
} else {
return i18n::config()->get('time_format');
}
}
if($this->getField('TimeFormat')) {
return $this->getField('TimeFormat');
} else {
return i18n::config()->get('time_format');
}
}
//---------------------------------------------------------------------//
//---------------------------------------------------------------------//
/**
* Get a "many-to-many" map that holds for all members their group memberships,
* including any parent groups where membership is implied.
* Use {@link DirectGroups()} to only retrieve the group relations without inheritance.
*
* @todo Push all this logic into Member_GroupSet's getIterator()?
* @return Member_Groupset
*/
/**
* Get a "many-to-many" map that holds for all members their group memberships,
* including any parent groups where membership is implied.
* Use {@link DirectGroups()} to only retrieve the group relations without inheritance.
*
* @todo Push all this logic into Member_GroupSet's getIterator()?
* @return Member_Groupset
*/
public function Groups()
{
$groups = Member_GroupSet::create('SilverStripe\\Security\\Group', 'Group_Members', 'GroupID', 'MemberID');
$groups = $groups->forForeignID($this->ID);
$groups = Member_GroupSet::create('SilverStripe\\Security\\Group', 'Group_Members', 'GroupID', 'MemberID');
$groups = $groups->forForeignID($this->ID);
$this->extend('updateGroups', $groups);
$this->extend('updateGroups', $groups);
return $groups;
}
return $groups;
}
/**
* @return ManyManyList
*/
/**
* @return ManyManyList
*/
public function DirectGroups()
{
return $this->getManyManyComponents('Groups');
}
return $this->getManyManyComponents('Groups');
}
/**
* Get a member SQLMap of members in specific groups
*
* If no $groups is passed, all members will be returned
*
* @param mixed $groups - takes a SS_List, an array or a single Group.ID
* @return Map Returns an Map that returns all Member data.
*/
/**
* Get a member SQLMap of members in specific groups
*
* If no $groups is passed, all members will be returned
*
* @param mixed $groups - takes a SS_List, an array or a single Group.ID
* @return Map Returns an Map that returns all Member data.
*/
public static function map_in_groups($groups = null)
{
$groupIDList = array();
$groupIDList = array();
if ($groups instanceof SS_List) {
foreach ($groups as $group) {
$groupIDList[] = $group->ID;
}
} elseif (is_array($groups)) {
$groupIDList = $groups;
} elseif ($groups) {
$groupIDList[] = $groups;
}
if($groups instanceof SS_List) {
foreach( $groups as $group ) {
$groupIDList[] = $group->ID;
}
} elseif(is_array($groups)) {
$groupIDList = $groups;
} elseif($groups) {
$groupIDList[] = $groups;
}
// No groups, return all Members
if (!$groupIDList) {
return Member::get()->sort(array('Surname'=>'ASC', 'FirstName'=>'ASC'))->map();
}
// No groups, return all Members
if(!$groupIDList) {
return Member::get()->sort(array('Surname'=>'ASC', 'FirstName'=>'ASC'))->map();
}
$membersList = new ArrayList();
// This is a bit ineffective, but follow the ORM style
foreach (Group::get()->byIDs($groupIDList) as $group) {
$membersList->merge($group->Members());
}
$membersList = new ArrayList();
// This is a bit ineffective, but follow the ORM style
foreach(Group::get()->byIDs($groupIDList) as $group) {
$membersList->merge($group->Members());
}
$membersList->removeDuplicates('ID');
return $membersList->map();
}
$membersList->removeDuplicates('ID');
return $membersList->map();
}
/**
* Get a map of all members in the groups given that have CMS permissions
*
* If no groups are passed, all groups with CMS permissions will be used.
*
* @param array $groups Groups to consider or NULL to use all groups with
* CMS permissions.
* @return Map Returns a map of all members in the groups given that
* have CMS permissions.
*/
/**
* Get a map of all members in the groups given that have CMS permissions
*
* If no groups are passed, all groups with CMS permissions will be used.
*
* @param array $groups Groups to consider or NULL to use all groups with
* CMS permissions.
* @return Map Returns a map of all members in the groups given that
* have CMS permissions.
*/
public static function mapInCMSGroups($groups = null)
{
if (!$groups || $groups->Count() == 0) {
$perms = array('ADMIN', 'CMS_ACCESS_AssetAdmin');
if(!$groups || $groups->Count() == 0) {
$perms = array('ADMIN', 'CMS_ACCESS_AssetAdmin');
if (class_exists('SilverStripe\\CMS\\Controllers\\CMSMain')) {
$cmsPerms = CMSMain::singleton()->providePermissions();
} else {
$cmsPerms = LeftAndMain::singleton()->providePermissions();
}
if (class_exists('SilverStripe\\CMS\\Controllers\\CMSMain')) {
$cmsPerms = CMSMain::singleton()->providePermissions();
} else {
$cmsPerms = LeftAndMain::singleton()->providePermissions();
}
if (!empty($cmsPerms)) {
$perms = array_unique(array_merge($perms, array_keys($cmsPerms)));
}
if(!empty($cmsPerms)) {
$perms = array_unique(array_merge($perms, array_keys($cmsPerms)));
}
$permsClause = DB::placeholders($perms);
/** @skipUpgrade */
$groups = Group::get()
->innerJoin("Permission", '"Permission"."GroupID" = "Group"."ID"')
->where(array(
"\"Permission\".\"Code\" IN ($permsClause)" => $perms
));
}
$permsClause = DB::placeholders($perms);
/** @skipUpgrade */
$groups = Group::get()
->innerJoin("Permission", '"Permission"."GroupID" = "Group"."ID"')
->where(array(
"\"Permission\".\"Code\" IN ($permsClause)" => $perms
));
}
$groupIDList = array();
$groupIDList = array();
if ($groups instanceof SS_List) {
foreach ($groups as $group) {
$groupIDList[] = $group->ID;
}
} elseif (is_array($groups)) {
$groupIDList = $groups;
}
if($groups instanceof SS_List) {
foreach($groups as $group) {
$groupIDList[] = $group->ID;
}
} elseif(is_array($groups)) {
$groupIDList = $groups;
}
/** @skipUpgrade */
$members = Member::get()
->innerJoin("Group_Members", '"Group_Members"."MemberID" = "Member"."ID"')
->innerJoin("Group", '"Group"."ID" = "Group_Members"."GroupID"');
if ($groupIDList) {
$groupClause = DB::placeholders($groupIDList);
$members = $members->where(array(
"\"Group\".\"ID\" IN ($groupClause)" => $groupIDList
));
}
/** @skipUpgrade */
$members = Member::get()
->innerJoin("Group_Members", '"Group_Members"."MemberID" = "Member"."ID"')
->innerJoin("Group", '"Group"."ID" = "Group_Members"."GroupID"');
if($groupIDList) {
$groupClause = DB::placeholders($groupIDList);
$members = $members->where(array(
"\"Group\".\"ID\" IN ($groupClause)" => $groupIDList
));
}
return $members->sort('"Member"."Surname", "Member"."FirstName"')->map();
}
return $members->sort('"Member"."Surname", "Member"."FirstName"')->map();
}
/**
* Get the groups in which the member is NOT in
*
* When passed an array of groups, and a component set of groups, this
* function will return the array of groups the member is NOT in.
*
* @param array $groupList An array of group code names.
* @param array $memberGroups A component set of groups (if set to NULL,
* $this->groups() will be used)
* @return array Groups in which the member is NOT in.
*/
/**
* Get the groups in which the member is NOT in
*
* When passed an array of groups, and a component set of groups, this
* function will return the array of groups the member is NOT in.
*
* @param array $groupList An array of group code names.
* @param array $memberGroups A component set of groups (if set to NULL,
* $this->groups() will be used)
* @return array Groups in which the member is NOT in.
*/
public function memberNotInGroups($groupList, $memberGroups = null)
{
if (!$memberGroups) {
$memberGroups = $this->Groups();
}
foreach ($memberGroups as $group) {
if (in_array($group->Code, $groupList)) {
$index = array_search($group->Code, $groupList);
unset($groupList[$index]);
}
}
foreach($memberGroups as $group) {
if(in_array($group->Code, $groupList)) {
$index = array_search($group->Code, $groupList);
unset($groupList[$index]);
}
}
return $groupList;
}
return $groupList;
}
/**
* Return a {@link FieldList} of fields that would appropriate for editing
* this member.
*
* @return FieldList Return a FieldList of fields that would appropriate for
* editing this member.
*/
/**
* Return a {@link FieldList} of fields that would appropriate for editing
* this member.
*
* @return FieldList Return a FieldList of fields that would appropriate for
* editing this member.
*/
public function getCMSFields()
{
require_once 'Zend/Date.php';
require_once 'Zend/Date.php';
$self = $this;
$this->beforeUpdateCMSFields(function (FieldList $fields) use ($self) {
/** @var FieldList $mainFields */
$mainFields = $fields->fieldByName("Root")->fieldByName("Main")->getChildren();
$self = $this;
$this->beforeUpdateCMSFields(function(FieldList $fields) use ($self) {
/** @var FieldList $mainFields */
$mainFields = $fields->fieldByName("Root")->fieldByName("Main")->getChildren();
// Build change password field
$mainFields->replaceField('Password', $self->getMemberPasswordField());
// Build change password field
$mainFields->replaceField('Password', $self->getMemberPasswordField());
$mainFields->replaceField('Locale', new DropdownField(
"Locale",
_t('Member.INTERFACELANG', "Interface Language", 'Language of the CMS'),
i18n::get_existing_translations()
));
$mainFields->removeByName($self->config()->hidden_fields);
$mainFields->replaceField('Locale', new DropdownField(
"Locale",
_t('Member.INTERFACELANG', "Interface Language", 'Language of the CMS'),
i18n::get_existing_translations()
));
$mainFields->removeByName($self->config()->hidden_fields);
if (! $self->config()->lock_out_after_incorrect_logins) {
$mainFields->removeByName('FailedLoginCount');
}
if( ! $self->config()->lock_out_after_incorrect_logins) {
$mainFields->removeByName('FailedLoginCount');
}
// Groups relation will get us into logical conflicts because
// Members are displayed within group edit form in SecurityAdmin
$fields->removeByName('Groups');
// Groups relation will get us into logical conflicts because
// Members are displayed within group edit form in SecurityAdmin
$fields->removeByName('Groups');
// Members shouldn't be able to directly view/edit logged passwords
$fields->removeByName('LoggedPasswords');
// Members shouldn't be able to directly view/edit logged passwords
$fields->removeByName('LoggedPasswords');
$fields->removeByName('RememberLoginHashes');
$fields->removeByName('RememberLoginHashes');
if (Permission::check('EDIT_PERMISSIONS')) {
$groupsMap = array();
foreach (Group::get() as $group) {
// Listboxfield values are escaped, use ASCII char instead of &raquo;
$groupsMap[$group->ID] = $group->getBreadcrumbs(' > ');
}
asort($groupsMap);
if(Permission::check('EDIT_PERMISSIONS')) {
$groupsMap = array();
foreach(Group::get() as $group) {
// Listboxfield values are escaped, use ASCII char instead of &raquo;
$groupsMap[$group->ID] = $group->getBreadcrumbs(' > ');
}
asort($groupsMap);
$fields->addFieldToTab(
'Root.Main',
ListboxField::create('DirectGroups', singleton('SilverStripe\\Security\\Group')->i18n_plural_name())
->setSource($groupsMap)
->setAttribute(
'data-placeholder',
_t('Member.ADDGROUP', 'Add group', 'Placeholder text for a dropdown')
)
);
ListboxField::create('DirectGroups', singleton('SilverStripe\\Security\\Group')->i18n_plural_name())
->setSource($groupsMap)
->setAttribute(
'data-placeholder',
_t('Member.ADDGROUP', 'Add group', 'Placeholder text for a dropdown')
)
);
// Add permission field (readonly to avoid complicated group assignment logic).
// This should only be available for existing records, as new records start
// with no permissions until they have a group assignment anyway.
if ($self->ID) {
$permissionsField = new PermissionCheckboxSetField_Readonly(
'Permissions',
false,
'SilverStripe\\Security\\Permission',
'GroupID',
// we don't want parent relationships, they're automatically resolved in the field
$self->getManyManyComponents('Groups')
);
$fields->findOrMakeTab('Root.Permissions', singleton('SilverStripe\\Security\\Permission')->i18n_plural_name());
$fields->addFieldToTab('Root.Permissions', $permissionsField);
}
}
// Add permission field (readonly to avoid complicated group assignment logic).
// This should only be available for existing records, as new records start
// with no permissions until they have a group assignment anyway.
if($self->ID) {
$permissionsField = new PermissionCheckboxSetField_Readonly(
'Permissions',
false,
'SilverStripe\\Security\\Permission',
'GroupID',
// we don't want parent relationships, they're automatically resolved in the field
$self->getManyManyComponents('Groups')
);
$fields->findOrMakeTab('Root.Permissions', singleton('SilverStripe\\Security\\Permission')->i18n_plural_name());
$fields->addFieldToTab('Root.Permissions', $permissionsField);
}
}
$permissionsTab = $fields->fieldByName("Root")->fieldByName('Permissions');
$permissionsTab = $fields->fieldByName("Root")->fieldByName('Permissions');
if ($permissionsTab) {
$permissionsTab->addExtraClass('readonly');
}
$defaultDateFormat = Zend_Locale_Format::getDateFormat(new Zend_Locale($self->Locale));
$dateFormatMap = array(
'MMM d, yyyy' => Zend_Date::now()->toString('MMM d, yyyy'),
'yyyy/MM/dd' => Zend_Date::now()->toString('yyyy/MM/dd'),
'MM/dd/yyyy' => Zend_Date::now()->toString('MM/dd/yyyy'),
'dd/MM/yyyy' => Zend_Date::now()->toString('dd/MM/yyyy'),
);
$dateFormatMap[$defaultDateFormat] = Zend_Date::now()->toString($defaultDateFormat)
. sprintf(' (%s)', _t('Member.DefaultDateTime', 'default'));
$mainFields->push(
$dateFormatField = new MemberDatetimeOptionsetField(
'DateFormat',
$self->fieldLabel('DateFormat'),
$dateFormatMap
)
);
$formatClass = get_class($dateFormatField);
$dateFormatField->setValue($self->DateFormat);
$dateTemplate = SSViewer::get_templates_by_class($formatClass, '_description_date', $formatClass);
$dateFormatField->setDescriptionTemplate($dateTemplate);
$defaultDateFormat = Zend_Locale_Format::getDateFormat(new Zend_Locale($self->Locale));
$dateFormatMap = array(
'MMM d, yyyy' => Zend_Date::now()->toString('MMM d, yyyy'),
'yyyy/MM/dd' => Zend_Date::now()->toString('yyyy/MM/dd'),
'MM/dd/yyyy' => Zend_Date::now()->toString('MM/dd/yyyy'),
'dd/MM/yyyy' => Zend_Date::now()->toString('dd/MM/yyyy'),
);
$dateFormatMap[$defaultDateFormat] = Zend_Date::now()->toString($defaultDateFormat)
. sprintf(' (%s)', _t('Member.DefaultDateTime', 'default'));
$mainFields->push(
$dateFormatField = new MemberDatetimeOptionsetField(
'DateFormat',
$self->fieldLabel('DateFormat'),
$dateFormatMap
)
);
$formatClass = get_class($dateFormatField);
$dateFormatField->setValue($self->DateFormat);
$dateTemplate = SSViewer::get_templates_by_class($formatClass, '_description_date', $formatClass);
$dateFormatField->setDescriptionTemplate($dateTemplate);
$defaultTimeFormat = Zend_Locale_Format::getTimeFormat(new Zend_Locale($self->Locale));
$timeFormatMap = array(
'h:mm a' => Zend_Date::now()->toString('h:mm a'),
'H:mm' => Zend_Date::now()->toString('H:mm'),
);
$timeFormatMap[$defaultTimeFormat] = Zend_Date::now()->toString($defaultTimeFormat)
. sprintf(' (%s)', _t('Member.DefaultDateTime', 'default'));
$mainFields->push(
$timeFormatField = new MemberDatetimeOptionsetField(
'TimeFormat',
$self->fieldLabel('TimeFormat'),
$timeFormatMap
)
);
$timeFormatField->setValue($self->TimeFormat);
$timeTemplate = SSViewer::get_templates_by_class($formatClass, '_description_time', $formatClass);
$timeFormatField->setDescriptionTemplate($timeTemplate);
});
$defaultTimeFormat = Zend_Locale_Format::getTimeFormat(new Zend_Locale($self->Locale));
$timeFormatMap = array(
'h:mm a' => Zend_Date::now()->toString('h:mm a'),
'H:mm' => Zend_Date::now()->toString('H:mm'),
);
$timeFormatMap[$defaultTimeFormat] = Zend_Date::now()->toString($defaultTimeFormat)
. sprintf(' (%s)', _t('Member.DefaultDateTime', 'default'));
$mainFields->push(
$timeFormatField = new MemberDatetimeOptionsetField(
'TimeFormat',
$self->fieldLabel('TimeFormat'),
$timeFormatMap
)
);
$timeFormatField->setValue($self->TimeFormat);
$timeTemplate = SSViewer::get_templates_by_class($formatClass,'_description_time', $formatClass);
$timeFormatField->setDescriptionTemplate($timeTemplate);
});
return parent::getCMSFields();
}
return parent::getCMSFields();
}
/**
* @param bool $includerelations Indicate if the labels returned include relation fields
* @return array
*/
/**
* @param bool $includerelations Indicate if the labels returned include relation fields
* @return array
*/
public function fieldLabels($includerelations = true)
{
$labels = parent::fieldLabels($includerelations);
$labels = parent::fieldLabels($includerelations);
$labels['FirstName'] = _t('Member.FIRSTNAME', 'First Name');
$labels['Surname'] = _t('Member.SURNAME', 'Surname');
/** @skipUpgrade */
$labels['Email'] = _t('Member.EMAIL', 'Email');
$labels['Password'] = _t('Member.db_Password', 'Password');
$labels['PasswordExpiry'] = _t('Member.db_PasswordExpiry', 'Password Expiry Date', 'Password expiry date');
$labels['LockedOutUntil'] = _t('Member.db_LockedOutUntil', 'Locked out until', 'Security related date');
$labels['Locale'] = _t('Member.db_Locale', 'Interface Locale');
$labels['DateFormat'] = _t('Member.DATEFORMAT', 'Date format');
$labels['TimeFormat'] = _t('Member.TIMEFORMAT', 'Time format');
if ($includerelations) {
$labels['FirstName'] = _t('Member.FIRSTNAME', 'First Name');
$labels['Surname'] = _t('Member.SURNAME', 'Surname');
/** @skipUpgrade */
$labels['Email'] = _t('Member.EMAIL', 'Email');
$labels['Password'] = _t('Member.db_Password', 'Password');
$labels['PasswordExpiry'] = _t('Member.db_PasswordExpiry', 'Password Expiry Date', 'Password expiry date');
$labels['LockedOutUntil'] = _t('Member.db_LockedOutUntil', 'Locked out until', 'Security related date');
$labels['Locale'] = _t('Member.db_Locale', 'Interface Locale');
$labels['DateFormat'] = _t('Member.DATEFORMAT', 'Date format');
$labels['TimeFormat'] = _t('Member.TIMEFORMAT', 'Time format');
if($includerelations){
$labels['Groups'] = _t(
'Member.belongs_many_many_Groups',
'Groups',
'Security Groups this member belongs to'
);
}
return $labels;
}
}
return $labels;
}
/**
* Users can view their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions.
* This is likely to be customized for social sites etc. with a looser permission model.
*
* @param Member $member
* @return bool
*/
/**
* Users can view their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions.
* This is likely to be customized for social sites etc. with a looser permission model.
*
* @param Member $member
* @return bool
*/
public function canView($member = null)
{
//get member
if (!($member instanceof Member)) {
if(!($member instanceof Member)) {
$member = Member::currentUser();
}
//check for extensions, we do this first as they can overrule everything
$extended = $this->extendedCan(__FUNCTION__, $member);
if ($extended !== null) {
if($extended !== null) {
return $extended;
}
//need to be logged in and/or most checks below rely on $member being a Member
if (!$member) {
if(!$member) {
return false;
}
// members can usually view their own record
if ($this->ID == $member->ID) {
if($this->ID == $member->ID) {
return true;
}
//standard check
return Permission::checkMember($member, 'CMS_ACCESS_SecurityAdmin');
}
/**
* Users can edit their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions
*
* @param Member $member
* @return bool
*/
/**
* Users can edit their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions
*
* @param Member $member
* @return bool
*/
public function canEdit($member = null)
{
//get member
if (!($member instanceof Member)) {
if(!($member instanceof Member)) {
$member = Member::currentUser();
}
//check for extensions, we do this first as they can overrule everything
$extended = $this->extendedCan(__FUNCTION__, $member);
if ($extended !== null) {
if($extended !== null) {
return $extended;
}
//need to be logged in and/or most checks below rely on $member being a Member
if (!$member) {
if(!$member) {
return false;
}
// HACK: we should not allow for an non-Admin to edit an Admin
if (!Permission::checkMember($member, 'ADMIN') && Permission::checkMember($this, 'ADMIN')) {
if(!Permission::checkMember($member, 'ADMIN') && Permission::checkMember($this, 'ADMIN')) {
return false;
}
// members can usually edit their own record
if ($this->ID == $member->ID) {
if($this->ID == $member->ID) {
return true;
}
//standard check
@ -1686,36 +1686,36 @@ class Member extends DataObject implements TemplateGlobalProvider
/**
* Users can edit their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions
*
* @param Member $member
* @return bool
*
* @param Member $member
* @return bool
*/
public function canDelete($member = null)
{
if (!($member instanceof Member)) {
if(!($member instanceof Member)) {
$member = Member::currentUser();
}
//check for extensions, we do this first as they can overrule everything
$extended = $this->extendedCan(__FUNCTION__, $member);
if ($extended !== null) {
if($extended !== null) {
return $extended;
}
//need to be logged in and/or most checks below rely on $member being a Member
if (!$member) {
if(!$member) {
return false;
}
// Members are not allowed to remove themselves,
// since it would create inconsistencies in the admin UIs.
if ($this->ID && $member->ID == $this->ID) {
if($this->ID && $member->ID == $this->ID) {
return false;
}
// HACK: if you want to delete a member, you have to be a member yourself.
// this is a hack because what this should do is to stop a user
// deleting a member who has more privileges (e.g. a non-Admin deleting an Admin)
if (Permission::checkMember($this, 'ADMIN')) {
if (! Permission::checkMember($member, 'ADMIN')) {
if(Permission::checkMember($this, 'ADMIN')) {
if( ! Permission::checkMember($member, 'ADMIN')) {
return false;
}
}
@ -1723,111 +1723,111 @@ class Member extends DataObject implements TemplateGlobalProvider
return Permission::checkMember($member, 'CMS_ACCESS_SecurityAdmin');
}
/**
* Validate this member object.
*/
/**
* Validate this member object.
*/
public function validate()
{
$valid = parent::validate();
$valid = parent::validate();
if (!$this->ID || $this->isChanged('Password')) {
if ($this->Password && self::$password_validator) {
$valid->combineAnd(self::$password_validator->validate($this->Password, $this));
}
}
if(!$this->ID || $this->isChanged('Password')) {
if($this->Password && self::$password_validator) {
$valid->combineAnd(self::$password_validator->validate($this->Password, $this));
}
}
if ((!$this->ID && $this->SetPassword) || $this->isChanged('SetPassword')) {
if ($this->SetPassword && self::$password_validator) {
$valid->combineAnd(self::$password_validator->validate($this->SetPassword, $this));
}
}
if((!$this->ID && $this->SetPassword) || $this->isChanged('SetPassword')) {
if($this->SetPassword && self::$password_validator) {
$valid->combineAnd(self::$password_validator->validate($this->SetPassword, $this));
}
}
return $valid;
}
return $valid;
}
/**
* Change password. This will cause rehashing according to
* the `PasswordEncryption` property.
*
* @param string $password Cleartext password
* @return ValidationResult
*/
/**
* Change password. This will cause rehashing according to
* the `PasswordEncryption` property.
*
* @param string $password Cleartext password
* @return ValidationResult
*/
public function changePassword($password)
{
$this->Password = $password;
$valid = $this->validate();
$this->Password = $password;
$valid = $this->validate();
if ($valid->valid()) {
$this->AutoLoginHash = null;
$this->write();
}
if($valid->valid()) {
$this->AutoLoginHash = null;
$this->write();
}
return $valid;
}
return $valid;
}
/**
* Tell this member that someone made a failed attempt at logging in as them.
* This can be used to lock the user out temporarily if too many failed attempts are made.
*/
/**
* Tell this member that someone made a failed attempt at logging in as them.
* This can be used to lock the user out temporarily if too many failed attempts are made.
*/
public function registerFailedLogin()
{
if (self::config()->lock_out_after_incorrect_logins) {
// Keep a tally of the number of failed log-ins so that we can lock people out
$this->FailedLoginCount = $this->FailedLoginCount + 1;
if(self::config()->lock_out_after_incorrect_logins) {
// Keep a tally of the number of failed log-ins so that we can lock people out
$this->FailedLoginCount = $this->FailedLoginCount + 1;
if ($this->FailedLoginCount >= self::config()->lock_out_after_incorrect_logins) {
$lockoutMins = self::config()->lock_out_delay_mins;
$this->LockedOutUntil = date('Y-m-d H:i:s', DBDatetime::now()->Format('U') + $lockoutMins*60);
$this->FailedLoginCount = 0;
}
}
$this->extend('registerFailedLogin');
$this->write();
}
if($this->FailedLoginCount >= self::config()->lock_out_after_incorrect_logins) {
$lockoutMins = self::config()->lock_out_delay_mins;
$this->LockedOutUntil = date('Y-m-d H:i:s', DBDatetime::now()->Format('U') + $lockoutMins*60);
$this->FailedLoginCount = 0;
}
}
$this->extend('registerFailedLogin');
$this->write();
}
/**
* Tell this member that a successful login has been made
*/
/**
* Tell this member that a successful login has been made
*/
public function registerSuccessfulLogin()
{
if (self::config()->lock_out_after_incorrect_logins) {
// Forgive all past login failures
$this->FailedLoginCount = 0;
$this->write();
}
}
/**
* Get the HtmlEditorConfig for this user to be used in the CMS.
* This is set by the group. If multiple configurations are set,
* the one with the highest priority wins.
*
* @return string
*/
if(self::config()->lock_out_after_incorrect_logins) {
// Forgive all past login failures
$this->FailedLoginCount = 0;
$this->write();
}
}
/**
* Get the HtmlEditorConfig for this user to be used in the CMS.
* This is set by the group. If multiple configurations are set,
* the one with the highest priority wins.
*
* @return string
*/
public function getHtmlEditorConfigForCMS()
{
$currentName = '';
$currentPriority = 0;
$currentName = '';
$currentPriority = 0;
foreach ($this->Groups() as $group) {
$configName = $group->HtmlEditorConfig;
if ($configName) {
$config = HTMLEditorConfig::get($group->HtmlEditorConfig);
if ($config && $config->getOption('priority') > $currentPriority) {
$currentName = $configName;
$currentPriority = $config->getOption('priority');
}
}
}
foreach($this->Groups() as $group) {
$configName = $group->HtmlEditorConfig;
if($configName) {
$config = HTMLEditorConfig::get($group->HtmlEditorConfig);
if($config && $config->getOption('priority') > $currentPriority) {
$currentName = $configName;
$currentPriority = $config->getOption('priority');
}
}
}
// If can't find a suitable editor, just default to cms
return $currentName ? $currentName : 'cms';
}
// If can't find a suitable editor, just default to cms
return $currentName ? $currentName : 'cms';
}
public static function get_template_global_variables()
{
return array(
'CurrentMember' => 'currentUser',
'currentUser',
);
}
return array(
'CurrentMember' => 'currentUser',
'currentUser',
);
}
}

312
src/Security/MemberAuthenticator.php
View File

@ -16,212 +16,208 @@ use InvalidArgumentException;
class MemberAuthenticator extends Authenticator
{
/**
* Contains encryption algorithm identifiers.
* If set, will migrate to new precision-safe password hashing
* upon login. See http://open.silverstripe.org/ticket/3004
*
* @var array
*/
private static $migrate_legacy_hashes = array(
'md5' => 'md5_v2.4',
'sha1' => 'sha1_v2.4'
);
/**
* Contains encryption algorithm identifiers.
* If set, will migrate to new precision-safe password hashing
* upon login. See http://open.silverstripe.org/ticket/3004
*
* @var array
*/
private static $migrate_legacy_hashes = array(
'md5' => 'md5_v2.4',
'sha1' => 'sha1_v2.4'
);
/**
* Attempt to find and authenticate member if possible from the given data
*
* @param array $data
* @param Form $form
* @param bool &$success Success flag
* @return Member Found member, regardless of successful login
*/
/**
* Attempt to find and authenticate member if possible from the given data
*
* @param array $data
* @param Form $form
* @param bool &$success Success flag
* @return Member Found member, regardless of successful login
*/
protected static function authenticate_member($data, $form, &$success)
{
// Default success to false
$success = false;
// Default success to false
$success = false;
// Attempt to identify by temporary ID
$member = null;
$email = null;
if (!empty($data['tempid'])) {
// Find user by tempid, in case they are re-validating an existing session
$member = Member::member_from_tempid($data['tempid']);
// Attempt to identify by temporary ID
$member = null;
$email = null;
if(!empty($data['tempid'])) {
// Find user by tempid, in case they are re-validating an existing session
$member = Member::member_from_tempid($data['tempid']);
if ($member) {
$email = $member->Email;
}
}
}
// Otherwise, get email from posted value instead
/** @skipUpgrade */
if (!$member && !empty($data['Email'])) {
$email = $data['Email'];
}
// Otherwise, get email from posted value instead
/** @skipUpgrade */
if(!$member && !empty($data['Email'])) {
$email = $data['Email'];
}
// Check default login (see Security::setDefaultAdmin())
$asDefaultAdmin = $email === Security::default_admin_username();
if ($asDefaultAdmin) {
// If logging is as default admin, ensure record is setup correctly
$member = Member::default_admin();
$success = !$member->isLockedOut() && Security::check_default_admin($email, $data['Password']);
//protect against failed login
if ($success) {
return $member;
}
}
// Check default login (see Security::setDefaultAdmin())
$asDefaultAdmin = $email === Security::default_admin_username();
if($asDefaultAdmin) {
// If logging is as default admin, ensure record is setup correctly
$member = Member::default_admin();
$success = !$member->isLockedOut() && Security::check_default_admin($email, $data['Password']);
//protect against failed login
if($success) {
return $member;
}
}
// Attempt to identify user by email
if (!$member && $email) {
// Find user by email
$member = Member::get()
->filter(Member::config()->unique_identifier_field, $email)
->first();
}
// Attempt to identify user by email
if(!$member && $email) {
// Find user by email
$member = Member::get()
->filter(Member::config()->unique_identifier_field, $email)
->first();
}
// Validate against member if possible
if ($member && !$asDefaultAdmin) {
$result = $member->checkPassword($data['Password']);
$success = $result->valid();
} else {
$result = new ValidationResult(false, _t('Member.ERRORWRONGCRED'));
}
// Validate against member if possible
if($member && !$asDefaultAdmin) {
$result = $member->checkPassword($data['Password']);
$success = $result->valid();
} else {
$result = ValidationResult::create()->addError(_t('Member.ERRORWRONGCRED'));
}
// Emit failure to member and form (if available)
if (!$success) {
if ($member) {
$member->registerFailedLogin();
}
if ($form) {
$form->sessionMessage($result->message(), 'bad');
}
} else {
// Emit failure to member and form (if available)
if(!$success) {
if($member) $member->registerFailedLogin();
if($form) $form->setSessionValidationResult($result, true);
} else {
if ($member) {
$member->registerSuccessfulLogin();
}
}
}
return $member;
}
return $member;
}
/**
* Log login attempt
* TODO We could handle this with an extension
*
* @param array $data
* @param Member $member
* @param bool $success
*/
/**
* Log login attempt
* TODO We could handle this with an extension
*
* @param array $data
* @param Member $member
* @param bool $success
*/
protected static function record_login_attempt($data, $member, $success)
{
if (!Security::config()->login_recording) {
return;
}
// Check email is valid
/** @skipUpgrade */
$email = isset($data['Email']) ? $data['Email'] : null;
if (is_array($email)) {
throw new InvalidArgumentException("Bad email passed to MemberAuthenticator::authenticate(): $email");
}
// Check email is valid
/** @skipUpgrade */
$email = isset($data['Email']) ? $data['Email'] : null;
if(is_array($email)) {
throw new InvalidArgumentException("Bad email passed to MemberAuthenticator::authenticate(): $email");
}
$attempt = new LoginAttempt();
if ($success) {
// successful login (member is existing with matching password)
$attempt->MemberID = $member->ID;
$attempt->Status = 'Success';
$attempt = new LoginAttempt();
if($success) {
// successful login (member is existing with matching password)
$attempt->MemberID = $member->ID;
$attempt->Status = 'Success';
// Audit logging hook
$member->extend('authenticated');
} else {
// Failed login - we're trying to see if a user exists with this email (disregarding wrong passwords)
$attempt->Status = 'Failure';
if ($member) {
// Audit logging hook
$attempt->MemberID = $member->ID;
$member->extend('authenticationFailed');
} else {
// Audit logging hook
Member::singleton()->extend('authenticationFailedUnknownUser', $data);
}
}
// Audit logging hook
$member->extend('authenticated');
} else {
// Failed login - we're trying to see if a user exists with this email (disregarding wrong passwords)
$attempt->Status = 'Failure';
if($member) {
// Audit logging hook
$attempt->MemberID = $member->ID;
$member->extend('authenticationFailed');
} else {
// Audit logging hook
Member::singleton()->extend('authenticationFailedUnknownUser', $data);
}
}
$attempt->Email = $email;
$attempt->IP = Controller::curr()->getRequest()->getIP();
$attempt->write();
}
$attempt->Email = $email;
$attempt->IP = Controller::curr()->getRequest()->getIP();
$attempt->write();
}
/**
* Method to authenticate an user
*
* @param array $data Raw data to authenticate the user
* @param Form $form Optional: If passed, better error messages can be
* produced by using
* {@link Form::sessionMessage()}
* @return bool|Member Returns FALSE if authentication fails, otherwise
* the member object
* @see Security::setDefaultAdmin()
*/
/**
* Method to authenticate an user
*
* @param array $data Raw data to authenticate the user
* @param Form $form Optional: If passed, better error messages can be
* produced by using
* {@link Form::sessionMessage()}
* @return bool|Member Returns FALSE if authentication fails, otherwise
* the member object
* @see Security::setDefaultAdmin()
*/
public static function authenticate($data, Form $form = null)
{
// Find authenticated member
$member = static::authenticate_member($data, $form, $success);
// Find authenticated member
$member = static::authenticate_member($data, $form, $success);
// Optionally record every login attempt as a {@link LoginAttempt} object
static::record_login_attempt($data, $member, $success);
// Optionally record every login attempt as a {@link LoginAttempt} object
static::record_login_attempt($data, $member, $success);
// Legacy migration to precision-safe password hashes.
// A login-event with cleartext passwords is the only time
// when we can rehash passwords to a different hashing algorithm,
// bulk-migration doesn't work due to the nature of hashing.
// See PasswordEncryptor_LegacyPHPHash class.
if ($success && $member && isset(self::$migrate_legacy_hashes[$member->PasswordEncryption])) {
$member->Password = $data['Password'];
$member->PasswordEncryption = self::$migrate_legacy_hashes[$member->PasswordEncryption];
$member->write();
}
// Legacy migration to precision-safe password hashes.
// A login-event with cleartext passwords is the only time
// when we can rehash passwords to a different hashing algorithm,
// bulk-migration doesn't work due to the nature of hashing.
// See PasswordEncryptor_LegacyPHPHash class.
if($success && $member && isset(self::$migrate_legacy_hashes[$member->PasswordEncryption])) {
$member->Password = $data['Password'];
$member->PasswordEncryption = self::$migrate_legacy_hashes[$member->PasswordEncryption];
$member->write();
}
if ($success) {
Session::clear('BackURL');
}
return $success ? $member : null;
}
return $success ? $member : null;
}
/**
* Method that creates the login form for this authentication method
*
* @param Controller $controller The parent controller, necessary to create the
* appropriate form action tag
* @return Form Returns the login form to use with this authentication
* method
*/
/**
* Method that creates the login form for this authentication method
*
* @param Controller $controller The parent controller, necessary to create the
* appropriate form action tag
* @return Form Returns the login form to use with this authentication
* method
*/
public static function get_login_form(Controller $controller)
{
/** @skipUpgrade */
return MemberLoginForm::create($controller, "LoginForm");
}
/** @skipUpgrade */
return MemberLoginForm::create($controller, "LoginForm");
}
public static function get_cms_login_form(Controller $controller)
{
/** @skipUpgrade */
return CMSMemberLoginForm::create($controller, "LoginForm");
}
/** @skipUpgrade */
return CMSMemberLoginForm::create($controller, "LoginForm");
}
public static function supports_cms()
{
// Don't automatically support subclasses of MemberAuthenticator
return get_called_class() === __CLASS__;
}
// Don't automatically support subclasses of MemberAuthenticator
return get_called_class() === __CLASS__;
}
/**
* Get the name of the authentication method
*
* @return string Returns the name of the authentication method.
*/
/**
* Get the name of the authentication method
*
* @return string Returns the name of the authentication method.
*/
public static function get_name()
{
return _t('MemberAuthenticator.TITLE', "E-mail &amp; Password");
}
return _t('MemberAuthenticator.TITLE', "E-mail &amp; Password");
}
}

215
src/Security/PasswordValidator.php
View File

@ -20,128 +20,131 @@ use SilverStripe\ORM\ValidationResult;
class PasswordValidator extends Object
{
private static $character_strength_tests = array(
'lowercase' => '/[a-z]/',
'uppercase' => '/[A-Z]/',
'digits' => '/[0-9]/',
'punctuation' => '/[^A-Za-z0-9]/',
);
private static $character_strength_tests = array(
'lowercase' => '/[a-z]/',
'uppercase' => '/[A-Z]/',
'digits' => '/[0-9]/',
'punctuation' => '/[^A-Za-z0-9]/',
);
protected $minLength, $minScore, $testNames, $historicalPasswordCount;
protected $minLength, $minScore, $testNames, $historicalPasswordCount;
/**
* Minimum password length
*
* @param int $minLength
* @return $this
*/
/**
* Minimum password length
*
* @param int $minLength
* @return $this
*/
public function minLength($minLength)
{
$this->minLength = $minLength;
return $this;
}
$this->minLength = $minLength;
return $this;
}
/**
* Check the character strength of the password.
*
* Eg: $this->characterStrength(3, array("lowercase", "uppercase", "digits", "punctuation"))
*
* @param int $minScore The minimum number of character tests that must pass
* @param array $testNames The names of the tests to perform
* @return $this
*/
/**
* Check the character strength of the password.
*
* Eg: $this->characterStrength(3, array("lowercase", "uppercase", "digits", "punctuation"))
*
* @param int $minScore The minimum number of character tests that must pass
* @param array $testNames The names of the tests to perform
* @return $this
*/
public function characterStrength($minScore, $testNames)
{
$this->minScore = $minScore;
$this->testNames = $testNames;
return $this;
}
$this->minScore = $minScore;
$this->testNames = $testNames;
return $this;
}
/**
* Check a number of previous passwords that the user has used, and don't let them change to that.
*
* @param int $count
* @return $this
*/
/**
* Check a number of previous passwords that the user has used, and don't let them change to that.
*
* @param int $count
* @return $this
*/
public function checkHistoricalPasswords($count)
{
$this->historicalPasswordCount = $count;
return $this;
}
$this->historicalPasswordCount = $count;
return $this;
}
/**
* @param String $password
* @param Member $member
* @return ValidationResult
*/
/**
* @param String $password
* @param Member $member
* @return ValidationResult
*/
public function validate($password, $member)
{
$valid = ValidationResult::create();
$valid = ValidationResult::create();
if ($this->minLength) {
if (strlen($password) < $this->minLength) {
$valid->error(
sprintf(
_t(
'PasswordValidator.TOOSHORT',
'Password is too short, it must be %s or more characters long'
),
$this->minLength
),
'TOO_SHORT'
);
}
}
if($this->minLength) {
if(strlen($password) < $this->minLength) {
$valid->addError(
sprintf(
_t(
'PasswordValidator.TOOSHORT',
'Password is too short, it must be %s or more characters long'
),
$this->minLength
),
'bad',
'TOO_SHORT'
);
}
}
if ($this->minScore) {
$score = 0;
$missedTests = array();
foreach ($this->testNames as $name) {
if (preg_match(self::config()->character_strength_tests[$name], $password)) {
$score++;
} else {
$missedTests[] = _t(
'PasswordValidator.STRENGTHTEST' . strtoupper($name),
$name,
'The user needs to add this to their password for more complexity'
);
}
}
if($this->minScore) {
$score = 0;
$missedTests = array();
foreach($this->testNames as $name) {
if(preg_match(self::config()->character_strength_tests[$name], $password)) {
$score++;
} else {
$missedTests[] = _t(
'PasswordValidator.STRENGTHTEST' . strtoupper($name),
$name,
'The user needs to add this to their password for more complexity'
);
}
}
if ($score < $this->minScore) {
$valid->error(
sprintf(
_t(
'PasswordValidator.LOWCHARSTRENGTH',
'Please increase password strength by adding some of the following characters: %s'
),
implode(', ', $missedTests)
),
'LOW_CHARACTER_STRENGTH'
);
}
}
if($score < $this->minScore) {
$valid->addError(
sprintf(
_t(
'PasswordValidator.LOWCHARSTRENGTH',
'Please increase password strength by adding some of the following characters: %s'
),
implode(', ', $missedTests)
),
'bad',
'LOW_CHARACTER_STRENGTH'
);
}
}
if ($this->historicalPasswordCount) {
$previousPasswords = MemberPassword::get()
->where(array('"MemberPassword"."MemberID"' => $member->ID))
->sort('"Created" DESC, "ID" DESC')
->limit($this->historicalPasswordCount);
/** @var MemberPassword $previousPassword */
foreach ($previousPasswords as $previousPassword) {
if ($previousPassword->checkPassword($password)) {
$valid->error(
_t(
'PasswordValidator.PREVPASSWORD',
'You\'ve already used that password in the past, please choose a new password'
),
'PREVIOUS_PASSWORD'
);
break;
}
}
}
if($this->historicalPasswordCount) {
$previousPasswords = MemberPassword::get()
->where(array('"MemberPassword"."MemberID"' => $member->ID))
->sort('"Created" DESC, "ID" DESC')
->limit($this->historicalPasswordCount);
/** @var MemberPassword $previousPassword */
foreach($previousPasswords as $previousPassword) {
if($previousPassword->checkPassword($password)) {
$valid->addError(
_t(
'PasswordValidator.PREVPASSWORD',
'You\'ve already used that password in the past, please choose a new password'
),
'bad',
'PREVIOUS_PASSWORD'
);
break;
}
}
}
return $valid;
}
return $valid;
}
}

58
src/Security/PermissionRoleCode.php
View File

@ -13,50 +13,50 @@ use SilverStripe\ORM\DataObject;
*/
class PermissionRoleCode extends DataObject
{
private static $db = array(
"Code" => "Varchar",
);
private static $db = array(
"Code" => "Varchar",
);
private static $has_one = array(
"Role" => "SilverStripe\\Security\\PermissionRole",
);
private static $has_one = array(
"Role" => "SilverStripe\\Security\\PermissionRole",
);
private static $table_name = "PermissionRoleCode";
private static $table_name = "PermissionRoleCode";
public function validate()
{
$result = parent::validate();
$result = parent::validate();
// Check that new code doesn't increase privileges, unless an admin is editing.
$privilegedCodes = Permission::config()->privileged_permissions;
// Check that new code doesn't increase privileges, unless an admin is editing.
$privilegedCodes = Permission::config()->privileged_permissions;
if ($this->Code
&& in_array($this->Code, $privilegedCodes)
&& !Permission::check('ADMIN')
) {
$result->error(sprintf(
_t(
'PermissionRoleCode.PermsError',
'Can\'t assign code "%s" with privileged permissions (requires ADMIN access)'
),
$this->Code
));
}
&& in_array($this->Code, $privilegedCodes)
&& !Permission::check('ADMIN')
) {
$result->addError(sprintf(
_t(
'PermissionRoleCode.PermsError',
'Can\'t assign code "%s" with privileged permissions (requires ADMIN access)'
),
$this->Code
));
}
return $result;
}
return $result;
}
public function canCreate($member = null, $context = array())
{
return Permission::check('APPLY_ROLES', 'any', $member);
}
return Permission::check('APPLY_ROLES', 'any', $member);
}
public function canEdit($member = null)
{
return Permission::check('APPLY_ROLES', 'any', $member);
}
return Permission::check('APPLY_ROLES', 'any', $member);
}
public function canDelete($member = null)
{
return Permission::check('APPLY_ROLES', 'any', $member);
}
return Permission::check('APPLY_ROLES', 'any', $member);
}
}

34
tests/php/Forms/FormTest.php
View File

@ -436,6 +436,34 @@ class FormTest extends FunctionalTest {
);
}
public function testValidationException() {
$this->get('FormTest_Controller');
$response = $this->post(
'FormTest_Controller/Form',
array(
'Email' => 'test@test.com',
'SomeRequiredField' => 'test',
'action_triggerException' => 1,
)
);
$this->assertPartialMatchBySelector(
'#Form_Form_Email_Holder span.message',
array(
'Error on Email field'
),
'Formfield validation shows note on field if invalid'
);
$this->assertPartialMatchBySelector(
'#Form_Form_error',
array(
'Error at top of form'
),
'Required fields show a notification on field when left blank'
);
}
public function testGloballyDisabledSecurityTokenInheritsToNewForm() {
SecurityToken::enable();
@ -758,6 +786,7 @@ class FormTest extends FunctionalTest {
$form = $this->getStubForm();
$form->getController()->handleRequest(new HTTPRequest('GET', '/'), DataModel::inst()); // stub out request
$form->sessionMessage('<em>Escaped HTML</em>', 'good', true);
$form->setupFormErrors();
$parser = new CSSContentParser($form->forTemplate());
$messageEls = $parser->getBySelector('.message');
$this->assertContains(
@ -768,6 +797,7 @@ class FormTest extends FunctionalTest {
$form = $this->getStubForm();
$form->getController()->handleRequest(new HTTPRequest('GET', '/'), DataModel::inst()); // stub out request
$form->sessionMessage('<em>Unescaped HTML</em>', 'good', false);
$form->setupFormErrors();
$parser = new CSSContentParser($form->forTemplate());
$messageEls = $parser->getBySelector('.message');
$this->assertContains(
@ -779,7 +809,7 @@ class FormTest extends FunctionalTest {
function testFieldMessageEscapeHtml() {
$form = $this->getStubForm();
$form->getController()->handleRequest(new HTTPRequest('GET', '/'), DataModel::inst()); // stub out request
$form->addErrorMessage('key1', '<em>Escaped HTML</em>', 'good', true);
$form->getSessionValidationResult()->addFieldMessage('key1', '<em>Escaped HTML</em>', 'good');
$form->setupFormErrors();
$parser = new CSSContentParser($result = $form->forTemplate());
$messageEls = $parser->getBySelector('#Form_Form_key1_Holder .message');
@ -790,7 +820,7 @@ class FormTest extends FunctionalTest {
$form = $this->getStubForm();
$form->getController()->handleRequest(new HTTPRequest('GET', '/'), DataModel::inst()); // stub out request
$form->addErrorMessage('key1', '<em>Unescaped HTML</em>', 'good', false);
$form->getSessionValidationResult()->addFieldMessage('key1', '<em>Unescaped HTML</em>', 'good', null, false);
$form->setupFormErrors();
$parser = new CSSContentParser($form->forTemplate());
$messageEls = $parser->getBySelector('#Form_Form_key1_Holder .message');

2
tests/php/ORM/DataObjectTest.php
View File

@ -1762,6 +1762,6 @@ class DataObjectTest extends SapphireTest {
$staff->Salary = PHP_INT_MAX;
$staff->write();
$this->assertEquals(PHP_INT_MAX, DataObjectTest\Staff::get()->byID($staff->ID)->Salary);
}
}
}

12
tests/php/ORM/HierarchyTest.php
View File

@ -31,7 +31,17 @@ class HierarchyTest extends SapphireTest {
$obj2aa = $this->objFromFixture(HierarchyTest\TestObject::class, 'obj2aa');
$obj2->ParentID = $obj2aa->ID;
$obj2->write();
$obj2->write();
}
catch (ValidationException $e) {
$this->assertContains(
Convert::raw2xml('Infinite loop found within the "HierarchyTest_Object" hierarchy'),
$e->getMessage()
);
return;
}
$this->fail('Failed to prevent infinite loop in hierarchy.');
}
/**

73
tests/php/ORM/ValidationExceptionTest.php
View File

@ -13,12 +13,14 @@ class ValidationExceptionTest extends SapphireTest
*/
public function testCreateFromValidationResult() {
$result = new ValidationResult(false, 'Not a valid result');
$result = new ValidationResult();
$result->addError('Not a valid result');
$exception = new ValidationException($result);
$this->assertEquals(0, $exception->getCode());
$this->assertEquals('Not a valid result', $exception->getMessage());
$this->assertEquals(false, $exception->getResult()->valid());
$this->assertFalse($exception->getResult()->valid());
$this->assertEquals('Not a valid result', $exception->getResult()->message());
}
@ -29,8 +31,8 @@ class ValidationExceptionTest extends SapphireTest
*/
public function testCreateFromComplexValidationResult() {
$result = new ValidationResult();
$result->error('Invalid type')
->error('Out of kiwis');
$result->addError('Invalid type')
->addError('Out of kiwis');
$exception = new ValidationException($result);
$this->assertEquals(0, $exception->getCode());
@ -48,7 +50,7 @@ class ValidationExceptionTest extends SapphireTest
$this->assertEquals(E_USER_ERROR, $exception->getCode());
$this->assertEquals('Error inferred from message', $exception->getMessage());
$this->assertEquals(false, $exception->getResult()->valid());
$this->assertFalse($exception->getResult()->valid());
$this->assertEquals('Error inferred from message', $exception->getResult()->message());
}
@ -57,12 +59,13 @@ class ValidationExceptionTest extends SapphireTest
* and a custom message
*/
public function testCreateWithValidationResultAndMessage() {
$result = new ValidationResult(false, 'Incorrect placement of cutlery');
$result = new ValidationResult();
$result->addError('Incorrect placement of cutlery');
$exception = new ValidationException($result, 'An error has occurred', E_USER_WARNING);
$this->assertEquals(E_USER_WARNING, $exception->getCode());
$this->assertEquals('An error has occurred', $exception->getMessage());
$this->assertEquals(false, $exception->getResult()->valid());
$this->assertFalse($exception->getResult()->valid());
$this->assertEquals('Incorrect placement of cutlery', $exception->getResult()->message());
}
@ -73,8 +76,8 @@ class ValidationExceptionTest extends SapphireTest
*/
public function testCreateWithComplexValidationResultAndMessage() {
$result = new ValidationResult();
$result->error('A spork is not a knife')
->error('A knife is not a back scratcher');
$result->addError('A spork is not a knife')
->addError('A knife is not a back scratcher');
$exception = new ValidationException($result, 'An error has occurred', E_USER_WARNING);
$this->assertEquals(E_USER_WARNING, $exception->getCode());
@ -91,8 +94,8 @@ class ValidationExceptionTest extends SapphireTest
$result = new ValidationResult();
$anotherresult = new ValidationResult();
$yetanotherresult = new ValidationResult();
$anotherresult->error("Eat with your mouth closed", "EATING101");
$yetanotherresult->error("You didn't wash your hands", "BECLEAN");
$anotherresult->addError("Eat with your mouth closed", 'bad', "EATING101");
$yetanotherresult->addError("You didn't wash your hands", 'bad', "BECLEAN", false);
$this->assertTrue($result->valid());
$this->assertFalse($anotherresult->valid());
@ -104,7 +107,53 @@ class ValidationExceptionTest extends SapphireTest
$this->assertEquals(array(
"EATING101" => "Eat with your mouth closed",
"BECLEAN" => "You didn't wash your hands"
),$result->messageList());
), $result->messageList());
}
/**
* Test that a ValidationException created with no contained ValidationResult
* will correctly populate itself with an inferred version
*/
public function testCreateForField() {
$exception = ValidationException::create_for_field('Content', 'Content is required');
$this->assertEquals('Content is required', $exception->getMessage());
$this->assertEquals(false, $exception->getResult()->valid());
$this->assertEquals(array(
'Content' => array(
'message' => 'Content is required',
'messageType' => 'bad',
),
), $exception->getResult()->fieldErrors());
}
/**
* Test that a ValidationException created with no contained ValidationResult
* will correctly populate itself with an inferred version
*/
public function testValidationResultAddMethods() {
$result = new ValidationResult();
$result->addMessage('A spork is not a knife', 'bad');
$result->addError('A knife is not a back scratcher');
$result->addFieldMessage('Title', 'Title is good', 'good');
$result->addFieldError('Content', 'Content is bad');
$this->assertEquals(array(
'Title' => array(
'message' => 'Title is good',
'messageType' => 'good'
),
'Content' => array(
'message' => 'Content is bad',
'messageType' => 'bad'
)
), $result->fieldErrors());
$this->assertEquals('A spork is not a knife; A knife is not a back scratcher', $result->overallMessage());
$exception = ValidationException::create_for_field('Content', 'Content is required');
}
}

6
tests/php/Security/MemberAuthenticatorTest.php
View File

@ -139,6 +139,7 @@ class MemberAuthenticatorTest extends SapphireTest {
'tempid' => $tempID,
'Password' => 'mypassword'
), $form);
$form->setupFormErrors();
$this->assertNotEmpty($result);
$this->assertEquals($result->ID, $member->ID);
$this->assertEmpty($form->Message());
@ -149,8 +150,9 @@ class MemberAuthenticatorTest extends SapphireTest {
'tempid' => $tempID,
'Password' => 'notmypassword'
), $form);
$form->setupFormErrors();
$this->assertEmpty($result);
$this->assertEquals('The provided details don&#039;t seem to be correct. Please try again.', $form->Message());
$this->assertEquals(Convert::raw2xml(_t('Member.ERRORWRONGCRED')), $form->Message());
$this->assertEquals('bad', $form->MessageType());
}
@ -168,6 +170,7 @@ class MemberAuthenticatorTest extends SapphireTest {
'Email' => 'admin',
'Password' => 'password'
), $form);
$form->setupFormErrors();
$this->assertNotEmpty($result);
$this->assertEquals($result->Email, Security::default_admin_username());
$this->assertEmpty($form->Message());
@ -178,6 +181,7 @@ class MemberAuthenticatorTest extends SapphireTest {
'Email' => 'admin',
'Password' => 'notmypassword'
), $form);
$form->setupFormErrors();
$this->assertEmpty($result);
$this->assertEquals('The provided details don&#039;t seem to be correct. Please try again.', $form->Message());
$this->assertEquals('bad', $form->MessageType());

5
tests/php/Security/SecurityTest.php
View File

@ -444,7 +444,7 @@ class SecurityTest extends FunctionalTest {
$member->LockedOutUntil,
'User does not have a lockout time set if under threshold for failed attempts'
);
$this->assertContains($this->loginErrorMessage(), Convert::raw2xml(_t('Member.ERRORWRONGCRED')));
$this->assertContains(Convert::raw2xml(_t('Member.ERRORWRONGCRED')), $this->loginErrorMessage());
} else {
// Fuzzy matching for time to avoid side effects from slow running tests
$this->assertGreaterThan(
@ -644,7 +644,8 @@ class SecurityTest extends FunctionalTest {
* Get the error message on the login form
*/
public function loginErrorMessage() {
return $this->session()->inst_get('FormInfo.MemberLoginForm_LoginForm.formError.message');
$result = $this->session()->inst_get('FormInfo.MemberLoginForm_LoginForm.result');
return $result->message();
}
}