API Apply Framework\Security namespace

.upgrade.yml

@@ -115,8 +115,49 @@ mappings:
   VersionedGridFieldDetailForm: SilverStripe\ORM\Versioning\VersionedGridFieldDetailForm
   VersionedGridFieldItemRequest: SilverStripe\ORM\Versioning\VersionedGridFieldItemRequest
   Hierarchy: SilverStripe\ORM\Hierarchy\Hierarchy
+  Authenticator: SilverStripe\Security\Authenticator
+  BasicAuth: SilverStripe\Security\BasicAuth
+  ChangePasswordForm: SilverStripe\Security\ChangePasswordForm
+  CMSMemberLoginForm: SilverStripe\Security\CMSMemberLoginForm
+  CMSSecurity: SilverStripe\Security\CMSSecurity
+  Group: SilverStripe\Security\Group
+  GroupCsvBulkLoader: SilverStripe\Security\GroupCsvBulkLoader
+  LoginAttempt: SilverStripe\Security\LoginAttempt
+  LoginForm: SilverStripe\Security\LoginForm
+  Member: SilverStripe\Security\Member
+  Member_GroupSet: SilverStripe\Security\Member_GroupSet
+  Member_Validator: SilverStripe\Security\Member_Validator
+  MemberAuthenticator: SilverStripe\Security\MemberAuthenticator
+  MemberCsvBulkLoader: SilverStripe\Security\MemberCsvBulkLoader
+  MemberLoginForm: SilverStripe\Security\MemberLoginForm
+  MemberPassword: SilverStripe\Security\MemberPassword
+  PasswordEncryptor: SilverStripe\Security\PasswordEncryptor
+  PasswordEncryptor_Blowfish: SilverStripe\Security\PasswordEncryptor_Blowfish
+  PasswordEncryptor_PHPHash: SilverStripe\Security\PasswordEncryptor_PHPHash
+  PasswordEncryptor_LegacyPHPHash: SilverStripe\Security\PasswordEncryptor_LegacyPHPHash
+  PasswordEncryptor_MySQLPassword: SilverStripe\Security\PasswordEncryptor_MySQLPassword
+  PasswordEncryptor_MySQLOldPassword: SilverStripe\Security\PasswordEncryptor_MySQLOldPassword
+  PasswordEncryptor_None: SilverStripe\Security\PasswordEncryptor_None
+  PasswordEncryptor_NotFoundException: SilverStripe\Security\PasswordEncryptor_NotFoundException
+  PasswordEncryptor_EncryptionFailed: SilverStripe\Security\PasswordEncryptor_EncryptionFailed
+  PasswordValidator: SilverStripe\Security\PasswordValidator
+  Permission: SilverStripe\Security\Permission
+  Permission_Group: SilverStripe\Security\Permission_Group
+  PermissionCheckboxSetField: SilverStripe\Security\PermissionCheckboxSetField
+  PermissionCheckboxSetField_Readonly: SilverStripe\Security\PermissionCheckboxSetField_Readonly
+  PermissionFailureException: SilverStripe\Security\PermissionFailureException
+  PermissionProvider: SilverStripe\Security\PermissionProvider
+  PermissionRole: SilverStripe\Security\PermissionRole
+  PermissionRoleCode: SilverStripe\Security\PermissionRoleCode
+  RandomGenerator: SilverStripe\Security\RandomGenerator
+  RememberLoginHash: SilverStripe\Security\RememberLoginHash
+  Security: SilverStripe\Security\Security
+  SecurityToken: SilverStripe\Security\SecurityToken
+  NullSecurityToken: SilverStripe\Security\NullSecurityToken
 skipConfigs:
   - db
   - casting
   - table_name
   - fixed_fields
+  - menu_title
+  - allowed_actions

ORM/Connect/MySQLDatabase.php

@@ -5,6 +5,7 @@ namespace SilverStripe\ORM\Connect;
 use Config;
 use Exception;
 use PaginatedList;
+use SilverStripe\Framework\Core\Configurable;
 use SilverStripe\ORM\DataList;
 use SilverStripe\ORM\ArrayList;
 

ORM/Connect/MySQLSchemaManager.php

@@ -16,8 +16,10 @@ class MySQLSchemaManager extends DBSchemaManager {
 	/**
 	 * Identifier for this schema, used for configuring schema-specific table
 	 * creation options
+	 *
+	 * @skipUpgrade
 	 */
-	const ID = 'SilverStripe\ORM\Connect\MySQLDatabase';
+	const ID = 'MySQLDatabase';
 
 	public function createTable($table, $fields = null, $indexes = null, $options = null, $advancedOptions = null) {
 		$fieldSchemas = $indexSchemas = "";

ORM/DB.php

@@ -9,7 +9,9 @@ use Config;
 use LogicException;
 use Cookie;
 use Injector;
+use SilverStripe\ORM\Connect\DBConnector;
 use SilverStripe\ORM\Connect\DBSchemaManager;
+use SilverStripe\ORM\Connect\SS_Query;
 use SilverStripe\ORM\Queries\SQLExpression;
 use SilverStripe\ORM\Connect\SS_Database;
 
@@ -53,8 +55,8 @@ class DB {
 	 * Pass an object that's a subclass of SS_Database.  This object will be used when {@link DB::query()}
 	 * is called.
 	 *
-	 * @param $connection The connecton object to set as the connection.
+	 * @param SS_Database $connection The connecton object to set as the connection.
-	 * @param $name The name to give to this connection.  If you omit this argument, the connection
+	 * @param string $name The name to give to this connection.  If you omit this argument, the connection
 	 * will be the default one used by the ORM.  However, you can store other named connections to
 	 * be accessed through DB::get_conn($name).  This is useful when you have an application that
 	 * needs to connect to more than one database.
@@ -147,6 +149,7 @@ class DB {
 	 *
 	 * Note that the database will be set on the next request.
 	 * Set it to null to revert to the main database.
+	 * @param string $name
 	 */
 	public static function set_alternative_database_name($name = null) {
 		// Skip if CLI
@@ -161,7 +164,7 @@ class DB {
 				));
 			}
 
-			$key = Config::inst()->get('Security', 'token');
+			$key = Config::inst()->get('SilverStripe\\Security\\Security', 'token');
 			if(!$key) {
 				throw new LogicException('"Security.token" not found, run "sake dev/generatesecuretoken"');
 			}
@@ -193,7 +196,7 @@ class DB {
 		$iv = Cookie::get("alternativeDatabaseNameIv");
 
 		if($name) {
-			$key = Config::inst()->get('Security', 'token');
+			$key = Config::inst()->get('SilverStripe\\Security\\Security', 'token');
 			if(!$key) {
 				throw new LogicException('"Security.token" not found, run "sake dev/generatesecuretoken"');
 			}
@@ -231,10 +234,9 @@ class DB {
 	 * Given the database configuration, this method will create the correct
 	 * subclass of {@link SS_Database}.
 	 *
-	 * @param array $database A map of options. The 'type' is the name of the subclass of SS_Database to use. For the
+	 * @param array $databaseConfig A map of options. The 'type' is the name of the
-	 *                        rest of the options, see the specific class.
+	 * subclass of SS_Database to use. For the rest of the options, see the specific class.
-	 * @param string $name identifier for the connection
+	 * @param string $label identifier for the connection
-	 *
 	 * @return SS_Database
 	 */
 	public static function connect($databaseConfig, $label = 'default') {
@@ -296,7 +298,7 @@ class DB {
 	 *
 	 * @param array|integer $input An array of items needing placeholders, or a
 	 * number to specify the number of placeholders
-	 * @param string The string to join each placeholder together with
+	 * @param string $join The string to join each placeholder together with
 	 * @return string|null Either a list of placeholders, or null
 	 */
 	public static function placeholders($input, $join = ', ') {
@@ -374,6 +376,8 @@ class DB {
 
 	/**
 	 * Get the autogenerated ID from the previous INSERT query.
+	 *
+	 * @param string $table
 	 * @return int
 	 */
 	public static function get_generated_id($table) {
@@ -427,13 +431,14 @@ class DB {
 
 	/**
 	 * Create a new table.
-	 * @param string $tableName The name of the table
+	 * @param string $table The name of the table
 	 * @param array$fields A map of field names to field types
 	 * @param array $indexes A map of indexes
 	 * @param array $options An map of additional options.  The available keys are as follows:
 	 *   - 'MSSQLDatabase'/'MySQLDatabase'/'PostgreSQLDatabase' - database-specific options such as "engine"
 	 *     for MySQL.
 	 *   - 'temporary' - If true, then a temporary table will be created
+	 * @param array $advancedOptions
 	 * @return string The table name generated.  This may be different from the table name, for example with
 	 * temporary tables.
 	 */
@@ -577,7 +582,7 @@ class DB {
 	/**
 	 * Checks a table's integrity and repairs it if necessary.
 	 *
-	 * @param string $tableName The name of the table.
+	 * @param string $table The name of the table.
 	 * @return boolean Return true if the table has integrity after the method is complete.
 	 */
 	public static function check_and_repair_table($table) {

ORM/DataObject.php

@@ -19,8 +19,8 @@ use SearchContext;
 use FieldList;
 use FormField;
 use FormScaffolder;
-use Member;
+
-use Permission;
+
 use Object;
 use SearchFilter;
 use SilverStripe\ORM\Queries\SQLInsert;
@@ -30,6 +30,9 @@ use SilverStripe\ORM\FieldType\DBField;
 use SilverStripe\ORM\FieldType\DBDatetime;
 use SilverStripe\ORM\FieldType\DBComposite;
 use SilverStripe\ORM\FieldType\DBClassName;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Permission;
+
 
 /**
  * A single database record & abstract class for the data-access-model.
@@ -907,10 +910,10 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity
 	 * Caution: Does not delete the merged object.
 	 * Caution: Does now overwrite Created date on the original object.
 	 *
-	 * @param $obj DataObject
+	 * @param DataObject $rightObj
-	 * @param $priority String left|right Determines who wins in case of a conflict (optional)
+	 * @param string $priority left|right Determines who wins in case of a conflict (optional)
-	 * @param $includeRelations Boolean Merge any existing relations (optional)
+	 * @param bool $includeRelations Merge any existing relations (optional)
-	 * @param $overwriteWithEmpty Boolean Overwrite existing left values with empty right values.
+	 * @param bool $overwriteWithEmpty Overwrite existing left values with empty right values.
 	 *                            Only applicable with $priority='right'. (optional)
 	 * @return Boolean
 	 */

ORM/DatabaseAdmin.php

@@ -5,12 +5,15 @@ namespace SilverStripe\ORM;
 use Controller;
 use SapphireTest;
 use Director;
-use Security;
+
-use Permission;
+
 use SS_ClassLoader;
 use ClassInfo;
 use TestOnly;
 use Deprecation;
+use SilverStripe\Security\Security;
+use SilverStripe\Security\Permission;
+
 
 // Include the DB class
 require_once("DB.php");
@@ -183,6 +186,7 @@ class DatabaseAdmin extends Controller {
 	 *
 	 * @param boolean $quiet Don't show messages
 	 * @param boolean $populate Populate the database, as well as setting up its schema
+	 * @param bool $testMode
 	 */
 	public function doBuild($quiet = false, $populate = true, $testMode = false) {
 		if($quiet) {

ORM/FieldType/DBDate.php

@@ -2,13 +2,15 @@
 
 namespace SilverStripe\ORM\FieldType;
 
-use Member;
+
 use Zend_Date;
 use DateTime;
 use DateField;
 use Convert;
 use Exception;
 use SilverStripe\ORM\DB;
+use SilverStripe\Security\Member;
+
 
 /**
  * Represents a date field.

ORM/FieldType/DBDatetime.php

@@ -4,12 +4,13 @@ namespace SilverStripe\ORM\FieldType;
 
 use Convert;
 use Exception;
-use Member;
 use DatetimeField;
 use Zend_Date;
 use TemplateGlobalProvider;
 use DateTime;
 use SilverStripe\ORM\DB;
+use SilverStripe\Security\Member;
+
 
 /**
  * Represents a date-time field.
@@ -60,11 +61,11 @@ class DBDatetime extends DBDate implements TemplateGlobalProvider {
 		if(is_numeric($value)) {
 			$this->value = date('Y-m-d H:i:s', $value);
 		} elseif(is_string($value)) {
-			try {
+			try{
 				$date = new DateTime($value);
 				$this->value = $date->format('Y-m-d H:i:s');
 				return;
-			} catch(Exception $e) {
+			}catch(Exception $e){
 				$this->value = null;
 				return;
 			}

ORM/Hierarchy/Hierarchy.php

@@ -768,14 +768,15 @@ class Hierarchy extends DataExtension {
 	 * @return DataObject
 	 */
 	public function getParent($filter = null) {
-		if($p = $this->owner->__get("ParentID")) {
+		$parentID = $this->owner->ParentID;
-			$tableClasses = ClassInfo::dataClassesFor($this->owner->class);
+		if(empty($parentID)) {
-			$baseClass = array_shift($tableClasses);
+			return null;
-			return DataObject::get_one($this->owner->class, array(
-				array("\"$baseClass\".\"ID\"" => $p),
-				$filter
-			));
 		}
+		$idSQL = $this->owner->getSchema()->sqlColumnForField($this->owner, 'ID');
+		return DataObject::get_one($this->owner->class, array(
+			array($idSQL => $parentID),
+			$filter
+		));
 	}
 
 	/**

ORM/Queries/SQLExpression.php

@@ -4,6 +4,7 @@ namespace SilverStripe\ORM\Queries;
 
 use Exception;
 use Convert;
+use SilverStripe\ORM\Connect\SS_Query;
 use SilverStripe\ORM\DB;
 
 /**

ORM/Versioning/ChangeSet.php

@@ -2,9 +2,11 @@
 
 namespace SilverStripe\ORM\Versioning;
 
-use Member;
+
-use Permission;
+
+use Exception;
 use FieldList;
+use SilverStripe\ORM\HasManyList;
 use TextField;
 use ReadonlyField;
 use i18n;
@@ -13,6 +15,9 @@ use LogicException;
 use SilverStripe\ORM\ValidationException;
 use SilverStripe\ORM\DB;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Permission;
+
 
 /**
  * The ChangeSet model tracks several VersionedAndStaged objects for later publication as a single
@@ -57,7 +62,7 @@ class ChangeSet extends DataObject {
 	);
 
 	private static $has_one = array(
-		'Owner' => 'Member',
+		'Owner' => 'SilverStripe\\Security\\Member',
 	);
 
 	private static $casting = array(

ORM/Versioning/ChangeSetItem.php

@@ -4,12 +4,18 @@ namespace SilverStripe\ORM\Versioning;
 
 use Exception;
 use BadMethodCallException;
-use Member;
+
-use Permission;
+
 use CMSPreviewable;
 use Controller;
 use SilverStripe\Filesystem\Thumbnail;
+use SilverStripe\ORM\DataList;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\ORM\ManyManyList;
+use SilverStripe\ORM\SS_List;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Permission;
+
 
 /**
  * A single line in a changeset

ORM/Versioning/Versioned.php

@@ -2,16 +2,17 @@
 
 namespace SilverStripe\ORM\Versioning;
 
+use SS_HTTPRequest;
 use TemplateGlobalProvider;
 use Session;
 use Deprecation;
 use InvalidArgumentException;
 use Config;
 use LogicException;
-use Member;
+
 use ClassInfo;
 use Object;
-use Permission;
+
 use Director;
 use Cookie;
 use FieldList;
@@ -25,6 +26,9 @@ use SilverStripe\ORM\DataExtension;
 use SilverStripe\ORM\SS_List;
 use SilverStripe\ORM\Queries\SQLSelect;
 use SilverStripe\ORM\Queries\SQLUpdate;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Permission;
+
 
 /**
  * The Versioned extension allows your DataObjects to have several versions,
@@ -235,8 +239,8 @@ class Versioned extends DataExtension implements TemplateGlobalProvider {
 	 * Amend freshly created DataQuery objects with versioned-specific
 	 * information.
 	 *
-	 * @param SQLSelect
+	 * @param SQLSelect $query
-	 * @param DataQuery
+	 * @param DataQuery $dataQuery
 	 */
 	public function augmentDataQueryCreation(SQLSelect &$query, DataQuery &$dataQuery) {
 		$parts = explode('.', Versioned::get_reading_mode());
@@ -2397,7 +2401,7 @@ class Versioned extends DataExtension implements TemplateGlobalProvider {
 	}
 
 	/**
-	 * @param FieldList
+	 * @param FieldList $fields
 	 */
 	public function updateCMSFields(FieldList $fields) {
 		// remove the version field from the CMS as this should be left

Security/Authenticator.php

@@ -1,4 +1,11 @@
 <?php
+
+namespace SilverStripe\Security;
+
+use Object;
+use Form;
+use Controller;
+
 /**
  * Abstract base class for an authentication method
  *
@@ -16,7 +23,7 @@ abstract class Authenticator extends Object {
 	 *
 	 * @var array
 	 */
-	private static $authenticators = array('MemberAuthenticator');
+	private static $authenticators = array('SilverStripe\\Security\\MemberAuthenticator');
 
 	/**
 	 * Used to influence the order of authenticators on the login-screen
@@ -24,7 +31,7 @@ abstract class Authenticator extends Object {
 	 *
 	 * @var string
 	 */
-	private static $default_authenticator = 'MemberAuthenticator';
+	private static $default_authenticator = 'SilverStripe\\Security\\MemberAuthenticator';
 
 
 	/**
@@ -43,7 +50,7 @@ abstract class Authenticator extends Object {
 	/**
 	 * Method that creates the login form for this authentication method
 	 *
-	 * @param Controller The parent controller, necessary to create the
+	 * @param Controller $controller The parent controller, necessary to create the
 	 *                   appropriate form action tag
 	 * @return Form Returns the login form to use with this authentication
 	 *              method
@@ -99,7 +106,7 @@ abstract class Authenticator extends Object {
 		if(class_exists($authenticator) == false)
 			return false;
 
-		if(is_subclass_of($authenticator, 'Authenticator') == false)
+		if(is_subclass_of($authenticator, 'SilverStripe\\Security\\Authenticator') == false)
 			return false;
 
 		if(in_array($authenticator, self::$authenticators) == false) {

Security/BasicAuth.php

@@ -1,4 +1,13 @@
 <?php
+
+namespace SilverStripe\Security;
+
+use SapphireTest;
+use Director;
+use SS_HTTPResponse;
+use SS_HTTPResponse_Exception;
+use Config;
+
 /**
  * Provides an interface to HTTP basic authentication.
  *
@@ -125,14 +134,15 @@ class BasicAuth {
 	 * define('SS_USE_BASIC_AUTH', true);
 	 *
 	 * @param boolean $protect Set this to false to disable protection.
-	 * @param String $code {@link Permission} code that is required from the user.
+	 * @param string $code {@link Permission} code that is required from the user.
 	 *  Defaults to "ADMIN". Set to NULL to just require a valid login, regardless
 	 *  of the permission codes a user has.
+	 * @param string $message
 	 */
 	public static function protect_entire_site($protect = true, $code = 'ADMIN', $message = null) {
-		Config::inst()->update('BasicAuth', 'entire_site_protected', $protect);
+		Config::inst()->update('SilverStripe\\Security\\BasicAuth', 'entire_site_protected', $protect);
-		Config::inst()->update('BasicAuth', 'entire_site_protected_code', $code);
+		Config::inst()->update('SilverStripe\\Security\\BasicAuth', 'entire_site_protected_code', $code);
-		Config::inst()->update('BasicAuth', 'entire_site_protected_message', $message);
+		Config::inst()->update('SilverStripe\\Security\\BasicAuth', 'entire_site_protected_message', $message);
 	}
 
 	/**
@@ -143,7 +153,7 @@ class BasicAuth {
 	 * please use {@link protect_entire_site()}.
 	 */
 	public static function protect_site_if_necessary() {
-		$config = Config::inst()->forClass('BasicAuth');
+		$config = Config::inst()->forClass('SilverStripe\\Security\\BasicAuth');
 		if($config->entire_site_protected) {
 			self::requireLogin($config->entire_site_protected_message, $config->entire_site_protected_code, false);
 		}

Security/CMSMemberLoginForm.php

@@ -1,5 +1,19 @@
 <?php
 
+namespace SilverStripe\Security;
+
+use Controller;
+use FieldList;
+use HiddenField;
+use PasswordField;
+use LiteralField;
+use CheckboxField;
+use FormAction;
+use Session;
+use Convert;
+use SS_HTTPResponse;
+
+
 /**
  * Provides the in-cms session re-authentication form for the "member" authenticator
  *
@@ -8,7 +22,7 @@
  */
 class CMSMemberLoginForm extends LoginForm {
 
-	protected $authenticator_class = 'MemberAuthenticator';
+	protected $authenticator_class = 'SilverStripe\\Security\\MemberAuthenticator';
 
 	/**
 	 * Get link to use for external security actions
@@ -68,7 +82,7 @@ class CMSMemberLoginForm extends LoginForm {
 	/**
 	 * Try to authenticate the user
 	 *
-	 * @param array Submitted data
+	 * @param array $data Submitted data
 	 * @return Member Returns the member object on successful authentication
 	 *                or NULL on failure.
 	 */
@@ -89,6 +103,7 @@ class CMSMemberLoginForm extends LoginForm {
 	 * This method is called when the user clicks on "Log in"
 	 *
 	 * @param array $data Submitted data
+	 * @return \SS_HTTPResponse
 	 */
 	public function dologin($data) {
 		if($this->performLogin($data)) {
@@ -110,7 +125,7 @@ class CMSMemberLoginForm extends LoginForm {
 	 */
 	protected function redirectToChangePassword() {
 		// Since this form is loaded via an iframe, this redirect must be performed via javascript
-		$changePasswordForm = new ChangePasswordForm($this->controller, 'ChangePasswordForm');
+		$changePasswordForm = new ChangePasswordForm($this->controller, 'SilverStripe\\Security\\ChangePasswordForm');
 		$changePasswordForm->sessionMessage(
 			_t('Member.PASSWORDEXPIRED', 'Your password has expired. Please choose a new one.'),
 			'good'

Security/CMSSecurity.php

@@ -1,5 +1,16 @@
 <?php
 
+namespace SilverStripe\Security;
+
+use Requirements;
+use Controller;
+use Director;
+use Convert;
+use Session;
+use AdminRootController;
+use SS_HTTPResponse;
+
+
 /**
  * Provides a security interface functionality within the cms
  * @package framework
@@ -12,7 +23,7 @@ class CMSSecurity extends Security {
 	);
 
 	private static $allowed_actions = array(
-		'LoginForm',
+		'SilverStripe\\Security\\LoginForm',
 		'success'
 	);
 
@@ -43,6 +54,7 @@ class CMSSecurity extends Security {
 	}
 
 	public function Link($action = null) {
+		/** @skipUpgrade */
 		return Controller::join_links(Director::baseURL(), "CMSSecurity", $action);
 	}
 
@@ -173,7 +185,7 @@ PHP
 	}
 
 	public function getTemplatesFor($action) {
-		return array("CMSSecurity_{$action}", "CMSSecurity")
+		return array("CMSSecurity_{$action}", "SilverStripe\\Security\\CMSSecurity")
 			+ parent::getTemplatesFor($action);
 	}
 

Security/ChangePasswordForm.php

@@ -1,4 +1,17 @@
 <?php
+
+namespace SilverStripe\Security;
+
+use Form;
+use Session;
+use FieldList;
+use PasswordField;
+use FormAction;
+use HiddenField;
+use Director;
+use HTTP;
+use Convert;
+
 /**
  * Standard Change Password Form
  * @package framework

Security/Group.php

@@ -1,8 +1,33 @@
 <?php
 
+namespace SilverStripe\Security;
+
+
 use SilverStripe\ORM\ArrayList;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\ORM\HasManyList;
+use SilverStripe\ORM\ManyManyList;
 use SilverStripe\ORM\UnsavedRelationList;
+use Requirements;
+use FieldList;
+use TabSet;
+use Tab;
+use TextField;
+use DropdownField;
+use TextareaField;
+use Config;
+use GridFieldConfig_RelationEditor;
+use GridFieldButtonRow;
+use GridFieldExportButton;
+use GridFieldPrintButton;
+use GridField;
+use HTMLEditorConfig;
+use LiteralField;
+use ListboxField;
+use HiddenField;
+use InvalidArgumentException;
+use Convert;
+
 /**
  * A security group.
  *
@@ -35,23 +60,25 @@ class Group extends DataObject {
 	);
 
 	private static $has_one = array(
-		"Parent" => "Group",
+		"Parent" => "SilverStripe\\Security\\Group",
 	);
 
 	private static $has_many = array(
-		"Permissions" => "Permission",
+		"Permissions" => "SilverStripe\\Security\\Permission",
-		"Groups" => "Group"
+		"Groups" => "SilverStripe\\Security\\Group"
 	);
 
 	private static $many_many = array(
-		"Members" => "Member",
+		"Members" => "SilverStripe\\Security\\Member",
-		"Roles" => "PermissionRole",
+		"Roles" => "SilverStripe\\Security\\PermissionRole",
 	);
 
 	private static $extensions = array(
 		"SilverStripe\\ORM\\Hierarchy\\Hierarchy",
 	);
 
+	private static $table_name = "Group";
+
 	public function populateDefaults() {
 		parent::populateDefaults();
 
@@ -61,7 +88,7 @@ class Group extends DataObject {
 	public function getAllChildren() {
 		$doSet = new ArrayList();
 
-		$children = DataObject::get('Group')->filter("ParentID", $this->ID);
+		$children = Group::get()->filter("ParentID", $this->ID);
 		foreach($children as $child) {
 			$doSet->push($child);
 			$doSet->merge($child->getAllChildren());
@@ -94,7 +121,7 @@ class Group extends DataObject {
 					$permissionsField = new PermissionCheckboxSetField(
 						'Permissions',
 						false,
-						'Permission',
+						'SilverStripe\\Security\\Permission',
 						'GroupID',
 						$this
 					)
@@ -163,7 +190,7 @@ class Group extends DataObject {
 
 		// Only show the "Roles" tab if permissions are granted to edit them,
 		// and at least one role exists
-		if(Permission::check('APPLY_ROLES') && DataObject::get('PermissionRole')) {
+		if(Permission::check('APPLY_ROLES') && DataObject::get('SilverStripe\\Security\\PermissionRole')) {
 			$fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.ROLES', 'Roles'));
 			$fields->addFieldToTab('Root.Roles',
 				new LiteralField(
@@ -223,9 +250,8 @@ class Group extends DataObject {
 	}
 
 	/**
-	 *
+	 * @param bool $includerelations Indicate if the labels returned include relation fields
-	 * @param boolean $includerelations a boolean value to indicate if the labels returned include relation fields
+	 * @return array
-	 *
 	 */
 	public function fieldLabels($includerelations = true) {
 		$labels = parent::fieldLabels($includerelations);
@@ -358,7 +384,7 @@ class Group extends DataObject {
 			$inheritedCodes = Permission::get()
 				->filter('GroupID', $this->Parent()->collateAncestorIDs())
 				->column('Code');
-			$privilegedCodes = Config::inst()->get('Permission', 'privileged_permissions');
+			$privilegedCodes = Config::inst()->get('SilverStripe\\Security\\Permission', 'privileged_permissions');
 			if(array_intersect($inheritedCodes, $privilegedCodes)) {
 				$result->error(sprintf(
 					_t(
@@ -406,7 +432,7 @@ class Group extends DataObject {
 	 * @return boolean
 	 */
 	public function canEdit($member = null) {
-		if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) $member = Member::currentUser();
+		if(!$member || !(is_a($member, 'SilverStripe\\Security\\Member')) || is_numeric($member)) $member = Member::currentUser();
 
 		// extended access checks
 		$results = $this->extend('canEdit', $member);
@@ -436,7 +462,7 @@ class Group extends DataObject {
 	 * @return boolean
 	 */
 	public function canView($member = null) {
-		if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) $member = Member::currentUser();
+		if(!$member || !(is_a($member, 'SilverStripe\\Security\\Member')) || is_numeric($member)) $member = Member::currentUser();
 
 		// extended access checks
 		$results = $this->extend('canView', $member);
@@ -449,7 +475,7 @@ class Group extends DataObject {
 	}
 
 	public function canDelete($member = null) {
-		if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) $member = Member::currentUser();
+		if(!$member || !(is_a($member, 'SilverStripe\\Security\\Member')) || is_numeric($member)) $member = Member::currentUser();
 
 		// extended access checks
 		$results = $this->extend('canDelete', $member);
@@ -487,7 +513,7 @@ class Group extends DataObject {
 		parent::requireDefaultRecords();
 
 		// Add default author group if no other group exists
-		$allGroups = DataObject::get('Group');
+		$allGroups = DataObject::get('SilverStripe\\Security\\Group');
 		if(!$allGroups->count()) {
 			$authorGroup = new Group();
 			$authorGroup->Code = 'content-authors';

Security/GroupCsvBulkLoader.php

@@ -1,6 +1,11 @@
 <?php
 
+namespace SilverStripe\Security;
+
+
 use SilverStripe\ORM\DataObject;
+use CsvBulkLoader;
+
 /**
  * @todo Migrate Permission->Arg and Permission->Type values
  *
@@ -14,7 +19,7 @@ class GroupCsvBulkLoader extends CsvBulkLoader {
 	);
 
 	public function __construct($objectClass = null) {
-		if(!$objectClass) $objectClass = 'Group';
+		if(!$objectClass) $objectClass = 'SilverStripe\\Security\\Group';
 
 		parent::__construct($objectClass);
 	}
@@ -30,7 +35,7 @@ class GroupCsvBulkLoader extends CsvBulkLoader {
 		// are imported to avoid missing "early" references to parents
 		// which are imported later on in the CSV file.
 		if(isset($record['ParentCode']) && $record['ParentCode']) {
-			$parentGroup = DataObject::get_one('Group', array(
+			$parentGroup = DataObject::get_one('SilverStripe\\Security\\Group', array(
 				'"Group"."Code"' => $record['ParentCode']
 			));
 			if($parentGroup) {
@@ -43,7 +48,7 @@ class GroupCsvBulkLoader extends CsvBulkLoader {
 		// existing permissions arent cleared.
 		if(isset($record['PermissionCodes']) && $record['PermissionCodes']) {
 			foreach(explode(',', $record['PermissionCodes']) as $code) {
-				$p = DataObject::get_one('Permission', array(
+				$p = DataObject::get_one('SilverStripe\\Security\\Permission', array(
 					'"Permission"."Code"' => $code,
 					'"Permission"."GroupID"' => $group->ID
 				));

Security/LoginAttempt.php

@@ -1,6 +1,11 @@
 <?php
 
+namespace SilverStripe\Security;
+
+
 use SilverStripe\ORM\DataObject;
+
+
 /**
  * Record all login attempts through the {@link LoginForm} object.
  * This behaviour is disabled by default.
@@ -31,19 +36,14 @@ class LoginAttempt extends DataObject {
 	);
 
 	private static $has_one = array(
-		'Member' => 'Member', // only linked if the member actually exists
+		'Member' => 'SilverStripe\\Security\\Member', // only linked if the member actually exists
 	);
 
-	private static $has_many = array();
+	private static $table_name = "LoginAttempt";
-
-	private static $many_many = array();
-
-	private static $belongs_many_many = array();
 
 	/**
-	 *
+	 * @param bool $includerelations Indicate if the labels returned include relation fields
-	 * @param boolean $includerelations a boolean value to indicate if the labels returned include relation fields
+	 * @return array
-	 *
 	 */
 	public function fieldLabels($includerelations = true) {
 		$labels = parent::fieldLabels($includerelations);

Security/LoginForm.php

@@ -1,4 +1,10 @@
 <?php
+
+namespace SilverStripe\Security;
+
+use Form;
+use Injector;
+
 /**
  * Abstract base class for a login form
  *
@@ -27,7 +33,7 @@ abstract class LoginForm extends Form {
 	 * @return Authenticator Returns the authenticator instance for this login form.
 	 */
 	public function getAuthenticator() {
-		if(!class_exists($this->authenticator_class) || !is_subclass_of($this->authenticator_class, 'Authenticator')) {
+		if(!class_exists($this->authenticator_class) || !is_subclass_of($this->authenticator_class, 'SilverStripe\\Security\\Authenticator')) {
 			user_error("The form uses an invalid authenticator class! '{$this->authenticator_class}'"
 				. " is not a subclass of 'Authenticator'", E_USER_ERROR);
 			return;

Security/Member.php

@@ -1,6 +1,8 @@
 <?php
 
+namespace SilverStripe\Security;
 
+use SilverStripe\ORM\SS_Map;
 use SilverStripe\ORM\ValidationResult;
 use SilverStripe\ORM\FieldType\DBDatetime;
 use SilverStripe\ORM\DB;
@@ -10,7 +12,30 @@ use SilverStripe\ORM\SS_List;
 use SilverStripe\ORM\ArrayList;
 use SilverStripe\ORM\Queries\SQLSelect;
 use SilverStripe\ORM\ManyManyList;
-
+use SilverStripe\MSSQL\MSSQLDatabase;
+use TemplateGlobalProvider;
+use Deprecation;
+use i18n;
+use Director;
+use Session;
+use Cookie;
+use Config;
+use SapphireTest;
+use DateTime;
+use DropdownField;
+use ConfirmedPasswordField;
+use Injector;
+use TestMailer;
+use Email;
+use FieldList;
+use ListboxField;
+use Zend_Locale_Format;
+use Zend_Locale;
+use Zend_Date;
+use MemberDatetimeOptionsetField;
+use HTMLEditorConfig;
+use RequiredFields;
+use GridFieldDetailForm_ItemRequest;
 
 /**
  * The member class which represents the users of the system
@@ -63,19 +88,15 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	);
 
 	private static $belongs_many_many = array(
-		'Groups' => 'Group',
+		'Groups' => 'SilverStripe\\Security\\Group',
 	);
 
-	private static $has_one = array();
-
 	private static $has_many = array(
-		'LoggedPasswords' => 'MemberPassword',
+		'LoggedPasswords' => 'SilverStripe\\Security\\MemberPassword',
-		'RememberLoginHashes' => 'RememberLoginHash'
+		'RememberLoginHashes' => 'SilverStripe\\Security\\RememberLoginHash'
 	);
 
-	private static $many_many = array();
+	private static $table_name = "Member";
-
-	private static $many_many_extraFields = array();
 
 	private static $default_sort = '"Surname", "FirstName"';
 
@@ -133,7 +154,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 
 	/**
 	 * @config
-	 * @var Array See {@link set_title_columns()}
+	 * @var array See {@link set_title_columns()}
 	 */
 	private static $title_format = null;
 
@@ -148,8 +169,10 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	private static $unique_identifier_field = 'Email';
 
 	/**
+	 * Object for validating user's password
+	 *
 	 * @config
-	 * {@link PasswordValidator} object for validating user's password
+	 * @var PasswordValidator
 	 */
 	private static $password_validator = null;
 
@@ -243,8 +266,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
 		if(!Security::has_default_admin()) return null;
 
 		// Find or create ADMIN group
-		singleton('Group')->requireDefaultRecords();
+		Group::singleton()->requireDefaultRecords();
-		$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
+		$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
 
 		// Find member
 		$admin = Member::get()
@@ -423,6 +446,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
 
 	/**
 	 * Set a {@link PasswordValidator} object to use to validate member's passwords.
+	 *
+	 * @param PasswordValidator $pv
 	 */
 	public static function set_password_validator($pv) {
 		self::$password_validator = $pv;
@@ -430,6 +455,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
 
 	/**
 	 * Returns the current {@link PasswordValidator}
+	 *
+	 * @return PasswordValidator
 	 */
 	public static function password_validator() {
 		return self::$password_validator;
@@ -482,8 +509,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
 		}
 		if($remember) {
 			$rememberLoginHash = RememberLoginHash::generate($this);
-			$tokenExpiryDays = Config::inst()->get('RememberLoginHash', 'token_expiry_days');
+			$tokenExpiryDays = Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'token_expiry_days');
-			$deviceExpiryDays = Config::inst()->get('RememberLoginHash', 'device_expiry_days');
+			$deviceExpiryDays = Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'device_expiry_days');
 			Cookie::set('alc_enc', $this->ID . ':' . $rememberLoginHash->getToken(),
 				$tokenExpiryDays, null, null, null, true);
 			Cookie::set('alc_device', $rememberLoginHash->DeviceID, $deviceExpiryDays, null, null, null, true);
@@ -497,10 +524,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 		// Clear the incorrect log-in count
 		$this->registerSuccessfulLogin();
 
-		// Don't set column if its not built yet (the login might be precursor to a /dev/build...)
+		$this->LockedOutUntil = null;
-		if(array_key_exists('LockedOutUntil', DB::field_list('Member'))) {
-			$this->LockedOutUntil = null;
-		}
 
 		$this->regenerateTempID();
 
@@ -534,7 +558,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	 */
 	public static function logged_in_session_exists() {
 		if($id = Member::currentUserID()) {
-			if($member = DataObject::get_by_id('Member', $id)) {
+			if($member = DataObject::get_by_id('SilverStripe\\Security\\Member', $id)) {
 				if($member->exists()) return true;
 			}
 		}
@@ -570,7 +594,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 
 			$deviceID = Cookie::get('alc_device');
 
-			$member = Member::get()->byId($uid);
+			$member = Member::get()->byID($uid);
 
 			$rememberLoginHash = null;
 
@@ -606,7 +630,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 
 				if ($rememberLoginHash) {
 					$rememberLoginHash->renew();
-					$tokenExpiryDays = Config::inst()->get('RememberLoginHash', 'token_expiry_days');
+					$tokenExpiryDays = Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'token_expiry_days');
 					Cookie::set('alc_enc', $member->ID . ':' . $rememberLoginHash->getToken(),
 						$tokenExpiryDays, null, null, false, true);
 				}
@@ -652,6 +676,10 @@ class Member extends DataObject implements TemplateGlobalProvider {
 
 	/**
 	 * Utility for generating secure password hashes for this member.
+	 *
+	 * @param string $string
+	 * @return string
+	 * @throws PasswordEncryptor_NotFoundException
 	 */
 	public function encryptWithUserSettings($string) {
 		if (!$string) return null;
@@ -683,7 +711,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 			$generator = new RandomGenerator();
 			$token = $generator->randomToken();
 			$hash = $this->encryptWithUserSettings($token);
-		} while(DataObject::get_one('Member', array(
+		} while(DataObject::get_one('SilverStripe\\Security\\Member', array(
 			'"Member"."AutoLoginHash"' => $hash
 		)));
 
@@ -720,7 +748,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	public static function member_from_autologinhash($hash, $login = false) {
 
 		$nowExpression = DB::get_conn()->now();
-		$member = DataObject::get_one('Member', array(
+		$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
 			"\"Member\".\"AutoLoginHash\"" => $hash,
 			"\"Member\".\"AutoLoginExpired\" > $nowExpression" // NOW() can't be parameterised
 		));
@@ -815,7 +843,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	 * @return Member_Validator
 	 */
 	public function getValidator() {
-		$validator = Injector::inst()->create('Member_Validator');
+		$validator = Injector::inst()->create('SilverStripe\\Security\\Member_Validator');
 		$validator->setForMember($this);
 		$this->extend('updateValidator', $validator);
 
@@ -826,13 +854,13 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	/**
 	 * Returns the current logged in user
 	 *
-	 * @return Member|null
+	 * @return Member
 	 */
 	public static function currentUser() {
 		$id = Member::currentUserID();
 
 		if($id) {
-			return Member::get()->byId($id);
+			return Member::get()->byID($id);
 		}
 	}
 
@@ -860,7 +888,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	 * @return string Returns a random password.
 	 */
 	public static function create_new_password() {
-		$words = Config::inst()->get('Security', 'word_list');
+		$words = Config::inst()->get('SilverStripe\\Security\\Security', 'word_list');
 
 		if($words && file_exists($words)) {
 			$words = file($words);
@@ -897,7 +925,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 			if($this->ID) {
 				$filter[] = array('"Member"."ID" <> ?' => $this->ID);
 			}
-			$existingRecord = DataObject::get_one('Member', $filter);
+			$existingRecord = DataObject::get_one('SilverStripe\\Security\\Member', $filter);
 
 			if($existingRecord) {
 				throw new ValidationException(ValidationResult::create(false, _t(
@@ -1001,8 +1029,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	 * Filter out admin groups to avoid privilege escalation,
 	 * If any admin groups are requested, deny the whole save operation.
 	 *
-	 * @param Array $ids Database IDs of Group records
+	 * @param array $ids Database IDs of Group records
-	 * @return boolean True if the change can be accepted
+	 * @return bool True if the change can be accepted
 	 */
 	public function onChangeGroups($ids) {
 		// unless the current user is an admin already OR the logged in user is an admin
@@ -1042,9 +1070,9 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	 */
 	public function inGroup($group, $strict = false) {
 		if(is_numeric($group)) {
-			$groupCheckObj = DataObject::get_by_id('Group', $group);
+			$groupCheckObj = DataObject::get_by_id('SilverStripe\\Security\\Group', $group);
 		} elseif(is_string($group)) {
-			$groupCheckObj = DataObject::get_one('Group', array(
+			$groupCheckObj = DataObject::get_one('SilverStripe\\Security\\Group', array(
 				'"Group"."Code"' => $group
 			));
 		} elseif($group instanceof Group) {
@@ -1068,10 +1096,10 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	 * group code does not return a valid group object.
 	 *
 	 * @param string $groupcode
-	 * @param string Title of the group
+	 * @param string $title Title of the group
 	 */
 	public function addToGroupByCode($groupcode, $title = "") {
-		$group = DataObject::get_one('Group', array(
+		$group = DataObject::get_one('SilverStripe\\Security\\Group', array(
 			'"Group"."Code"' => $groupcode
 		));
 
@@ -1103,7 +1131,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	}
 
 	/**
-	 * @param Array $columns Column names on the Member record to show in {@link getTitle()}.
+	 * @param array $columns Column names on the Member record to show in {@link getTitle()}.
 	 * @param String $sep Separator
 	 */
 	public static function set_title_columns($columns, $sep = ' ') {
@@ -1151,24 +1179,28 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	 * Return a SQL CONCAT() fragment suitable for a SELECT statement.
 	 * Useful for custom queries which assume a certain member title format.
 	 *
-	 * @param String $tableName
 	 * @return String SQL
 	 */
-	public static function get_title_sql($tableName = 'Member') {
+	public static function get_title_sql() {
 		// This should be abstracted to SSDatabase concatOperator or similar.
 		$op = (DB::get_conn() instanceof MSSQLDatabase) ? " + " : " || ";
 
-		$format = self::config()->title_format;
+		// Get title_format with fallback to default
-		if ($format) {
+		$format = static::config()->title_format;
-			$columnsWithTablename = array();
+		if (!$format) {
-			foreach($format['columns'] as $column) {
+			$format = [
-				$columnsWithTablename[] = "\"$tableName\".\"$column\"";
+				'columns' => ['Surname', 'FirstName'],
-			}
+				'sep' => ' ',
-
+			];
-			return "(".join(" $op '".$format['sep']."' $op ", $columnsWithTablename).")";
-		} else {
-			return "(\"$tableName\".\"Surname\" $op ' ' $op \"$tableName\".\"FirstName\")";
 		}
+
+		$columnsWithTablename = array();
+		foreach($format['columns'] as $column) {
+			$columnsWithTablename[] = static::getSchema()->sqlColumnForField(__CLASS__, $column);
+		}
+
+		$sepSQL = \Convert::raw2sql($format['sep'], true);
+		return "(".join(" $op $sepSQL $op ", $columnsWithTablename).")";
 	}
 
 
@@ -1249,7 +1281,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	 * @return Member_Groupset
 	 */
 	public function Groups() {
-		$groups = Member_GroupSet::create('Group', 'Group_Members', 'GroupID', 'MemberID');
+		$groups = Member_GroupSet::create('SilverStripe\\Security\\Group', 'Group_Members', 'GroupID', 'MemberID');
 		$groups = $groups->forForeignID($this->ID);
 
 		$this->extend('updateGroups', $groups);
@@ -1326,7 +1358,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
 			}
 
 			$permsClause = DB::placeholders($perms);
-			$groups = DataObject::get('Group')
+			/** @skipUpgrade */
+			$groups = DataObject::get('SilverStripe\\Security\\Group')
 				->innerJoin("Permission", '"Permission"."GroupID" = "Group"."ID"')
 				->where(array(
 					"\"Permission\".\"Code\" IN ($permsClause)" => $perms
@@ -1343,6 +1376,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 			$groupIDList = $groups;
 		}
 
+		/** @skipUpgrade */
 		$members = Member::get()
 			->innerJoin("Group_Members", '"Group_Members"."MemberID" = "Member"."ID"')
 			->innerJoin("Group", '"Group"."ID" = "Group_Members"."GroupID"');
@@ -1429,7 +1463,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 				}
 				asort($groupsMap);
 				$fields->addFieldToTab('Root.Main',
-					ListboxField::create('DirectGroups', singleton('Group')->i18n_plural_name())
+					ListboxField::create('DirectGroups', singleton('SilverStripe\\Security\\Group')->i18n_plural_name())
 						->setSource($groupsMap)
 						->setAttribute(
 							'data-placeholder',
@@ -1445,12 +1479,12 @@ class Member extends DataObject implements TemplateGlobalProvider {
 					$permissionsField = new PermissionCheckboxSetField_Readonly(
 						'Permissions',
 						false,
-						'Permission',
+						'SilverStripe\\Security\\Permission',
 						'GroupID',
 						// we don't want parent relationships, they're automatically resolved in the field
 						$self->getManyManyComponents('Groups')
 					);
-					$fields->findOrMakeTab('Root.Permissions', singleton('Permission')->i18n_plural_name());
+					$fields->findOrMakeTab('Root.Permissions', singleton('SilverStripe\\Security\\Permission')->i18n_plural_name());
 					$fields->addFieldToTab('Root.Permissions', $permissionsField);
 				}
 			}
@@ -1499,9 +1533,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	}
 
 	/**
-	 *
+	 * @param bool $includerelations Indicate if the labels returned include relation fields
-	 * @param boolean $includerelations a boolean value to indicate if the labels returned include relation fields
+	 * @return array
-	 *
 	 */
 	public function fieldLabels($includerelations = true) {
 		$labels = parent::fieldLabels($includerelations);
@@ -1522,11 +1555,14 @@ class Member extends DataObject implements TemplateGlobalProvider {
 		return $labels;
 	}
 
-    /**
+	/**
-     * Users can view their own record.
+	 * Users can view their own record.
-     * Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions.
+	 * Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions.
-     * This is likely to be customized for social sites etc. with a looser permission model.
+	 * This is likely to be customized for social sites etc. with a looser permission model.
-     */
+	 *
+	 * @param Member $member
+	 * @return bool
+	 */
     public function canView($member = null) {
         //get member
         if(!($member instanceof Member)) {
@@ -1549,10 +1585,14 @@ class Member extends DataObject implements TemplateGlobalProvider {
         //standard check
         return Permission::checkMember($member, 'CMS_ACCESS_SecurityAdmin');
     }
-    /**
+
-     * Users can edit their own record.
+	/**
-     * Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions
+	 * Users can edit their own record.
-     */
+	 * Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions
+	 *
+	 * @param Member $member
+	 * @return bool
+	 */
     public function canEdit($member = null) {
         //get member
         if(!($member instanceof Member)) {
@@ -1583,6 +1623,9 @@ class Member extends DataObject implements TemplateGlobalProvider {
     /**
      * Users can edit their own record.
      * Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions
+	 *
+	 * @param Member $member
+	 * @return bool
      */
     public function canDelete($member = null) {
         if(!($member instanceof Member)) {
@@ -1641,7 +1684,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	 * Change password. This will cause rehashing according to
 	 * the `PasswordEncryption` property.
 	 *
-	 * @param String $password Cleartext password
+	 * @param string $password Cleartext password
+	 * @return ValidationResult
 	 */
 	public function changePassword($password) {
 		$this->Password = $password;
@@ -1755,7 +1799,7 @@ class Member_GroupSet extends ManyManyList {
 		$allGroupIDs = array();
 		while($groupIDs) {
 			$allGroupIDs = array_merge($allGroupIDs, $groupIDs);
-			$groupIDs = DataObject::get("Group")->byIDs($groupIDs)->column("ParentID");
+			$groupIDs = DataObject::get("SilverStripe\\Security\\Group")->byIDs($groupIDs)->column("ParentID");
 			$groupIDs = array_filter($groupIDs);
 		}
 
@@ -1811,7 +1855,7 @@ class Member_GroupSet extends ManyManyList {
 	protected function getMember() {
 		$id = $this->getForeignID();
 		if($id) {
-			return DataObject::get_by_id('Member', $id);
+			return DataObject::get_by_id('SilverStripe\\Security\\Member', $id);
 		}
 	}
 }

Security/MemberAuthenticator.php

@@ -1,6 +1,14 @@
 <?php
 
+namespace SilverStripe\Security;
+
+
 use SilverStripe\ORM\ValidationResult;
+use InvalidArgumentException;
+use Controller;
+use Form;
+use Session;
+
 /**
  * Authenticator for the default "member" method
  *
@@ -123,7 +131,7 @@ class MemberAuthenticator extends Authenticator {
 
 			} else {
 				// Audit logging hook
-				singleton('Member')->extend('authenticationFailedUnknownUser', $data);
+				Member::singleton()->extend('authenticationFailedUnknownUser', $data);
 			}
 		}
 
@@ -170,16 +178,18 @@ class MemberAuthenticator extends Authenticator {
 	/**
 	 * Method that creates the login form for this authentication method
 	 *
-	 * @param Controller The parent controller, necessary to create the
+	 * @param Controller $controller The parent controller, necessary to create the
 	 *                   appropriate form action tag
 	 * @return Form Returns the login form to use with this authentication
 	 *              method
 	 */
 	public static function get_login_form(Controller $controller) {
+		/** @skipUpgrade */
 		return MemberLoginForm::create($controller, "LoginForm");
 	}
 
 	public static function get_cms_login_form(\Controller $controller) {
+		/** @skipUpgrade */
 		return CMSMemberLoginForm::create($controller, "LoginForm");
 	}
 

Security/MemberCsvBulkLoader.php

@@ -1,6 +1,12 @@
 <?php
 
+namespace SilverStripe\Security;
+
+
 use SilverStripe\ORM\DataObject;
+use CsvBulkLoader;
+use Convert;
+
 /**
  * Imports member records, and checks/updates duplicates based on their
  * 'Email' property.
@@ -17,7 +23,7 @@ class MemberCsvBulkLoader extends CsvBulkLoader {
 	protected $groups = array();
 
 	public function __construct($objectClass = null) {
-		if(!$objectClass) $objectClass = 'Member';
+		if(!$objectClass) $objectClass = 'SilverStripe\\Security\\Member';
 
 		parent::__construct($objectClass);
 	}
@@ -64,14 +70,14 @@ class MemberCsvBulkLoader extends CsvBulkLoader {
 	}
 
 	/**
-	 * @param Array $groups
+	 * @param array $groups
 	 */
 	public function setGroups($groups) {
 		$this->groups = $groups;
 	}
 
 	/**
-	 * @return Array
+	 * @return array
 	 */
 	public function getGroups() {
 		return $this->groups;

Security/MemberLoginForm.php

@@ -1,4 +1,24 @@
 <?php
+
+namespace SilverStripe\Security;
+
+use Director;
+use Requirements;
+use Session;
+use FieldList;
+use HiddenField;
+use FormAction;
+use SS_HTTPResponse;
+use TextField;
+use PasswordField;
+use CheckboxField;
+use Config;
+use LiteralField;
+use RequiredFields;
+use Controller;
+use Convert;
+use Email;
+
 /**
  * Log-in form for the "member" authentication method.
  *
@@ -20,7 +40,7 @@ class MemberLoginForm extends LoginForm {
 	 */
 	public $loggedInAsField = 'FirstName';
 
-	protected $authenticator_class = 'MemberAuthenticator';
+	protected $authenticator_class = 'SilverStripe\\Security\\MemberAuthenticator';
 
 	/**
 	 * Since the logout and dologin actions may be conditionally removed, it's necessary to ensure these
@@ -38,7 +58,7 @@ class MemberLoginForm extends LoginForm {
 	 *                               create the appropriate form action tag.
 	 * @param string $name The method on the controller that will return this
 	 *                     form object.
-	 * @param FieldList|FormField $fields All of the fields in the form - a
+	 * @param FieldList $fields All of the fields in the form - a
 	 *                                   {@link FieldList} of {@link FormField}
 	 *                                   objects.
 	 * @param FieldList|FormAction $actions All of the action buttons in the
@@ -47,7 +67,6 @@ class MemberLoginForm extends LoginForm {
 	 * @param bool $checkCurrentUser If set to TRUE, it will be checked if a
 	 *                               the user is currently logged in, and if
 	 *                               so, only a logout button will be rendered
-	 * @param string $authenticatorClassName Name of the authenticator class that this form uses.
 	 */
 	public function __construct($controller, $name, $fields = null, $actions = null,
 								$checkCurrentUser = true) {
@@ -75,7 +94,7 @@ class MemberLoginForm extends LoginForm {
 			);
 		} else {
 			if(!$fields) {
-				$label=singleton('Member')->fieldLabel(Member::config()->unique_identifier_field);
+				$label=singleton('SilverStripe\\Security\\Member')->fieldLabel(Member::config()->unique_identifier_field);
 				$fields = FieldList::create(
 					HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this),
 					// Regardless of what the unique identifer field is (usually 'Email'), it will be held in the
@@ -99,7 +118,7 @@ class MemberLoginForm extends LoginForm {
 							'title',
 							sprintf(
 								_t('Member.REMEMBERME', "Remember me next time? (for %d days on this device)"),
-								Config::inst()->get('RememberLoginHash', 'token_expiry_days')
+								Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'token_expiry_days')
 							)
 						)
 					);
@@ -212,7 +231,7 @@ JS;
 			if(isset($_REQUEST['BackURL']) && $backURL = $_REQUEST['BackURL']) {
 				Session::set('BackURL', $backURL);
 			}
-			$cp = ChangePasswordForm::create($this->controller, 'ChangePasswordForm');
+			$cp = ChangePasswordForm::create($this->controller, 'SilverStripe\\Security\\ChangePasswordForm');
 			$cp->sessionMessage(
 				_t('Member.PASSWORDEXPIRED', 'Your password has expired. Please choose a new one.'),
 				'good'
@@ -275,7 +294,7 @@ JS;
 	/**
 	 * Try to authenticate the user
 	 *
-	 * @param array Submitted data
+	 * @param array $data Submitted data
 	 * @return Member Returns the member object on successful authentication
 	 *                or NULL on failure.
 	 */
@@ -300,6 +319,7 @@ JS;
 	 * in the form detailing why the action was denied.
 	 *
 	 * @param array $data Submitted data
+	 * @return SS_HTTPResponse
 	 */
 	public function forgotPassword($data) {
 		// Ensure password is given

Security/MemberPassword.php

@@ -1,6 +1,11 @@
 <?php
 
+namespace SilverStripe\Security;
+
+
 use SilverStripe\ORM\DataObject;
+
+
 /**
  * Keep track of users' previous passwords, so that we can check that new passwords aren't changed back to old ones.
  * @package framework
@@ -22,18 +27,16 @@ class MemberPassword extends DataObject {
 	);
 
 	private static $has_one = array(
-		'Member' => 'Member'
+		'Member' => 'SilverStripe\\Security\\Member'
 	);
-
+	
-	private static $has_many = array();
+	private static $table_name = "MemberPassword";
-
-	private static $many_many = array();
-
-	private static $belongs_many_many = array();
 
 	/**
 	 * Log a password change from the given member.
 	 * Call MemberPassword::log($this) from within Member whenever the password is changed.
+	 *
+	 * @param Member $member
 	 */
 	public static function log($member) {
 		$record = new MemberPassword();

Security/PasswordEncryptor.php

@@ -1,6 +1,13 @@
 <?php
 
+namespace SilverStripe\Security;
+
+
 use SilverStripe\ORM\DB;
+use Config;
+use ReflectionClass;
+use Exception;
+
 /**
  * Allows pluggable password encryption.
  * By default, this might be PHP's integrated sha1()
@@ -22,10 +29,10 @@ abstract class PasswordEncryptor {
 	private static $encryptors = array();
 
 	/**
-	 * @return Array Map of encryptor code to the used class.
+	 * @return array Map of encryptor code to the used class.
 	 */
 	public static function get_encryptors() {
-		return Config::inst()->get('PasswordEncryptor', 'encryptors');
+		return Config::inst()->get('SilverStripe\\Security\\PasswordEncryptor', 'encryptors');
 	}
 
 	/**
@@ -73,9 +80,9 @@ abstract class PasswordEncryptor {
 	 *
 	 * @uses RandomGenerator
 	 *
-	 * @param String $password Cleartext password
+	 * @param string $password Cleartext password
 	 * @param Member $member (Optional)
-	 * @return String Maximum of 50 characters
+	 * @return string Maximum of 50 characters
 	 */
 	public function salt($password, $member = null) {
 		$generator = new RandomGenerator();
@@ -87,6 +94,12 @@ abstract class PasswordEncryptor {
 	 * but is necessary for retain compatibility with password hashed
 	 * with flawed algorithms - see {@link PasswordEncryptor_LegacyPHPHash} and
 	 * {@link PasswordEncryptor_Blowfish}
+	 *
+	 * @param string $hash
+	 * @param string $password
+	 * @param string $salt
+	 * @param Member $member
+	 * @return bool
 	 */
 	public function check($hash, $password, $salt = null, $member = null) {
 		return $hash === $this->encrypt($password, $salt, $member);
@@ -129,8 +142,7 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
 	/**
 	 * Gets the cost that is set for the blowfish algorithm
 	 *
-	 * @param int $cost
+	 * @return int
-	 * @return null
 	 */
 	public static function get_cost() {
 		return self::$cost;
@@ -242,6 +254,10 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
 
 	/**
 	 * self::$cost param is forced to be two digits with leading zeroes for ints 4-9
+	 *
+	 * @param string $password
+	 * @param Member $member
+	 * @return string
 	 */
 	public function salt($password, $member = null) {
 		$generator = new RandomGenerator();
@@ -274,7 +290,8 @@ class PasswordEncryptor_PHPHash extends PasswordEncryptor {
 	protected $algorithm = 'sha1';
 
 	/**
-	 * @param String $algorithm A PHP built-in hashing algorithm as defined by hash_algos()
+	 * @param string $algorithm A PHP built-in hashing algorithm as defined by hash_algos()
+	 * @throws Exception
 	 */
 	public function __construct($algorithm) {
 		if(!in_array($algorithm, hash_algos())) {

Security/PasswordValidator.php

@@ -1,6 +1,11 @@
 <?php
 
+namespace SilverStripe\Security;
+
+
 use SilverStripe\ORM\ValidationResult;
+use Object;
+
 
 /**
  * This class represents a validator for member passwords.

Security/Permission.php

@@ -1,8 +1,16 @@
 <?php
 
+namespace SilverStripe\Security;
+
+
 use SilverStripe\ORM\DB;
 use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\ArrayList;
+use SilverStripe\ORM\SS_List;
+use TemplateGlobalProvider;
+use ClassInfo;
+use TestOnly;
+
 /**
  * Represents a permission assigned to a group.
  * @package framework
@@ -25,20 +33,20 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 		"Arg" => "Int",
 		"Type" => "Int(1)"
 	);
+
 	private static $has_one = array(
-		"Group" => "Group"
+		"Group" => "SilverStripe\\Security\\Group"
 	);
+
 	private static $indexes = array(
 		"Code" => true
 	);
+
 	private static $defaults = array(
 		"Type" => 1
 	);
-	private static $has_many = array();
 
-	private static $many_many = array();
+	private static $table_name = "Permission";
-
-	private static $belongs_many_many = array();
 
 	/**
 	 * This is the value to use for the "Type" field if a permission should be
@@ -63,7 +71,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 	 * Method to globally disable "strict" checking, which means a permission
 	 * will be granted if the key does not exist at all.
 	 *
-	 * @var bool
+	 * @var array
 	 */
 	private static $declared_permissions = null;
 
@@ -172,10 +180,14 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 		}
 
 		// Turn the code into an array as we may need to add other permsissions to the set we check
-		if(!is_array($code)) $code = array($code);
+		if(!is_array($code)) {
+			$code = array($code);
+		}
+
+		// Check if admin should be treated as holding all permissions
+		$adminImpliesAll = (bool)static::config()->admin_implies_all;
 
 		if($arg == 'any') {
-			$adminImpliesAll = (bool)Config::inst()->get('Permission', 'admin_implies_all');
 			// Cache the permissions in memory
 			if(!isset(self::$cache_permissions[$memberID])) {
 				self::$cache_permissions[$memberID] = self::permissions_for_member($memberID);
@@ -208,8 +220,8 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 		// Code filters
 		$codeParams = is_array($code) ? $code : array($code);
 		$codeClause = DB::placeholders($codeParams);
-		$adminParams = (self::$admin_implies_all) ? array('ADMIN') : array();
+		$adminParams = $adminImpliesAll ? array('ADMIN') : array();
-		$adminClause = (self::$admin_implies_all) ?  ", ?" : '';
+		$adminClause = $adminImpliesAll ?  ", ?" : '';
 
 		// The following code should only be used if you're not using the "any" arg.  This is kind
 		// of obselete functionality and could possibly be deprecated.
@@ -235,7 +247,6 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 					user_error("Permission::checkMember: bad arg '$arg'", E_USER_ERROR);
 				}
 		}
-		$adminFilter = (Config::inst()->get('Permission', 'admin_implies_all')) ?  ",'ADMIN'" : '';
 
 		// Raw SQL for efficiency
 		$permission = DB::prepared_query(
@@ -259,7 +270,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 		if($permission) return $permission;
 
 		// Strict checking disabled?
-		if(!Config::inst()->get('Permission', 'strict_checking') || !$strict) {
+		if(!static::config()->strict_checking || !$strict) {
 			$hasPermission = DB::prepared_query(
 				"SELECT COUNT(*)
 				FROM \"Permission\"
@@ -270,7 +281,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 				array_merge($codeParams, array(self::GRANT_PERMISSION))
 			)->value();
 
-			if(!$hasPermission) return;
+			if(!$hasPermission) return false;
 		}
 
 		return false;
@@ -279,6 +290,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 	/**
 	 * Get all the 'any' permission codes available to the given member.
 	 *
+	 * @param int $memberID
 	 * @return array
 	 */
 	public static function permissions_for_member($memberID) {
@@ -332,7 +344,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 			if($member && isset($_SESSION['Permission_groupList'][$member->ID]))
 				return $_SESSION['Permission_groupList'][$member->ID];
 		} else {
-			$member = DataObject::get_by_id("Member", $memberID);
+			$member = DataObject::get_by_id("SilverStripe\\Security\\Member", $memberID);
 		}
 
 		if($member) {
@@ -364,7 +376,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 	 *
 	 * @param int $groupID The ID of the group
 	 * @param string $code The permission code
-	 * @param string Optional: The permission argument (e.g. a page ID).
+	 * @param string $arg Optional: The permission argument (e.g. a page ID).
 	 * @returns Permission Returns the new permission object.
 	 */
 	public static function grant($groupID, $code, $arg = "any") {
@@ -379,6 +391,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 				break;
 			case "all":
 				$perm->Arg = -1;
+				break;
 			default:
 				if(is_numeric($arg)) {
 					$perm->Arg = $arg;
@@ -398,7 +411,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 	 *
 	 * @param int $groupID The ID of the group
 	 * @param string $code The permission code
-	 * @param string Optional: The permission argument (e.g. a page ID).
+	 * @param string $arg Optional: The permission argument (e.g. a page ID).
 	 * @returns Permission Returns the new permission object.
 	 */
 	public static function deny($groupID, $code, $arg = "any") {
@@ -413,6 +426,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 				break;
 			case "all":
 				$perm->Arg = -1;
+				break;
 			default:
 				if(is_numeric($arg)) {
 					$perm->Arg = $arg;
@@ -448,6 +462,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 		if(empty($groupIDs)) return new ArrayList();
 
 		$groupClause = DB::placeholders($groupIDs);
+		/** @skipUpgrade */
 		$members = Member::get()
 			->where(array("\"Group\".\"ID\" IN ($groupClause)" => $groupIDs))
 			->leftJoin("Group_Members", '"Member"."ID" = "Group_Members"."MemberID"')
@@ -458,7 +473,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 
 	/**
 	 * Return all of the groups that have one of the given permission codes
-	 * @param $codes array|string Either a single permission code, or an array of permission codes
+	 * @param array|string $codes Either a single permission code, or an array of permission codes
 	 * @return SS_List The matching group objects
 	 */
 	public static function get_groups_by_permission($codes) {
@@ -466,7 +481,8 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 		$codeClause = DB::placeholders($codeParams);
 
 		// Via Roles are groups that have the permission via a role
-		return DataObject::get('Group')
+		/** @skipUpgrade */
+		return Group::get()
 			->where(array(
 				"\"PermissionRoleCode\".\"Code\" IN ($codeClause) OR \"Permission\".\"Code\" IN ($codeClause)"
 				=> array_merge($codeParams, $codeParams)
@@ -491,7 +507,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 	 *  suitable for using in an interface.
 	 */
 	public static function get_codes($grouped = true) {
-		$classes = ClassInfo::implementorsOf('PermissionProvider');
+		$classes = ClassInfo::implementorsOf('SilverStripe\\Security\\PermissionProvider');
 
 		$allCodes = array();
 		$adminCategory = _t('Permission.AdminGroup', 'Administrator');
@@ -571,6 +587,9 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 	/**
 	 * Sort permissions based on their sort value, or name
 	 *
+	 * @param array $a
+	 * @param array $b
+	 * @return int
 	 */
 	public static function sort_permissions($a, $b) {
 		if ($a['sort'] == $b['sort']) {
@@ -582,48 +601,6 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 		}
 	}
 
-	/**
-	 * add a permission represented by the $code to the {@link slef::$hidden_permissions} list
-	 *
-	 * @deprecated 4.0 Use "Permission.hidden_permissions" config setting instead
-	 * @param $code string - the permissions code
-	 * @return void
-	 */
-	public static function add_to_hidden_permissions($code){
-		if(is_string($codes)) $codes = array($codes);
-		Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
-		Config::inst()->update('Permission', 'hidden_permissions', $codes);
-	}
-
-	/**
-	 * remove a permission represented by the $code from the {@link slef::$hidden_permissions} list
-	 *
-	 * @deprecated 4.0 Use "Permission.hidden_permissions" config setting instead
-	 * @param $code string - the permissions code
-	 * @return void
-	 */
-	public static function remove_from_hidden_permissions($code){
-		if(is_string($codes)) $codes = array($codes);
-		Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
-		Config::inst()->remove('Permission', 'hidden_permissions', $codes);
-	}
-
-	/**
-	 * Declare an array of permissions for the system.
-	 *
-	 * Permissions can be grouped by nesting arrays. Scalar values are always
-	 * treated as permissions.
-	 *
-	 * @deprecated 4.0 Use "Permission.declared_permissions" config setting instead
-	 * @param array $permArray A (possibly nested) array of permissions to
-	 *                         declare for the system.
-	 */
-	public static function declare_permissions($permArray) {
-		Deprecation::notice('4.0', 'Use "Permission.declared_permissions" config setting instead');
-		self::config()->declared_permissions = $permArray;
-	}
-
-
 	/**
 	 * Get a linear list of the permissions in the system.
 	 *
@@ -638,8 +615,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 
 		self::$declared_permissions_list = array();
 
-		self::traverse_declared_permissions(self::$declared_permissions,
+		self::traverse_declared_permissions(self::$declared_permissions, self::$declared_permissions_list);
-																				self::$declared_permissions_list);
 
 		return self::$declared_permissions_list;
 	}
@@ -647,8 +623,8 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 	/**
 	 * Look up the human-readable title for the permission as defined by <code>Permission::declare_permissions</code>
 	 *
-	 * @param $perm Permission code
+	 * @param string $perm Permission code
-	 * @return Label for the given permission, or the permission itself if the label doesn't exist
+	 * @return string Label for the given permission, or the permission itself if the label doesn't exist
 	 */
 	public static function get_label_for_permission($perm) {
 		$list = self::get_declared_permissions_list();
@@ -660,8 +636,8 @@ class Permission extends DataObject implements TemplateGlobalProvider {
 	 * Recursively traverse the nested list of declared permissions and create
 	 * a linear list.
 	 *
-	 * @param aeeay $declared Nested structure of permissions.
+	 * @param array $declared Nested structure of permissions.
-	 * @param $list List of permissions in the structure. The result will be
+	 * @param array $list List of permissions in the structure. The result will be
 	 *              written to this array.
 	 */
 	protected static function traverse_declared_permissions($declared, &$list) {

Security/PermissionCheckboxSetField.php

@@ -1,10 +1,19 @@
 <?php
 
+namespace SilverStripe\Security;
 
+
+
+use SilverStripe\ORM\FieldType\DBHTMLText;
 use SilverStripe\ORM\SS_List;
 use SilverStripe\ORM\ArrayList;
 use SilverStripe\ORM\FieldType\DBField;
 use SilverStripe\ORM\DataObjectInterface;
+use FormField;
+use InvalidArgumentException;
+use Requirements;
+use Config;
+
 
 
 /**
@@ -21,7 +30,7 @@ use SilverStripe\ORM\DataObjectInterface;
 class PermissionCheckboxSetField extends FormField {
 
 	/**
-	 * @var Array Filter certain permission codes from the output.
+	 * @var array Filter certain permission codes from the output.
 	 * Useful to simplify the interface
 	 */
 	protected $hiddenPermissions = array();
@@ -66,14 +75,14 @@ class PermissionCheckboxSetField extends FormField {
 	}
 
 	/**
-	 * @param Array $codes
+	 * @param array $codes
 	 */
 	public function setHiddenPermissions($codes) {
 		$this->hiddenPermissions = $codes;
 	}
 
 	/**
-	 * @return Array
+	 * @return array
 	 */
 	public function getHiddenPermissions() {
 		return $this->hiddenPermissions;
@@ -81,7 +90,7 @@ class PermissionCheckboxSetField extends FormField {
 
 	/**
 	 * @param array $properties
-	 * @return HTMLText
+	 * @return DBHTMLText
 	 */
 	public function Field($properties = array()) {
 		Requirements::css(FRAMEWORK_DIR . '/client/dist/styles/CheckboxSetField.css');
@@ -96,7 +105,7 @@ class PermissionCheckboxSetField extends FormField {
 			$record = $this->form->getRecord();
 			if(
 				$record
-				&& (is_a($record, 'Group') || is_a($record, 'PermissionRole'))
+				&& ($record instanceof Group || $record instanceof PermissionRole)
 				&& !$records->find('ID', $record->ID)
 			) {
 				$records->push($record);
@@ -117,7 +126,7 @@ class PermissionCheckboxSetField extends FormField {
 
 			// Special case for Group records (not PermissionRole):
 			// Determine inherited assignments
-			if(is_a($record, 'Group')) {
+			if(is_a($record, 'SilverStripe\\Security\\Group')) {
 				// Get all permissions from roles
 				if ($record->Roles()->Count()) {
 					foreach($record->Roles() as $role) {
@@ -172,7 +181,7 @@ class PermissionCheckboxSetField extends FormField {
 
 		$odd = 0;
 		$options = '';
-		$globalHidden = (array)Config::inst()->get('Permission', 'hidden_permissions');
+		$globalHidden = (array)Config::inst()->get('SilverStripe\\Security\\Permission', 'hidden_permissions');
 		if($this->source) {
 			$privilegedPermissions = Permission::config()->privileged_permissions;
 
@@ -188,7 +197,7 @@ class PermissionCheckboxSetField extends FormField {
 					$odd = ($odd + 1) % 2;
 					$extraClass = $odd ? 'odd' : 'even';
 					$extraClass .= ' val' . str_replace(' ', '', $code);
-					$itemID = $this->id() . '_' . preg_replace('/[^a-zA-Z0-9]+/', '', $code);
+					$itemID = $this->ID() . '_' . preg_replace('/[^a-zA-Z0-9]+/', '', $code);
 					$checked = $disabled = $inheritMessage = '';
 					$checked = (isset($uninheritedCodes[$code]) || isset($inheritedCodes[$code]))
 						? ' checked="checked"'
@@ -240,7 +249,7 @@ class PermissionCheckboxSetField extends FormField {
 		}
 		if($this->readonly) {
 			return DBField::create_field('HTMLText',
-				"<ul id=\"{$this->id()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" .
+				"<ul id=\"{$this->ID()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" .
 				"<li class=\"help\">" .
 				_t(
 					'Permissions.UserPermissionsIntro',
@@ -253,7 +262,7 @@ class PermissionCheckboxSetField extends FormField {
 			);
 		} else {
 			return DBField::create_field('HTMLText',
-			    "<ul id=\"{$this->id()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" .
+			    "<ul id=\"{$this->ID()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" .
 				$options .
 				"</ul>\n"
 			);
@@ -263,7 +272,7 @@ class PermissionCheckboxSetField extends FormField {
 	/**
 	 * Update the permission set associated with $record DataObject
 	 *
-	 * @param DataObject $record
+	 * @param DataObjectInterface $record
 	 */
 	public function saveInto(DataObjectInterface $record) {
 		$fieldname = $this->name;

Security/PermissionFailureException.php

@@ -1,4 +1,9 @@
 <?php
+
+namespace SilverStripe\Security;
+
+use Exception;
+
 /**
  * Throw this exception to register that a user doesn't have permission to do the given action
  * and potentially redirect them to the log-in page.  The exception message may be presented to the

Security/PermissionProvider.php

@@ -1,4 +1,9 @@
 <?php
+
+namespace SilverStripe\Security;
+
+
+
 /**
  * Used to let classes provide new permission codes.
  * Every implementor of PermissionProvider is accessed and providePermissions() called to get the full list of

Security/PermissionRole.php

@@ -1,6 +1,12 @@
 <?php
 
+namespace SilverStripe\Security;
+
+
 use SilverStripe\ORM\DataObject;
+use SilverStripe\ORM\HasManyList;
+use SilverStripe\ORM\ManyManyList;
+
 /**
  * A PermissionRole represents a collection of permission codes that can be applied to groups.
  *
@@ -28,13 +34,15 @@ class PermissionRole extends DataObject {
 	);
 
 	private static $has_many = array(
-		"Codes" => "PermissionRoleCode",
+		"Codes" => "SilverStripe\\Security\\PermissionRoleCode",
 	);
 
 	private static $belongs_many_many = array(
-		"Groups" => "Group",
+		"Groups" => "SilverStripe\\Security\\Group",
 	);
 
+	private static $table_name = "PermissionRole";
+
 	private static $default_sort = '"Title"';
 
 	private static $singular_name = 'Role';
@@ -51,13 +59,13 @@ class PermissionRole extends DataObject {
 			'Root.Main',
 			$permissionField = new PermissionCheckboxSetField(
 				'Codes',
-				singleton('Permission')->i18n_plural_name(),
+				Permission::singleton()->i18n_plural_name(),
-				'PermissionRoleCode',
+				'SilverStripe\\Security\\PermissionRoleCode',
 				'RoleID'
 			)
 		);
 		$permissionField->setHiddenPermissions(
-			Config::inst()->get('Permission', 'hidden_permissions')
+			Permission::config()->hidden_permissions
 		);
 
 		return $fields;

Security/PermissionRoleCode.php

@@ -1,6 +1,9 @@
 <?php
 
+namespace SilverStripe\Security;
+
 use SilverStripe\ORM\DataObject;
+
 /**
  * A PermissionRoleCode represents a single permission code assigned to a {@link PermissionRole}.
  *
@@ -19,14 +22,16 @@ class PermissionRoleCode extends DataObject {
 	);
 
 	private static $has_one = array(
-		"Role" => "PermissionRole",
+		"Role" => "SilverStripe\\Security\\PermissionRole",
 	);
 
+	private static $table_name = "PermissionRoleCode";
+
 	public function validate() {
 		$result = parent::validate();
 
 		// Check that new code doesn't increase privileges, unless an admin is editing.
-		$privilegedCodes = Config::inst()->get('Permission', 'privileged_permissions');
+		$privilegedCodes = Permission::config()->privileged_permissions;
 		if(
 			$this->Code
 			&& in_array($this->Code, $privilegedCodes)

Security/RandomGenerator.php

@@ -1,4 +1,9 @@
 <?php
+
+namespace SilverStripe\Security;
+
+use Exception;
+
 /**
  * Generates entropy values based on strongest available methods
  * (mcrypt_create_iv(), openssl_random_pseudo_bytes(), /dev/urandom, COM.CAPICOM.Utilities.1, mt_rand()).
@@ -46,7 +51,7 @@ class RandomGenerator {
 		// try to read from the windows RNG
 		if($isWin && class_exists('COM')) {
 			try {
-				$comObj = new COM('CAPICOM.Utilities.1');
+				$comObj = new \COM('CAPICOM.Utilities.1');
 
 				if(is_callable(array($comObj,'GetRandom'))) {
 					return  base64_decode($comObj->GetRandom(64, 0));

Security/RememberLoginHash.php

@@ -1,7 +1,13 @@
 <?php
 
+namespace SilverStripe\Security;
+
+
 use SilverStripe\ORM\FieldType\DBDatetime;
 use SilverStripe\ORM\DataObject;
+use DateTime;
+use DateInterval;
+
 /**
  * Persists a token associated with a device for users who opted for the "Remember Me"
  * feature when logging in.
@@ -26,7 +32,7 @@ class RememberLoginHash extends DataObject {
 	);
 
 	private static $has_one = array (
-		'Member' => 'Member',
+		'Member' => 'SilverStripe\\Security\\Member',
 	);
 
 	private static $indexes = array(
@@ -34,6 +40,8 @@ class RememberLoginHash extends DataObject {
 		'Hash' => true
 	);
 
+	private static $table_name = "RememberLoginHash";
+
 	/**
 	 * Determines if logging out on one device also clears existing login tokens
 	 * on all other devices owned by the member.
@@ -95,7 +103,7 @@ class RememberLoginHash extends DataObject {
 	/**
 	 * Creates a new random token and hashes it using the
 	 * member information
-	 * @param Member The logged in user
+	 * @param Member $member The logged in user
 	 * @return string The hash to be stored in the database
 	 */
 	public function getNewHash(Member $member){
@@ -109,25 +117,27 @@ class RememberLoginHash extends DataObject {
 	 * The device is assigned a globally unique device ID
 	 * The returned login hash stores the hashed token in the
 	 * database, for this device and this member
-	 * @param Member The logged in user
+	 * @param Member $member The logged in user
 	 * @return RememberLoginHash The generated login hash
 	 */
 	public static function generate(Member $member) {
-		if(!$member->exists()) { return; }
+		if(!$member->exists()) {
-		if (Config::inst()->get('RememberLoginHash', 'force_single_token') == true) {
+			return null;
-			$rememberLoginHash = RememberLoginHash::get()->filter('MemberID', $member->ID)->removeAll();
+		}
+		if (static::config()->force_single_token) {
+			RememberLoginHash::get()->filter('MemberID', $member->ID)->removeAll();
 		}
 		$rememberLoginHash = RememberLoginHash::create();
 		do {
 			$deviceID = $rememberLoginHash->getNewDeviceID();
-		} while (RememberLoginHash::get()->filter('DeviceID', $deviceID)->Count());
+		} while (RememberLoginHash::get()->filter('DeviceID', $deviceID)->count());
 
 		$rememberLoginHash->DeviceID = $deviceID;
 		$rememberLoginHash->Hash = $rememberLoginHash->getNewHash($member);
 		$rememberLoginHash->MemberID = $member->ID;
 		$now = DBDatetime::now();
 		$expiryDate = new DateTime($now->Rfc2822());
-		$tokenExpiryDays = Config::inst()->get('RememberLoginHash', 'token_expiry_days');
+		$tokenExpiryDays = static::config()->token_expiry_days;
 		$expiryDate->add(new DateInterval('P'.$tokenExpiryDays.'D'));
 		$rememberLoginHash->ExpiryDate = $expiryDate->format('Y-m-d H:i:s');
 		$rememberLoginHash->extend('onAfterGenerateToken');
@@ -137,7 +147,7 @@ class RememberLoginHash extends DataObject {
 
 	/**
 	 * Generates a new hash for this member but keeps the device ID intact
-	 * @param Member the logged in user
+	 *
 	 * @return RememberLoginHash
 	 */
 	public function renew() {
@@ -152,11 +162,14 @@ class RememberLoginHash extends DataObject {
 	 * Deletes existing tokens for this member
 	 * if logout_across_devices is true, all tokens are deleted, otherwise
 	 * only the token for the provided device ID will be removed
+	 *
+	 * @param Member $member
+	 * @param string $alcDevice
 	 */
 	public static function clear(Member $member, $alcDevice = null) {
 		if(!$member->exists()) { return; }
 		$filter = array('MemberID'=>$member->ID);
-		if ((Config::inst()->get('RememberLoginHash', 'logout_across_devices') == false) && $alcDevice) {
+		if (!static::config()->logout_across_devices && $alcDevice) {
 			$filter['DeviceID'] = $alcDevice;
 		}
 		RememberLoginHash::get()

Security/Security.php

@@ -1,8 +1,30 @@
 <?php
 
+namespace SilverStripe\Security;
+
+use Form;
 use SilverStripe\ORM\ArrayList;
 use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\DB;
+use Controller;
+use SS_HTTPRequest;
+use TemplateGlobalProvider;
+use Deprecation;
+use Director;
+use SS_HTTPResponse;
+use Session;
+use Config;
+use Exception;
+use Page;
+use Page_Controller;
+use ArrayData;
+use FieldList;
+use EmailField;
+use FormAction;
+use Convert;
+use Object;
+use ClassInfo;
+
 /**
  * Implements a basic security model
  * @package framework
@@ -303,7 +325,7 @@ class Security extends Controller implements TemplateGlobalProvider {
 		$controller->extend('permissionDenied', $member);
 
 		return $controller->redirect(
-			Config::inst()->get('Security', 'login_url')
+			Config::inst()->get('SilverStripe\\Security\\Security', 'login_url')
 			. "?BackURL=" . urlencode($_SERVER['REQUEST_URI'])
 		);
 	}
@@ -341,6 +363,7 @@ class Security extends Controller implements TemplateGlobalProvider {
 	 * Get the login form to process according to the submitted data
 	 *
 	 * @return Form
+	 * @throws Exception
 	 */
 	public function LoginForm() {
 		$authenticator = $this->getAuthenticator();
@@ -375,6 +398,7 @@ class Security extends Controller implements TemplateGlobalProvider {
 	 * @return string Returns the link to the given action
 	 */
 	public function Link($action = null) {
+		/** @skipUpgrade */
 		return Controller::join_links(Director::baseURL(), "Security", $action);
 	}
 
@@ -448,6 +472,7 @@ class Security extends Controller implements TemplateGlobalProvider {
 		// Use sitetree pages to render the security page
 		$tmpPage = new Page();
 		$tmpPage->Title = $title;
+		/** @skipUpgrade */
 		$tmpPage->URLSegment = "Security";
 		// Disable ID-based caching  of the log-in page by making it a random number
 		$tmpPage->ID = -1 * rand(1,10000000);
@@ -465,6 +490,7 @@ class Security extends Controller implements TemplateGlobalProvider {
 	 * @return array Template list
 	 */
 	public function getTemplatesFor($action) {
+		/** @skipUpgrade */
 		return array("Security_{$action}", 'Security', $this->stat('template_main'), 'BlankPage');
 	}
 
@@ -558,7 +584,7 @@ class Security extends Controller implements TemplateGlobalProvider {
 
 	public function basicauthlogin() {
 		$member = BasicAuth::requireLogin("SilverStripe login", 'ADMIN');
-		$member->LogIn();
+		$member->logIn();
 	}
 
 	/**
@@ -652,7 +678,8 @@ class Security extends Controller implements TemplateGlobalProvider {
 	 * - t: plaintext token
 	 *
 	 * @param Member $member Member object associated with this link.
-	 * @param string $autoLoginHash The auto login token.
+	 * @param string $autologinToken The auto login token.
+	 * @return string
 	 */
 	public static function getPasswordResetLink($member, $autologinToken) {
 		$autologinToken = urldecode($autologinToken);
@@ -682,7 +709,7 @@ class Security extends Controller implements TemplateGlobalProvider {
 		// Extract the member from the URL.
 		$member = null;
 		if (isset($_REQUEST['m'])) {
-			$member = Member::get()->filter('ID', (int)$_REQUEST['m'])->First();
+			$member = Member::get()->filter('ID', (int)$_REQUEST['m'])->first();
 		}
 
 		// Check whether we are merely changin password, or resetting.
@@ -743,17 +770,23 @@ class Security extends Controller implements TemplateGlobalProvider {
 	/**
 	 * Factory method for the lost password form
 	 *
-	 * @return Form Returns the lost password form
+	 * @return ChangePasswordForm Returns the lost password form
 	 */
 	public function ChangePasswordForm() {
-		return Object::create('ChangePasswordForm', $this, 'ChangePasswordForm');
+		/** @skipUpgrade */
+		$formName = 'ChangePasswordForm';
+		return \Injector::inst()->createWithArgs(
+			'SilverStripe\\Security\\ChangePasswordForm',
+			[ $this,  $formName]
+		);
 	}
 
 	/**
 	 * Gets the template for an include used for security.
 	 * For use in any subclass.
 	 *
-	 * @return string|array Returns the template(s) for rendering
+	 * @param string $name
+	 * @return array Returns the template(s) for rendering
 	 */
 	public function getIncludeTemplate($name) {
 		return array('Security_' . $name);
@@ -776,17 +809,17 @@ class Security extends Controller implements TemplateGlobalProvider {
 		// coupling to subsites module
 		$origSubsite = null;
 		if(is_callable('Subsite::changeSubsite')) {
-			$origSubsite = Subsite::currentSubsiteID();
+			$origSubsite = \Subsite::currentSubsiteID();
-			Subsite::changeSubsite(0);
+			\Subsite::changeSubsite(0);
 		}
 
 		$member = null;
 
 		// find a group with ADMIN permission
-		$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
+		$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
 
 		if(is_callable('Subsite::changeSubsite')) {
-			Subsite::changeSubsite($origSubsite);
+			\Subsite::changeSubsite($origSubsite);
 		}
 
 		if ($adminGroup) {
@@ -794,13 +827,13 @@ class Security extends Controller implements TemplateGlobalProvider {
 		}
 
 		if(!$adminGroup) {
-			singleton('Group')->requireDefaultRecords();
+			Group::singleton()->requireDefaultRecords();
-			$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
+			$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
 		}
 
 		if(!$member) {
-			singleton('Member')->requireDefaultRecords();
+			Member::singleton()->requireDefaultRecords();
-			$member = Permission::get_members_by_permission('ADMIN')->First();
+			$member = Permission::get_members_by_permission('ADMIN')->first();
 		}
 
 		if(!$member) {
@@ -841,6 +874,7 @@ class Security extends Controller implements TemplateGlobalProvider {
 	 *
 	 * @param string $username The user name
 	 * @param string $password The password (in cleartext)
+	 * @return bool
 	 */
 	public static function setDefaultAdmin($username, $password) {
 		// don't overwrite if already set
@@ -1004,9 +1038,9 @@ class Security extends Controller implements TemplateGlobalProvider {
 			return self::$database_is_ready;
 		}
 
-		$requiredClasses = ClassInfo::dataClassesFor('Member');
+		$requiredClasses = ClassInfo::dataClassesFor('SilverStripe\\Security\\Member');
-		$requiredClasses[] = 'Group';
+		$requiredClasses[] = 'SilverStripe\\Security\\Group';
-		$requiredClasses[] = 'Permission';
+		$requiredClasses[] = 'SilverStripe\\Security\\Permission';
 
 		foreach($requiredClasses as $class) {
 			// Skip test classes, as not all test classes are scaffolded at once

Security/SecurityToken.php

@@ -1,4 +1,15 @@
 <?php
+
+namespace SilverStripe\Security;
+
+use FieldList;
+use Object;
+use SS_HTTPRequest;
+use TemplateGlobalProvider;
+use Session;
+use HiddenField;
+use Controller;
+
 /**
  * @package framework
  * @subpackage security
@@ -110,7 +121,8 @@ class SecurityToken extends Object implements TemplateGlobalProvider {
 	}
 
 	/**
-	 * @return String
+	 * @param string $name
+	 * @return string
 	 */
 	public function setName($name) {
 		$val = $this->getValue();

_config/encryptors.yml

@@ -1,17 +1,17 @@
 ---
 name: coreencryptors
 ---
-PasswordEncryptor:
+'SilverStripe\Security\PasswordEncryptor':
   encryptors:
     none:
-      PasswordEncryptor_None:
+      'SilverStripe\Security\PasswordEncryptor_None':
     md5:
-      PasswordEncryptor_LegacyPHPHash: md5
+      'SilverStripe\Security\PasswordEncryptor_LegacyPHPHash': md5
     sha1:
-      PasswordEncryptor_LegacyPHPHash: sha1
+      'SilverStripe\Security\PasswordEncryptor_LegacyPHPHash': sha1
     md5_v2.4:
-      PasswordEncryptor_PHPHash: md5
+      'SilverStripe\Security\PasswordEncryptor_PHPHash': md5
     sha1_v2.4:
-      PasswordEncryptor_PHPHash: sha1
+      'SilverStripe\Security\PasswordEncryptor_PHPHash': sha1
     blowfish:
-      PasswordEncryptor_Blowfish:
+      'SilverStripe\Security\PasswordEncryptor_Blowfish':

_config/routes.yml

@@ -14,8 +14,8 @@ After:
 ---
 Director:
   rules:
-    'Security//$Action/$ID/$OtherID': 'Security'
+    'Security//$Action/$ID/$OtherID': 'SilverStripe\Security\Security'
-    'CMSSecurity//$Action/$ID/$OtherID': 'CMSSecurity'
+    'CMSSecurity//$Action/$ID/$OtherID': 'SilverStripe\Security\CMSSecurity'
     'dev': 'DevelopmentAdmin'
     'interactive': 'SapphireREPL'
     'InstallerTest//$Action/$ID/$OtherID': 'InstallerTest'

admin/code/CMSBatchActionHandler.php

@@ -2,8 +2,11 @@
 
 use SilverStripe\ORM\ArrayList;
 use SilverStripe\ORM\DB;
+use SilverStripe\ORM\SS_List;
 use SilverStripe\ORM\Versioning\Versioned;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\SecurityToken;
+
 
 /**
  * Special request handler for admin/batchaction
@@ -28,6 +31,9 @@ class CMSBatchActionHandler extends RequestHandler {
 		'handleConfirmation',
 	);
 
+	/**
+	 * @var Controller
+	 */
 	protected $parentController;
 
 	/**
@@ -43,7 +49,7 @@ class CMSBatchActionHandler extends RequestHandler {
 	protected $recordClass = 'SiteTree';
 
 	/**
-	 * @param string $parentController
+	 * @param Controller $parentController
 	 * @param string $urlSegment
 	 * @param string $recordClass
 	 */
@@ -61,9 +67,10 @@ class CMSBatchActionHandler extends RequestHandler {
 	 * Register a new batch action.  Each batch action needs to be represented by a subclass
 	 * of {@link CMSBatchAction}.
 	 *
-	 * @param $urlSegment The URL Segment of the batch action - the URL used to process this
+	 * @param string $urlSegment The URL Segment of the batch action - the URL used to process this
 	 * action will be admin/batchactions/(urlSegment)
-	 * @param $batchActionClass The name of the CMSBatchAction subclass to register
+	 * @param string $batchActionClass The name of the CMSBatchAction subclass to register
+	 * @param string $recordClass
 	 */
 	public static function register($urlSegment, $batchActionClass, $recordClass = 'SiteTree') {
 		if(is_subclass_of($batchActionClass, 'CMSBatchAction')) {

admin/code/CMSMenu.php

@@ -1,4 +1,6 @@
 <?php
+
+use SilverStripe\Security\Member;
 /**
  * The object manages the main CMS menu. See {@link LeftAndMain::init()} for
  * example usage.
@@ -53,7 +55,6 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
 	 * Add a LeftAndMain controller to the CMS menu.
 	 *
 	 * @param string $controllerClass The class name of the controller
-	 * @return The result of the operation
 	 * @todo A director rule is added when a controller link is added, but it won't be removed
 	 *			when the item is removed. Functionality needed in {@link Director}.
 	 */
@@ -65,6 +66,9 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
 
 	/**
 	 * Return a CMSMenuItem to add the given controller to the CMSMenu
+	 *
+	 * @param string $controllerClass
+	 * @return CMSMenuItem
 	 */
 	protected static function menuitem_for_controller($controllerClass) {
 		$urlBase      = Config::inst()->get($controllerClass, 'url_base', Config::FIRST_SET);
@@ -107,15 +111,15 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
 	 * uses {@link CMSMenu::$menu_items}
 	 *
 	 * @param string $code Unique identifier for this menu item (e.g. used by {@link replace_menu_item()} and
-	 * 					{@link remove_menu_item}. Also used as a CSS-class for icon customization.
+	 *                    {@link remove_menu_item}. Also used as a CSS-class for icon customization.
 	 * @param string $menuTitle Localized title showing in the menu bar
 	 * @param string $url A relative URL that will be linked in the menu bar.
 	 * @param string $controllerClass The controller class for this menu, used to check permisssions.
-	 * 					If blank, it's assumed that this is public, and always shown to users who
+	 *                    If blank, it's assumed that this is public, and always shown to users who
-	 * 					have the rights to access some other part of the admin area.
+	 *                    have the rights to access some other part of the admin area.
+	 * @param int $priority
 	 * @param array $attributes an array of attributes to include on the link.
-	 *
+	 * @return bool Success
-	 * @return boolean Success
 	 */
 	public static function add_menu_item($code, $menuTitle, $url, $controllerClass = null, $priority = -1,
 											$attributes = null) {
@@ -237,16 +241,16 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
 	 * Replace a navigation item to the main administration menu showing in the top bar.
 	 *
 	 * @param string $code Unique identifier for this menu item (e.g. used by {@link replace_menu_item()} and
-	 * 					{@link remove_menu_item}. Also used as a CSS-class for icon customization.
+	 *                    {@link remove_menu_item}. Also used as a CSS-class for icon customization.
 	 * @param string $menuTitle Localized title showing in the menu bar
 	 * @param string $url A relative URL that will be linked in the menu bar.
-	 * 					Make sure to add a matching route via {@link Director::$rules} to this url.
+	 *                    Make sure to add a matching route via {@link Director::$rules} to this url.
 	 * @param string $controllerClass The controller class for this menu, used to check permisssions.
-	 * 					If blank, it's assumed that this is public, and always shown to users who
+	 *                    If blank, it's assumed that this is public, and always shown to users who
-	 * 					have the rights to access some other part of the admin area.
+	 *                    have the rights to access some other part of the admin area.
+	 * @param int $priority
 	 * @param array $attributes an array of attributes to include on the link.
-	 *
+	 * @return bool Success
-	 * @return boolean Success
 	 */
 	public static function replace_menu_item($code, $menuTitle, $url, $controllerClass = null, $priority = -1,
 												$attributes = null) {
@@ -265,6 +269,9 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
 
 	/**
 	 * Add a previously built menu item object to the menu
+	 *
+	 * @param string $code
+	 * @param CMSMenuItem $cmsMenuItem
 	 */
 	protected static function add_menu_item_obj($code, $cmsMenuItem) {
 		self::$menu_item_changes[] = array(

admin/code/CMSProfileController.php

@@ -1,7 +1,9 @@
 <?php
 
-use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\ArrayList;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Permission;
+
 
 /**
  * @package framework
@@ -15,7 +17,7 @@ class CMSProfileController extends LeftAndMain {
 
 	private static $required_permission_codes = false;
 
-	private static $tree_class = 'Member';
+	private static $tree_class = 'SilverStripe\\Security\\Member';
 
 	public function getEditForm($id = null, $fields = null) {
 		$this->setCurrentPageID(Member::currentUserID());
@@ -40,7 +42,7 @@ class CMSProfileController extends LeftAndMain {
 		if($member = Member::currentUser()) {
 			$form->setValidator($member->getValidator());
 		} else {
-			$form->setValidator(Injector::inst()->get('Member')->getValidator());
+			$form->setValidator(Member::singleton()->getValidator());
 		}
 
 		if($form->Fields()->hasTabset()) {
@@ -70,7 +72,7 @@ class CMSProfileController extends LeftAndMain {
 	}
 
 	public function save($data, $form) {
-		$member = DataObject::get_by_id("Member", $data['ID']);
+		$member = Member::get()->byID($data['ID']);
 		if(!$member) return $this->httpError(404);
 		$origLocale = $member->Locale;
 
@@ -93,6 +95,9 @@ class CMSProfileController extends LeftAndMain {
 	 * Only show first element, as the profile form is limited to editing
 	 * the current member it doesn't make much sense to show the member name
 	 * in the breadcrumbs.
+	 *
+	 * @param bool $unlinked
+	 * @return ArrayList
 	 */
 	public function Breadcrumbs($unlinked = false) {
 		$items = parent::Breadcrumbs($unlinked);

admin/code/CampaignAdmin.php

@@ -1,8 +1,12 @@
 <?php
 
+use SilverStripe\ORM\SS_List;
 use SilverStripe\ORM\Versioning\ChangeSet;
 use SilverStripe\ORM\Versioning\ChangeSetItem;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\SecurityToken;
+use SilverStripe\Security\PermissionProvider;
+
 
 /**
  * Campaign section of the CMS

admin/code/GroupImportForm.php

@@ -1,5 +1,8 @@
 <?php
 
+use SilverStripe\Security\Group;
+use SilverStripe\Security\GroupCsvBulkLoader;
+
 /**
  * Imports {@link Group} records by CSV upload, as defined in
  * {@link GroupCsvBulkLoader}.

admin/code/LeftAndMain.php

@@ -7,6 +7,8 @@
 
 use SilverStripe\Forms\Schema\FormSchema;
 
+use SilverStripe\ORM\Hierarchy\Hierarchy;
+use SilverStripe\ORM\SS_List;
 use SilverStripe\ORM\Versioning\Versioned;
 use SilverStripe\ORM\DataModel;
 use SilverStripe\ORM\ValidationException;
@@ -15,6 +17,12 @@ use SilverStripe\ORM\FieldType\DBField;
 use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\DB;
 use SilverStripe\ORM\Queries\SQLSelect;
+use SilverStripe\Security\SecurityToken;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\Security;
+use SilverStripe\Security\PermissionProvider;
+
 
 
 /**
@@ -660,6 +668,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
 	 * You should implement a Link() function in your subclass of LeftAndMain,
 	 * to point to the URL of that particular controller.
 	 *
+	 * @param string $action
 	 * @return string
 	 */
 	public function Link($action = null) {
@@ -733,6 +742,11 @@ class LeftAndMain extends Controller implements PermissionProvider {
 		return '';
 	}
 
+	/**
+	 * @param SS_HTTPRequest $request
+	 * @return SS_HTTPResponse
+	 * @throws SS_HTTPResponse_Exception
+     */
 	public function show($request) {
 		// TODO Necessary for TableListField URLs to work properly
 		if($request->param('ID')) $this->setCurrentPageID($request->param('ID'));
@@ -775,7 +789,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
 	 * Returns the main menu of the CMS.  This is also used by init()
 	 * to work out which sections the user has access to.
 	 *
-	 * @param Boolean
+	 * @param bool $cached
 	 * @return SS_List
 	 */
 	public function MainMenu($cached = true) {
@@ -874,6 +888,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
 	 * Return a list of appropriate templates for this class, with the given suffix using
 	 * {@link SSViewer::get_templates_by_class()}
 	 *
+	 * @param string $suffix
 	 * @return array
 	 */
 	public function getTemplatesWithSuffix($suffix) {
@@ -898,6 +913,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
 	}
 
 	/**
+	 * @param bool $unlinked
 	 * @return ArrayList
 	 */
 	public function Breadcrumbs($unlinked = false) {
@@ -965,12 +981,15 @@ class LeftAndMain extends Controller implements PermissionProvider {
 	/**
 	 * Get a site tree HTML listing which displays the nodes under the given criteria.
 	 *
-	 * @param $className The class of the root object
+	 * @param string $className The class of the root object
-	 * @param $rootID The ID of the root object.  If this is null then a complete tree will be
+	 * @param string $rootID The ID of the root object.  If this is null then a complete tree will be
 	 *  shown
-	 * @param $childrenMethod The method to call to get the children of the tree. For example,
+	 * @param string $childrenMethod The method to call to get the children of the tree. For example,
 	 *  Children, AllChildrenIncludingDeleted, or AllHistoricalChildren
-	 * @return String Nested unordered list with links to each page
+	 * @param string $numChildrenMethod
+	 * @param callable $filterFunction
+	 * @param int $nodeCountThreshold
+	 * @return string Nested unordered list with links to each page
 	 */
 	public function getSiteTreeFor($className, $rootID = null, $childrenMethod = null, $numChildrenMethod = null,
 			$filterFunction = null, $nodeCountThreshold = 30) {
@@ -1100,6 +1119,9 @@ class LeftAndMain extends Controller implements PermissionProvider {
 	/**
 	 * Get a subtree underneath the request param 'ID'.
 	 * If ID = 0, then get the whole tree.
+	 *
+	 * @param SS_HTTPRequest $request
+	 * @return string
 	 */
 	public function getsubtree($request) {
 		$html = $this->getSiteTreeFor(
@@ -1124,7 +1146,8 @@ class LeftAndMain extends Controller implements PermissionProvider {
 	 * all children with the node. Useful to refresh views after
 	 * state modifications, e.g. saving a form.
 	 *
-	 * @return String JSON
+	 * @param SS_HTTPRequest $request
+	 * @return string JSON
 	 */
 	public function updatetreenodes($request) {
 		$data = array();
@@ -1264,7 +1287,9 @@ class LeftAndMain extends Controller implements PermissionProvider {
 	 * - 'SiblingIDs': Array of all sibling nodes to the moved node (incl. the node itself).
 	 *   In case of a 'ParentID' change, relates to the new siblings under the new parent.
 	 *
+	 * @param SS_HTTPRequest $request
 	 * @return SS_HTTPResponse JSON string with a
+	 * @throws SS_HTTPResponse_Exception
 	 */
 	public function savetreenode($request) {
 		if (!SecurityToken::inst()->checkRequest($request)) {

admin/code/MemberImportForm.php

@@ -1,5 +1,7 @@
 <?php
 
+use SilverStripe\Security\MemberCsvBulkLoader;
+
 /**
  * Imports {@link Member} records by CSV upload, as defined in
  * {@link MemberCsvBulkLoader}.

admin/code/ModelAdmin.php

@@ -1,6 +1,9 @@
 <?php
 
 use SilverStripe\ORM\ArrayList;
+use SilverStripe\ORM\SS_List;
+use SilverStripe\Security\Member;
+
 /**
  * Generates a three-pane UI for editing model classes, with an
  * automatically generated search panel, tabular results and edit forms.
@@ -248,6 +251,8 @@ abstract class ModelAdmin extends LeftAndMain {
 
 	/**
 	 * Sanitise a model class' name for inclusion in a link
+	 *
+	 * @param string $class
 	 * @return string
 	 */
 	protected function sanitiseClassName($class) {
@@ -256,6 +261,8 @@ abstract class ModelAdmin extends LeftAndMain {
 
 	/**
 	 * Unsanitise a model class' name from a URL param
+	 *
+	 * @param string $class
 	 * @return string
 	 */
 	protected function unsanitiseClassName($class) {
@@ -444,6 +451,7 @@ abstract class ModelAdmin extends LeftAndMain {
 	}
 
 	/**
+	 * @param bool $unlinked
 	 * @return ArrayList
 	 */
 	public function Breadcrumbs($unlinked = false) {

admin/code/SecurityAdmin.php

@@ -1,5 +1,12 @@
 <?php
 
+use SilverStripe\Security\Security;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Group;
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\PermissionRole;
+use SilverStripe\Security\PermissionProvider;
+
 /**
  * Security section of the CMS
  *
@@ -14,9 +21,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 
 	private static $menu_title = 'Security';
 
-	private static $tree_class = 'Group';
+	private static $tree_class = 'SilverStripe\\Security\\Group';
 
-	private static $subitem_class = 'Member';
+	private static $subitem_class = 'SilverStripe\\Security\\Member';
 
 	private static $allowed_actions = array(
 		'EditForm',
@@ -36,6 +43,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 
 	/**
 	 * Shortcut action for setting the correct active tab.
+	 *
+	 * @param SS_HTTPRequest $request
+	 * @return SS_HTTPResponse
 	 */
 	public function users($request) {
 		return $this->index($request);
@@ -43,6 +53,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 
 	/**
 	 * Shortcut action for setting the correct active tab.
+	 *
+	 * @param SS_HTTPRequest $request
+	 * @return SS_HTTPResponse
 	 */
 	public function groups($request) {
 		return $this->index($request);
@@ -50,6 +63,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 
 	/**
 	 * Shortcut action for setting the correct active tab.
+	 *
+	 * @param SS_HTTPRequest $request
+	 * @return SS_HTTPResponse
 	 */
 	public function roles($request) {
 		return $this->index($request);
@@ -79,7 +95,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 		if($record && method_exists($record, 'getValidator')) {
 			$validator = $record->getValidator();
 		} else {
-			$validator = Injector::inst()->get('Member')->getValidator();
+			$validator = Member::singleton()->getValidator();
 		}
 
 		$memberListConfig
@@ -94,7 +110,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 		);
 		$columns = $groupList->getConfig()->getComponentByType('GridFieldDataColumns');
 		$columns->setDisplayFields(array(
-			'Breadcrumbs' => singleton('Group')->fieldLabel('Title')
+			'Breadcrumbs' => singleton('SilverStripe\\Security\\Group')->fieldLabel('Title')
 		));
 		$columns->setFieldFormatting(array(
 			'Breadcrumbs' => function($val, $item) {
@@ -117,7 +133,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 						)
 					)
 				),
-				$groupsTab = new Tab('Groups', singleton('Group')->i18n_plural_name(),
+				$groupsTab = new Tab('Groups', singleton('SilverStripe\\Security\\Group')->i18n_plural_name(),
 					$groupList
 				)
 			),
@@ -276,7 +292,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 			$firstCrumb = $crumbs->shift();
 			if($params['FieldName'] == 'Groups') {
 				$crumbs->unshift(new ArrayData(array(
-					'Title' => singleton('Group')->i18n_plural_name(),
+					'Title' => singleton('SilverStripe\\Security\\Group')->i18n_plural_name(),
 					'Link' => $this->Link('groups')
 				)));
 			} elseif($params['FieldName'] == 'Users') {
@@ -335,7 +351,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 	public static function add_hidden_permission($codes){
 		if(is_string($codes)) $codes = array($codes);
 		Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
-		Config::inst()->update('Permission', 'hidden_permissions', $codes);
+		Config::inst()->update('SilverStripe\\Security\\Permission', 'hidden_permissions', $codes);
 	}
 
 	/**
@@ -345,7 +361,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 	public static function remove_hidden_permission($codes){
 		if(is_string($codes)) $codes = array($codes);
 		Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
-		Config::inst()->remove('Permission', 'hidden_permissions', $codes);
+		Config::inst()->remove('SilverStripe\\Security\\Permission', 'hidden_permissions', $codes);
 	}
 
 	/**
@@ -354,7 +370,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 	 */
 	public static function get_hidden_permissions(){
 		Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
-		Config::inst()->get('Permission', 'hidden_permissions', Config::FIRST_SET);
+		Config::inst()->get('SilverStripe\\Security\\Permission', 'hidden_permissions', Config::FIRST_SET);
 	}
 
 	/**
@@ -364,6 +380,6 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 	 */
 	public static function clear_hidden_permissions(){
 		Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
-		Config::inst()->remove('Permission', 'hidden_permissions', Config::anything());
+		Config::inst()->remove('SilverStripe\\Security\\Permission', 'hidden_permissions', Config::anything());
 	}
 }

admin/tests/LeftAndMainTest.php

@@ -64,7 +64,7 @@ class LeftAndMainTest extends FunctionalTest {
 
 
 	public function testExtraCssAndJavascript() {
-		$admin = $this->objFromFixture('Member', 'admin');
+		$admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
 		$this->session()->inst_set('loggedInAs', $admin->ID);
 		$response = $this->get('LeftAndMainTest_Controller');
 
@@ -146,7 +146,7 @@ class LeftAndMainTest extends FunctionalTest {
 	 * Check that all subclasses of leftandmain can be accessed
 	 */
 	public function testLeftAndMainSubclasses() {
-		$adminuser = $this->objFromFixture('Member','admin');
+		$adminuser = $this->objFromFixture('SilverStripe\\Security\\Member','admin');
 		$this->session()->inst_set('loggedInAs', $adminuser->ID);
 
 		$this->resetMenu();
@@ -172,9 +172,9 @@ class LeftAndMainTest extends FunctionalTest {
 	}
 
 	public function testCanView() {
-		$adminuser = $this->objFromFixture('Member', 'admin');
+		$adminuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
-		$securityonlyuser = $this->objFromFixture('Member', 'securityonlyuser');
+		$securityonlyuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'securityonlyuser');
-		$allcmssectionsuser = $this->objFromFixture('Member', 'allcmssectionsuser');
+		$allcmssectionsuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'allcmssectionsuser');
 		$allValsFn = create_function('$obj', 'return $obj->getValue();');
 
 		// anonymous user

admin/tests/LeftAndMainTest.yml

@@ -1,129 +1,129 @@
 LeftAndMainTest_Object:
-   page1:
+  page1:
-      Title: Page 1
+    Title: Page 1
-      Sort: 1
+    Sort: 1
-   page2:
+  page2:
-      Title: Page 2
+    Title: Page 2
-      Sort: 2
+    Sort: 2
-   page3:
+  page3:
-      Title: Page 3
+    Title: Page 3
-      Sort: 3
+    Sort: 3
-   page31:
+  page31:
-      Title: Page 3.1
+    Title: Page 3.1
-      Parent: =>LeftAndMainTest_Object.page3
+    Parent: =>LeftAndMainTest_Object.page3
-      Sort: 1
+    Sort: 1
-   page32:
+  page32:
-      Title: Page 3.2
+    Title: Page 3.2
-      Parent: =>LeftAndMainTest_Object.page3
+    Parent: =>LeftAndMainTest_Object.page3
-      Sort: 2
+    Sort: 2
-   page4:
+  page4:
-      Title: Page 4
+    Title: Page 4
-      Sort: 4
+    Sort: 4
-   page5:
+  page5:
-      Title: Page 5
+    Title: Page 5
-      Sort: 5
+    Sort: 5
-   page6:
+  page6:
-      Title: Page 6
+    Title: Page 6
-      Sort: 6
+    Sort: 6
-   page7:
+  page7:
-      Title: Page 7
+    Title: Page 7
-      Sort: 7
+    Sort: 7
-   page8:
+  page8:
-      Title: Page 8
+    Title: Page 8
-      Sort: 8
+    Sort: 8
-   page9:
+  page9:
-      Title: Page 9
+    Title: Page 9
-      Sort: 9
+    Sort: 9
-   page10:
+  page10:
-      Title: Page 10
+    Title: Page 10
-      Sort: 10
+    Sort: 10
-   page11:
+  page11:
-      Title: Page 11
+    Title: Page 11
-      Sort: 11
+    Sort: 11
-   page12:
+  page12:
-      Title: Page 12
+    Title: Page 12
-      Sort: 12
+    Sort: 12
-   page13:
+  page13:
-      Title: Page 13
+    Title: Page 13
-      Sort: 13
+    Sort: 13
-   page14:
+  page14:
-      Title: Page 14
+    Title: Page 14
-      Sort: 14
+    Sort: 14
-   page15:
+  page15:
-      Title: Page 15
+    Title: Page 15
-      Sort: 15
+    Sort: 15
-   page16:
+  page16:
-      Title: Page 16
+    Title: Page 16
-      Sort: 16
+    Sort: 16
-   page17:
+  page17:
-      Title: Page 17
+    Title: Page 17
-      Sort: 17
+    Sort: 17
-   page18:
+  page18:
-      Title: Page 18
+    Title: Page 18
-      Sort: 18
+    Sort: 18
-   page19:
+  page19:
-      Title: Page 19
+    Title: Page 19
-      Sort: 19
+    Sort: 19
-   page20:
+  page20:
-      Title: Page 20
+    Title: Page 20
-      Sort: 20
+    Sort: 20
-   page21:
+  page21:
-      Title: Page 21
+    Title: Page 21
-      Sort: 21
+    Sort: 21
-   page22:
+  page22:
-      Title: Page 22
+    Title: Page 22
-      Sort: 22
+    Sort: 22
-   page23:
+  page23:
-      Title: Page 23
+    Title: Page 23
-      Sort: 23
+    Sort: 23
-   page24:
+  page24:
-      Title: Page 24
+    Title: Page 24
-      Sort: 24
+    Sort: 24
-   page25:
+  page25:
-      Title: Page 25
+    Title: Page 25
-      Sort: 25
+    Sort: 25
-   page26:
+  page26:
-      Title: Page 26
+    Title: Page 26
-      Sort: 26
+    Sort: 26
-   home:
+  home:
-      Title: Home
+    Title: Home
-      URLSegment: home
+    URLSegment: home
-      Sort: 0
+    Sort: 0
-Group:
+SilverStripe\Security\Group:
-   admin:
+  admin:
-      Title: Administrators
+    Title: Administrators
-   empty:
+  empty:
-      Title: Empty Group
+    Title: Empty Group
-   securityonly:
+  securityonly:
-      Title: securityonly
+    Title: securityonly
-   allcmssections:
+  allcmssections:
-      Title: allcmssections
+    Title: allcmssections
-   rooteditusers:
+  rooteditusers:
-      Title: rooteditusers
+    Title: rooteditusers
-Member:
+SilverStripe\Security\Member:
-   admin:
+  admin:
-      Email: admin@example.com
+    Email: admin@example.com
-      Password: ZXXlkwecxz2390232233
+    Password: ZXXlkwecxz2390232233
-      Groups: =>Group.admin
+    Groups: =>SilverStripe\Security\Group.admin
-   securityonlyuser:
+  securityonlyuser:
-      Email: securityonlyuser@test.com
+    Email: securityonlyuser@test.com
-      Groups: =>Group.securityonly
+    Groups: =>SilverStripe\Security\Group.securityonly
-   allcmssectionsuser:
+  allcmssectionsuser:
-      Email: allcmssectionsuser@test.com
+    Email: allcmssectionsuser@test.com
-      Groups: =>Group.allcmssections
+    Groups: =>SilverStripe\Security\Group.allcmssections
-   rootedituser:
+  rootedituser:
-      Email: rootedituser@test.com
+    Email: rootedituser@test.com
-      Groups: =>Group.rooteditusers
+    Groups: =>SilverStripe\Security\Group.rooteditusers
-Permission:
+SilverStripe\Security\Permission:
-   admin:
+  admin:
-      Code: ADMIN
+    Code: ADMIN
-      GroupID: =>Group.admin
+    GroupID: =>SilverStripe\Security\Group.admin
-   securityonly:
+  securityonly:
-      Code: CMS_ACCESS_SecurityAdmin
+    Code: CMS_ACCESS_SecurityAdmin
-      GroupID: =>Group.securityonly
+    GroupID: =>SilverStripe\Security\Group.securityonly
-   allcmssections:
+  allcmssections:
-      Code: CMS_ACCESS_LeftAndMain
+    Code: CMS_ACCESS_LeftAndMain
-      GroupID: =>Group.allcmssections
+    GroupID: =>SilverStripe\Security\Group.allcmssections
-   allcmssections2:
+  allcmssections2:
-      Code: CMS_ACCESS_LeftAndMain
+    Code: CMS_ACCESS_LeftAndMain
-      GroupID: =>Group.rooteditusers
+    GroupID: =>SilverStripe\Security\Group.rooteditusers

admin/tests/ModelAdminTest.php

@@ -1,6 +1,8 @@
 <?php
 
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Permission;
+
 
 class ModelAdminTest extends FunctionalTest {
 	protected static $fixture_file = 'ModelAdminTest.yml';

admin/tests/ModelAdminTest.yml

@@ -1,19 +1,19 @@
 ModelAdminTest_Contact:
-   sam:
+  sam:
-      Name: Sam
+    Name: Sam
-      Phone: 021 123 456
+    Phone: 021 123 456
-   ingo:
+  ingo:
-      Name: ingo
+    Name: ingo
-      Phone: 04 987 6543
+    Phone: 04 987 6543
 
-Member:
+SilverStripe\Security\Member:
-   admin:
+  admin:
-      FirstName: admin
+    FirstName: admin
-Group:
+SilverStripe\Security\Group:
-   admin:
+  admin:
-      Title: Admin
+    Title: Admin
-      Members: =>Member.admin
+    Members: =>SilverStripe\Security\Member.admin
-Permission:
+SilverStripe\Security\Permission:
-   admin:
+  admin:
-      Code: ADMIN
+    Code: ADMIN
-      Group: =>Group.admin
+    Group: =>SilverStripe\Security\Group.admin

admin/tests/SecurityAdminTest.php

@@ -46,11 +46,11 @@ class SecurityAdminTest extends FunctionalTest {
 	// }
 
 	public function testPermissionFieldRespectsHiddenPermissions() {
-		$this->session()->inst_set('loggedInAs', $this->idFromFixture('Member', 'admin'));
+		$this->session()->inst_set('loggedInAs', $this->idFromFixture('SilverStripe\\Security\\Member', 'admin'));
 
-		$group = $this->objFromFixture('Group', 'admin');
+		$group = $this->objFromFixture('SilverStripe\\Security\\Group', 'admin');
 
-		Config::inst()->update('Permission', 'hidden_permissions', array('CMS_ACCESS_ReportAdmin'));
+		Config::inst()->update('SilverStripe\\Security\\Permission', 'hidden_permissions', array('CMS_ACCESS_ReportAdmin'));
 		$response = $this->get(sprintf('admin/security/EditForm/field/Groups/item/%d/edit', $group->ID));
 
 		$this->assertContains(

cli/CliController.php

@@ -1,4 +1,7 @@
 <?php
+
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\Security;
 /**
  * Base class invoked from CLI rather than the webserver (Cron jobs, handling email bounces).
  * You can call subclasses of CliController directly, which will trigger a

conf/ConfigureFromEnv.php

@@ -52,6 +52,8 @@
 
 use Monolog\Logger;
 use Monolog\Handler\StreamHandler;
+use SilverStripe\Security\Security;
+
 
 /*
  * _ss_environment.php handler
@@ -139,7 +141,7 @@ if(defined('SS_DEFAULT_ADMIN_USERNAME')) {
 	Security::setDefaultAdmin(SS_DEFAULT_ADMIN_USERNAME, SS_DEFAULT_ADMIN_PASSWORD);
 }
 if(defined('SS_USE_BASIC_AUTH') && SS_USE_BASIC_AUTH) {
-	Config::inst()->update('BasicAuth', 'entire_site_protected', SS_USE_BASIC_AUTH);
+	Config::inst()->update('SilverStripe\\Security\\BasicAuth', 'entire_site_protected', SS_USE_BASIC_AUTH);
 }
 
 if(defined('SS_ERROR_LOG')) {

control/Controller.php

@@ -1,6 +1,10 @@
 <?php
 
 use SilverStripe\ORM\DataModel;
+use SilverStripe\ORM\FieldType\DBHTMLText;
+use SilverStripe\Security\BasicAuth;
+use SilverStripe\Security\Member;
+
 
 /**
  * Controllers are the cornerstone of all site functionality in SilverStripe. The {@link Director}
@@ -221,7 +225,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
 	 * Prepare the response (we can receive an assortment of response types (strings/objects/HTTPResponses) and
 	 * changes the controller response object appropriately
 	 *
-	 * @param $response
+	 * @param SS_HTTPResponse|Object $response
 	 */
 	protected function prepareResponse($response) {
 		if ($response instanceof SS_HTTPResponse) {
@@ -263,7 +267,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
 	 * @param SS_HTTPRequest $request
 	 * @param string $action
 	 *
-	 * @return HTMLText|SS_HTTPResponse
+	 * @return DBHTMLText|SS_HTTPResponse
 	 */
 	protected function handleAction($request, $action) {
 		foreach($request->latestParams() as $k => $v) {
@@ -302,6 +306,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
 
 	/**
 	 * @param array $urlParams
+	 * @return $this
 	 */
 	public function setURLParams($urlParams) {
 		$this->urlParams = $urlParams;
@@ -373,8 +378,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
 	 * controller object with the template returned by {@link getViewer()}.
 	 *
 	 * @param string $action
-	 *
+	 * @return DBHTMLText
-	 * @return HTMLText
 	 */
 	public function defaultAction($action) {
 		return $this->getViewer($action)->process($this);

control/RequestHandler.php

@@ -1,6 +1,10 @@
 <?php
 
 use SilverStripe\ORM\DataModel;
+use SilverStripe\Security\Security;
+use SilverStripe\Security\PermissionFailureException;
+use SilverStripe\Security\Permission;
+
 
 /**
  * This class is the base class of any SilverStripe object that can be used to handle HTTP requests.
@@ -123,6 +127,8 @@ class RequestHandler extends ViewableData {
 
 	/**
 	 * Set the DataModel for this request.
+	 *
+	 * @param DataModel $model
 	 */
 	public function setDataModel($model) {
 		$this->model = $model;
@@ -144,9 +150,8 @@ class RequestHandler extends ViewableData {
 	 * action will return an array of data with which to
 	 * customise the controller.
 	 *
-	 * @param $request The {@link SS_HTTPRequest} object that is reponsible for distributing URL parsing
+	 * @param SS_HTTPRequest $request The object that is reponsible for distributing URL parsing
-	 * @uses SS_HTTPRequest
+	 * @param DataModel $model
-	 * @uses SS_HTTPRequest->match()
 	 * @return SS_HTTPResponse|RequestHandler|string|array
 	 */
 	public function handleRequest(SS_HTTPRequest $request, DataModel $model) {
@@ -240,6 +245,10 @@ class RequestHandler extends ViewableData {
 		return $this;
 	}
 
+	/**
+	 * @param SS_HTTPRequest $request
+	 * @return array
+     */
 	protected function findAction($request) {
 		$handlerClass = ($this->class) ? $this->class : get_class($this);
 
@@ -386,6 +395,9 @@ class RequestHandler extends ViewableData {
 
 	/**
 	 * Return the class that defines the given action, so that we know where to check allowed_actions.
+	 *
+	 * @param string $actionOrigCasing
+	 * @return string
 	 */
 	protected function definingClassForAction($actionOrigCasing) {
 		$action = strtolower($actionOrigCasing);
@@ -403,6 +415,10 @@ class RequestHandler extends ViewableData {
 	/**
 	 * Check that the given action is allowed to be called from a URL.
 	 * It will interrogate {@link self::$allowed_actions} to determine this.
+	 *
+	 * @param string $action
+	 * @return bool
+	 * @throws Exception
 	 */
 	public function checkAccessAction($action) {
 		$actionOrigCasing = $action;

control/VersionedRequestFilter.php

@@ -2,6 +2,8 @@
 
 use SilverStripe\ORM\DataModel;
 use SilverStripe\ORM\Versioning\Versioned;
+use SilverStripe\Security\Security;
+
 
 /**
  * Initialises the versioned stage when a request is made.

core/startup/ParameterConfirmationToken.php

@@ -1,5 +1,7 @@
 <?php
 
+use SilverStripe\Security\RandomGenerator;
+
 /**
  * Class ParameterConfirmationToken
  *

dev/Backtrace.php

@@ -20,24 +20,24 @@ class SS_Backtrace {
 		array('mysqli', 'mysqli'),
 		array('mysqli', 'select_db'),
 		array('SilverStripe\\ORM\\DB', 'connect'),
-		array('Security', 'check_default_admin'),
+		array('SilverStripe\\Security\\Security', 'check_default_admin'),
-		array('Security', 'encrypt_password'),
+		array('SilverStripe\\Security\\Security', 'encrypt_password'),
-		array('Security', 'setDefaultAdmin'),
+		array('SilverStripe\\Security\\Security', 'setDefaultAdmin'),
 		array('SilverStripe\\ORM\\DB', 'createDatabase'),
-		array('Member', 'checkPassword'),
+		array('SilverStripe\\Security\\Member', 'checkPassword'),
-		array('Member', 'changePassword'),
+		array('SilverStripe\\Security\\Member', 'changePassword'),
-		array('MemberPassword', 'checkPassword'),
+		array('SilverStripe\\Security\\MemberPassword', 'checkPassword'),
-		array('PasswordValidator', 'validate'),
+		array('SilverStripe\\Security\\PasswordValidator', 'validate'),
-		array('PasswordEncryptor_PHPHash', 'encrypt'),
+		array('SilverStripe\\Security\\PasswordEncryptor_PHPHash', 'encrypt'),
-		array('PasswordEncryptor_PHPHash', 'salt'),
+		array('SilverStripe\\Security\\PasswordEncryptor_PHPHash', 'salt'),
-		array('PasswordEncryptor_LegacyPHPHash', 'encrypt'),
+		array('SilverStripe\\Security\\PasswordEncryptor_LegacyPHPHash', 'encrypt'),
-		array('PasswordEncryptor_LegacyPHPHash', 'salt'),
+		array('SilverStripe\\Security\\PasswordEncryptor_LegacyPHPHash', 'salt'),
-		array('PasswordEncryptor_MySQLPassword', 'encrypt'),
+		array('SilverStripe\\Security\\PasswordEncryptor_MySQLPassword', 'encrypt'),
-		array('PasswordEncryptor_MySQLPassword', 'salt'),
+		array('SilverStripe\\Security\\PasswordEncryptor_MySQLPassword', 'salt'),
-		array('PasswordEncryptor_MySQLOldPassword', 'encrypt'),
+		array('SilverStripe\\Security\\PasswordEncryptor_MySQLOldPassword', 'encrypt'),
-		array('PasswordEncryptor_MySQLOldPassword', 'salt'),
+		array('SilverStripe\\Security\\PasswordEncryptor_MySQLOldPassword', 'salt'),
-		array('PasswordEncryptor_Blowfish', 'encrypt'),
+		array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'encrypt'),
-		array('PasswordEncryptor_Blowfish', 'salt'),
+		array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'salt'),
 	);
 
 	/**
@@ -113,9 +113,10 @@ class SS_Backtrace {
 	/**
 	 * Render or return a backtrace from the given scope.
 	 *
-	 * @param unknown_type $returnVal
+	 * @param mixed $returnVal
-	 * @param unknown_type $ignoreAjax
+	 * @param bool $ignoreAjax
-	 * @return unknown
+	 * @param array $ignoredFunctions
+	 * @return mixed
 	 */
 	public static function backtrace($returnVal = false, $ignoreAjax = false, $ignoredFunctions = null) {
 		$plainText = Director::is_cli() || (Director::is_ajax() && !$ignoreAjax);
@@ -132,9 +133,9 @@ class SS_Backtrace {
 	 * shown
 	 *
 	 * @param Object $item
-	 * @param boolean $showArg
+	 * @param bool $showArgs
-	 * @param Int $argCharLimit
+	 * @param int $argCharLimit
-	 * @return String
+	 * @return string
 	 */
 	public static function full_func_name($item, $showArgs = false, $argCharLimit = 10000) {
 		$funcName = '';
@@ -164,7 +165,7 @@ class SS_Backtrace {
 	 *
 	 * @param array $bt The trace array, as returned by debug_backtrace() or Exception::getTrace()
 	 * @param boolean $plainText Set to false for HTML output, or true for plain-text output
-	 * @param array List of functions that should be ignored. If not set, a default is provided
+	 * @param array $ignoredFunctions List of functions that should be ignored. If not set, a default is provided
 	 * @return string The rendered backtrace
 	 */
 	public static function get_rendered_backtrace($bt, $plainText = false, $ignoredFunctions = null) {

dev/Debug.php

@@ -1,6 +1,9 @@
 <?php
 
 use SilverStripe\ORM\DB;
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\Security;
+
 
 /**
  * Supports debugging and core error handling.
@@ -30,6 +33,9 @@ class Debug {
 	/**
 	 * Show the contents of val in a debug-friendly way.
 	 * Debug::show() is intended to be equivalent to dprintr()
+	 * 
+	 * @param mixed $val
+	 * @param bool $showHeader
 	 */
 	public static function show($val, $showHeader = true) {
 		if(!Director::isLive()) {
@@ -195,9 +201,9 @@ class Debug {
 		// This basically does the same as
 		// Security::permissionFailure(null, "You need to login with developer access to make use of debugging tools.")
 		// We have to do this because of how early this method is called in execution.
-		$_SESSION['Security']['Message']['message']
+		$_SESSION['SilverStripe\\Security\\Security']['Message']['message']
 			= "You need to login with developer access to make use of debugging tools.";
-		$_SESSION['Security']['Message']['type'] =  'warning';
+		$_SESSION['SilverStripe\\Security\\Security']['Message']['type'] =  'warning';
 		$_SESSION['BackURL'] = $_SERVER['REQUEST_URI'];
 		header($_SERVER['SERVER_PROTOCOL'] . " 302 Found");
 		header("Location: " . Director::baseURL() . Security::login_url());

dev/DebugView.php

@@ -218,10 +218,10 @@ class DebugView extends Object
 	 *
 	 * @param string $title The main title
 	 * @param string $subtitle The subtitle
-	 * @param string|false $description The description to show
+	 * @param string|bool $description The description to show
 	 * @return string
 	 */
-	public function renderInfo($title, $subtitle, $description=false) {
+	public function renderInfo($title, $subtitle, $description = false) {
 		$output = '<div class="info">';
 		$output .= "<h1>" . Convert::raw2xml($title) . "</h1>";
 		if($subtitle) $output .= "<h3>" . Convert::raw2xml($subtitle) . "</h3>";
@@ -274,7 +274,7 @@ class DebugView extends Object
 	 * Render a fragment of the a source file
 	 *
 	 * @param array $lines An array of file lines; the keys should be the original line numbers
-	 * @param int errLine The line of the error
+	 * @param int $errline The line of the error
 	 * @return string
 	 */
 	public function renderSourceFragment($lines, $errline) {

dev/DevelopmentAdmin.php

@@ -2,6 +2,10 @@
 
 use SilverStripe\ORM\Versioning\Versioned;
 use SilverStripe\ORM\DatabaseAdmin;
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\RandomGenerator;
+use SilverStripe\Security\Security;
+
 
 /**
  * Base class for development tools.
@@ -202,7 +206,7 @@ class DevelopmentAdmin extends Controller {
 	 * Returns the token and suggests PHP configuration to set it.
 	 */
 	public function generatesecuretoken() {
-		$generator = Injector::inst()->create('RandomGenerator');
+		$generator = Injector::inst()->create('SilverStripe\\Security\\RandomGenerator');
 		$token = $generator->randomToken('sha1');
 		$body = <<<TXT
 Generated new token. Please add the following code to your YAML configuration:

dev/FunctionalTest.php

@@ -1,5 +1,9 @@
 <?php
 
+use SilverStripe\Security\BasicAuth;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\SecurityToken;
+
 /**
  * SilverStripe-specific testing object designed to support functional testing of your web app.  It simulates get/post
  * requests, form submission, and can validate resulting HTML, looking up content by CSS selector.
@@ -362,12 +366,13 @@ class FunctionalTest extends SapphireTest {
 
 	/**
 	 * Log in as the given member
-	 * @param $member The ID, fixture codename, or Member object of the member that you want to log in
+	 *
+	 * @param Member|int|string $member The ID, fixture codename, or Member object of the member that you want to log in
 	 */
 	public function logInAs($member) {
 		if(is_object($member)) $memberID = $member->ID;
 		elseif(is_numeric($member)) $memberID = $member;
-		else $memberID = $this->idFromFixture('Member', $member);
+		else $memberID = $this->idFromFixture('SilverStripe\\Security\\Member', $member);
 
 		$this->session()->inst_set('loggedInAs', $memberID);
 	}
@@ -377,7 +382,7 @@ class FunctionalTest extends SapphireTest {
 	 * This is helpful if you're not testing publication functionality and don't want "stage management" cluttering
 	 * your test.
 	 *
-	 * @param bool toggle the use of the draft site
+	 * @param bool $enabled toggle the use of the draft site
 	 */
 	public function useDraftSite($enabled = true) {
 		if($enabled) {

dev/SapphireInfo.php

@@ -1,4 +1,7 @@
 <?php
+
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\Security;
 /**
  * Returns information about the current site instance.
  * @package framework

dev/SapphireTest.php

@@ -9,6 +9,11 @@ use SilverStripe\ORM\DataModel;
 use SilverStripe\ORM\FieldType\DBDatetime;
 use SilverStripe\ORM\FieldType\DBField;
 use SilverStripe\ORM\DB;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Security;
+use SilverStripe\Security\Group;
+use SilverStripe\Security\Permission;
+
 
 
 /**
@@ -1015,7 +1020,7 @@ class SapphireTest extends PHPUnit_Framework_TestCase {
 				$group->Permissions()->add($permission);
 			}
 
-			$member = DataObject::get_one('Member', array(
+			$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
 				'"Member"."Email"' => "$permCode@example.org"
 			));
 			if (!$member) {

dev/TaskRunner.php

@@ -1,4 +1,7 @@
 <?php
+
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\Security;
 /**
  * @package framework
  * @subpackage dev
@@ -59,6 +62,9 @@ class TaskRunner extends Controller {
 		}
 	}
 
+	/**
+	 * @param SS_HTTPRequest $request
+	 */
 	public function runTask($request) {
 		$name = $request->param('TaskName');
 		$tasks = $this->getTasks();

docs/en/04_Changelogs/4.0.0.md

@@ -31,6 +31,7 @@
  * `File` is now versioned, and should be published before they can be used on the frontend.
    See section on [Migrating File DataObject from 3.x to 4.0](#migrating-file-dataobject-from-3x-to-40)
    below for upgrade notes.
+ * Removed `RegenerateCachedImagesTask`
  * Removed `dev/tests/` controller in favour of standard `vendor/bin/phpunit` command
  * Updated PHPUnit from 3.7 to 4.8 ([upgrade notes](https://github.com/sebastianbergmann/phpunit/wiki/Release-Announcement-for-PHPUnit-4.0.0#backwards-compatibility-issues)). 
    Please remove any PHPUnit related `require_once()` calls (e.g. in `FeatureContext` 

filesystem/AssetControlExtension.php

@@ -4,13 +4,15 @@ namespace SilverStripe\Filesystem;
 
 
 use Injector;
-use Member;
+
 
 use SilverStripe\Filesystem\Storage\AssetStore;
 use SilverStripe\Filesystem\Storage\DBFile;
 use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\Versioning\Versioned;
 use SilverStripe\ORM\DataExtension;
+use SilverStripe\Security\Member;
+
 
 
 /**

filesystem/File.php

@@ -9,6 +9,9 @@ use SilverStripe\ORM\Versioning\Versioned;
 use SilverStripe\ORM\ValidationResult;
 use SilverStripe\ORM\DB;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Permission;
+
 
 
 /**
@@ -100,7 +103,7 @@ class File extends DataObject implements ShortcodeHandler, AssetContainer, Thumb
 
 	private static $has_one = array(
 		"Parent" => "File",
-		"Owner" => "Member"
+		"Owner" => "SilverStripe\\Security\\Member"
 	);
 
 	private static $defaults = array(
@@ -186,7 +189,7 @@ class File extends DataObject implements ShortcodeHandler, AssetContainer, Thumb
 
 	/**
 	 * @config
-	 * @var If this is true, then restrictions set in {@link $allowed_max_file_size} and
+	 * @var bool If this is true, then restrictions set in {@link $allowed_max_file_size} and
 	 * {@link $allowed_extensions} will be applied to users with admin privileges as
 	 * well.
 	 */

filesystem/Filesystem.php

@@ -1,6 +1,9 @@
 <?php
 
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\Security;
+
 /**
  * A collection of static methods for manipulating the filesystem.
  *
@@ -105,9 +108,10 @@ class Filesystem extends Object {
 	/**
 	 * Return the most recent modification time of anything in the folder.
 	 *
-	 * @param $folder The folder, relative to the site root
+	 * @param string $folder The folder, relative to the site root
-	 * @param $extensionList An option array of file extensions to limit the search to
+	 * @param array $extensionList An option array of file extensions to limit the search to
-	 * @return String Same as filemtime() format.
+	 * @param bool $recursiveCall Not used
+	 * @return string Same as filemtime() format.
 	 */
 	public static function folderModTime($folder, $extensionList = null, $recursiveCall = false) {
 		//$cacheID = $folder . ',' . implode(',', $extensionList);

filesystem/Upload.php

@@ -4,6 +4,8 @@ use SilverStripe\Filesystem\Storage\AssetContainer;
 use SilverStripe\Filesystem\Storage\AssetNameGenerator;
 use SilverStripe\Filesystem\Storage\AssetStore;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Member;
+
 
 
 /**
@@ -148,8 +150,8 @@ class Upload extends Controller {
 	/**
 	 * Save an file passed from a form post into the AssetStore directly
 	 *
-	 * @param $tmpFile array Indexed array that PHP generated for every file it uploads.
+	 * @param array $tmpFile Indexed array that PHP generated for every file it uploads.
-	 * @param $folderPath string Folder path relative to /assets
+	 * @param string|bool $folderPath Folder path relative to /assets
 	 * @return array|false Either the tuple array, or false if the file could not be saved
 	 */
 	public function load($tmpFile, $folderPath = false) {
@@ -174,7 +176,9 @@ class Upload extends Controller {
 	 *
 	 * @param array $tmpFile
 	 * @param AssetContainer $file
+	 * @param string|bool $folderPath
 	 * @return bool True if the file was successfully saved into this record
+	 * @throws Exception
 	 */
 	public function loadIntoFile($tmpFile, $file = null, $folderPath = false) {
 		$this->file = $file;

filesystem/storage/DBFile.php

@@ -10,12 +10,14 @@ use Injector;
 use AssetField;
 use File;
 use Director;
-use Permission;
+
 
 
 use SilverStripe\ORM\ValidationResult;
 use SilverStripe\ORM\ValidationException;
 use SilverStripe\ORM\FieldType\DBComposite;
+use SilverStripe\Security\Permission;
+
 
 
 /**

forms/AssetField.php

@@ -6,6 +6,8 @@ use SilverStripe\Filesystem\Storage\DBFile;
 use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\ValidationException;
 use SilverStripe\ORM\DataObjectInterface;
+use SilverStripe\Security\Permission;
+
 
 
 /**
@@ -149,7 +151,6 @@ class AssetField extends FileField {
 	 *
 	 * @param string $name The internal field name, passed to forms.
 	 * @param string $title The field label.
-	 * @param Form $form Reference to the container form
 	 */
 	public function __construct($name, $title = null) {
 		$this->addExtraClass('ss-upload'); // class, used by js
@@ -237,7 +238,9 @@ class AssetField extends FileField {
 
 	/**
 	 * Force a record to be used as "Parent" for uploaded Files (eg a Page with a has_one to File)
+	 *
 	 * @param DataObject $record
+	 * @return $this
 	 */
 	public function setRecord($record) {
 		$this->record = $record;
@@ -444,7 +447,7 @@ class AssetField extends FileField {
 	 * Defaults to 'ss-uploadfield-uploadtemplate'
 	 *
 	 * @see javascript/UploadField_uploadtemplate.js
-	 * @var string
+	 * @return string
 	 */
 	public function getUploadTemplateName() {
 		return $this->getConfig('uploadTemplateName');
@@ -465,7 +468,7 @@ class AssetField extends FileField {
 	 * Defaults to 'ss-downloadfield-downloadtemplate'
 	 *
 	 * @see javascript/DownloadField_downloadtemplate.js
-	 * @var string
+	 * @return string
 	 */
 	public function getDownloadTemplateName() {
 		return $this->getConfig('downloadTemplateName');
@@ -753,7 +756,7 @@ class AssetField extends FileField {
 	 * Gets the foreign class that needs to be created, or 'File' as default if there
 	 * is no relationship, or it cannot be determined.
 	 *
-	 * @param $default Default value to return if no value could be calculated
+	 * @param string $default Default value to return if no value could be calculated
 	 * @return string Foreign class name.
 	 */
 	public function getRelationAutosetClass($default = 'File') {

forms/ConfirmedPasswordField.php

@@ -2,6 +2,9 @@
 
 use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\DataObjectInterface;
+use SilverStripe\ORM\FieldType\DBHTMLText;
+use SilverStripe\Security\Member;
+
 
 /**
  * Two masked input fields, checks for matching passwords.
@@ -141,7 +144,7 @@ class ConfirmedPasswordField extends FormField {
 	/**
 	 * @param array $properties
 	 *
-	 * @return HTMLText
+	 * @return DBHTMLText
 	 */
 	public function Field($properties = array()) {
 		Requirements::javascript(FRAMEWORK_DIR . '/thirdparty/jquery/jquery.js');

forms/CountryDropdownField.php

@@ -1,5 +1,7 @@
 <?php
 
+use SilverStripe\Security\Member;
+
 /**
  * A simple extension to dropdown field, pre-configured to list countries.
  * It will default to the country of the current visitor.

forms/DropdownField.php

@@ -1,6 +1,8 @@
 <?php
 
 use SilverStripe\ORM\ArrayList;
+use SilverStripe\ORM\FieldType\DBHTMLText;
+
 /**
  * Dropdown field, created from a <select> tag.
  *
@@ -112,7 +114,7 @@ class DropdownField extends SingleSelectField {
 
 	/**
 	 * @param array $properties
-	 * @return HTMLText
+	 * @return DBHTMLText
 	 */
 	public function Field($properties = array()) {
 		$options = array();

forms/FieldGroup.php

@@ -89,6 +89,7 @@ class FieldGroup extends CompositeField {
 				$compositeTitle .= $subfield->getName();
 				if($subfield->getName()) $count++;
 			}
+			/** @skipUpgrade */
 			if($count == 1) $compositeTitle .= 'Group';
 			return preg_replace("/[^a-zA-Z0-9]+/", "", $compositeTitle);
 		}

forms/Form.php

@@ -1,7 +1,13 @@
 <?php
 
+use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\FieldType\DBField;
 use SilverStripe\ORM\DataObjectInterface;
+use SilverStripe\ORM\FieldType\DBHTMLText;
+use SilverStripe\ORM\SS_List;
+use SilverStripe\Security\SecurityToken;
+use SilverStripe\Security\NullSecurityToken;
+
 /**
  * Base class for all forms.
  * The form class is an extensible base for all forms on a SilverStripe application.  It can be used
@@ -700,6 +706,7 @@ class Form extends RequestHandler {
 	 * Set actions that are exempt from validation
 	 *
 	 * @param array
+	 * @return $this
 	 */
 	public function setValidationExemptActions($actions) {
 		$this->validationExemptActions = $actions;
@@ -855,7 +862,8 @@ class Form extends RequestHandler {
 	}
 
 	/**
-	 * @return string $name
+	 * @param string $name
+	 * @return string
 	 */
 	public function getAttribute($name) {
 		if(isset($this->attributes[$name])) return $this->attributes[$name];
@@ -887,7 +895,7 @@ class Form extends RequestHandler {
 	/**
 	 * Return the attributes of the form tag - used by the templates.
 	 *
-	 * @param array Custom attributes to process. Falls back to {@link getAttributes()}.
+	 * @param array $attrs Custom attributes to process. Falls back to {@link getAttributes()}.
 	 * If at least one argument is passed as a string, all arguments act as excludes by name.
 	 *
 	 * @return string HTML attributes, ready for insertion into an HTML tag
@@ -966,7 +974,7 @@ class Form extends RequestHandler {
 	 * Set the target of this form to any value - useful for opening the form
 	 * contents in a new window or refreshing another frame.
 	 *
-	 * @param target $target The value of the target
+	 * @param string $target The value of the target
 	 * @return $this
 	 */
 	public function setTarget($target) {
@@ -1611,7 +1619,7 @@ class Form extends RequestHandler {
 	 * This is returned when you access a form as $FormObject rather
 	 * than <% with FormObject %>
 	 *
-	 * @return HTML
+	 * @return DBHTMLText
 	 */
 	public function forTemplate() {
 		$return = $this->renderWith(array_merge(
@@ -1631,7 +1639,7 @@ class Form extends RequestHandler {
 	 * It triggers slightly different behaviour, such as disabling the rewriting
 	 * of # links.
 	 *
-	 * @return HTML
+	 * @return DBHTMLText
 	 */
 	public function forAjaxTemplate() {
 		$view = new SSViewer(array(
@@ -1654,7 +1662,7 @@ class Form extends RequestHandler {
 	 * and _form_enctype.  These are the attributes of the form.  These fields
 	 * can be used to send the form to Ajax.
 	 *
-	 * @return HTML
+	 * @return DBHTMLText
 	 */
 	public function formHtmlContent() {
 		$this->IncludeFormTag = false;
@@ -1674,7 +1682,7 @@ class Form extends RequestHandler {
 	 * Render this form using the given template, and return the result as a string
 	 * You can pass either an SSViewer or a template name
 	 * @param string|array $template
-	 * @return HTMLText
+	 * @return DBHTMLText
 	 */
 	public function renderWithoutActionButton($template) {
 		$custom = $this->customise(array(
@@ -1724,7 +1732,7 @@ class Form extends RequestHandler {
 	public function defaultAction() {
 		if($this->hasDefaultAction && $this->actions) {
 			return $this->actions->First();
-	}
+		}
 	}
 
 	/**
@@ -1796,7 +1804,7 @@ class Form extends RequestHandler {
 	public static function single_field_required() {
 		if(self::current_action() == 'callfieldmethod') {
 			return $_REQUEST['fieldName'];
-	}
+		}
 	}
 
 	/**

forms/FormField.php

@@ -1201,7 +1201,8 @@ class FormField extends RequestHandler {
 	 * @return string
 	 */
 	public function Type() {
-		return strtolower(preg_replace('/Field$/', '', $this->class));
+		$type = new ReflectionClass($this);
+		return strtolower(preg_replace('/Field$/', '', $type->getShortName()));
 	}
 
 	/**

forms/FormTemplateHelper.php

@@ -41,9 +41,9 @@ class FormTemplateHelper {
 			return Convert::raw2htmlid($id);
 		}
 
-		return Convert::raw2htmlid(
+		$reflection = new ReflectionClass($form);
-			get_class($form) . '_' . str_replace(array('.', '/'), '', $form->getName())
+		$shortName = str_replace(array('.', '/'), '', $form->getName());
-		);
+		return Convert::raw2htmlid($reflection->getShortName() . '_' . $shortName);
 	}
 
 	/**

forms/TreeDropdownField.php

@@ -1,6 +1,8 @@
 <?php
 
 use SilverStripe\ORM\DataObject;
+use SilverStripe\ORM\FieldType\DBHTMLText;
+
 /**
  * Dropdown-like field that allows you to select an item from a hierarchical
  * AJAX-expandable tree.
@@ -95,7 +97,7 @@ class TreeDropdownField extends FormField {
 	 * @param bool $showSearch enable the ability to search the tree by
 	 *		entering the text in the input field.
 	 */
-	public function __construct($name, $title = null, $sourceObject = 'Group', $keyField = 'ID',
+	public function __construct($name, $title = null, $sourceObject = 'SilverStripe\\Security\\Group', $keyField = 'ID',
 		$labelField = 'TreeTitle', $showSearch = true
 	) {
 
@@ -120,6 +122,7 @@ class TreeDropdownField extends FormField {
 	 * displays the whole tree.
 	 *
 	 * @param int $ID
+	 * @return $this
 	 */
 	public function setTreeBaseID($ID) {
 		$this->baseID = (int) $ID;
@@ -131,6 +134,7 @@ class TreeDropdownField extends FormField {
 	 * displaying to the user.
 	 *
 	 * @param callback $callback
+	 * @return $this
 	 */
 	public function setFilterFunction($callback) {
 		if(!is_callable($callback, true)) {
@@ -145,6 +149,7 @@ class TreeDropdownField extends FormField {
 	 * Set a callback used to disable checkboxes for some items in the tree
 	 *
 	 * @param callback $callback
+	 * @return $this
 	 */
 	public function setDisableFunction($callback) {
 		if(!is_callable($callback, true)) {
@@ -160,6 +165,7 @@ class TreeDropdownField extends FormField {
 	 * applying the filter.
 	 *
 	 * @param callback $callback
+	 * @return $this
 	 */
 	public function setSearchFunction($callback) {
 		if(!is_callable($callback, true)) {
@@ -175,7 +181,8 @@ class TreeDropdownField extends FormField {
 	}
 
 	/**
-	 * @param Boolean
+	 * @param bool $bool
+	 * @return $this
 	 */
 	public function setShowSearch($bool) {
 		$this->showSearch = $bool;
@@ -183,12 +190,13 @@ class TreeDropdownField extends FormField {
 	}
 
 	/**
-	 * @param $method The parameter to ChildrenMethod to use when calling Hierarchy->getChildrenAsUL in
+	 * @param string $method The parameter to ChildrenMethod to use when calling Hierarchy->getChildrenAsUL in
 	 * {@link Hierarchy}. The method specified determines the structure of the returned list. Use "ChildFolders"
 	 * in place of the default to get a drop-down listing with only folders, i.e. not including the child elements in
 	 * the currently selected folder. setNumChildrenMethod() should be used as well for proper functioning.
 	 *
 	 * See {@link Hierarchy} for a complete list of possible methods.
+	 * @return $this
 	 */
 	public function setChildrenMethod($method) {
 		$this->childrenMethod = $method;
@@ -196,9 +204,10 @@ class TreeDropdownField extends FormField {
 	}
 
 	/**
-	 * @param $method The parameter to numChildrenMethod to use when calling Hierarchy->getChildrenAsUL in
+	 * @param string $method The parameter to numChildrenMethod to use when calling Hierarchy->getChildrenAsUL in
 	 * {@link Hierarchy}. Should be used in conjunction with setChildrenMethod().
 	 *
+	 * @return $this
 	 */
 	public function setNumChildrenMethod($method) {
 		$this->numChildrenMethod = $method;
@@ -206,7 +215,8 @@ class TreeDropdownField extends FormField {
 	}
 
 	/**
-	 * @return HTMLText
+	 * @param array $properties
+	 * @return DBHTMLText
 	 */
 	public function Field($properties = array()) {
 		Requirements::add_i18n_javascript(FRAMEWORK_DIR . '/client/lang');
@@ -263,6 +273,7 @@ class TreeDropdownField extends FormField {
 	 *
 	 * @param SS_HTTPRequest $request
 	 * @return string
+	 * @throws Exception
 	 */
 	public function tree(SS_HTTPRequest $request) {
 		// Array sourceObject is an explicit list of values - construct a "flat tree"
@@ -387,8 +398,8 @@ class TreeDropdownField extends FormField {
 	 * Marking public function for the tree, which combines different filters sensibly.
 	 * If a filter function has been set, that will be called. And if search text is set,
 	 * filter on that too. Return true if all applicable conditions are true, false otherwise.
-	 * @param $node
+	 * @param object $node
-	 * @return unknown_type
+	 * @return mixed
 	 */
 	public function filterMarking($node) {
 		if ($this->filterCallback && !call_user_func($this->filterCallback, $node)) return false;
@@ -409,7 +420,8 @@ class TreeDropdownField extends FormField {
 	}
 
 	/**
-	 * @param String $field
+	 * @param string $field
+	 * @return $this
 	 */
 	public function setLabelField($field) {
 		$this->labelField = $field;
@@ -424,7 +436,8 @@ class TreeDropdownField extends FormField {
 	}
 
 	/**
-	 * @param String $field
+	 * @param string $field
+	 * @return $this
 	 */
 	public function setKeyField($field) {
 		$this->keyField = $field;
@@ -439,7 +452,8 @@ class TreeDropdownField extends FormField {
 	}
 
 	/**
-	 * @param String $field
+	 * @param string $class
+	 * @return $this
 	 */
 	public function setSourceObject($class) {
 		$this->sourceObject = $class;

forms/TreeMultiselectField.php

@@ -3,6 +3,8 @@
 use SilverStripe\ORM\ArrayList;
 use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\DataObjectInterface;
+use SilverStripe\ORM\FieldType\DBHTMLText;
+
 /**
  * This formfield represents many-many joins using a tree selector shown in a dropdown styled element
  * which can be added to any form usually in the CMS.
@@ -48,7 +50,7 @@ use SilverStripe\ORM\DataObjectInterface;
  * @subpackage fields-relational
  */
 class TreeMultiselectField extends TreeDropdownField {
-	public function __construct($name, $title=null, $sourceObject="Group", $keyField="ID", $labelField="Title") {
+	public function __construct($name, $title=null, $sourceObject="SilverStripe\\Security\\Group", $keyField="ID", $labelField="Title") {
 		parent::__construct($name, $title, $sourceObject, $keyField, $labelField);
 		$this->removeExtraClass('single');
 		$this->addExtraClass('multiple');
@@ -88,9 +90,13 @@ class TreeMultiselectField extends TreeDropdownField {
 				return $record->$fieldName();
 		}
 	}
+
 	/**
 	 * We overwrite the field attribute to add our hidden fields, as this
 	 * formfield can contain multiple values.
+	 *
+	 * @param array $properties
+	 * @return DBHTMLText
 	 */
 	public function Field($properties = array()) {
 		Requirements::add_i18n_javascript(FRAMEWORK_DIR . '/client/lang');
@@ -146,6 +152,8 @@ class TreeMultiselectField extends TreeDropdownField {
 	 * Save the results into the form
 	 * Calls function $record->onChange($items) before saving to the assummed
 	 * Component set.
+	 *
+	 * @param DataObjectInterface $record
 	 */
 	public function saveInto(DataObjectInterface $record) {
 		// Detect whether this field has actually been updated

forms/UploadField.php

@@ -9,6 +9,8 @@ use SilverStripe\ORM\DataObjectInterface;
 use SilverStripe\ORM\RelationList;
 use SilverStripe\ORM\UnsavedRelationList;
 use SilverStripe\ORM\DataList;
+use SilverStripe\Security\Permission;
+
 
 
 /**
@@ -220,7 +222,6 @@ class UploadField extends FileField {
 	 * @param string $title The field label.
 	 * @param SS_List $items If no items are defined, the field will try to auto-detect an existing relation on
 	 *                       @link $record}, with the same name as the field name.
-	 * @param Form $form Reference to the container form
 	 */
 	public function __construct($name, $title = null, SS_List $items = null) {
 
@@ -248,7 +249,8 @@ class UploadField extends FileField {
 	/**
 	 * Set name of template used for Buttons on each file (replace, edit, remove, delete) (without path or extension)
 	 *
-	 * @param string
+	 * @param string $template
+	 * @return $this
 	 */
 	public function setTemplateFileButtons($template) {
 		$this->templateFileButtons = $template;
@@ -265,7 +267,8 @@ class UploadField extends FileField {
 	/**
 	 * Set name of template used for the edit (inline & popup) of a file file (without path or extension)
 	 *
-	 * @param string
+	 * @param string $template
+	 * @return $this
 	 */
 	public function setTemplateFileEdit($template) {
 		$this->templateFileEdit = $template;
@@ -328,7 +331,8 @@ class UploadField extends FileField {
 	}
 
 	/**
-	 * @param String
+	 * @param string $name
+	 * @return $this
 	 */
 	public function setDisplayFolderName($name) {
 		$this->displayFolderName = $name;
@@ -344,7 +348,9 @@ class UploadField extends FileField {
 
 	/**
 	 * Force a record to be used as "Parent" for uploaded Files (eg a Page with a has_one to File)
+	 *
 	 * @param DataObject $record
+	 * @return $this
 	 */
 	public function setRecord($record) {
 		$this->record = $record;
@@ -389,6 +395,7 @@ class UploadField extends FileField {
 	 * @param array|DataObject|SS_List $record Full source record, either as a DataObject,
 	 * SS_List of items, or an array of submitted form data
 	 * @return $this Self reference
+	 * @throws ValidationException
 	 */
 	public function setValue($value, $record = null) {
 
@@ -727,7 +734,7 @@ class UploadField extends FileField {
 	 * Defaults to 'ss-uploadfield-uploadtemplate'
 	 *
 	 * @see javascript/UploadField_uploadtemplate.js
-	 * @var string
+	 * @return string
 	 */
 	public function getUploadTemplateName() {
 		return $this->getConfig('uploadTemplateName');
@@ -748,7 +755,7 @@ class UploadField extends FileField {
 	 * Defaults to 'ss-downloadfield-downloadtemplate'
 	 *
 	 * @see javascript/DownloadField_downloadtemplate.js
-	 * @var string
+	 * @return string
 	 */
 	public function getDownloadTemplateName() {
 		return $this->getConfig('downloadTemplateName');
@@ -1295,6 +1302,7 @@ class UploadField extends FileField {
 	 * Determines if a specified file exists
 	 *
 	 * @param SS_HTTPRequest $request
+	 * @return SS_HTTPResponse
 	 */
 	public function fileexists(SS_HTTPRequest $request) {
 		// Assert that requested filename doesn't attempt to escape the directory
@@ -1327,7 +1335,7 @@ class UploadField extends FileField {
 	 * Gets the foreign class that needs to be created, or 'File' as default if there
 	 * is no relationship, or it cannot be determined.
 	 *
-	 * @param $default Default value to return if no value could be calculated
+	 * @param string $default Default value to return if no value could be calculated
 	 * @return string Foreign class name.
 	 */
 	public function getRelationAutosetClass($default = 'File') {
@@ -1605,7 +1613,7 @@ class UploadField_SelectHandler extends RequestHandler {
 	}
 
 	/**
-	 * @param $folderID The ID of the folder to display.
+	 * @param int $folderID The ID of the folder to display.
 	 * @return FormField
 	 */
 	protected function getListField($folderID) {

forms/gridfield/GridFieldPrintButton.php

@@ -3,6 +3,9 @@
 
 use SilverStripe\ORM\ArrayList;
 use SilverStripe\ORM\FieldType\DBDatetime;
+use SilverStripe\ORM\FieldType\DBHTMLText;
+use SilverStripe\Security\Member;
+
 
 
 /**
@@ -81,10 +84,11 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
 	/**
 	 * Handle the print action.
 	 *
-	 * @param GridField
+	 * @param GridField $gridField
-	 * @param string
+	 * @param string $actionName
-	 * @param array
+	 * @param array $arguments
-	 * @param array
+	 * @param array $data
+	 * @return DBHTMLText
 	 */
 	public function handleAction(GridField $gridField, $actionName, $arguments, $data) {
 		if($actionName == 'print') {
@@ -106,7 +110,11 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
 
 	/**
 	 * Handle the print, for both the action button and the URL
- 	 */
+	 *
+	 * @param GridField $gridField
+	 * @param SS_HTTPRequest $request
+	 * @return DBHTMLText
+	 */
 	public function handlePrint($gridField, $request = null) {
 		set_time_limit(60);
 		Requirements::clear();
@@ -172,8 +180,9 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
 	/**
 	 * Export core.
 	 *
-	 * @param GridField
+	 * @param GridField $gridField
- 	 */
+	 * @return ArrayData
+	 */
 	public function generatePrintData(GridField $gridField) {
 		$printColumns = $this->getPrintColumnsForGridField($gridField);
 
@@ -234,7 +243,8 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
 	}
 
 	/**
-	 * @param array
+	 * @param array $cols
+	 * @return $this
 	 */
 	public function setPrintColumns($cols) {
 		$this->printColumns = $cols;
@@ -250,7 +260,8 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
 	}
 
 	/**
-	 * @param boolean
+	 * @param bool $bool
+	 * @return $this
 	 */
 	public function setPrintHasHeader($bool) {
 		$this->printHasHeader = $bool;

main.php

@@ -2,6 +2,9 @@
 
 use SilverStripe\ORM\DB;
 use SilverStripe\ORM\DataModel;
+use SilverStripe\Security\Security;
+use SilverStripe\Security\Permission;
+
 
 /************************************************************************************
  ************************************************************************************
@@ -162,7 +165,7 @@ $chain
 		}
 
 		// Fail and redirect the user to the login page
-		$loginPage = Director::absoluteURL(Config::inst()->get('Security', 'login_url'));
+		$loginPage = Director::absoluteURL(Security::config()->login_url);
 		$loginPage .= "?BackURL=" . urlencode($_SERVER['REQUEST_URI']);
 		header('location: '.$loginPage, true, 302);
 		die;

tasks/CleanupTestDatabasesTask.php

@@ -1,4 +1,7 @@
 <?php
+
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\Security;
 /**
  * Cleans up leftover databases from aborted test executions (starting with ss_tmpdb)
  * Task is restricted to users with administrator rights or running through CLI.

tasks/EncryptAllPasswordsTask.php

@@ -1,6 +1,10 @@
 <?php
 
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\Security;
+
 /**
  * Encrypt all passwords
  *
@@ -37,7 +41,7 @@ class EncryptAllPasswordsTask extends BuildTask {
 		}
 
 		// Are there members with a clear text password?
-		$members = DataObject::get("Member")->where(array(
+		$members = Member::get()->where(array(
 			'"Member"."PasswordEncryption"' => 'none',
 			'"Member"."Password" IS NOT NULL'
 		));

tasks/RegenerateCachedImagesTask.php

@@ -1,46 +0,0 @@
-<?php
-
-use SilverStripe\ORM\DataObject;
-/**
- * Regenerate all cached images that have been created as the result of a manipulation method being called on a
- * {@link Image} object
- *
- * @package framework
- * @subpackage filesystem
- */
-class RegenerateCachedImagesTask extends BuildTask {
-
-	protected $title = 'Regenerate Cached Images Task';
-
-	protected $description = 'Regenerate all cached images created as the result of an image manipulation';
-
-	/**
-	 * Check that the user has appropriate permissions to execute this task
-	 */
-	public function init() {
-		if(!Director::is_cli() && !Director::isDev() && !Permission::check('ADMIN')) {
-			return Security::permissionFailure();
-		}
-
-		parent::init();
-	}
-
-	/**
-	 * Actually regenerate all the images
-	 */
-	public function run($request) {
-		$processedImages   = 0;
-		$regeneratedImages = 0;
-
-		if($images = DataObject::get('Image')) foreach($images as $image) {
-			if($generated = $image->regenerateFormattedImages()) {
-				$regeneratedImages += $generated;
-			}
-
-			$processedImages++;
-		}
-
-		echo "Regenerated $regeneratedImages cached images from $processedImages Image objects stored in the Database.";
-	}
-
-}

tasks/i18nTextCollectorTask.php

@@ -1,4 +1,7 @@
 <?php
+
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\Security;
 /**
  * @package framework
  * @subpackage tasks

tests/Bare.yml

@@ -1,14 +0,0 @@
-Group:
-   admins:
-      Title: Administrators
-
-Permission:
-   admin:
-      Code: ADMIN
-      Group: =>Group.admins
-
-Member:
-   admin:
-      Email: admin
-      Password: password
-      Groups: =>Group.admins

tests/behat/features/bootstrap/FeatureContext.php

@@ -42,11 +42,11 @@ class FeatureContext extends SilverStripeContext {
 
 		// Use blueprints to set user name from identifier
 		$factory = $fixtureContext->getFixtureFactory();
-		$blueprint = \Injector::inst()->create('FixtureBlueprint', 'Member');
+		$blueprint = \Injector::inst()->create('FixtureBlueprint', 'SilverStripe\\Security\\Member');
 		$blueprint->addCallback('beforeCreate', function($identifier, &$data, &$fixtures) {
 			if(!isset($data['FirstName'])) $data['FirstName'] = $identifier;
 		});
-		$factory->define('Member', $blueprint);
+		$factory->define('SilverStripe\\Security\\Member', $blueprint);
 	}
 
 	public function setMinkParameters(array $parameters) {

tests/control/CMSProfileControllerTest.php

@@ -13,8 +13,8 @@ class CMSProfileControllerTest extends FunctionalTest {
 	public $autoFollowRedirection = false;
 
 	public function testMemberCantEditAnother() {
-		$member = $this->objFromFixture('Member', 'user1');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user1');
-		$anotherMember = $this->objFromFixture('Member', 'user2');
+		$anotherMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'user2');
 		$this->session()->inst_set('loggedInAs', $member->ID);
 
 		$response = $this->post('admin/myprofile/EditForm', array(
@@ -28,13 +28,13 @@ class CMSProfileControllerTest extends FunctionalTest {
 			'Password[_ConfirmPassword]' => 'password',
 		));
 
-		$anotherMember = $this->objFromFixture('Member', 'user2');
+		$anotherMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'user2');
 
 		$this->assertNotEquals($anotherMember->FirstName, 'JoeEdited', 'FirstName field stays the same');
 	}
 
 	public function testMemberEditsOwnProfile() {
-		$member = $this->objFromFixture('Member', 'user3');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user3');
 		$this->session()->inst_set('loggedInAs', $member->ID);
 
 		$response = $this->post('admin/myprofile/EditForm', array(
@@ -48,16 +48,16 @@ class CMSProfileControllerTest extends FunctionalTest {
 			'Password[_ConfirmPassword]' => 'password',
 		));
 
-		$member = $this->objFromFixture('Member', 'user3');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user3');
 
 		$this->assertEquals('JoeEdited', $member->FirstName, 'FirstName field was changed');
 	}
 
 	public function testExtendedPermissionsStopEditingOwnProfile() {
-		$existingExtensions = Config::inst()->get('Member', 'extensions');
+		$existingExtensions = Config::inst()->get('SilverStripe\\Security\\Member', 'extensions');
-		Config::inst()->update('Member', 'extensions', array('CMSProfileControllerTestExtension'));
+		Config::inst()->update('SilverStripe\\Security\\Member', 'extensions', array('CMSProfileControllerTestExtension'));
 
-		$member = $this->objFromFixture('Member', 'user1');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user1');
 		$this->session()->inst_set('loggedInAs', $member->ID);
 
 		$response = $this->post('admin/myprofile/EditForm', array(
@@ -71,13 +71,13 @@ class CMSProfileControllerTest extends FunctionalTest {
 			'Password[_ConfirmPassword]' => 'password',
 		));
 
-		$member = $this->objFromFixture('Member', 'user1');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user1');
 
 		$this->assertNotEquals($member->FirstName, 'JoeEdited',
 			'FirstName field was NOT changed because we modified canEdit');
 
-		Config::inst()->remove('Member', 'extensions');
+		Config::inst()->remove('SilverStripe\\Security\\Member', 'extensions');
-		Config::inst()->update('Member', 'extensions', $existingExtensions);
+		Config::inst()->update('SilverStripe\\Security\\Member', 'extensions', $existingExtensions);
 	}
 
 }

tests/control/CMSProfileControllerTest.yml

@@ -1,4 +1,4 @@
-Permission:
+'SilverStripe\Security\Permission':
   admin:
     Code: ADMIN
   cmsmain:
@@ -8,31 +8,31 @@ Permission:
   test:
     Code: CMS_ACCESS_TestController
 
-Group:
+'SilverStripe\Security\Group':
   admins:
     Title: Administrators
-    Permissions: =>Permission.admin
+    Permissions: '=>SilverStripe\Security\Permission.admin'
   cmsusers:
     Title: CMS Users
-    Permissions: =>Permission.cmsmain, =>Permission.leftandmain
+    Permissions: '=>SilverStripe\Security\Permission.cmsmain, =>SilverStripe\Security\Permission.leftandmain'
   test:
     Title: Test group
-    Permissions: =>Permission.test
+    Permissions: '=>SilverStripe\Security\Permission.test'
 
-Member:
+'SilverStripe\Security\Member':
   admin:
     FirstName: Admin
     Email: admin@user.com
-    Groups: =>Group.admins
+    Groups: '=>SilverStripe\Security\Group.admins'
   user1:
     FirstName: Joe
     Email: user1@user.com
-    Groups: =>Group.cmsusers
+    Groups: '=>SilverStripe\Security\Group.cmsusers'
   user2:
     FirstName: Steve
     Email: user2@user.com
-    Groups: =>Group.cmsusers
+    Groups: '=>SilverStripe\Security\Group.cmsusers'
   user3:
     FirstName: Files
     Email: user3@example.com
-    Groups: =>Group.test
+    Groups: '=>SilverStripe\Security\Group.test'

tests/control/ControllerTest.php

@@ -57,7 +57,7 @@ class ControllerTest extends FunctionalTest {
 	}
 
 	public function testAllowedActions() {
-		$adminUser = $this->objFromFixture('Member', 'admin');
+		$adminUser = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
 
 		$response = $this->get("ControllerTest_UnsecuredController/");
 		$this->assertEquals(200, $response->getStatusCode(),

tests/control/ControllerTest.yml

@@ -1,11 +1,11 @@
-Permission:
+'SilverStripe\Security\Permission':
-    admin:
+  admin:
-        Code: ADMIN
+    Code: ADMIN
-Group:
+'SilverStripe\Security\Group':
-    admins:
+  admins:
-        Code: admins
+    Code: admins
-        Permissions: =>Permission.admin
+    Permissions: '=>SilverStripe\Security\Permission.admin'
-Member:
+'SilverStripe\Security\Member':
-    admin:
+  admin:
-        Email: admin@test.com
+    Email: admin@test.com
-        Groups: =>Group.admins
+    Groups: '=>SilverStripe\Security\Group.admins'

tests/control/DirectorTest.php

@@ -394,7 +394,7 @@ class DirectorTest extends SapphireTest {
 	}
 
 	public function testForceSSLOnSubPagesPattern() {
-		$_SERVER['REQUEST_URI'] = Director::baseURL() . Config::inst()->get('Security', 'login_url');
+		$_SERVER['REQUEST_URI'] = Director::baseURL() . Config::inst()->get('SilverStripe\\Security\\Security', 'login_url');
 		$output = Director::forceSSL(array('/^Security/'));
 		$this->assertEquals($output, 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
 	}

tests/control/RequestHandlingTest.php

@@ -1,5 +1,7 @@
 <?php
 
+use SilverStripe\Security\SecurityToken;
+
 /**
  * Tests for RequestHandler and SS_HTTPRequest.
  * We've set up a simple URL handling model based on

tests/core/manifest/NamespacedClassManifestTest.php

@@ -8,6 +8,10 @@
 class NamespacedClassManifestTest extends SapphireTest {
 
 	protected $base;
+
+	/**
+	 * @var SS_ClassManifest
+	 */
 	protected $manifest;
 
 	public function setUp() {
@@ -28,13 +32,14 @@ class NamespacedClassManifestTest extends SapphireTest {
 		$tokens = token_get_all($file);
 		$parsedTokens = SS_ClassManifest::get_imported_namespace_parser()->findAll($tokens);
 
+		/** @skipUpgrade */
 		$expectedItems = array(
 			array('ModelAdmin'),
 			array('Controller', '  ', 'as', '  ', 'Cont'),
 			array(
 				'SS_HTTPRequest', ' ', 'as', ' ', 'Request', ',',
-				'SS_HTTPResponse', ' ', 'AS', ' ', 'Response', ',',
+				'SS_HTTPResponse', ' ', 'as', ' ', 'Response', ',',
-				'PermissionProvider', ' ', 'AS', ' ', 'P',
+				'SilverStripe', '\\', 'Security', '\\', 'PermissionProvider', ' ', 'as', ' ', 'P',
 			),
 			array('silverstripe', '\\', 'test', '\\', 'ClassA'),
 			array('\\', 'Object'),
@@ -59,7 +64,7 @@ class NamespacedClassManifestTest extends SapphireTest {
 			'Cont' => 'Controller',
 			'Request' => 'SS_HTTPRequest',
 			'Response' => 'SS_HTTPResponse',
-			'P' => 'PermissionProvider',
+			'P' => 'SilverStripe\\Security\\PermissionProvider',
 			'silverstripe\test\ClassA',
 			'\Object',
 		);
@@ -71,7 +76,7 @@ class NamespacedClassManifestTest extends SapphireTest {
 	}
 
 	public function testClassInfoIsCorrect() {
-		$this->assertContains('SilverStripe\Framework\Tests\ClassI', ClassInfo::implementorsOf('PermissionProvider'));
+		$this->assertContains('SilverStripe\Framework\Tests\ClassI', ClassInfo::implementorsOf('SilverStripe\\Security\\PermissionProvider'));
 
 		//because we're using a nested manifest we have to "coalesce" the descendants again to correctly populate the
 		// descendants of the core classes we want to test against - this is a limitation of the test manifest not
@@ -83,20 +88,26 @@ class NamespacedClassManifestTest extends SapphireTest {
 		$this->assertContains('SilverStripe\Framework\Tests\ClassI', ClassInfo::subclassesFor('ModelAdmin'));
 	}
 
+	/**
+	 * @skipUpgrade
+	 */
 	public function testFindClassOrInterfaceFromCandidateImports() {
 		$method = new ReflectionMethod($this->manifest, 'findClassOrInterfaceFromCandidateImports');
 		$method->setAccessible(true);
 
 		$this->assertTrue(ClassInfo::exists('silverstripe\test\ClassA'));
 
-		$this->assertEquals('PermissionProvider', $method->invokeArgs($this->manifest, array(
+		$this->assertEquals(
-			'\PermissionProvider',
+			'PermissionProvider',
-			'Test\Namespace',
+			$method->invokeArgs($this->manifest, [
-			array(
+				'\PermissionProvider',
-				'TestOnly',
+				'Test\Namespace',
-				'Controller',
+				array(
-			),
+					'TestOnly',
-		)));
+					'Controller',
+				),
+			])
+		);
 
 		$this->assertEquals('PermissionProvider', $method->invokeArgs($this->manifest, array(
 			'PermissionProvider',
@@ -236,7 +247,7 @@ class NamespacedClassManifestTest extends SapphireTest {
 			'silverstripe\test\interfacea' => array('silverstripe\test\ClassE'),
 			'interfacea' => array('silverstripe\test\ClassF'),
 			'silverstripe\test\subtest\interfacea' => array('silverstripe\test\ClassG'),
-			'permissionprovider' => array('SilverStripe\Framework\Tests\ClassI'),
+			'silverstripe\security\permissionprovider' => array('SilverStripe\Framework\Tests\ClassI'),
 		);
 		$this->assertEquals($expect, $this->manifest->getImplementors());
 	}

tests/core/manifest/fixtures/namespaced_classmanifest/module/classes/ClassI.php

@@ -4,9 +4,10 @@ namespace SilverStripe\Framework\Tests;
 //whitespace here is important for tests, please don't change it
 use ModelAdmin;
 use Controller  as  Cont ;
-use SS_HTTPRequest as Request,SS_HTTPResponse AS Response, PermissionProvider AS P;
+use SS_HTTPRequest as Request, SS_HTTPResponse as Response, SilverStripe\Security\PermissionProvider as P;
 use silverstripe\test\ClassA;
 use \Object;
 
+
 class ClassI extends ModelAdmin implements P {
 }

tests/filesystem/AssetControlExtensionTest.php

@@ -2,6 +2,8 @@
 use SilverStripe\Filesystem\Storage\AssetStore;
 use SilverStripe\ORM\Versioning\Versioned;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Member;
+
 
 
 /**

tests/filesystem/FileTest.php

@@ -5,6 +5,8 @@ use SilverStripe\Filesystem\Storage\AssetStore;
 use SilverStripe\ORM\Versioning\Versioned;
 use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\ValidationException;
+use SilverStripe\Security\Member;
+
 
 
 /**
@@ -509,23 +511,23 @@ class FileTest extends SapphireTest {
 		$this->assertFalse($file->canEdit(), "Anonymous users can't edit files");
 
 		// Test permissionless user
-		$this->objFromFixture('Member', 'frontend')->logIn();
+		$this->objFromFixture('SilverStripe\\Security\\Member', 'frontend')->logIn();
 		$this->assertFalse($file->canEdit(), "Permissionless users can't edit files");
 
 		// Test global CMS section users
-		$this->objFromFixture('Member', 'cms')->logIn();
+		$this->objFromFixture('SilverStripe\\Security\\Member', 'cms')->logIn();
 		$this->assertTrue($file->canEdit(), "Users with all CMS section access can edit files");
 
 		// Test cms access users without file access
-		$this->objFromFixture('Member', 'security')->logIn();
+		$this->objFromFixture('SilverStripe\\Security\\Member', 'security')->logIn();
 		$this->assertFalse($file->canEdit(), "Security CMS users can't edit files");
 
 		// Test asset-admin user
-		$this->objFromFixture('Member', 'assetadmin')->logIn();
+		$this->objFromFixture('SilverStripe\\Security\\Member', 'assetadmin')->logIn();
 		$this->assertTrue($file->canEdit(), "Asset admin users can edit files");
 
 		// Test admin
-		$this->objFromFixture('Member', 'admin')->logIn();
+		$this->objFromFixture('SilverStripe\\Security\\Member', 'admin')->logIn();
 		$this->assertTrue($file->canEdit(), "Admins can edit files");
 	}
 

tests/filesystem/FileTest.yml

@@ -45,7 +45,7 @@ Image:
     FileFilename: FileTest.png
     FileHash: 55b443b60176235ef09801153cca4e6da7494a0c
     Name: FileTest.png
-Permission:
+'SilverStripe\Security\Permission':
   admin:
     Code: ADMIN
   cmsmain:
@@ -54,31 +54,31 @@ Permission:
     Code: CMS_ACCESS_AssetAdmin
   securityadmin:
     Code: CMS_ACCESS_SecurityAdmin
-Group:
+'SilverStripe\Security\Group':
   admins:
     Title: Administrators
-    Permissions: =>Permission.admin
+    Permissions: '=>SilverStripe\Security\Permission.admin'
   cmsusers:
     Title: 'CMS Users'
-    Permissions: =>Permission.cmsmain
+    Permissions: '=>SilverStripe\Security\Permission.cmsmain'
   securityusers:
     Title: 'Security Users'
-    Permissions: =>Permission.securityadmin
+    Permissions: '=>SilverStripe\Security\Permission.securityadmin'
   assetusers:
     Title: 'Asset Users'
-    Permissions: =>Permission.assetadmin
+    Permissions: '=>SilverStripe\Security\Permission.assetadmin'
-Member:
+'SilverStripe\Security\Member':
   frontend:
     Email: frontend@example.com
   cms:
     Email: cms@silverstripe.com
-    Groups: =>Group.cmsusers
+    Groups: '=>SilverStripe\Security\Group.cmsusers'
   admin:
     Email: admin@silverstripe.com
-    Groups: =>Group.admins
+    Groups: '=>SilverStripe\Security\Group.admins'
   assetadmin:
     Email: assetadmin@silverstripe.com
-    Groups: =>Group.assetusers
+    Groups: '=>SilverStripe\Security\Group.assetusers'
   security:
     Email: security@silverstripe.com
-    Groups: =>Group.securityusers
+    Groups: '=>SilverStripe\Security\Group.securityusers'

tests/forms/ConfirmedPasswordFieldTest.php

@@ -1,4 +1,6 @@
 <?php
+
+use SilverStripe\Security\Member;
 /**
  * @package framework
  * @subpackage tests

tests/forms/FormScaffolderTest.php

@@ -2,6 +2,8 @@
 
 use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\DataExtension;
+use SilverStripe\Security\Member;
+
 
 /**
  * Tests for DataObject FormField scaffolding

tests/forms/FormTest.php

@@ -2,6 +2,9 @@
 
 use SilverStripe\ORM\DataModel;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\SecurityToken;
+use SilverStripe\Security\RandomGenerator;
+
 
 /**
  * @package framework
@@ -387,12 +390,12 @@ class FormTest extends FunctionalTest {
 		SecurityToken::enable();
 
 		$form1 = $this->getStubForm();
-		$this->assertInstanceOf('SecurityToken', $form1->getSecurityToken());
+		$this->assertInstanceOf('SilverStripe\\Security\\SecurityToken', $form1->getSecurityToken());
 
 		SecurityToken::disable();
 
 		$form2 = $this->getStubForm();
-		$this->assertInstanceOf('NullSecurityToken', $form2->getSecurityToken());
+		$this->assertInstanceOf('SilverStripe\\Security\\NullSecurityToken', $form2->getSecurityToken());
 
 		SecurityToken::enable();
 	}

tests/forms/GridFieldTest.php

@@ -3,6 +3,8 @@
 use SilverStripe\ORM\ArrayList;
 use SilverStripe\ORM\SS_List;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Member;
+
 class GridFieldTest extends SapphireTest {
 
 	/**
@@ -75,7 +77,7 @@ class GridFieldTest extends SapphireTest {
 	 */
 	public function testGridFieldModelClass() {
 		$obj = new GridField('testfield', 'testfield', Member::get());
-		$this->assertEquals('Member', $obj->getModelClass(), 'Should return Member');
+		$this->assertEquals('SilverStripe\\Security\\Member', $obj->getModelClass(), 'Should return Member');
 		$obj->setModelClass('SilverStripe\\ORM\\DataModel');
 		$this->assertEquals('SilverStripe\\ORM\\DataModel', $obj->getModelClass(), 'Should return Member');
 	}

tests/forms/LookupFieldTest.php

@@ -66,11 +66,11 @@ class LookupFieldTest extends SapphireTest {
 	}
 
 	public function testArrayValueWithSqlMapSource() {
-		$member1 = $this->objFromFixture('Member', 'member1');
+		$member1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'member1');
-		$member2 = $this->objFromFixture('Member', 'member2');
+		$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'member2');
-		$member3 = $this->objFromFixture('Member', 'member3');
+		$member3 = $this->objFromFixture('SilverStripe\\Security\\Member', 'member3');
 
-		$source = DataObject::get('Member');
+		$source = DataObject::get('SilverStripe\\Security\\Member');
 		$f = new LookupField('test', 'test', $source->map('ID', 'FirstName'));
 		$f->setValue(array($member1->ID, $member2->ID));
 

tests/forms/LookupFieldTest.yml

@@ -1,4 +1,4 @@
-Member:
+'SilverStripe\Security\Member':
    member1:
       FirstName: member1
    member2:

tests/forms/MemberDatetimeOptionsetFieldTest.php

@@ -45,7 +45,7 @@ class MemberDatetimeOptionsetFieldTest extends SapphireTest {
 
 	public function testDateFormatDefaultCheckedInFormField() {
 		Config::inst()->update('i18n', 'date_format', 'yyyy-MM-dd');
-		$field = $this->createDateFormatFieldForMember($this->objFromFixture('Member', 'noformatmember'));
+		$field = $this->createDateFormatFieldForMember($this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember'));
 		$field->setForm(new Form(new MemberDatetimeOptionsetFieldTest_Controller(), 'Form', new FieldList(),
 			new FieldList())); // fake form
 		$parser = new CSSContentParser($field->Field());
@@ -55,7 +55,7 @@ class MemberDatetimeOptionsetFieldTest extends SapphireTest {
 
 	public function testTimeFormatDefaultCheckedInFormField() {
 		Config::inst()->update('i18n', 'time_format', 'h:mm:ss a');
-		$field = $this->createTimeFormatFieldForMember($this->objFromFixture('Member', 'noformatmember'));
+		$field = $this->createTimeFormatFieldForMember($this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember'));
 		$field->setForm(new Form(new MemberDatetimeOptionsetFieldTest_Controller(), 'Form', new FieldList(),
 			new FieldList())); // fake form
 		$parser = new CSSContentParser($field->Field());
@@ -64,7 +64,7 @@ class MemberDatetimeOptionsetFieldTest extends SapphireTest {
 	}
 
 	public function testDateFormatChosenIsCheckedInFormField() {
-		$member = $this->objFromFixture('Member', 'noformatmember');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember');
 		$member->setField('DateFormat', 'MM/dd/yyyy');
 		$field = $this->createDateFormatFieldForMember($member);
 		$field->setForm(new Form(new MemberDatetimeOptionsetFieldTest_Controller(), 'Form', new FieldList(),
@@ -75,7 +75,7 @@ class MemberDatetimeOptionsetFieldTest extends SapphireTest {
 	}
 
 	public function testDateFormatCustomFormatAppearsInCustomInputInField() {
-		$member = $this->objFromFixture('Member', 'noformatmember');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember');
 		$member->setField('DateFormat', 'dd MM yy');
 		$field = $this->createDateFormatFieldForMember($member);
 		$field->setForm(new Form(new MemberDatetimeOptionsetFieldTest_Controller(), 'Form', new FieldList(),

tests/forms/MemberDatetimeOptionsetFieldTest.yml

@@ -1,4 +1,4 @@
-Member:
+'SilverStripe\Security\Member':
    noformatmember:
       Email: noformat@test.com
    delocalemember:

tests/forms/gridfield/GridFieldDataColumnsTest.php

@@ -1,4 +1,6 @@
 <?php
+
+use SilverStripe\Security\Member;
 class GridFieldDataColumnsTest extends SapphireTest {
 
 	/**
@@ -6,7 +8,7 @@ class GridFieldDataColumnsTest extends SapphireTest {
 	 */
 	public function testGridFieldGetDefaultDisplayFields() {
 		$obj = new GridField('testfield', 'testfield', Member::get());
-		$expected = singleton('Member')->summaryFields();
+		$expected = singleton('SilverStripe\\Security\\Member')->summaryFields();
 		$columns = $obj->getConfig()->getComponentByType('GridFieldDataColumns');
 		$this->assertEquals($expected, $columns->getDisplayFields($obj));
 	}

tests/forms/gridfield/GridFieldDeleteActionTest.php

@@ -2,6 +2,9 @@
 
 use SilverStripe\ORM\DataList;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\SecurityToken;
+
 
 class GridFieldDeleteActionTest extends SapphireTest {
 

tests/forms/gridfield/GridFieldEditButtonTest.php

@@ -2,6 +2,8 @@
 
 use SilverStripe\ORM\DataList;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Member;
+
 
 class GridFieldEditButtonTest extends SapphireTest {
 

tests/i18n/i18nTest.php

@@ -590,15 +590,15 @@ class i18nTest_DataObject extends DataObject implements TestOnly {
 	);
 
 	private static $has_one = array(
-		'HasOneRelation' => 'Member'
+		'HasOneRelation' => 'SilverStripe\\Security\\Member'
 	);
 
 	private static $has_many = array(
-		'HasManyRelation' => 'Member'
+		'HasManyRelation' => 'SilverStripe\\Security\\Member'
 	);
 
 	private static $many_many = array(
-		'ManyManyRelation' => 'Member'
+		'ManyManyRelation' => 'SilverStripe\\Security\\Member'
 	);
 
 	/**

tests/i18n/i18nTextCollectorTestMyObject.php

@@ -12,7 +12,7 @@ class i18nTextCollectorTestMyObject extends DataObject implements TestOnly {
 	);
 
 	private static $has_many = array(
-		'Relation' => 'Group'
+		'Relation' => 'SilverStripe\\Security\\Group'
 	);
 
 	private static $singular_name = "My Object";

tests/i18n/i18nTextCollectorTestMySubObject.php

@@ -9,7 +9,7 @@ class i18nTextCollectorTestMySubObject extends i18nTextCollectorTestMyObject imp
 	);
 
 	private static $has_many = array(
-		'SubRelation' => 'Group'
+		'SubRelation' => 'SilverStripe\\Security\\Group'
 	);
 
 	private static $singular_name = "My Sub Object";

tests/model/ChangeSetTest.php

@@ -4,6 +4,8 @@ use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\Versioning\ChangeSet;
 use SilverStripe\ORM\Versioning\ChangeSetItem;
 use SilverStripe\ORM\Versioning\Versioned;
+use SilverStripe\Security\Permission;
+
 
 /**
  * Provides a set of targettable permissions for tested models

tests/model/ComponentSetTest.php

@@ -1,6 +1,8 @@
 <?php
 
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Member;
+
 /**
  * @package framework
  * @subpackage tests

tests/model/DBDateTest.php

@@ -253,7 +253,7 @@ class DBDateTest extends SapphireTest {
 	public function testFormatFromSettings() {
 
 		$memberID = $this->logInWithPermission();
-		$member = DataObject::get_by_id('Member', $memberID);
+		$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $memberID);
 		$member->DateFormat = 'dd/MM/YYYY';
 		$member->write();
 

tests/model/DataExtensionTest.php

@@ -120,8 +120,8 @@ class DataExtensionTest extends SapphireTest {
 		// in SiteTree->can*() methods to test one single feature reliably with them
 
 		$obj = $this->objFromFixture('DataExtensionTest_MyObject', 'object1');
-		$websiteuser = $this->objFromFixture('Member', 'websiteuser');
+		$websiteuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'websiteuser');
-		$admin = $this->objFromFixture('Member', 'admin');
+		$admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
 
 		$this->assertFalse(
 			$obj->canOne($websiteuser),

tests/model/DataExtensionTest.yml

@@ -1,24 +1,24 @@
 DataExtensionTest_RelatedObject:
-   obj1:
+  obj1:
-      FieldOne: Obj1
+    FieldOne: Obj1
-   obj2:
+  obj2:
-      FieldOne: Obj2
+    FieldOne: Obj2
-Permission:
+'SilverStripe\Security\Permission':
-   adminpermission:
+  adminpermission:
-      Code: ADMIN
+    Code: ADMIN
-Group:
+'SilverStripe\Security\Group':
-   admingroup:
+  admingroup:
-      Permissions: =>Permission.adminpermission
+    Permissions: '=>SilverStripe\Security\Permission.adminpermission'
-Member:
+'SilverStripe\Security\Member':
-   admin:
+  admin:
-      Email: admin@test.com
+    Email: admin@test.com
-      Groups: =>Group.admingroup
+    Groups: '=>SilverStripe\Security\Group.admingroup'
-   websiteuser:
+  websiteuser:
-      Email: websiteuser@test.com
+    Email: websiteuser@test.com
 DataExtensionTest_Member:
-   member1:
+  member1:
-      Name: Sam
+    Name: Sam
-      Website: http://www.example.org
+    Website: http://www.example.org
 DataExtensionTest_MyObject:
-   object1:
+  object1:
-      Title: Object 1
+    Title: Object 1

tests/model/DataObjectTest.php

@@ -7,6 +7,8 @@ use SilverStripe\ORM\DB;
 use SilverStripe\ORM\Connect\MySQLDatabase;
 use SilverStripe\ORM\DataExtension;
 use SilverStripe\ORM\ValidationResult;
+use SilverStripe\Security\Member;
+
 
 
 /**

tests/model/DataQueryTest.php

@@ -43,12 +43,12 @@ class DataQueryTest extends SapphireTest {
 	 * Test the leftJoin() and innerJoin method of the DataQuery object
 	 */
 	public function testJoins() {
-		$dq = new DataQuery('Member');
+		$dq = new DataQuery('SilverStripe\\Security\\Member');
 		$dq->innerJoin("Group_Members", "\"Group_Members\".\"MemberID\" = \"Member\".\"ID\"");
 		$this->assertSQLContains("INNER JOIN \"Group_Members\" ON \"Group_Members\".\"MemberID\" = \"Member\".\"ID\"",
 			$dq->sql($parameters));
 
-		$dq = new DataQuery('Member');
+		$dq = new DataQuery('SilverStripe\\Security\\Member');
 		$dq->leftJoin("Group_Members", "\"Group_Members\".\"MemberID\" = \"Member\".\"ID\"");
 		$this->assertSQLContains("LEFT JOIN \"Group_Members\" ON \"Group_Members\".\"MemberID\" = \"Member\".\"ID\"",
 			$dq->sql($parameters));

tests/model/DatabaseTest.php

@@ -4,6 +4,8 @@ use SilverStripe\ORM\DB;
 use SilverStripe\ORM\Connect\MySQLDatabase;
 use SilverStripe\ORM\Connect\MySQLSchemaManager;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\MSSQL\MSSQLDatabase;
+
 /**
  * @package framework
  * @subpackage Testing

tests/model/DbDatetimeTest.php

@@ -202,7 +202,7 @@ class DBDatetimeTest extends SapphireTest {
 	public function testFormatFromSettings() {
 
 		$memberID = $this->logInWithPermission();
-		$member = DataObject::get_by_id('Member', $memberID);
+		$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $memberID);
 		$member->DateFormat = 'dd/MM/YYYY';
 		$member->TimeFormat = 'hh:mm:ss';
 		$member->write();

tests/model/SQLSelectTest.php

@@ -4,6 +4,9 @@ use SilverStripe\ORM\DB;
 use SilverStripe\ORM\Connect\MySQLDatabase;
 use SilverStripe\ORM\Queries\SQLSelect;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\SQLite\SQLite3Database;
+use SilverStripe\PostgreSQL\PostgreSQLDatabase;
+
 
 /**
  * @package framework

tests/security/BasicAuthTest.php

@@ -1,4 +1,8 @@
 <?php
+
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Security;
+use SilverStripe\Security\BasicAuth;
 /**
  * @package framework
  * @subpackage tests

tests/security/BasicAuthTest.yml

@@ -1,11 +1,11 @@
-Group:
+'SilverStripe\Security\Group':
   mygroup:
     Code: mygroup
-Member:
+SilverStripe\Security\Member:
   user-in-mygroup:
     Email: user-in-mygroup@test.com
     Password: test
-    Groups: =>Group.mygroup
+    Groups: '=>SilverStripe\Security\Group.mygroup'
   user-without-groups:
     Email: user-without-groups@test.com
     Password: test
@@ -13,7 +13,7 @@ Member:
     Email: failedlogin@test.com
     Password: Password
     FailedLoginCount: 0
-Permission:
+'SilverStripe\Security\Permission':
   mycode:
     Code: MYCODE
-    Group: =>Group.mygroup
+    Group: '=>SilverStripe\Security\Group.mygroup'

tests/security/GroupCsvBulkLoaderTest.php

@@ -1,4 +1,7 @@
 <?php
+
+use SilverStripe\Security\GroupCsvBulkLoader;
+use SilverStripe\Security\Group;
 /**
  * @package framework
  * @subpackage tests

tests/security/GroupCsvBulkLoaderTest.yml

@@ -1,7 +1,7 @@
-Permission:
+'SilverStripe\Security\Permission':
   permission1:
     Code: CODE1
-Group:
+'SilverStripe\Security\Group':
   existinggroup:
     Code: existinggroup
-    Permissions: =>Permission.permission1
+    Permissions: '=>SilverStripe\Security\Permission.permission1'

tests/security/GroupTest.php

@@ -1,6 +1,9 @@
 <?php
 
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Group;
+use SilverStripe\Security\Member;
+
 /**
  * @package framework
  * @subpackage tests
@@ -30,9 +33,9 @@ class GroupTest extends FunctionalTest {
 	public function testMemberGroupRelationForm() {
 		Session::set('loggedInAs', $this->idFromFixture('GroupTest_Member', 'admin'));
 
-		$adminGroup = $this->objFromFixture('Group', 'admingroup');
+		$adminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'admingroup');
-		$parentGroup = $this->objFromFixture('Group', 'parentgroup');
+		$parentGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'parentgroup');
-		$childGroup = $this->objFromFixture('Group', 'childgroup');
+		$childGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'childgroup');
 
 		// Test single group relation through checkboxsetfield
 		$form = new GroupTest_MemberForm($this, 'Form');
@@ -86,8 +89,8 @@ class GroupTest extends FunctionalTest {
 	}
 
 	public function testCollateAncestorIDs() {
-		$parentGroup = $this->objFromFixture('Group', 'parentgroup');
+		$parentGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'parentgroup');
-		$childGroup = $this->objFromFixture('Group', 'childgroup');
+		$childGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'childgroup');
 		$orphanGroup = new Group();
 		$orphanGroup->ParentID = 99999;
 		$orphanGroup->write();
@@ -110,26 +113,26 @@ class GroupTest extends FunctionalTest {
 	}
 
 	public function testDelete() {
-		$group = $this->objFromFixture('Group', 'parentgroup');
+		$group = $this->objFromFixture('SilverStripe\\Security\\Group', 'parentgroup');
 		$groupID = $group->ID;
-		$childGroupID = $this->idFromFixture('Group', 'childgroup');
+		$childGroupID = $this->idFromFixture('SilverStripe\\Security\\Group', 'childgroup');
 		$group->delete();
 
-		$this->assertEquals(0, DataObject::get('Group', "\"ID\" = {$groupID}")->Count(),
+		$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Group', "\"ID\" = {$groupID}")->Count(),
 			'Group is removed');
-		$this->assertEquals(0, DataObject::get('Permission', "\"GroupID\" = {$groupID}")->Count(),
+		$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Permission', "\"GroupID\" = {$groupID}")->Count(),
 			'Permissions removed along with the group');
-		$this->assertEquals(0, DataObject::get('Group', "\"ParentID\" = {$groupID}")->Count(),
+		$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Group', "\"ParentID\" = {$groupID}")->Count(),
 			'Child groups are removed');
-		$this->assertEquals(0, DataObject::get('Group', "\"ParentID\" = {$childGroupID}")->Count(),
+		$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Group', "\"ParentID\" = {$childGroupID}")->Count(),
 			'Grandchild groups are removed');
 	}
 
 	public function testValidatesPrivilegeLevelOfParent() {
 		$nonAdminUser = $this->objFromFixture('GroupTest_Member', 'childgroupuser');
 		$adminUser = $this->objFromFixture('GroupTest_Member', 'admin');
-		$nonAdminGroup = $this->objFromFixture('Group', 'childgroup');
+		$nonAdminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'childgroup');
-		$adminGroup = $this->objFromFixture('Group', 'admingroup');
+		$adminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'admingroup');
 
 		$nonAdminValidateMethod = new ReflectionMethod($nonAdminGroup, 'validate');
 		$nonAdminValidateMethod->setAccessible(true);
@@ -154,7 +157,7 @@ class GroupTest extends FunctionalTest {
 		$newlyAdminGroup = $nonAdminGroup;
 
 		$this->logInWithPermission('ADMIN');
-		$inheritedAdminGroup = $this->objFromFixture('Group', 'group1');
+		$inheritedAdminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'group1');
 		$inheritedAdminMethod = new ReflectionMethod($inheritedAdminGroup, 'validate');
 		$inheritedAdminMethod->setAccessible(true);
 		$inheritedAdminGroup->ParentID = $adminGroup->ID;
@@ -173,7 +176,7 @@ class GroupTest extends FunctionalTest {
 class GroupTest_Member extends Member implements TestOnly {
 
 	public function getCMSFields() {
-		$groups = DataObject::get('Group');
+		$groups = DataObject::get('SilverStripe\\Security\\Group');
 		$groupsMap = ($groups) ? $groups->map() : false;
 		$fields = new FieldList(
 			new HiddenField('ID', 'ID'),

tests/security/GroupTest.yml

@@ -1,32 +1,32 @@
-Group:
+'SilverStripe\Security\Group':
-   admingroup:
+  admingroup:
-      Code: admingroup
+    Code: admingroup
-   parentgroup:
+  parentgroup:
-      Code: parentgroup
+    Code: parentgroup
-   childgroup:
+  childgroup:
-      Code: childgroup
+    Code: childgroup
-      Parent: =>Group.parentgroup
+    Parent: '=>SilverStripe\Security\Group.parentgroup'
-   grandchildgroup:
+  grandchildgroup:
-      Code: grandchildgroup
+    Code: grandchildgroup
-      Parent: =>Group.childgroup
+    Parent: '=>SilverStripe\Security\Group.childgroup'
-   group1:
+  group1:
-      Title: Group 1
+    Title: Group 1
-   group2:
+  group2:
-      Title: Group 2
+    Title: Group 2
 GroupTest_Member:
-   admin:
+  admin:
-      FirstName: Admin
+    FirstName: Admin
-      Groups: =>Group.admingroup
+    Groups: '=>SilverStripe\Security\Group.admingroup'
-   parentgroupuser:
+  parentgroupuser:
-      FirstName: Parent Group User
+    FirstName: Parent Group User
-      Groups: =>Group.parentgroup
+    Groups: '=>SilverStripe\Security\Group.parentgroup'
-   childgroupuser:
+  childgroupuser:
-      FirstName: Child Group User
+    FirstName: Child Group User
-      Groups: =>Group.childgroup
+    Groups: '=>SilverStripe\Security\Group.childgroup'
-   allgroupuser:
+  allgroupuser:
-      FirstName: All Group User
+    FirstName: All Group User
-      Groups: =>Group.admingroup,=>Group.parentgroup,=>Group.childgroup
+    Groups: '=>SilverStripe\Security\Group.admingroup,=>SilverStripe\Security\Group.parentgroup,=>SilverStripe\Security\Group.childgroup'
-Permission:
+'SilverStripe\Security\Permission':
-   admincode:
+  admincode:
-      Code: ADMIN
+    Code: ADMIN
-      Group: =>Group.admingroup
+    Group: '=>SilverStripe\Security\Group.admingroup'

tests/security/MemberAuthenticatorTest.php

@@ -2,6 +2,12 @@
 
 use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\FieldType\DBDatetime;
+use SilverStripe\Security\Security;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\MemberAuthenticator;
+use SilverStripe\Security\MemberLoginForm;
+use SilverStripe\Security\CMSMemberLoginForm;
+
 /**
  * @package framework
  * @subpackage tests
@@ -43,15 +49,18 @@ class MemberAuthenticatorTest extends SapphireTest {
 		);
 		MemberAuthenticator::authenticate($data);
 
-		$member = DataObject::get_by_id('Member', $member->ID);
+		$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $member->ID);
 		$this->assertEquals($member->PasswordEncryption, "sha1_v2.4");
 		$result = $member->checkPassword('mypassword');
 		$this->assertTrue($result->valid());
 	}
 
 	public function testNoLegacyPasswordHashMigrationOnIncompatibleAlgorithm() {
-		Config::inst()->update('PasswordEncryptor', 'encryptors',
+		Config::inst()->update(
-			array('crc32'=>array('PasswordEncryptor_PHPHash'=>'crc32')));
+			'SilverStripe\\Security\\PasswordEncryptor',
+			'encryptors',
+			array('crc32' => array('SilverStripe\\Security\\PasswordEncryptor_PHPHash' => 'crc32'))
+		);
 		$field=Member::config()->unique_identifier_field;
 
 		$member = new Member();
@@ -66,7 +75,7 @@ class MemberAuthenticatorTest extends SapphireTest {
 		);
 		MemberAuthenticator::authenticate($data);
 
-		$member = DataObject::get_by_id('Member', $member->ID);
+		$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $member->ID);
 		$this->assertEquals($member->PasswordEncryption, "crc32");
 		$result = $member->checkPassword('mypassword');
 		$this->assertTrue($result->valid());
@@ -77,7 +86,7 @@ class MemberAuthenticatorTest extends SapphireTest {
 		$origField = Member::config()->unique_identifier_field;
 		Member::config()->unique_identifier_field = 'Username';
 
-		$label=singleton('Member')->fieldLabel(Member::config()->unique_identifier_field);
+		$label=singleton('SilverStripe\\Security\\Member')->fieldLabel(Member::config()->unique_identifier_field);
 
 		$this->assertEquals($label, 'Username');
 
@@ -170,8 +179,8 @@ class MemberAuthenticatorTest extends SapphireTest {
 
 	public function testDefaultAdminLockOut()
 	{
-		Config::inst()->update('Member', 'lock_out_after_incorrect_logins', 1);
+		Config::inst()->update('SilverStripe\\Security\\Member', 'lock_out_after_incorrect_logins', 1);
-		Config::inst()->update('Member', 'lock_out_delay_mins', 10);
+		Config::inst()->update('SilverStripe\\Security\\Member', 'lock_out_delay_mins', 10);
 		DBDatetime::set_mock_now('2016-04-18 00:00:00');
 		$controller = new Security();
 		$form = new Form($controller, 'Form', new FieldList(), new FieldList());

tests/security/MemberCsvBulkLoaderTest.php

@@ -1,6 +1,10 @@
 <?php
 
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\MemberCsvBulkLoader;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Security;
+
 /**
  * @package framework
  * @subpackage tests
@@ -35,7 +39,7 @@ class MemberCsvBulkLoaderTest extends SapphireTest {
 	}
 
 	public function testAddToPredefinedGroups() {
-		$existinggroup = $this->objFromFixture('Group', 'existinggroup');
+		$existinggroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'existinggroup');
 
 		$loader = new MemberCsvBulkLoader();
 		$loader->setGroups(array($existinggroup));
@@ -51,12 +55,12 @@ class MemberCsvBulkLoaderTest extends SapphireTest {
 	}
 
 	public function testAddToCsvColumnGroupsByCode() {
-		$existinggroup = $this->objFromFixture('Group', 'existinggroup');
+		$existinggroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'existinggroup');
 
 		$loader = new MemberCsvBulkLoader();
 		$results = $loader->load($this->getCurrentRelativePath() . '/MemberCsvBulkLoaderTest_withGroups.csv');
 
-		$newgroup = DataObject::get_one('Group', array(
+		$newgroup = DataObject::get_one('SilverStripe\\Security\\Group', array(
 			'"Group"."Code"' => 'newgroup'
 		));
 		$this->assertEquals($newgroup->Title, 'newgroup');
@@ -78,7 +82,7 @@ class MemberCsvBulkLoaderTest extends SapphireTest {
 		$member = $results->Created()->First();
 		$memberID = $member->ID;
 		DataObject::flush_and_destroy_cache();
-		$member = DataObject::get_by_id('Member', $memberID);
+		$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $memberID);
 
 		// TODO Direct getter doesn't work, wtf!
 		$this->assertEquals(Security::config()->password_encryption_algorithm, $member->getField('PasswordEncryption'));

tests/security/MemberCsvBulkLoaderTest.yml

@@ -1,7 +1,7 @@
-Group:
+'SilverStripe\Security\Group':
   existinggroup:
     Code: existinggroup
-Member:
+'SilverStripe\Security\Member':
   existingauthor:
     Email: existingauthor@test.com
     FirstName: Existing Author

tests/security/MemberTest.php

@@ -4,6 +4,16 @@ use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\DB;
 use SilverStripe\ORM\FieldType\DBDatetime;
 use SilverStripe\ORM\DataExtension;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Security;
+use SilverStripe\Security\MemberPassword;
+use SilverStripe\Security\Group;
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\PasswordEncryptor_Blowfish;
+use SilverStripe\Security\RememberLoginHash;
+use SilverStripe\Security\Member_Validator;
+use SilverStripe\Security\PasswordValidator;
+
 
 /**
  * @package framework
@@ -16,7 +26,7 @@ class MemberTest extends FunctionalTest {
 	protected $local = null;
 
 	protected $illegalExtensions = array(
-		'Member' => array(
+		'SilverStripe\\Security\\Member' => array(
 			// TODO Coupling with modules, this should be resolved by automatically
 			// removing all applied extensions before a unit test
 			'ForumRole',
@@ -140,7 +150,7 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testSetPassword() {
-		$member = $this->objFromFixture('Member', 'test');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
 		$member->Password = "test1";
 		$member->write();
 		$result = $member->checkPassword('test1');
@@ -151,7 +161,7 @@ class MemberTest extends FunctionalTest {
 	 * Test that password changes are logged properly
 	 */
 	public function testPasswordChangeLogging() {
-		$member = $this->objFromFixture('Member', 'test');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
 		$this->assertNotNull($member);
 		$member->Password = "test1";
 		$member->write();
@@ -162,7 +172,7 @@ class MemberTest extends FunctionalTest {
 		$member->Password = "test3";
 		$member->write();
 
-		$passwords = DataObject::get("MemberPassword", "\"MemberID\" = $member->ID", "\"Created\" DESC, \"ID\" DESC")
+		$passwords = DataObject::get("SilverStripe\\Security\\MemberPassword", "\"MemberID\" = $member->ID", "\"Created\" DESC, \"ID\" DESC")
 			->getIterator();
 		$this->assertNotNull($passwords);
 		$passwords->rewind();
@@ -191,11 +201,11 @@ class MemberTest extends FunctionalTest {
 	 * Test that changed passwords will send an email
 	 */
 	public function testChangedPasswordEmaling() {
-		Config::inst()->update('Member', 'notify_password_change', true);
+		Config::inst()->update('SilverStripe\\Security\\Member', 'notify_password_change', true);
 
 		$this->clearEmails();
 
-		$member = $this->objFromFixture('Member', 'test');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
 		$this->assertNotNull($member);
 		$valid = $member->changePassword('32asDF##$$%%');
 		$this->assertTrue($valid->valid());
@@ -212,7 +222,7 @@ class MemberTest extends FunctionalTest {
 		$this->clearEmails();
 		$this->autoFollowRedirection = false;
 
-		$member = $this->objFromFixture('Member', 'test');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
 		$this->assertNotNull($member);
 
 		// Initiate a password-reset
@@ -236,7 +246,7 @@ class MemberTest extends FunctionalTest {
 	 *  - at least 7 characters long
 	 */
 	public function testValidatePassword() {
-		$member = $this->objFromFixture('Member', 'test');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
 		$this->assertNotNull($member);
 
 		Member::set_password_validator(new MemberTest_PasswordValidator());
@@ -320,7 +330,7 @@ class MemberTest extends FunctionalTest {
 	public function testPasswordExpirySetting() {
 		Member::config()->password_expiry_days = 90;
 
-		$member = $this->objFromFixture('Member', 'test');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
 		$this->assertNotNull($member);
 		$valid = $member->changePassword("Xx?1234234");
 		$this->assertTrue($valid->valid());
@@ -336,15 +346,15 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testIsPasswordExpired() {
-		$member = $this->objFromFixture('Member', 'test');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
 		$this->assertNotNull($member);
 		$this->assertFalse($member->isPasswordExpired());
 
-		$member = $this->objFromFixture('Member', 'noexpiry');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'noexpiry');
 		$member->PasswordExpiry = null;
 		$this->assertFalse($member->isPasswordExpired());
 
-		$member = $this->objFromFixture('Member', 'expiredpassword');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'expiredpassword');
 		$this->assertTrue($member->isPasswordExpired());
 
 		// Check the boundary conditions
@@ -361,21 +371,21 @@ class MemberTest extends FunctionalTest {
 	public function testMemberWithNoDateFormatFallsbackToGlobalLocaleDefaultFormat() {
 		Config::inst()->update('i18n', 'date_format', 'yyyy-MM-dd');
 		Config::inst()->update('i18n', 'time_format', 'H:mm');
-		$member = $this->objFromFixture('Member', 'noformatmember');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember');
 		$this->assertEquals('yyyy-MM-dd', $member->DateFormat);
 		$this->assertEquals('H:mm', $member->TimeFormat);
 	}
 
 	public function testInGroups() {
-		$staffmember = $this->objFromFixture('Member', 'staffmember');
+		$staffmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
-		$managementmember = $this->objFromFixture('Member', 'managementmember');
+		$managementmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'managementmember');
-		$accountingmember = $this->objFromFixture('Member', 'accountingmember');
+		$accountingmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'accountingmember');
-		$ceomember = $this->objFromFixture('Member', 'ceomember');
+		$ceomember = $this->objFromFixture('SilverStripe\\Security\\Member', 'ceomember');
 
-		$staffgroup = $this->objFromFixture('Group', 'staffgroup');
+		$staffgroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'staffgroup');
-		$managementgroup = $this->objFromFixture('Group', 'managementgroup');
+		$managementgroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'managementgroup');
-		$accountinggroup = $this->objFromFixture('Group', 'accountinggroup');
+		$accountinggroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'accountinggroup');
-		$ceogroup = $this->objFromFixture('Group', 'ceogroup');
+		$ceogroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'ceogroup');
 
 		$this->assertTrue(
 			$staffmember->inGroups(array($staffgroup, $managementgroup)),
@@ -392,8 +402,8 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testAddToGroupByCode() {
-		$grouplessMember = $this->objFromFixture('Member', 'grouplessmember');
+		$grouplessMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'grouplessmember');
-		$memberlessGroup = $this->objFromFixture('Group','memberlessgroup');
+		$memberlessGroup = $this->objFromFixture('SilverStripe\\Security\\Group','memberlessgroup');
 
 		$this->assertFalse($grouplessMember->Groups()->exists());
 		$this->assertFalse($memberlessGroup->Members()->exists());
@@ -406,7 +416,7 @@ class MemberTest extends FunctionalTest {
 		$grouplessMember->addToGroupByCode('somegroupthatwouldneverexist', 'New Group');
 		$this->assertEquals($grouplessMember->Groups()->Count(), 2);
 
-		$group = DataObject::get_one('Group', array(
+		$group = DataObject::get_one('SilverStripe\\Security\\Group', array(
 			'"Group"."Code"' => 'somegroupthatwouldneverexist'
 		));
 		$this->assertNotNull($group);
@@ -416,8 +426,8 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testRemoveFromGroupByCode() {
-		$grouplessMember = $this->objFromFixture('Member', 'grouplessmember');
+		$grouplessMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'grouplessmember');
-		$memberlessGroup = $this->objFromFixture('Group','memberlessgroup');
+		$memberlessGroup = $this->objFromFixture('SilverStripe\\Security\\Group','memberlessgroup');
 
 		$this->assertFalse($grouplessMember->Groups()->exists());
 		$this->assertFalse($memberlessGroup->Members()->exists());
@@ -430,7 +440,7 @@ class MemberTest extends FunctionalTest {
 		$grouplessMember->addToGroupByCode('somegroupthatwouldneverexist', 'New Group');
 		$this->assertEquals($grouplessMember->Groups()->Count(), 2);
 
-		$group = DataObject::get_one('Group', "\"Code\" = 'somegroupthatwouldneverexist'");
+		$group = DataObject::get_one('SilverStripe\\Security\\Group', "\"Code\" = 'somegroupthatwouldneverexist'");
 		$this->assertNotNull($group);
 		$this->assertEquals($group->Code, 'somegroupthatwouldneverexist');
 		$this->assertEquals($group->Title, 'New Group');
@@ -444,15 +454,15 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testInGroup() {
-		$staffmember = $this->objFromFixture('Member', 'staffmember');
+		$staffmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
-		$managementmember = $this->objFromFixture('Member', 'managementmember');
+		$managementmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'managementmember');
-		$accountingmember = $this->objFromFixture('Member', 'accountingmember');
+		$accountingmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'accountingmember');
-		$ceomember = $this->objFromFixture('Member', 'ceomember');
+		$ceomember = $this->objFromFixture('SilverStripe\\Security\\Member', 'ceomember');
 
-		$staffgroup = $this->objFromFixture('Group', 'staffgroup');
+		$staffgroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'staffgroup');
-		$managementgroup = $this->objFromFixture('Group', 'managementgroup');
+		$managementgroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'managementgroup');
-		$accountinggroup = $this->objFromFixture('Group', 'accountinggroup');
+		$accountinggroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'accountinggroup');
-		$ceogroup = $this->objFromFixture('Group', 'ceogroup');
+		$ceogroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'ceogroup');
 
 		$this->assertTrue(
 			$staffmember->inGroup($staffgroup),
@@ -501,9 +511,9 @@ class MemberTest extends FunctionalTest {
 	 * edit and delete their own record too.
 	 */
 	public function testCanManipulateOwnRecord() {
-		$extensions = $this->removeExtensions(Object::get_extensions('Member'));
+		$extensions = $this->removeExtensions(Object::get_extensions('SilverStripe\\Security\\Member'));
-		$member = $this->objFromFixture('Member', 'test');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
-		$member2 = $this->objFromFixture('Member', 'staffmember');
+		$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
 
 		$this->session()->inst_set('loggedInAs', null);
 
@@ -529,9 +539,9 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testAuthorisedMembersCanManipulateOthersRecords() {
-		$extensions = $this->removeExtensions(Object::get_extensions('Member'));
+		$extensions = $this->removeExtensions(Object::get_extensions('SilverStripe\\Security\\Member'));
-		$member = $this->objFromFixture('Member', 'test');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
-		$member2 = $this->objFromFixture('Member', 'staffmember');
+		$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
 
 		/* Group members with SecurityAdmin permissions can manipulate other records */
 		$this->session()->inst_set('loggedInAs', $member->ID);
@@ -544,8 +554,8 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testExtendedCan() {
-		$extensions = $this->removeExtensions(Object::get_extensions('Member'));
+		$extensions = $this->removeExtensions(Object::get_extensions('SilverStripe\\Security\\Member'));
-		$member = $this->objFromFixture('Member', 'test');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
 
 		/* Normal behaviour is that you can't view a member unless canView() on an extension returns true */
 		$this->assertFalse($member->canView());
@@ -554,7 +564,7 @@ class MemberTest extends FunctionalTest {
 
 		/* Apply a extension that allows viewing in any case (most likely the case for member profiles) */
 		Member::add_extension('MemberTest_ViewingAllowedExtension');
-		$member2 = $this->objFromFixture('Member', 'staffmember');
+		$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
 
 		$this->assertTrue($member2->canView());
 		$this->assertFalse($member2->canDelete());
@@ -563,7 +573,7 @@ class MemberTest extends FunctionalTest {
 		/* Apply a extension that denies viewing of the Member */
 		Member::remove_extension('MemberTest_ViewingAllowedExtension');
 		Member::add_extension('MemberTest_ViewingDeniedExtension');
-		$member3 = $this->objFromFixture('Member', 'managementmember');
+		$member3 = $this->objFromFixture('SilverStripe\\Security\\Member', 'managementmember');
 
 		$this->assertFalse($member3->canView());
 		$this->assertFalse($member3->canDelete());
@@ -572,7 +582,7 @@ class MemberTest extends FunctionalTest {
 		/* Apply a extension that allows viewing and editing but denies deletion */
 		Member::remove_extension('MemberTest_ViewingDeniedExtension');
 		Member::add_extension('MemberTest_EditingAllowedDeletingDeniedExtension');
-		$member4 = $this->objFromFixture('Member', 'accountingmember');
+		$member4 = $this->objFromFixture('SilverStripe\\Security\\Member', 'accountingmember');
 
 		$this->assertTrue($member4->canView());
 		$this->assertFalse($member4->canDelete());
@@ -586,7 +596,7 @@ class MemberTest extends FunctionalTest {
 	 * Tests for {@link Member::getName()} and {@link Member::setName()}
 	 */
 	public function testName() {
-		$member = $this->objFromFixture('Member', 'test');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
 		$member->setName('Test Some User');
 		$this->assertEquals('Test Some User', $member->getName());
 		$member->setName('Test');
@@ -597,10 +607,10 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testMembersWithSecurityAdminAccessCantEditAdminsUnlessTheyreAdminsThemselves() {
-		$adminMember = $this->objFromFixture('Member', 'admin');
+		$adminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
-		$otherAdminMember = $this->objFromFixture('Member', 'other-admin');
+		$otherAdminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'other-admin');
-		$securityAdminMember = $this->objFromFixture('Member', 'test');
+		$securityAdminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
-		$ceoMember = $this->objFromFixture('Member', 'ceomember');
+		$ceoMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'ceomember');
 
 		// Careful: Don't read as english language.
 		// More precisely this should read canBeEditedBy()
@@ -615,9 +625,9 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testOnChangeGroups() {
-		$staffGroup = $this->objFromFixture('Group', 'staffgroup');
+		$staffGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'staffgroup');
-		$staffMember = $this->objFromFixture('Member', 'staffmember');
+		$staffMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
-		$adminMember = $this->objFromFixture('Member', 'admin');
+		$adminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
 		$newAdminGroup = new Group(array('Title' => 'newadmin'));
 		$newAdminGroup->write();
 		Permission::grant($newAdminGroup->ID, 'ADMIN');
@@ -654,8 +664,8 @@ class MemberTest extends FunctionalTest {
 	 * Test Member_GroupSet::add
 	 */
 	public function testOnChangeGroupsByAdd() {
-		$staffMember = $this->objFromFixture('Member', 'staffmember');
+		$staffMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
-		$adminMember = $this->objFromFixture('Member', 'admin');
+		$adminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
 
 		// Setup new admin group
 		$newAdminGroup = new Group(array('Title' => 'newadmin'));
@@ -704,7 +714,7 @@ class MemberTest extends FunctionalTest {
 	 * Test Member_GroupSet::add
 	 */
 	public function testOnChangeGroupsBySetIDList() {
-		$staffMember = $this->objFromFixture('Member', 'staffmember');
+		$staffMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
 
 		// Setup new admin group
 		$newAdminGroup = new Group(array('Title' => 'newadmin'));
@@ -726,7 +736,7 @@ class MemberTest extends FunctionalTest {
 	public function testUpdateCMSFields() {
 		Member::add_extension('MemberTest_FieldsExtension');
 
-		$member = singleton('Member');
+		$member = singleton('SilverStripe\\Security\\Member');
 		$fields = $member->getCMSFields();
 
 		$this->assertNotNull($fields->dataFieldByName('Email'), 'Scaffolded fields are retained');
@@ -748,11 +758,11 @@ class MemberTest extends FunctionalTest {
 	 * Test that only admin members are returned
 	 */
 	public function testMap_in_groupsReturnsAdmins() {
-		$adminID = $this->objFromFixture('Group', 'admingroup')->ID;
+		$adminID = $this->objFromFixture('SilverStripe\\Security\\Group', 'admingroup')->ID;
 		$members = Member::map_in_groups($adminID)->toArray();
 
-		$admin = $this->objFromFixture('Member', 'admin');
+		$admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
-		$otherAdmin = $this->objFromFixture('Member', 'other-admin');
+		$otherAdmin = $this->objFromFixture('SilverStripe\\Security\\Member', 'other-admin');
 
 		$this->assertTrue(in_array($admin->getTitle(), $members),
 			$admin->getTitle().' should be in the returned list.');
@@ -822,7 +832,7 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testRememberMeHashGeneration() {
-		$m1 = $this->objFromFixture('Member', 'grouplessmember');
+		$m1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'grouplessmember');
 
 		$m1->login(true);
 		$hashes = RememberLoginHash::get()->filter('MemberID', $m1->ID);
@@ -833,9 +843,10 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testRememberMeHashAutologin() {
-		$m1 = $this->objFromFixture('Member', 'noexpiry');
+		/** @var Member $m1 */
+		$m1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'noexpiry');
 
-		$m1->login(true);
+		$m1->logIn(true);
 		$firstHash = RememberLoginHash::get()->filter('MemberID', $m1->ID)->First();
 		$this->assertNotNull($firstHash);
 
@@ -892,7 +903,7 @@ class MemberTest extends FunctionalTest {
 			array(
 				'Email' => $m1->Email,
 				'Password' => '1nitialPassword',
-				'AuthenticationMethod' => 'MemberAuthenticator',
+				'AuthenticationMethod' => 'SilverStripe\\Security\\MemberAuthenticator',
 				'action_dologin' => 'action_dologin'
 			),
 			null,
@@ -907,7 +918,7 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testExpiredRememberMeHashAutologin() {
-		$m1 = $this->objFromFixture('Member', 'noexpiry');
+		$m1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'noexpiry');
 
 		$m1->login(true);
 		$firstHash = RememberLoginHash::get()->filter('MemberID', $m1->ID)->First();
@@ -962,7 +973,7 @@ class MemberTest extends FunctionalTest {
 	}
 
 	public function testRememberMeMultipleDevices() {
-		$m1 = $this->objFromFixture('Member', 'noexpiry');
+		$m1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'noexpiry');
 
 		// First device
 		$m1->login(true);
@@ -1021,10 +1032,10 @@ class MemberTest extends FunctionalTest {
 		);
 		$this->assertContains($message, $response->getBody());
 
-		$logout_across_devices = Config::inst()->get('RememberLoginHash', 'logout_across_devices');
+		$logout_across_devices = Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'logout_across_devices');
 
 		// Logging out from the second device - only one device being logged out
-		Config::inst()->update('RememberLoginHash', 'logout_across_devices', false);
+		Config::inst()->update('SilverStripe\\Security\\RememberLoginHash', 'logout_across_devices', false);
 		$response = $this->get(
 			'Security/logout',
 			$this->session(),
@@ -1040,7 +1051,7 @@ class MemberTest extends FunctionalTest {
 		);
 
 		// Logging out from any device when all login hashes should be removed
-		Config::inst()->update('RememberLoginHash', 'logout_across_devices', true);
+		Config::inst()->update('SilverStripe\\Security\\RememberLoginHash', 'logout_across_devices', true);
 		$m1->login(true);
 		$response = $this->get('Security/logout', $this->session());
 		$this->assertEquals(
@@ -1048,14 +1059,14 @@ class MemberTest extends FunctionalTest {
 			0
 		);
 
-		Config::inst()->update('RememberLoginHash', 'logout_across_devices', $logout_across_devices);
+		Config::inst()->update('SilverStripe\\Security\\RememberLoginHash', 'logout_across_devices', $logout_across_devices);
 	}
 
 	public function testCanDelete() {
-		$admin1 = $this->objFromFixture('Member', 'admin');
+		$admin1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
-		$admin2 = $this->objFromFixture('Member', 'other-admin');
+		$admin2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'other-admin');
-		$member1 = $this->objFromFixture('Member', 'grouplessmember');
+		$member1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'grouplessmember');
-		$member2 = $this->objFromFixture('Member', 'noformatmember');
+		$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember');
 
 		$this->assertTrue(
 			$admin1->canDelete($admin2),
@@ -1083,9 +1094,9 @@ class MemberTest extends FunctionalTest {
 		$maxFailedLoginsAllowed = 3;
 		//set up the config variables to enable login lockouts
 		Config::nest();
-		Config::inst()->update('Member', 'lock_out_after_incorrect_logins', $maxFailedLoginsAllowed);
+		Config::inst()->update('SilverStripe\\Security\\Member', 'lock_out_after_incorrect_logins', $maxFailedLoginsAllowed);
 
-		$member = $this->objFromFixture('Member', 'test');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
 		$failedLoginCount = $member->FailedLoginCount;
 
 		for ($i = 1; $i < $maxFailedLoginsAllowed; ++$i) {
@@ -1107,9 +1118,9 @@ class MemberTest extends FunctionalTest {
 	public function testMemberValidator()
 	{
 		// clear custom requirements for this test
-		Config::inst()->update('Member_Validator', 'customRequired', null);
+		Config::inst()->update('SilverStripe\\Security\\Member_Validator', 'customRequired', null);
-		$memberA = $this->objFromFixture('Member', 'admin');
+		$memberA = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
-		$memberB = $this->objFromFixture('Member', 'test');
+		$memberB = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
 
 		// create a blank form
 		$form = new MemberTest_ValidatorForm();
@@ -1173,7 +1184,7 @@ class MemberTest extends FunctionalTest {
 	public function testMemberValidatorWithExtensions()
 	{
 		// clear custom requirements for this test
-		Config::inst()->update('Member_Validator', 'customRequired', null);
+		Config::inst()->update('SilverStripe\\Security\\Member_Validator', 'customRequired', null);
 
 		// create a blank form
 		$form = new MemberTest_ValidatorForm();
@@ -1231,9 +1242,9 @@ class MemberTest extends FunctionalTest {
 	public function testCustomMemberValidator()
 	{
 		// clear custom requirements for this test
-		Config::inst()->update('Member_Validator', 'customRequired', null);
+		Config::inst()->update('SilverStripe\\Security\\Member_Validator', 'customRequired', null);
 
-		$member = $this->objFromFixture('Member', 'admin');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
 
 		$form = new MemberTest_ValidatorForm();
 		$form->loadDataFrom($member);

tests/security/MemberTest.yml

@@ -1,51 +1,51 @@
-Permission:
+'SilverStripe\Security\Permission':
   admin:
     Code: ADMIN
   security-admin:
     Code: CMS_ACCESS_SecurityAdmin
-Group:
+'SilverStripe\Security\Group':
   admingroup:
     Title: Admin
     Code: admin
-    Permissions: =>Permission.admin
+    Permissions: '=>SilverStripe\Security\Permission.admin'
   securityadminsgroup:
     Title: securityadminsgroup
     Code: securityadminsgroup
-    Permissions: =>Permission.security-admin
+    Permissions: '=>SilverStripe\Security\Permission.security-admin'
   staffgroup:
     Title: staffgroup
     Code: staffgroup
   managementgroup:
     Title: managementgroup
     Code: managementgroup
-    Parent: =>Group.staffgroup
+    Parent: '=>SilverStripe\Security\Group.staffgroup'
   accountinggroup:
     Title: accountinggroup
     Code: accountinggroup
-    Parent: =>Group.staffgroup
+    Parent: '=>SilverStripe\Security\Group.staffgroup'
   ceogroup:
     Title: ceogroup
     Code: ceogroup
-    Parent: =>Group.managementgroup
+    Parent: '=>SilverStripe\Security\Group.managementgroup'
   memberlessgroup:
     Title: Memberless Group
     code: memberless
-Member:
+'SilverStripe\Security\Member':
   admin:
     FirstName: Admin
     Email: admin@silverstripe.com
-    Groups: =>Group.admingroup
+    Groups: '=>SilverStripe\Security\Group.admingroup'
   other-admin:
     FirstName: OtherAdmin
     Email: other-admin@silverstripe.com
-    Groups: =>Group.admingroup
+    Groups: '=>SilverStripe\Security\Group.admingroup'
   test:
     FirstName: Test
     Surname: User
     Email: testuser@example.com
     Password: 1nitialPassword
     PasswordExpiry: 2030-01-01
-    Groups: =>Group.securityadminsgroup
+    Groups: '=>SilverStripe\Security\Group.securityadminsgroup'
   expiredpassword:
     FirstName: Test
     Surname: User
@@ -59,16 +59,16 @@ Member:
     Password: 1nitialPassword
   staffmember:
     Email: staffmember@test.com
-    Groups: =>Group.staffgroup
+    Groups: '=>SilverStripe\Security\Group.staffgroup'
   managementmember:
     Email: managementmember@test.com
-    Groups: =>Group.managementgroup
+    Groups: '=>SilverStripe\Security\Group.managementgroup'
   accountingmember:
     Email: accountingmember@test.com
-    Groups: =>Group.accountinggroup
+    Groups: '=>SilverStripe\Security\Group.accountinggroup'
   ceomember:
     Email: ceomember@test.com
-    Groups: =>Group.ceogroup
+    Groups: '=>SilverStripe\Security\Group.ceogroup'
   grouplessmember:
     FirstName: Groupless Member
   noformatmember:

tests/security/PasswordEncryptorTest.php

@@ -1,4 +1,8 @@
 <?php
+
+use SilverStripe\Security\PasswordEncryptor_Blowfish;
+use SilverStripe\Security\PasswordEncryptor;
+
 class PasswordEncryptorTest extends SapphireTest {
 
 	/**
@@ -19,22 +23,28 @@ class PasswordEncryptorTest extends SapphireTest {
 	}
 
 	public function testCreateForCode() {
-		Config::inst()->update('PasswordEncryptor', 'encryptors',
+		Config::inst()->update(
-			array('test'=>array('PasswordEncryptorTest_TestEncryptor'=>null)));
+			'SilverStripe\\Security\\PasswordEncryptor',
+			'encryptors',
+			['test' => ['PasswordEncryptorTest_TestEncryptor' => null]]
+		);
 		$e = PasswordEncryptor::create_for_algorithm('test');
 		$this->assertInstanceOf('PasswordEncryptorTest_TestEncryptor', $e );
 	}
 
 	/**
-	 * @expectedException PasswordEncryptor_NotFoundException
+	 * @expectedException SilverStripe\Security\PasswordEncryptor_NotFoundException
 	 */
 	public function testCreateForCodeNotFound() {
 		PasswordEncryptor::create_for_algorithm('unknown');
 	}
 
 	public function testRegister() {
-		Config::inst()->update('PasswordEncryptor', 'encryptors',
+		Config::inst()->update(
-			array('test'=>array('PasswordEncryptorTest_TestEncryptor'=>null)));
+			'SilverStripe\\Security\\PasswordEncryptor',
+			'encryptors',
+			array('test' => array('PasswordEncryptorTest_TestEncryptor' => null))
+		);
 		$encryptors = PasswordEncryptor::get_encryptors();
 		$this->assertContains('test', array_keys($encryptors));
 		$encryptor = $encryptors['test'];
@@ -42,22 +52,31 @@ class PasswordEncryptorTest extends SapphireTest {
 	}
 
 	public function testUnregister() {
-		Config::inst()->update('PasswordEncryptor', 'encryptors',
+		Config::inst()->update(
-			array('test'=>array('PasswordEncryptorTest_TestEncryptor'=>null)));
+			'SilverStripe\\Security\\PasswordEncryptor',
-		Config::inst()->remove('PasswordEncryptor', 'encryptors', 'test');
+			'encryptors',
+			array('test' => array('PasswordEncryptorTest_TestEncryptor' => null))
+		);
+		Config::inst()->remove('SilverStripe\\Security\\PasswordEncryptor', 'encryptors', 'test');
 		$this->assertNotContains('test', array_keys(PasswordEncryptor::get_encryptors()));
 	}
 
 	public function testEncryptorPHPHashWithArguments() {
-		Config::inst()->update('PasswordEncryptor', 'encryptors',
+		Config::inst()->update(
-			array('test_md5'=>array('PasswordEncryptor_PHPHash'=>'md5')));
+			'SilverStripe\\Security\\PasswordEncryptor',
+			'encryptors',
+			['test_md5' => ['SilverStripe\\Security\\PasswordEncryptor_PHPHash'=>'md5']]
+		);
 		$e = PasswordEncryptor::create_for_algorithm('test_md5');
 		$this->assertEquals('md5', $e->getAlgorithm());
 	}
 
 	public function testEncryptorPHPHash() {
-		Config::inst()->update('PasswordEncryptor', 'encryptors',
+		Config::inst()->update(
-			array('test_sha1'=>array('PasswordEncryptor_PHPHash'=>'sha1')));
+			'SilverStripe\\Security\\PasswordEncryptor',
+			'encryptors',
+			['test_sha1' => ['SilverStripe\\Security\\PasswordEncryptor_PHPHash' => 'sha1']]
+		);
 		$e = PasswordEncryptor::create_for_algorithm('test_sha1');
 		$password = 'mypassword';
 		$salt = 'mysalt';
@@ -68,8 +87,11 @@ class PasswordEncryptorTest extends SapphireTest {
 	}
 
 	public function testEncryptorBlowfish() {
-		Config::inst()->update('PasswordEncryptor', 'encryptors',
+		Config::inst()->update(
-			array('test_blowfish'=>array('PasswordEncryptor_Blowfish'=>'')));
+			'SilverStripe\\Security\\PasswordEncryptor',
+			'encryptors',
+			['test_blowfish' => ['SilverStripe\\Security\\PasswordEncryptor_Blowfish' => '']]
+		);
 		$e = PasswordEncryptor::create_for_algorithm('test_blowfish');
 
 		$password = 'mypassword';
@@ -114,8 +136,11 @@ class PasswordEncryptorTest extends SapphireTest {
 	}
 
 	public function testEncryptorPHPHashCheck() {
-		Config::inst()->update('PasswordEncryptor', 'encryptors',
+		Config::inst()->update(
-			array('test_sha1'=>array('PasswordEncryptor_PHPHash'=>'sha1')));
+			'SilverStripe\\Security\\PasswordEncryptor',
+			'encryptors',
+			['test_sha1' => ['SilverStripe\\Security\\PasswordEncryptor_PHPHash' => 'sha1']]
+		);
 		$e = PasswordEncryptor::create_for_algorithm('test_sha1');
 		$this->assertTrue($e->check(sha1('mypassword'), 'mypassword'));
 		$this->assertFalse($e->check(sha1('mypassword'), 'mywrongpassword'));
@@ -128,8 +153,11 @@ class PasswordEncryptorTest extends SapphireTest {
 	 * 	php -r "echo(base_convert(sha1('mypassword'), 16, 36));"
 	 */
 	public function testEncryptorLegacyPHPHashCheck() {
-		Config::inst()->update('PasswordEncryptor', 'encryptors',
+		Config::inst()->update(
-			array('test_sha1legacy'=>array('PasswordEncryptor_LegacyPHPHash'=>'sha1')));
+			'SilverStripe\\Security\\PasswordEncryptor',
+			'encryptors',
+			['test_sha1legacy' => ['SilverStripe\\Security\\PasswordEncryptor_LegacyPHPHash' => 'sha1']]
+		);
 		$e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
 		// precomputed hashes for 'mypassword' from different architectures
 		$amdHash = 'h1fj0a6m4o6k0sosks88oo08ko4gc4s';

tests/security/PasswordValidatorTest.php

@@ -1,4 +1,7 @@
 <?php
+
+use SilverStripe\Security\PasswordValidator;
+use SilverStripe\Security\Member;
 /**
  * @package framework
  * @subpackage tests

tests/security/PermissionCheckboxSetFieldTest.php

@@ -1,6 +1,8 @@
 <?php
 
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\PermissionCheckboxSetField;
+
 /**
  * @package framework
  * @subpackage tests
@@ -12,7 +14,7 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
 		$f = new PermissionCheckboxSetField(
 			'Permissions',
 			'Permissions',
-			'Permission',
+			'SilverStripe\\Security\\Permission',
 			'GroupID'
 		);
 		$f->setHiddenPermissions(
@@ -27,19 +29,19 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
 	}
 
 	public function testSaveInto() {
-		$group = $this->objFromFixture('Group', 'group');  // tested group
+		$group = $this->objFromFixture('SilverStripe\\Security\\Group', 'group');  // tested group
-		$untouchable = $this->objFromFixture('Group', 'untouchable');  // group that should not change
+		$untouchable = $this->objFromFixture('SilverStripe\\Security\\Group', 'untouchable');  // group that should not change
 
 		$field = new PermissionCheckboxSetField(
 			'Permissions',
 			'Permissions',
-			'Permission',
+			'SilverStripe\\Security\\Permission',
 			'GroupID',
 			$group
 		);
 
 		// get the number of permissions before we start
-		$baseCount = DataObject::get('Permission')->Count();
+		$baseCount = DataObject::get('SilverStripe\\Security\\Permission')->Count();
 
 		// there are currently no permissions, save empty checkbox
 		$field->saveInto($group);
@@ -51,7 +53,7 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
 		$this->assertEquals($untouchable->Permissions()->where("\"Code\"='ADMIN'")->Count(), 1,
 			'The other group has ADMIN permission');
 
-		$this->assertEquals(DataObject::get('Permission')->Count(), $baseCount, 'There are no orphaned permissions');
+		$this->assertEquals(DataObject::get('SilverStripe\\Security\\Permission')->Count(), $baseCount, 'There are no orphaned permissions');
 
 		// add some permissions
 		$field->setValue(array(
@@ -74,7 +76,7 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
 		$this->assertEquals($untouchable->Permissions()->where("\"Code\"='ADMIN'")->Count(), 1,
 			'The other group has ADMIN permission');
 
-		$this->assertEquals(DataObject::get('Permission')->Count(), $baseCount+2,
+		$this->assertEquals(DataObject::get('SilverStripe\\Security\\Permission')->Count(), $baseCount+2,
 			'There are no orphaned permissions');
 
 		// remove permission
@@ -95,7 +97,7 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
 		$this->assertEquals($untouchable->Permissions()->where("\"Code\"='ADMIN'")->Count(), 1,
 			'The other group has ADMIN permission');
 
-		$this->assertEquals(DataObject::get('Permission')->Count(), $baseCount+1,
+		$this->assertEquals(DataObject::get('SilverStripe\\Security\\Permission')->Count(), $baseCount+1,
 			'There are no orphaned permissions');
 	}
 }

tests/security/PermissionCheckboxSetFieldTest.yml

@@ -1,11 +1,11 @@
-Group:
+'SilverStripe\Security\Group':
-    group:
+  group:
-        Code: group
+    Code: group
-    untouchable:
+  untouchable:
-        Code: untouchable
+    Code: untouchable
-Permission:
+'SilverStripe\Security\Permission':
-    perm1:
+  perm1:
-        Code: ADMIN
+    Code: ADMIN
-        Group: =>Group.untouchable
+    Group: '=>SilverStripe\Security\Group.untouchable'
-    perm2:
+  perm2:
-        Code: NON-ADMIN
+    Code: NON-ADMIN

tests/security/PermissionRoleTest.php

@@ -1,6 +1,8 @@
 <?php
 
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\PermissionRoleCode;
+
 /**
  * @package framework
  * @subpackage tests
@@ -9,13 +11,13 @@ class PermissionRoleTest extends FunctionalTest {
 	protected static $fixture_file = 'PermissionRoleTest.yml';
 
 	public function testDelete() {
-		$role = $this->objFromFixture('PermissionRole', 'role');
+		$role = $this->objFromFixture('SilverStripe\\Security\\PermissionRole', 'role');
 
 		$role->delete();
 
-		$this->assertEquals(0, DataObject::get('PermissionRole', "\"ID\"={$role->ID}")->count(),
+		$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\PermissionRole', "\"ID\"={$role->ID}")->count(),
 			'Role is removed');
-		$this->assertEquals(0, DataObject::get('PermissionRoleCode',"\"RoleID\"={$role->ID}")->count(),
+		$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\PermissionRoleCode',"\"RoleID\"={$role->ID}")->count(),
 			'Permissions removed along with the role');
 	}
 

tests/security/PermissionRoleTest.yml

@@ -1,7 +1,7 @@
-PermissionRole:
+'SilverStripe\Security\PermissionRole':
-   role:
+  role:
-      Title: role
+    Title: role
-PermissionRoleCode:
+'SilverStripe\Security\PermissionRoleCode':
-   code:
+  code:
-      Code: ADMIN
+    Code: ADMIN
-      Role: =>PermissionRole.role
+    Role: '=>SilverStripe\Security\PermissionRole.role'

tests/security/PermissionTest.php

@@ -1,5 +1,9 @@
 <?php
 
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\PermissionCheckboxSetField;
+
 /**
  * @package framework
  * @subpackage tests
@@ -19,12 +23,12 @@ class PermissionTest extends SapphireTest {
 	}
 
 	public function testDirectlyAppliedPermissions() {
-		$member = $this->objFromFixture('Member', 'author');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'author');
 		$this->assertTrue(Permission::checkMember($member, "SITETREE_VIEW_ALL"));
 	}
 
 	public function testCMSAccess() {
-		$members = Member::get()->byIDs($this->allFixtureIDs('Member'));
+		$members = Member::get()->byIDs($this->allFixtureIDs('SilverStripe\\Security\\Member'));
 		foreach ($members as $member) {
 			$this->assertTrue(Permission::checkMember($member, 'CMS_ACCESS'));
 		}
@@ -41,7 +45,7 @@ class PermissionTest extends SapphireTest {
 
 	public function testLeftAndMainAccessAll() {
 		//add user and group
-		$member = $this->objFromFixture('Member', 'leftandmain');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'leftandmain');
 
 		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_MyAdmin"));
 		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
@@ -49,14 +53,14 @@ class PermissionTest extends SapphireTest {
 	}
 
 	public function testPermissionAreInheritedFromOneRole() {
-		$member = $this->objFromFixture('Member', 'author');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'author');
 		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_MyAdmin"));
 		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
 		$this->assertFalse(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));
 	}
 
 	public function testPermissionAreInheritedFromMultipleRoles() {
-		$member = $this->objFromFixture('Member', 'access');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'access');
 		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_MyAdmin"));
 		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
 		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));
@@ -65,7 +69,7 @@ class PermissionTest extends SapphireTest {
 	}
 
 	public function testPermissionsForMember() {
-		$member = $this->objFromFixture('Member', 'access');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'access');
 		$permissions = Permission::permissions_for_member($member->ID);
 		$this->assertEquals(4, count($permissions));
 		$this->assertTrue(in_array('CMS_ACCESS_MyAdmin', $permissions));
@@ -73,7 +77,7 @@ class PermissionTest extends SapphireTest {
 		$this->assertTrue(in_array('CMS_ACCESS_SecurityAdmin', $permissions));
 		$this->assertTrue(in_array('EDIT_PERMISSIONS', $permissions));
 
-		$group = $this->objFromFixture("Group", "access");
+		$group = $this->objFromFixture("SilverStripe\\Security\\Group", "access");
 
 		Permission::deny($group->ID, "CMS_ACCESS_MyAdmin");
 		$permissions = Permission::permissions_for_member($member->ID);
@@ -82,7 +86,7 @@ class PermissionTest extends SapphireTest {
 	}
 
 	public function testRolesAndPermissionsFromParentGroupsAreInherited() {
-		$member = $this->objFromFixture('Member', 'globalauthor');
+		$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'globalauthor');
 
 		// Check that permissions applied to the group are there
 		$this->assertTrue(Permission::checkMember($member, "SITETREE_EDIT_ALL"));
@@ -101,8 +105,8 @@ class PermissionTest extends SapphireTest {
 	 * Ensure the the get_*_by_permission functions are permission role aware
 	 */
 	public function testGettingMembersByPermission() {
-		$accessMember = $this->objFromFixture('Member', 'access');
+		$accessMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'access');
-		$accessAuthor = $this->objFromFixture('Member', 'author');
+		$accessAuthor = $this->objFromFixture('SilverStripe\\Security\\Member', 'author');
 
 		$result = Permission::get_members_by_permission(array('CMS_ACCESS_SecurityAdmin'));
 		$resultIDs = $result ? $result->column() : array();
@@ -114,14 +118,14 @@ class PermissionTest extends SapphireTest {
 
 
 	public function testHiddenPermissions(){
-		$permissionCheckboxSet = new PermissionCheckboxSetField('Permissions','Permissions','Permission','GroupID');
+		$permissionCheckboxSet = new PermissionCheckboxSetField('Permissions','Permissions','SilverStripe\\Security\\Permission','GroupID');
 		$this->assertContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field());
 
-		Config::inst()->update('Permission', 'hidden_permissions', array('CMS_ACCESS_LeftAndMain'));
+		Config::inst()->update('SilverStripe\\Security\\Permission', 'hidden_permissions', array('CMS_ACCESS_LeftAndMain'));
 
 		$this->assertNotContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field());
 
-		Config::inst()->remove('Permission', 'hidden_permissions');
+		Config::inst()->remove('SilverStripe\\Security\\Permission', 'hidden_permissions');
 		$this->assertContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field());
 	}
 

tests/security/PermissionTest.yml

@@ -1,25 +1,25 @@
-PermissionRole:
+'SilverStripe\Security\PermissionRole':
   author:
     Title: Author
   access:
    Title: Access Administrator
 
-PermissionRoleCode:
+'SilverStripe\Security\PermissionRoleCode':
   author1:
-    Role: =>PermissionRole.author
+    Role: '=>SilverStripe\Security\PermissionRole.author'
     Code: CMS_ACCESS_MyAdmin
   author2:
-    Role: =>PermissionRole.author
+    Role: '=>SilverStripe\Security\PermissionRole.author'
     Code: CMS_ACCESS_AssetAdmin
   access1:
-    Role: =>PermissionRole.access
+    Role: '=>SilverStripe\Security\PermissionRole.access'
     Code: CMS_ACCESS_SecurityAdmin
   access2:
-    Role: =>PermissionRole.access
+    Role: '=>SilverStripe\Security\PermissionRole.access'
     Code: EDIT_PERMISSIONS
 
 
-Member:
+'SilverStripe\Security\Member':
   author:
     FirstName: Test
     Surname: Author
@@ -34,30 +34,30 @@ Member:
     Surname: AndMain
     Email: leftandmain@example.com
 
-Group:
+'SilverStripe\Security\Group':
   author:
     Title: Authors
-    Members: =>Member.author
+    Members: '=>SilverStripe\Security\Member.author'
-    Roles: =>PermissionRole.author
+    Roles: '=>SilverStripe\Security\PermissionRole.author'
   access:
     Title: Access Administrators + Authors
-    Members: =>Member.access
+    Members: '=>SilverStripe\Security\Member.access'
-    Roles: =>PermissionRole.access,=>PermissionRole.author
+    Roles: '=>SilverStripe\Security\PermissionRole.access,=>SilverStripe\Security\PermissionRole.author'
   globalauthor:
-    Parent: =>Group.author
+    Parent: '=>SilverStripe\Security\Group.author'
     Title: Global Authors
-    Members: =>Member.globalauthor
+    Members: '=>SilverStripe\Security\Member.globalauthor'
   leftandmain:
     Title: LeftAndMain
-    Members: =>Member.leftandmain
+    Members: '=>SilverStripe\Security\Member.leftandmain'
 
-Permission:
+'SilverStripe\Security\Permission':
   extra1:
     Code: SITETREE_VIEW_ALL
-    Group: =>Group.author
+    Group: '=>SilverStripe\Security\Group.author'
   globalauthor:
     Code: SITETREE_EDIT_ALL
-    Group: =>Group.globalauthor
+    Group: '=>SilverStripe\Security\Group.globalauthor'
   leftandmain:
     Code: CMS_ACCESS_LeftAndMain
-    Group: =>Group.leftandmain
+    Group: '=>SilverStripe\Security\Group.leftandmain'

tests/security/RandomGeneratorTest.php

@@ -1,4 +1,6 @@
 <?php
+
+use SilverStripe\Security\RandomGenerator;
 /**
  * @package framework
  * @subpackage tests

tests/security/SecurityDefaultAdminTest.php

@@ -1,4 +1,8 @@
 <?php
+
+use SilverStripe\Security\Security;
+use SilverStripe\Security\Permission;
+use SilverStripe\Security\Member;
 class SecurityDefaultAdminTest extends SapphireTest {
 
 	protected $usesDatabase = true;
@@ -49,7 +53,7 @@ class SecurityDefaultAdminTest extends SapphireTest {
 
 		$admin = Security::findAnAdministrator();
 
-		$this->assertInstanceOf('Member', $admin);
+		$this->assertInstanceOf('SilverStripe\\Security\\Member', $admin);
 		$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
 		$this->assertEquals($admin->Email, Security::default_admin_username());
 		$this->assertNull($admin->Password);
@@ -64,7 +68,7 @@ class SecurityDefaultAdminTest extends SapphireTest {
 
 		$admin = Security::findAnAdministrator();
 
-		$this->assertInstanceOf('Member', $admin);
+		$this->assertInstanceOf('SilverStripe\\Security\\Member', $admin);
 		$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
 
 		// User should be blank
@@ -78,7 +82,7 @@ class SecurityDefaultAdminTest extends SapphireTest {
 
 		$admin = Member::default_admin();
 
-		$this->assertInstanceOf('Member', $admin);
+		$this->assertInstanceOf('SilverStripe\\Security\\Member', $admin);
 		$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
 		$this->assertEquals($admin->Email, Security::default_admin_username());
 		$this->assertNull($admin->Password);

tests/security/SecurityTest.php

@@ -6,6 +6,11 @@ use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\FieldType\DBDatetime;
 use SilverStripe\ORM\FieldType\DBClassName;
 use SilverStripe\ORM\DB;
+use SilverStripe\Security\Authenticator;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Security;
+use SilverStripe\Security\Permission;
+
 
 
 /**
@@ -35,8 +40,8 @@ class SecurityTest extends FunctionalTest {
 			Authenticator::unregister($authenticator);
 		}
 
-		Authenticator::register('MemberAuthenticator');
+		Authenticator::register('SilverStripe\\Security\\MemberAuthenticator');
-		Authenticator::set_default_authenticator('MemberAuthenticator');
+		Authenticator::set_default_authenticator('SilverStripe\\Security\\MemberAuthenticator');
 
 		// And that the unique identified field is 'Email'
 		$this->priorUniqueIdentifierField = Member::config()->unique_identifier_field;
@@ -50,8 +55,8 @@ class SecurityTest extends FunctionalTest {
 		// Restore selected authenticator
 
 		// MemberAuthenticator might not actually be present
-		if(!in_array('MemberAuthenticator', $this->priorAuthenticators)) {
+		if(!in_array('SilverStripe\\Security\\MemberAuthenticator', $this->priorAuthenticators)) {
-			Authenticator::unregister('MemberAuthenticator');
+			Authenticator::unregister('SilverStripe\\Security\\MemberAuthenticator');
 		}
 		foreach($this->priorAuthenticators as $authenticator) {
 			Authenticator::register($authenticator);
@@ -71,7 +76,7 @@ class SecurityTest extends FunctionalTest {
 		$response = $this->get('SecurityTest_SecuredController');
 		$this->assertEquals(302, $response->getStatusCode());
 		$this->assertContains(
-			Config::inst()->get('Security', 'login_url'),
+			Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'),
 			$response->getHeader('Location')
 		);
 
@@ -94,13 +99,13 @@ class SecurityTest extends FunctionalTest {
 		$this->assertEquals('Oops, not allowed', Session::get('Security.Message.message'));
 
 		// Test that config values are used correctly
-		Config::inst()->update('Security', 'default_message_set', 'stringvalue');
+		Config::inst()->update('SilverStripe\\Security\\Security', 'default_message_set', 'stringvalue');
 		Security::permissionFailure($controller);
 		$this->assertEquals('stringvalue', Session::get('Security.Message.message'),
 			'Default permission failure message value was not present');
 
-		Config::inst()->remove('Security', 'default_message_set');
+		Config::inst()->remove('SilverStripe\\Security\\Security', 'default_message_set');
-		Config::inst()->update('Security', 'default_message_set', array('default' => 'arrayvalue'));
+		Config::inst()->update('SilverStripe\\Security\\Security', 'default_message_set', array('default' => 'arrayvalue'));
 		Security::permissionFailure($controller);
 		$this->assertEquals('arrayvalue', Session::get('Security.Message.message'),
 			'Default permission failure message value was not present');
@@ -110,7 +115,7 @@ class SecurityTest extends FunctionalTest {
 		// been fetched and output as part of it, so has been removed from the session
 		$this->logInWithPermission('EDITOR');
 
-		Config::inst()->update('Security', 'default_message_set',
+		Config::inst()->update('SilverStripe\\Security\\Security', 'default_message_set',
 			array('default' => 'default', 'alreadyLoggedIn' => 'You are already logged in!'));
 		Security::permissionFailure($controller);
 		$this->assertContains('You are already logged in!', $controller->getResponse()->getBody(),
@@ -182,13 +187,13 @@ class SecurityTest extends FunctionalTest {
 	}
 
 	public function testLogInAsSomeoneElse() {
-		$member = DataObject::get_one('Member');
+		$member = DataObject::get_one('SilverStripe\\Security\\Member');
 
 		/* Log in with any user that we can find */
 		$this->session()->inst_set('loggedInAs', $member->ID);
 
 		/* View the Security/login page */
-		$response = $this->get(Config::inst()->get('Security', 'login_url'));
+		$response = $this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
 
 		$items = $this->cssParser()->getBySelector('#MemberLoginForm_LoginForm input.action');
 
@@ -202,7 +207,7 @@ class SecurityTest extends FunctionalTest {
 			'MemberLoginForm_LoginForm',
 			null,
 			array(
-				'AuthenticationMethod' => 'MemberAuthenticator',
+				'AuthenticationMethod' => 'SilverStripe\\Security\\MemberAuthenticator',
 				'action_dologout' => 1,
 			)
 		);
@@ -222,7 +227,7 @@ class SecurityTest extends FunctionalTest {
 		$this->autoFollowRedirection = true;
 
 		/* Attempt to get into the admin section */
-		$response = $this->get(Config::inst()->get('Security', 'login_url'));
+		$response = $this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
 
 		$items = $this->cssParser()->getBySelector('#MemberLoginForm_LoginForm input.text');
 
@@ -239,7 +244,7 @@ class SecurityTest extends FunctionalTest {
 		// Test that username does not persist
 		$this->session()->inst_set('SessionForms.MemberLoginForm.Email', 'myuser@silverstripe.com');
 		Security::config()->remember_username = false;
-		$this->get(Config::inst()->get('Security', 'login_url'));
+		$this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
 		$items = $this
 			->cssParser()
 			->getBySelector('#MemberLoginForm_LoginForm #MemberLoginForm_LoginForm_Email');
@@ -253,7 +258,7 @@ class SecurityTest extends FunctionalTest {
 		// Test that username does persist when necessary
 		$this->session()->inst_set('SessionForms.MemberLoginForm.Email', 'myuser@silverstripe.com');
 		Security::config()->remember_username = true;
-		$this->get(Config::inst()->get('Security', 'login_url'));
+		$this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
 		$items = $this
 			->cssParser()
 			->getBySelector('#MemberLoginForm_LoginForm #MemberLoginForm_LoginForm_Email');
@@ -322,7 +327,7 @@ class SecurityTest extends FunctionalTest {
 			Controller::join_links(Director::absoluteBaseURL(), 'test/link'),
 			$goodResponse->getHeader('Location')
 		);
-		$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
+		$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
 
 		/* EXPIRED PASSWORDS ARE SENT TO THE CHANGE PASSWORD FORM */
 		$expiredResponse = $this->doTestLoginForm('expired@silverstripe.com' , '1nitialPassword');
@@ -331,7 +336,7 @@ class SecurityTest extends FunctionalTest {
 			Controller::join_links(Director::baseURL(), 'Security/changepassword'),
 			$expiredResponse->getHeader('Location')
 		);
-		$this->assertEquals($this->idFromFixture('Member', 'expiredpassword'),
+		$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'expiredpassword'),
 			$this->session()->inst_get('loggedInAs'));
 
 		// Make sure it redirects correctly after the password has been changed
@@ -355,7 +360,7 @@ class SecurityTest extends FunctionalTest {
 			Controller::join_links(Director::absoluteBaseURL(), 'test/back'),
 			$changedResponse->getHeader('Location')
 		);
-		$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
+		$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
 
 		// Check if we can login with the new password
 		$goodResponse = $this->doTestLoginForm('testuser@example.com' , 'changedPassword');
@@ -364,11 +369,11 @@ class SecurityTest extends FunctionalTest {
 			Controller::join_links(Director::absoluteBaseURL(), 'test/link'),
 			$goodResponse->getHeader('Location')
 		);
-		$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
+		$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
 	}
 
 	public function testChangePasswordFromLostPassword() {
-		$admin = $this->objFromFixture('Member', 'test');
+		$admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
 		$admin->FailedLoginCount = 99;
 		$admin->LockedOutUntil = DBDatetime::now()->Format('Y-m-d H:i:s');
 		$admin->write();
@@ -382,7 +387,7 @@ class SecurityTest extends FunctionalTest {
 		$this->assertEmailSent('testuser@example.com');
 
 		// Load password link from email
-		$admin = DataObject::get_by_id('Member', $admin->ID);
+		$admin = DataObject::get_by_id('SilverStripe\\Security\\Member', $admin->ID);
 		$this->assertNotNull($admin->AutoLoginHash, 'Hash has been written after lost password');
 
 		// We don't have access to the token - generate a new token and hash pair.
@@ -396,14 +401,14 @@ class SecurityTest extends FunctionalTest {
 		// Follow redirection to form without hash in GET parameter
 		$response = $this->get('Security/changepassword');
 		$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
-		$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
+		$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
 
 		// Check if we can login with the new password
 		$goodResponse = $this->doTestLoginForm('testuser@example.com' , 'changedPassword');
 		$this->assertEquals(302, $goodResponse->getStatusCode());
-		$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
+		$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
 
-		$admin = DataObject::get_by_id('Member', $admin->ID, false);
+		$admin = DataObject::get_by_id('SilverStripe\\Security\\Member', $admin->ID, false);
 		$this->assertNull($admin->LockedOutUntil);
 		$this->assertEquals(0, $admin->FailedLoginCount);
 	}
@@ -418,7 +423,7 @@ class SecurityTest extends FunctionalTest {
 		// Login with a wrong password for more than the defined threshold
 		for($i = 1; $i <= Member::config()->lock_out_after_incorrect_logins+1; $i++) {
 			$this->doTestLoginForm('testuser@example.com' , 'incorrectpassword');
-			$member = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
+			$member = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'test'));
 
 			if($i < Member::config()->lock_out_after_incorrect_logins) {
 				$this->assertNull(
@@ -454,7 +459,7 @@ class SecurityTest extends FunctionalTest {
 		);
 
 		// (We fake this by re-setting LockedOutUntil)
-		$member = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
+		$member = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'test'));
 		$member->LockedOutUntil = date('Y-m-d H:i:s', time() - 30);
 		$member->write();
 		$this->doTestLoginForm('testuser@example.com' , '1nitialPassword');
@@ -499,8 +504,8 @@ class SecurityTest extends FunctionalTest {
 		$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword');
 		$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword');
 
-		$member1 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
+		$member1 = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'test'));
-		$member2 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'noexpiry'));
+		$member2 = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'noexpiry'));
 
 		$this->assertNull($member1->LockedOutUntil);
 		$this->assertNull($member2->LockedOutUntil);
@@ -509,11 +514,11 @@ class SecurityTest extends FunctionalTest {
 		// THIS SESSION
 
 		$this->doTestLoginForm('testuser@example.com' , 'incorrectpassword');
-		$member1 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
+		$member1 = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'test'));
 		$this->assertNotNull($member1->LockedOutUntil);
 
 		$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword');
-		$member2 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'noexpiry'));
+		$member2 = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'noexpiry'));
 		$this->assertNotNull($member2->LockedOutUntil);
 	}
 
@@ -522,11 +527,11 @@ class SecurityTest extends FunctionalTest {
 
 		/* UNSUCCESSFUL ATTEMPTS WITH WRONG PASSWORD FOR EXISTING USER ARE LOGGED */
 		$this->doTestLoginForm('testuser@example.com', 'wrongpassword');
-		$attempt = DataObject::get_one('LoginAttempt', array(
+		$attempt = DataObject::get_one('SilverStripe\\Security\\LoginAttempt', array(
 			'"LoginAttempt"."Email"' => 'testuser@example.com'
 		));
 		$this->assertTrue(is_object($attempt));
-		$member = DataObject::get_one('Member', array(
+		$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
 			'"Member"."Email"' => 'testuser@example.com'
 		));
 		$this->assertEquals($attempt->Status, 'Failure');
@@ -535,7 +540,7 @@ class SecurityTest extends FunctionalTest {
 
 		/* UNSUCCESSFUL ATTEMPTS WITH NONEXISTING USER ARE LOGGED */
 		$this->doTestLoginForm('wronguser@silverstripe.com', 'wrongpassword');
-		$attempt = DataObject::get_one('LoginAttempt', array(
+		$attempt = DataObject::get_one('SilverStripe\\Security\\LoginAttempt', array(
 			'"LoginAttempt"."Email"' => 'wronguser@silverstripe.com'
 		));
 		$this->assertTrue(is_object($attempt));
@@ -551,10 +556,10 @@ class SecurityTest extends FunctionalTest {
 
 		/* SUCCESSFUL ATTEMPTS ARE LOGGED */
 		$this->doTestLoginForm('testuser@example.com', '1nitialPassword');
-		$attempt = DataObject::get_one('LoginAttempt', array(
+		$attempt = DataObject::get_one('SilverStripe\\Security\\LoginAttempt', array(
 			'"LoginAttempt"."Email"' => 'testuser@example.com'
 		));
-		$member = DataObject::get_one('Member', array(
+		$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
 			'"Member"."Email"' => 'testuser@example.com'
 		));
 		$this->assertTrue(is_object($attempt));
@@ -571,6 +576,7 @@ class SecurityTest extends FunctionalTest {
 
 		// Assumption: The database has been built correctly by the test runner,
 		// and has all columns present in the ORM
+		/** @skipUpgrade */
 		DB::get_schema()->renameField('Member', 'Email', 'Email_renamed');
 
 		// Email column is now missing, which means we're not ready to do permission checks
@@ -588,9 +594,9 @@ class SecurityTest extends FunctionalTest {
 	 * Helper method for the tests above
 	 */
 	public function doTestLoginForm($email, $password, $backURL = 'test/link') {
-		$this->get(Config::inst()->get('Security', 'logout_url'));
+		$this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'logout_url'));
 		$this->session()->inst_set('BackURL', $backURL);
-		$this->get(Config::inst()->get('Security', 'login_url'));
+		$this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
 
 		return $this->submitForm(
 			"MemberLoginForm_LoginForm",
@@ -598,7 +604,7 @@ class SecurityTest extends FunctionalTest {
 			array(
 				'Email' => $email,
 				'Password' => $password,
-				'AuthenticationMethod' => 'MemberAuthenticator',
+				'AuthenticationMethod' => 'SilverStripe\\Security\\MemberAuthenticator',
 				'action_dologin' => 1,
 			)
 		);

tests/security/SecurityTokenTest.php

@@ -1,4 +1,6 @@
 <?php
+
+use SilverStripe\Security\SecurityToken;
 /**
  * @package framework
  * @subpackage tests
@@ -41,7 +43,7 @@ class SecurityTokenTest extends SapphireTest {
 
 	public function testInst() {
 		$inst1 = SecurityToken::inst();
-		$this->assertInstanceOf('SecurityToken', $inst1);
+		$this->assertInstanceOf('SilverStripe\\Security\\SecurityToken', $inst1);
 	}
 
 	public function testInstReturnsSingleton() {

tests/tasks/EncryptAllPasswordsTaskTest.php

@@ -1,6 +1,8 @@
 <?php
 
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Member;
+
 /**
  * @package framework
  * @subpackage tests
@@ -15,7 +17,7 @@ class EncryptAllPasswordsTaskTest extends SapphireTest {
 		$t = new EncryptAllPasswordsTask();
 		$t->run(null);
 
-		$m = DataObject::get_by_id('Member', $m->ID);
+		$m = DataObject::get_by_id('SilverStripe\\Security\\Member', $m->ID);
 		$this->assertEquals($m->PasswordEncryption, 'blowfish');
 		$this->assertNotEquals($m->Password, 'plain');
 		$result = $m->checkPassword('plain');

tests/view/SSViewerTest.php

@@ -2,6 +2,10 @@
 
 use SilverStripe\ORM\ArrayList;
 use SilverStripe\ORM\DataObject;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\SecurityToken;
+use SilverStripe\Security\Permission;
+
 
 class SSViewerTest extends SapphireTest {
 

view/SSViewer.php

@@ -2,6 +2,8 @@
 
 
 use SilverStripe\ORM\FieldType\DBField;
+use SilverStripe\Security\Permission;
+
 
 
 /**