API Apply Framework\Security namespace

This commit is contained in:
Damian Mooyman 2016-06-23 11:37:22 +12:00
parent 20efb0e8e1
commit af22a83166
155 changed files with 1704 additions and 1049 deletions

View File

@ -115,8 +115,49 @@ mappings:
VersionedGridFieldDetailForm: SilverStripe\ORM\Versioning\VersionedGridFieldDetailForm
VersionedGridFieldItemRequest: SilverStripe\ORM\Versioning\VersionedGridFieldItemRequest
Hierarchy: SilverStripe\ORM\Hierarchy\Hierarchy
Authenticator: SilverStripe\Security\Authenticator
BasicAuth: SilverStripe\Security\BasicAuth
ChangePasswordForm: SilverStripe\Security\ChangePasswordForm
CMSMemberLoginForm: SilverStripe\Security\CMSMemberLoginForm
CMSSecurity: SilverStripe\Security\CMSSecurity
Group: SilverStripe\Security\Group
GroupCsvBulkLoader: SilverStripe\Security\GroupCsvBulkLoader
LoginAttempt: SilverStripe\Security\LoginAttempt
LoginForm: SilverStripe\Security\LoginForm
Member: SilverStripe\Security\Member
Member_GroupSet: SilverStripe\Security\Member_GroupSet
Member_Validator: SilverStripe\Security\Member_Validator
MemberAuthenticator: SilverStripe\Security\MemberAuthenticator
MemberCsvBulkLoader: SilverStripe\Security\MemberCsvBulkLoader
MemberLoginForm: SilverStripe\Security\MemberLoginForm
MemberPassword: SilverStripe\Security\MemberPassword
PasswordEncryptor: SilverStripe\Security\PasswordEncryptor
PasswordEncryptor_Blowfish: SilverStripe\Security\PasswordEncryptor_Blowfish
PasswordEncryptor_PHPHash: SilverStripe\Security\PasswordEncryptor_PHPHash
PasswordEncryptor_LegacyPHPHash: SilverStripe\Security\PasswordEncryptor_LegacyPHPHash
PasswordEncryptor_MySQLPassword: SilverStripe\Security\PasswordEncryptor_MySQLPassword
PasswordEncryptor_MySQLOldPassword: SilverStripe\Security\PasswordEncryptor_MySQLOldPassword
PasswordEncryptor_None: SilverStripe\Security\PasswordEncryptor_None
PasswordEncryptor_NotFoundException: SilverStripe\Security\PasswordEncryptor_NotFoundException
PasswordEncryptor_EncryptionFailed: SilverStripe\Security\PasswordEncryptor_EncryptionFailed
PasswordValidator: SilverStripe\Security\PasswordValidator
Permission: SilverStripe\Security\Permission
Permission_Group: SilverStripe\Security\Permission_Group
PermissionCheckboxSetField: SilverStripe\Security\PermissionCheckboxSetField
PermissionCheckboxSetField_Readonly: SilverStripe\Security\PermissionCheckboxSetField_Readonly
PermissionFailureException: SilverStripe\Security\PermissionFailureException
PermissionProvider: SilverStripe\Security\PermissionProvider
PermissionRole: SilverStripe\Security\PermissionRole
PermissionRoleCode: SilverStripe\Security\PermissionRoleCode
RandomGenerator: SilverStripe\Security\RandomGenerator
RememberLoginHash: SilverStripe\Security\RememberLoginHash
Security: SilverStripe\Security\Security
SecurityToken: SilverStripe\Security\SecurityToken
NullSecurityToken: SilverStripe\Security\NullSecurityToken
skipConfigs:
- db
- casting
- table_name
- fixed_fields
- menu_title
- allowed_actions

View File

@ -5,6 +5,7 @@ namespace SilverStripe\ORM\Connect;
use Config;
use Exception;
use PaginatedList;
use SilverStripe\Framework\Core\Configurable;
use SilverStripe\ORM\DataList;
use SilverStripe\ORM\ArrayList;

View File

@ -16,8 +16,10 @@ class MySQLSchemaManager extends DBSchemaManager {
/**
* Identifier for this schema, used for configuring schema-specific table
* creation options
*
* @skipUpgrade
*/
const ID = 'SilverStripe\ORM\Connect\MySQLDatabase';
const ID = 'MySQLDatabase';
public function createTable($table, $fields = null, $indexes = null, $options = null, $advancedOptions = null) {
$fieldSchemas = $indexSchemas = "";

View File

@ -9,7 +9,9 @@ use Config;
use LogicException;
use Cookie;
use Injector;
use SilverStripe\ORM\Connect\DBConnector;
use SilverStripe\ORM\Connect\DBSchemaManager;
use SilverStripe\ORM\Connect\SS_Query;
use SilverStripe\ORM\Queries\SQLExpression;
use SilverStripe\ORM\Connect\SS_Database;
@ -53,8 +55,8 @@ class DB {
* Pass an object that's a subclass of SS_Database. This object will be used when {@link DB::query()}
* is called.
*
* @param $connection The connecton object to set as the connection.
* @param $name The name to give to this connection. If you omit this argument, the connection
* @param SS_Database $connection The connecton object to set as the connection.
* @param string $name The name to give to this connection. If you omit this argument, the connection
* will be the default one used by the ORM. However, you can store other named connections to
* be accessed through DB::get_conn($name). This is useful when you have an application that
* needs to connect to more than one database.
@ -147,6 +149,7 @@ class DB {
*
* Note that the database will be set on the next request.
* Set it to null to revert to the main database.
* @param string $name
*/
public static function set_alternative_database_name($name = null) {
// Skip if CLI
@ -161,7 +164,7 @@ class DB {
));
}
$key = Config::inst()->get('Security', 'token');
$key = Config::inst()->get('SilverStripe\\Security\\Security', 'token');
if(!$key) {
throw new LogicException('"Security.token" not found, run "sake dev/generatesecuretoken"');
}
@ -193,7 +196,7 @@ class DB {
$iv = Cookie::get("alternativeDatabaseNameIv");
if($name) {
$key = Config::inst()->get('Security', 'token');
$key = Config::inst()->get('SilverStripe\\Security\\Security', 'token');
if(!$key) {
throw new LogicException('"Security.token" not found, run "sake dev/generatesecuretoken"');
}
@ -231,10 +234,9 @@ class DB {
* Given the database configuration, this method will create the correct
* subclass of {@link SS_Database}.
*
* @param array $database A map of options. The 'type' is the name of the subclass of SS_Database to use. For the
* rest of the options, see the specific class.
* @param string $name identifier for the connection
*
* @param array $databaseConfig A map of options. The 'type' is the name of the
* subclass of SS_Database to use. For the rest of the options, see the specific class.
* @param string $label identifier for the connection
* @return SS_Database
*/
public static function connect($databaseConfig, $label = 'default') {
@ -296,7 +298,7 @@ class DB {
*
* @param array|integer $input An array of items needing placeholders, or a
* number to specify the number of placeholders
* @param string The string to join each placeholder together with
* @param string $join The string to join each placeholder together with
* @return string|null Either a list of placeholders, or null
*/
public static function placeholders($input, $join = ', ') {
@ -374,6 +376,8 @@ class DB {
/**
* Get the autogenerated ID from the previous INSERT query.
*
* @param string $table
* @return int
*/
public static function get_generated_id($table) {
@ -427,13 +431,14 @@ class DB {
/**
* Create a new table.
* @param string $tableName The name of the table
* @param string $table The name of the table
* @param array$fields A map of field names to field types
* @param array $indexes A map of indexes
* @param array $options An map of additional options. The available keys are as follows:
* - 'MSSQLDatabase'/'MySQLDatabase'/'PostgreSQLDatabase' - database-specific options such as "engine"
* for MySQL.
* - 'temporary' - If true, then a temporary table will be created
* @param array $advancedOptions
* @return string The table name generated. This may be different from the table name, for example with
* temporary tables.
*/
@ -577,7 +582,7 @@ class DB {
/**
* Checks a table's integrity and repairs it if necessary.
*
* @param string $tableName The name of the table.
* @param string $table The name of the table.
* @return boolean Return true if the table has integrity after the method is complete.
*/
public static function check_and_repair_table($table) {

View File

@ -19,8 +19,8 @@ use SearchContext;
use FieldList;
use FormField;
use FormScaffolder;
use Member;
use Permission;
use Object;
use SearchFilter;
use SilverStripe\ORM\Queries\SQLInsert;
@ -30,6 +30,9 @@ use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\FieldType\DBComposite;
use SilverStripe\ORM\FieldType\DBClassName;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
/**
* A single database record & abstract class for the data-access-model.
@ -907,10 +910,10 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity
* Caution: Does not delete the merged object.
* Caution: Does now overwrite Created date on the original object.
*
* @param $obj DataObject
* @param $priority String left|right Determines who wins in case of a conflict (optional)
* @param $includeRelations Boolean Merge any existing relations (optional)
* @param $overwriteWithEmpty Boolean Overwrite existing left values with empty right values.
* @param DataObject $rightObj
* @param string $priority left|right Determines who wins in case of a conflict (optional)
* @param bool $includeRelations Merge any existing relations (optional)
* @param bool $overwriteWithEmpty Overwrite existing left values with empty right values.
* Only applicable with $priority='right'. (optional)
* @return Boolean
*/

View File

@ -5,12 +5,15 @@ namespace SilverStripe\ORM;
use Controller;
use SapphireTest;
use Director;
use Security;
use Permission;
use SS_ClassLoader;
use ClassInfo;
use TestOnly;
use Deprecation;
use SilverStripe\Security\Security;
use SilverStripe\Security\Permission;
// Include the DB class
require_once("DB.php");
@ -183,6 +186,7 @@ class DatabaseAdmin extends Controller {
*
* @param boolean $quiet Don't show messages
* @param boolean $populate Populate the database, as well as setting up its schema
* @param bool $testMode
*/
public function doBuild($quiet = false, $populate = true, $testMode = false) {
if($quiet) {

View File

@ -2,13 +2,15 @@
namespace SilverStripe\ORM\FieldType;
use Member;
use Zend_Date;
use DateTime;
use DateField;
use Convert;
use Exception;
use SilverStripe\ORM\DB;
use SilverStripe\Security\Member;
/**
* Represents a date field.

View File

@ -4,12 +4,13 @@ namespace SilverStripe\ORM\FieldType;
use Convert;
use Exception;
use Member;
use DatetimeField;
use Zend_Date;
use TemplateGlobalProvider;
use DateTime;
use SilverStripe\ORM\DB;
use SilverStripe\Security\Member;
/**
* Represents a date-time field.
@ -60,11 +61,11 @@ class DBDatetime extends DBDate implements TemplateGlobalProvider {
if(is_numeric($value)) {
$this->value = date('Y-m-d H:i:s', $value);
} elseif(is_string($value)) {
try {
try{
$date = new DateTime($value);
$this->value = $date->format('Y-m-d H:i:s');
return;
} catch(Exception $e) {
}catch(Exception $e){
$this->value = null;
return;
}

View File

@ -768,15 +768,16 @@ class Hierarchy extends DataExtension {
* @return DataObject
*/
public function getParent($filter = null) {
if($p = $this->owner->__get("ParentID")) {
$tableClasses = ClassInfo::dataClassesFor($this->owner->class);
$baseClass = array_shift($tableClasses);
$parentID = $this->owner->ParentID;
if(empty($parentID)) {
return null;
}
$idSQL = $this->owner->getSchema()->sqlColumnForField($this->owner, 'ID');
return DataObject::get_one($this->owner->class, array(
array("\"$baseClass\".\"ID\"" => $p),
array($idSQL => $parentID),
$filter
));
}
}
/**
* Return all the parents of this class in a set ordered from the lowest to highest parent.

View File

@ -4,6 +4,7 @@ namespace SilverStripe\ORM\Queries;
use Exception;
use Convert;
use SilverStripe\ORM\Connect\SS_Query;
use SilverStripe\ORM\DB;
/**

View File

@ -2,9 +2,11 @@
namespace SilverStripe\ORM\Versioning;
use Member;
use Permission;
use Exception;
use FieldList;
use SilverStripe\ORM\HasManyList;
use TextField;
use ReadonlyField;
use i18n;
@ -13,6 +15,9 @@ use LogicException;
use SilverStripe\ORM\ValidationException;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
/**
* The ChangeSet model tracks several VersionedAndStaged objects for later publication as a single
@ -57,7 +62,7 @@ class ChangeSet extends DataObject {
);
private static $has_one = array(
'Owner' => 'Member',
'Owner' => 'SilverStripe\\Security\\Member',
);
private static $casting = array(

View File

@ -4,12 +4,18 @@ namespace SilverStripe\ORM\Versioning;
use Exception;
use BadMethodCallException;
use Member;
use Permission;
use CMSPreviewable;
use Controller;
use SilverStripe\Filesystem\Thumbnail;
use SilverStripe\ORM\DataList;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\ManyManyList;
use SilverStripe\ORM\SS_List;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
/**
* A single line in a changeset

View File

@ -2,16 +2,17 @@
namespace SilverStripe\ORM\Versioning;
use SS_HTTPRequest;
use TemplateGlobalProvider;
use Session;
use Deprecation;
use InvalidArgumentException;
use Config;
use LogicException;
use Member;
use ClassInfo;
use Object;
use Permission;
use Director;
use Cookie;
use FieldList;
@ -25,6 +26,9 @@ use SilverStripe\ORM\DataExtension;
use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\Queries\SQLSelect;
use SilverStripe\ORM\Queries\SQLUpdate;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
/**
* The Versioned extension allows your DataObjects to have several versions,
@ -235,8 +239,8 @@ class Versioned extends DataExtension implements TemplateGlobalProvider {
* Amend freshly created DataQuery objects with versioned-specific
* information.
*
* @param SQLSelect
* @param DataQuery
* @param SQLSelect $query
* @param DataQuery $dataQuery
*/
public function augmentDataQueryCreation(SQLSelect &$query, DataQuery &$dataQuery) {
$parts = explode('.', Versioned::get_reading_mode());
@ -2397,7 +2401,7 @@ class Versioned extends DataExtension implements TemplateGlobalProvider {
}
/**
* @param FieldList
* @param FieldList $fields
*/
public function updateCMSFields(FieldList $fields) {
// remove the version field from the CMS as this should be left

View File

@ -1,4 +1,11 @@
<?php
namespace SilverStripe\Security;
use Object;
use Form;
use Controller;
/**
* Abstract base class for an authentication method
*
@ -16,7 +23,7 @@ abstract class Authenticator extends Object {
*
* @var array
*/
private static $authenticators = array('MemberAuthenticator');
private static $authenticators = array('SilverStripe\\Security\\MemberAuthenticator');
/**
* Used to influence the order of authenticators on the login-screen
@ -24,7 +31,7 @@ abstract class Authenticator extends Object {
*
* @var string
*/
private static $default_authenticator = 'MemberAuthenticator';
private static $default_authenticator = 'SilverStripe\\Security\\MemberAuthenticator';
/**
@ -43,7 +50,7 @@ abstract class Authenticator extends Object {
/**
* Method that creates the login form for this authentication method
*
* @param Controller The parent controller, necessary to create the
* @param Controller $controller The parent controller, necessary to create the
* appropriate form action tag
* @return Form Returns the login form to use with this authentication
* method
@ -99,7 +106,7 @@ abstract class Authenticator extends Object {
if(class_exists($authenticator) == false)
return false;
if(is_subclass_of($authenticator, 'Authenticator') == false)
if(is_subclass_of($authenticator, 'SilverStripe\\Security\\Authenticator') == false)
return false;
if(in_array($authenticator, self::$authenticators) == false) {

View File

@ -1,4 +1,13 @@
<?php
namespace SilverStripe\Security;
use SapphireTest;
use Director;
use SS_HTTPResponse;
use SS_HTTPResponse_Exception;
use Config;
/**
* Provides an interface to HTTP basic authentication.
*
@ -125,14 +134,15 @@ class BasicAuth {
* define('SS_USE_BASIC_AUTH', true);
*
* @param boolean $protect Set this to false to disable protection.
* @param String $code {@link Permission} code that is required from the user.
* @param string $code {@link Permission} code that is required from the user.
* Defaults to "ADMIN". Set to NULL to just require a valid login, regardless
* of the permission codes a user has.
* @param string $message
*/
public static function protect_entire_site($protect = true, $code = 'ADMIN', $message = null) {
Config::inst()->update('BasicAuth', 'entire_site_protected', $protect);
Config::inst()->update('BasicAuth', 'entire_site_protected_code', $code);
Config::inst()->update('BasicAuth', 'entire_site_protected_message', $message);
Config::inst()->update('SilverStripe\\Security\\BasicAuth', 'entire_site_protected', $protect);
Config::inst()->update('SilverStripe\\Security\\BasicAuth', 'entire_site_protected_code', $code);
Config::inst()->update('SilverStripe\\Security\\BasicAuth', 'entire_site_protected_message', $message);
}
/**
@ -143,7 +153,7 @@ class BasicAuth {
* please use {@link protect_entire_site()}.
*/
public static function protect_site_if_necessary() {
$config = Config::inst()->forClass('BasicAuth');
$config = Config::inst()->forClass('SilverStripe\\Security\\BasicAuth');
if($config->entire_site_protected) {
self::requireLogin($config->entire_site_protected_message, $config->entire_site_protected_code, false);
}

View File

@ -1,5 +1,19 @@
<?php
namespace SilverStripe\Security;
use Controller;
use FieldList;
use HiddenField;
use PasswordField;
use LiteralField;
use CheckboxField;
use FormAction;
use Session;
use Convert;
use SS_HTTPResponse;
/**
* Provides the in-cms session re-authentication form for the "member" authenticator
*
@ -8,7 +22,7 @@
*/
class CMSMemberLoginForm extends LoginForm {
protected $authenticator_class = 'MemberAuthenticator';
protected $authenticator_class = 'SilverStripe\\Security\\MemberAuthenticator';
/**
* Get link to use for external security actions
@ -68,7 +82,7 @@ class CMSMemberLoginForm extends LoginForm {
/**
* Try to authenticate the user
*
* @param array Submitted data
* @param array $data Submitted data
* @return Member Returns the member object on successful authentication
* or NULL on failure.
*/
@ -89,6 +103,7 @@ class CMSMemberLoginForm extends LoginForm {
* This method is called when the user clicks on "Log in"
*
* @param array $data Submitted data
* @return \SS_HTTPResponse
*/
public function dologin($data) {
if($this->performLogin($data)) {
@ -110,7 +125,7 @@ class CMSMemberLoginForm extends LoginForm {
*/
protected function redirectToChangePassword() {
// Since this form is loaded via an iframe, this redirect must be performed via javascript
$changePasswordForm = new ChangePasswordForm($this->controller, 'ChangePasswordForm');
$changePasswordForm = new ChangePasswordForm($this->controller, 'SilverStripe\\Security\\ChangePasswordForm');
$changePasswordForm->sessionMessage(
_t('Member.PASSWORDEXPIRED', 'Your password has expired. Please choose a new one.'),
'good'

View File

@ -1,5 +1,16 @@
<?php
namespace SilverStripe\Security;
use Requirements;
use Controller;
use Director;
use Convert;
use Session;
use AdminRootController;
use SS_HTTPResponse;
/**
* Provides a security interface functionality within the cms
* @package framework
@ -12,7 +23,7 @@ class CMSSecurity extends Security {
);
private static $allowed_actions = array(
'LoginForm',
'SilverStripe\\Security\\LoginForm',
'success'
);
@ -43,6 +54,7 @@ class CMSSecurity extends Security {
}
public function Link($action = null) {
/** @skipUpgrade */
return Controller::join_links(Director::baseURL(), "CMSSecurity", $action);
}
@ -173,7 +185,7 @@ PHP
}
public function getTemplatesFor($action) {
return array("CMSSecurity_{$action}", "CMSSecurity")
return array("CMSSecurity_{$action}", "SilverStripe\\Security\\CMSSecurity")
+ parent::getTemplatesFor($action);
}

View File

@ -1,4 +1,17 @@
<?php
namespace SilverStripe\Security;
use Form;
use Session;
use FieldList;
use PasswordField;
use FormAction;
use HiddenField;
use Director;
use HTTP;
use Convert;
/**
* Standard Change Password Form
* @package framework

View File

@ -1,8 +1,33 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\HasManyList;
use SilverStripe\ORM\ManyManyList;
use SilverStripe\ORM\UnsavedRelationList;
use Requirements;
use FieldList;
use TabSet;
use Tab;
use TextField;
use DropdownField;
use TextareaField;
use Config;
use GridFieldConfig_RelationEditor;
use GridFieldButtonRow;
use GridFieldExportButton;
use GridFieldPrintButton;
use GridField;
use HTMLEditorConfig;
use LiteralField;
use ListboxField;
use HiddenField;
use InvalidArgumentException;
use Convert;
/**
* A security group.
*
@ -35,23 +60,25 @@ class Group extends DataObject {
);
private static $has_one = array(
"Parent" => "Group",
"Parent" => "SilverStripe\\Security\\Group",
);
private static $has_many = array(
"Permissions" => "Permission",
"Groups" => "Group"
"Permissions" => "SilverStripe\\Security\\Permission",
"Groups" => "SilverStripe\\Security\\Group"
);
private static $many_many = array(
"Members" => "Member",
"Roles" => "PermissionRole",
"Members" => "SilverStripe\\Security\\Member",
"Roles" => "SilverStripe\\Security\\PermissionRole",
);
private static $extensions = array(
"SilverStripe\\ORM\\Hierarchy\\Hierarchy",
);
private static $table_name = "Group";
public function populateDefaults() {
parent::populateDefaults();
@ -61,7 +88,7 @@ class Group extends DataObject {
public function getAllChildren() {
$doSet = new ArrayList();
$children = DataObject::get('Group')->filter("ParentID", $this->ID);
$children = Group::get()->filter("ParentID", $this->ID);
foreach($children as $child) {
$doSet->push($child);
$doSet->merge($child->getAllChildren());
@ -94,7 +121,7 @@ class Group extends DataObject {
$permissionsField = new PermissionCheckboxSetField(
'Permissions',
false,
'Permission',
'SilverStripe\\Security\\Permission',
'GroupID',
$this
)
@ -163,7 +190,7 @@ class Group extends DataObject {
// Only show the "Roles" tab if permissions are granted to edit them,
// and at least one role exists
if(Permission::check('APPLY_ROLES') && DataObject::get('PermissionRole')) {
if(Permission::check('APPLY_ROLES') && DataObject::get('SilverStripe\\Security\\PermissionRole')) {
$fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.ROLES', 'Roles'));
$fields->addFieldToTab('Root.Roles',
new LiteralField(
@ -223,9 +250,8 @@ class Group extends DataObject {
}
/**
*
* @param boolean $includerelations a boolean value to indicate if the labels returned include relation fields
*
* @param bool $includerelations Indicate if the labels returned include relation fields
* @return array
*/
public function fieldLabels($includerelations = true) {
$labels = parent::fieldLabels($includerelations);
@ -358,7 +384,7 @@ class Group extends DataObject {
$inheritedCodes = Permission::get()
->filter('GroupID', $this->Parent()->collateAncestorIDs())
->column('Code');
$privilegedCodes = Config::inst()->get('Permission', 'privileged_permissions');
$privilegedCodes = Config::inst()->get('SilverStripe\\Security\\Permission', 'privileged_permissions');
if(array_intersect($inheritedCodes, $privilegedCodes)) {
$result->error(sprintf(
_t(
@ -406,7 +432,7 @@ class Group extends DataObject {
* @return boolean
*/
public function canEdit($member = null) {
if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) $member = Member::currentUser();
if(!$member || !(is_a($member, 'SilverStripe\\Security\\Member')) || is_numeric($member)) $member = Member::currentUser();
// extended access checks
$results = $this->extend('canEdit', $member);
@ -436,7 +462,7 @@ class Group extends DataObject {
* @return boolean
*/
public function canView($member = null) {
if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) $member = Member::currentUser();
if(!$member || !(is_a($member, 'SilverStripe\\Security\\Member')) || is_numeric($member)) $member = Member::currentUser();
// extended access checks
$results = $this->extend('canView', $member);
@ -449,7 +475,7 @@ class Group extends DataObject {
}
public function canDelete($member = null) {
if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) $member = Member::currentUser();
if(!$member || !(is_a($member, 'SilverStripe\\Security\\Member')) || is_numeric($member)) $member = Member::currentUser();
// extended access checks
$results = $this->extend('canDelete', $member);
@ -487,7 +513,7 @@ class Group extends DataObject {
parent::requireDefaultRecords();
// Add default author group if no other group exists
$allGroups = DataObject::get('Group');
$allGroups = DataObject::get('SilverStripe\\Security\\Group');
if(!$allGroups->count()) {
$authorGroup = new Group();
$authorGroup->Code = 'content-authors';

View File

@ -1,6 +1,11 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
use CsvBulkLoader;
/**
* @todo Migrate Permission->Arg and Permission->Type values
*
@ -14,7 +19,7 @@ class GroupCsvBulkLoader extends CsvBulkLoader {
);
public function __construct($objectClass = null) {
if(!$objectClass) $objectClass = 'Group';
if(!$objectClass) $objectClass = 'SilverStripe\\Security\\Group';
parent::__construct($objectClass);
}
@ -30,7 +35,7 @@ class GroupCsvBulkLoader extends CsvBulkLoader {
// are imported to avoid missing "early" references to parents
// which are imported later on in the CSV file.
if(isset($record['ParentCode']) && $record['ParentCode']) {
$parentGroup = DataObject::get_one('Group', array(
$parentGroup = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => $record['ParentCode']
));
if($parentGroup) {
@ -43,7 +48,7 @@ class GroupCsvBulkLoader extends CsvBulkLoader {
// existing permissions arent cleared.
if(isset($record['PermissionCodes']) && $record['PermissionCodes']) {
foreach(explode(',', $record['PermissionCodes']) as $code) {
$p = DataObject::get_one('Permission', array(
$p = DataObject::get_one('SilverStripe\\Security\\Permission', array(
'"Permission"."Code"' => $code,
'"Permission"."GroupID"' => $group->ID
));

View File

@ -1,6 +1,11 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
/**
* Record all login attempts through the {@link LoginForm} object.
* This behaviour is disabled by default.
@ -31,19 +36,14 @@ class LoginAttempt extends DataObject {
);
private static $has_one = array(
'Member' => 'Member', // only linked if the member actually exists
'Member' => 'SilverStripe\\Security\\Member', // only linked if the member actually exists
);
private static $has_many = array();
private static $many_many = array();
private static $belongs_many_many = array();
private static $table_name = "LoginAttempt";
/**
*
* @param boolean $includerelations a boolean value to indicate if the labels returned include relation fields
*
* @param bool $includerelations Indicate if the labels returned include relation fields
* @return array
*/
public function fieldLabels($includerelations = true) {
$labels = parent::fieldLabels($includerelations);

View File

@ -1,4 +1,10 @@
<?php
namespace SilverStripe\Security;
use Form;
use Injector;
/**
* Abstract base class for a login form
*
@ -27,7 +33,7 @@ abstract class LoginForm extends Form {
* @return Authenticator Returns the authenticator instance for this login form.
*/
public function getAuthenticator() {
if(!class_exists($this->authenticator_class) || !is_subclass_of($this->authenticator_class, 'Authenticator')) {
if(!class_exists($this->authenticator_class) || !is_subclass_of($this->authenticator_class, 'SilverStripe\\Security\\Authenticator')) {
user_error("The form uses an invalid authenticator class! '{$this->authenticator_class}'"
. " is not a subclass of 'Authenticator'", E_USER_ERROR);
return;

View File

@ -1,6 +1,8 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\SS_Map;
use SilverStripe\ORM\ValidationResult;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\DB;
@ -10,7 +12,30 @@ use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\Queries\SQLSelect;
use SilverStripe\ORM\ManyManyList;
use SilverStripe\MSSQL\MSSQLDatabase;
use TemplateGlobalProvider;
use Deprecation;
use i18n;
use Director;
use Session;
use Cookie;
use Config;
use SapphireTest;
use DateTime;
use DropdownField;
use ConfirmedPasswordField;
use Injector;
use TestMailer;
use Email;
use FieldList;
use ListboxField;
use Zend_Locale_Format;
use Zend_Locale;
use Zend_Date;
use MemberDatetimeOptionsetField;
use HTMLEditorConfig;
use RequiredFields;
use GridFieldDetailForm_ItemRequest;
/**
* The member class which represents the users of the system
@ -63,19 +88,15 @@ class Member extends DataObject implements TemplateGlobalProvider {
);
private static $belongs_many_many = array(
'Groups' => 'Group',
'Groups' => 'SilverStripe\\Security\\Group',
);
private static $has_one = array();
private static $has_many = array(
'LoggedPasswords' => 'MemberPassword',
'RememberLoginHashes' => 'RememberLoginHash'
'LoggedPasswords' => 'SilverStripe\\Security\\MemberPassword',
'RememberLoginHashes' => 'SilverStripe\\Security\\RememberLoginHash'
);
private static $many_many = array();
private static $many_many_extraFields = array();
private static $table_name = "Member";
private static $default_sort = '"Surname", "FirstName"';
@ -133,7 +154,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
/**
* @config
* @var Array See {@link set_title_columns()}
* @var array See {@link set_title_columns()}
*/
private static $title_format = null;
@ -148,8 +169,10 @@ class Member extends DataObject implements TemplateGlobalProvider {
private static $unique_identifier_field = 'Email';
/**
* Object for validating user's password
*
* @config
* {@link PasswordValidator} object for validating user's password
* @var PasswordValidator
*/
private static $password_validator = null;
@ -243,8 +266,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
if(!Security::has_default_admin()) return null;
// Find or create ADMIN group
singleton('Group')->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
Group::singleton()->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
// Find member
$admin = Member::get()
@ -423,6 +446,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
/**
* Set a {@link PasswordValidator} object to use to validate member's passwords.
*
* @param PasswordValidator $pv
*/
public static function set_password_validator($pv) {
self::$password_validator = $pv;
@ -430,6 +455,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
/**
* Returns the current {@link PasswordValidator}
*
* @return PasswordValidator
*/
public static function password_validator() {
return self::$password_validator;
@ -482,8 +509,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
}
if($remember) {
$rememberLoginHash = RememberLoginHash::generate($this);
$tokenExpiryDays = Config::inst()->get('RememberLoginHash', 'token_expiry_days');
$deviceExpiryDays = Config::inst()->get('RememberLoginHash', 'device_expiry_days');
$tokenExpiryDays = Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'token_expiry_days');
$deviceExpiryDays = Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'device_expiry_days');
Cookie::set('alc_enc', $this->ID . ':' . $rememberLoginHash->getToken(),
$tokenExpiryDays, null, null, null, true);
Cookie::set('alc_device', $rememberLoginHash->DeviceID, $deviceExpiryDays, null, null, null, true);
@ -497,10 +524,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
// Clear the incorrect log-in count
$this->registerSuccessfulLogin();
// Don't set column if its not built yet (the login might be precursor to a /dev/build...)
if(array_key_exists('LockedOutUntil', DB::field_list('Member'))) {
$this->LockedOutUntil = null;
}
$this->regenerateTempID();
@ -534,7 +558,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
*/
public static function logged_in_session_exists() {
if($id = Member::currentUserID()) {
if($member = DataObject::get_by_id('Member', $id)) {
if($member = DataObject::get_by_id('SilverStripe\\Security\\Member', $id)) {
if($member->exists()) return true;
}
}
@ -570,7 +594,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
$deviceID = Cookie::get('alc_device');
$member = Member::get()->byId($uid);
$member = Member::get()->byID($uid);
$rememberLoginHash = null;
@ -606,7 +630,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
if ($rememberLoginHash) {
$rememberLoginHash->renew();
$tokenExpiryDays = Config::inst()->get('RememberLoginHash', 'token_expiry_days');
$tokenExpiryDays = Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'token_expiry_days');
Cookie::set('alc_enc', $member->ID . ':' . $rememberLoginHash->getToken(),
$tokenExpiryDays, null, null, false, true);
}
@ -652,6 +676,10 @@ class Member extends DataObject implements TemplateGlobalProvider {
/**
* Utility for generating secure password hashes for this member.
*
* @param string $string
* @return string
* @throws PasswordEncryptor_NotFoundException
*/
public function encryptWithUserSettings($string) {
if (!$string) return null;
@ -683,7 +711,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
$generator = new RandomGenerator();
$token = $generator->randomToken();
$hash = $this->encryptWithUserSettings($token);
} while(DataObject::get_one('Member', array(
} while(DataObject::get_one('SilverStripe\\Security\\Member', array(
'"Member"."AutoLoginHash"' => $hash
)));
@ -720,7 +748,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
public static function member_from_autologinhash($hash, $login = false) {
$nowExpression = DB::get_conn()->now();
$member = DataObject::get_one('Member', array(
$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
"\"Member\".\"AutoLoginHash\"" => $hash,
"\"Member\".\"AutoLoginExpired\" > $nowExpression" // NOW() can't be parameterised
));
@ -815,7 +843,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
* @return Member_Validator
*/
public function getValidator() {
$validator = Injector::inst()->create('Member_Validator');
$validator = Injector::inst()->create('SilverStripe\\Security\\Member_Validator');
$validator->setForMember($this);
$this->extend('updateValidator', $validator);
@ -826,13 +854,13 @@ class Member extends DataObject implements TemplateGlobalProvider {
/**
* Returns the current logged in user
*
* @return Member|null
* @return Member
*/
public static function currentUser() {
$id = Member::currentUserID();
if($id) {
return Member::get()->byId($id);
return Member::get()->byID($id);
}
}
@ -860,7 +888,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
* @return string Returns a random password.
*/
public static function create_new_password() {
$words = Config::inst()->get('Security', 'word_list');
$words = Config::inst()->get('SilverStripe\\Security\\Security', 'word_list');
if($words && file_exists($words)) {
$words = file($words);
@ -897,7 +925,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
if($this->ID) {
$filter[] = array('"Member"."ID" <> ?' => $this->ID);
}
$existingRecord = DataObject::get_one('Member', $filter);
$existingRecord = DataObject::get_one('SilverStripe\\Security\\Member', $filter);
if($existingRecord) {
throw new ValidationException(ValidationResult::create(false, _t(
@ -1001,8 +1029,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
* Filter out admin groups to avoid privilege escalation,
* If any admin groups are requested, deny the whole save operation.
*
* @param Array $ids Database IDs of Group records
* @return boolean True if the change can be accepted
* @param array $ids Database IDs of Group records
* @return bool True if the change can be accepted
*/
public function onChangeGroups($ids) {
// unless the current user is an admin already OR the logged in user is an admin
@ -1042,9 +1070,9 @@ class Member extends DataObject implements TemplateGlobalProvider {
*/
public function inGroup($group, $strict = false) {
if(is_numeric($group)) {
$groupCheckObj = DataObject::get_by_id('Group', $group);
$groupCheckObj = DataObject::get_by_id('SilverStripe\\Security\\Group', $group);
} elseif(is_string($group)) {
$groupCheckObj = DataObject::get_one('Group', array(
$groupCheckObj = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => $group
));
} elseif($group instanceof Group) {
@ -1068,10 +1096,10 @@ class Member extends DataObject implements TemplateGlobalProvider {
* group code does not return a valid group object.
*
* @param string $groupcode
* @param string Title of the group
* @param string $title Title of the group
*/
public function addToGroupByCode($groupcode, $title = "") {
$group = DataObject::get_one('Group', array(
$group = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => $groupcode
));
@ -1103,7 +1131,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
}
/**
* @param Array $columns Column names on the Member record to show in {@link getTitle()}.
* @param array $columns Column names on the Member record to show in {@link getTitle()}.
* @param String $sep Separator
*/
public static function set_title_columns($columns, $sep = ' ') {
@ -1151,24 +1179,28 @@ class Member extends DataObject implements TemplateGlobalProvider {
* Return a SQL CONCAT() fragment suitable for a SELECT statement.
* Useful for custom queries which assume a certain member title format.
*
* @param String $tableName
* @return String SQL
*/
public static function get_title_sql($tableName = 'Member') {
public static function get_title_sql() {
// This should be abstracted to SSDatabase concatOperator or similar.
$op = (DB::get_conn() instanceof MSSQLDatabase) ? " + " : " || ";
$format = self::config()->title_format;
if ($format) {
$columnsWithTablename = array();
foreach($format['columns'] as $column) {
$columnsWithTablename[] = "\"$tableName\".\"$column\"";
// Get title_format with fallback to default
$format = static::config()->title_format;
if (!$format) {
$format = [
'columns' => ['Surname', 'FirstName'],
'sep' => ' ',
];
}
return "(".join(" $op '".$format['sep']."' $op ", $columnsWithTablename).")";
} else {
return "(\"$tableName\".\"Surname\" $op ' ' $op \"$tableName\".\"FirstName\")";
$columnsWithTablename = array();
foreach($format['columns'] as $column) {
$columnsWithTablename[] = static::getSchema()->sqlColumnForField(__CLASS__, $column);
}
$sepSQL = \Convert::raw2sql($format['sep'], true);
return "(".join(" $op $sepSQL $op ", $columnsWithTablename).")";
}
@ -1249,7 +1281,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
* @return Member_Groupset
*/
public function Groups() {
$groups = Member_GroupSet::create('Group', 'Group_Members', 'GroupID', 'MemberID');
$groups = Member_GroupSet::create('SilverStripe\\Security\\Group', 'Group_Members', 'GroupID', 'MemberID');
$groups = $groups->forForeignID($this->ID);
$this->extend('updateGroups', $groups);
@ -1326,7 +1358,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
}
$permsClause = DB::placeholders($perms);
$groups = DataObject::get('Group')
/** @skipUpgrade */
$groups = DataObject::get('SilverStripe\\Security\\Group')
->innerJoin("Permission", '"Permission"."GroupID" = "Group"."ID"')
->where(array(
"\"Permission\".\"Code\" IN ($permsClause)" => $perms
@ -1343,6 +1376,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
$groupIDList = $groups;
}
/** @skipUpgrade */
$members = Member::get()
->innerJoin("Group_Members", '"Group_Members"."MemberID" = "Member"."ID"')
->innerJoin("Group", '"Group"."ID" = "Group_Members"."GroupID"');
@ -1429,7 +1463,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
}
asort($groupsMap);
$fields->addFieldToTab('Root.Main',
ListboxField::create('DirectGroups', singleton('Group')->i18n_plural_name())
ListboxField::create('DirectGroups', singleton('SilverStripe\\Security\\Group')->i18n_plural_name())
->setSource($groupsMap)
->setAttribute(
'data-placeholder',
@ -1445,12 +1479,12 @@ class Member extends DataObject implements TemplateGlobalProvider {
$permissionsField = new PermissionCheckboxSetField_Readonly(
'Permissions',
false,
'Permission',
'SilverStripe\\Security\\Permission',
'GroupID',
// we don't want parent relationships, they're automatically resolved in the field
$self->getManyManyComponents('Groups')
);
$fields->findOrMakeTab('Root.Permissions', singleton('Permission')->i18n_plural_name());
$fields->findOrMakeTab('Root.Permissions', singleton('SilverStripe\\Security\\Permission')->i18n_plural_name());
$fields->addFieldToTab('Root.Permissions', $permissionsField);
}
}
@ -1499,9 +1533,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
}
/**
*
* @param boolean $includerelations a boolean value to indicate if the labels returned include relation fields
*
* @param bool $includerelations Indicate if the labels returned include relation fields
* @return array
*/
public function fieldLabels($includerelations = true) {
$labels = parent::fieldLabels($includerelations);
@ -1526,6 +1559,9 @@ class Member extends DataObject implements TemplateGlobalProvider {
* Users can view their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions.
* This is likely to be customized for social sites etc. with a looser permission model.
*
* @param Member $member
* @return bool
*/
public function canView($member = null) {
//get member
@ -1549,9 +1585,13 @@ class Member extends DataObject implements TemplateGlobalProvider {
//standard check
return Permission::checkMember($member, 'CMS_ACCESS_SecurityAdmin');
}
/**
* Users can edit their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions
*
* @param Member $member
* @return bool
*/
public function canEdit($member = null) {
//get member
@ -1583,6 +1623,9 @@ class Member extends DataObject implements TemplateGlobalProvider {
/**
* Users can edit their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions
*
* @param Member $member
* @return bool
*/
public function canDelete($member = null) {
if(!($member instanceof Member)) {
@ -1641,7 +1684,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
* Change password. This will cause rehashing according to
* the `PasswordEncryption` property.
*
* @param String $password Cleartext password
* @param string $password Cleartext password
* @return ValidationResult
*/
public function changePassword($password) {
$this->Password = $password;
@ -1755,7 +1799,7 @@ class Member_GroupSet extends ManyManyList {
$allGroupIDs = array();
while($groupIDs) {
$allGroupIDs = array_merge($allGroupIDs, $groupIDs);
$groupIDs = DataObject::get("Group")->byIDs($groupIDs)->column("ParentID");
$groupIDs = DataObject::get("SilverStripe\\Security\\Group")->byIDs($groupIDs)->column("ParentID");
$groupIDs = array_filter($groupIDs);
}
@ -1811,7 +1855,7 @@ class Member_GroupSet extends ManyManyList {
protected function getMember() {
$id = $this->getForeignID();
if($id) {
return DataObject::get_by_id('Member', $id);
return DataObject::get_by_id('SilverStripe\\Security\\Member', $id);
}
}
}

View File

@ -1,6 +1,14 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\ValidationResult;
use InvalidArgumentException;
use Controller;
use Form;
use Session;
/**
* Authenticator for the default "member" method
*
@ -123,7 +131,7 @@ class MemberAuthenticator extends Authenticator {
} else {
// Audit logging hook
singleton('Member')->extend('authenticationFailedUnknownUser', $data);
Member::singleton()->extend('authenticationFailedUnknownUser', $data);
}
}
@ -170,16 +178,18 @@ class MemberAuthenticator extends Authenticator {
/**
* Method that creates the login form for this authentication method
*
* @param Controller The parent controller, necessary to create the
* @param Controller $controller The parent controller, necessary to create the
* appropriate form action tag
* @return Form Returns the login form to use with this authentication
* method
*/
public static function get_login_form(Controller $controller) {
/** @skipUpgrade */
return MemberLoginForm::create($controller, "LoginForm");
}
public static function get_cms_login_form(\Controller $controller) {
/** @skipUpgrade */
return CMSMemberLoginForm::create($controller, "LoginForm");
}

View File

@ -1,6 +1,12 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
use CsvBulkLoader;
use Convert;
/**
* Imports member records, and checks/updates duplicates based on their
* 'Email' property.
@ -17,7 +23,7 @@ class MemberCsvBulkLoader extends CsvBulkLoader {
protected $groups = array();
public function __construct($objectClass = null) {
if(!$objectClass) $objectClass = 'Member';
if(!$objectClass) $objectClass = 'SilverStripe\\Security\\Member';
parent::__construct($objectClass);
}
@ -64,14 +70,14 @@ class MemberCsvBulkLoader extends CsvBulkLoader {
}
/**
* @param Array $groups
* @param array $groups
*/
public function setGroups($groups) {
$this->groups = $groups;
}
/**
* @return Array
* @return array
*/
public function getGroups() {
return $this->groups;

View File

@ -1,4 +1,24 @@
<?php
namespace SilverStripe\Security;
use Director;
use Requirements;
use Session;
use FieldList;
use HiddenField;
use FormAction;
use SS_HTTPResponse;
use TextField;
use PasswordField;
use CheckboxField;
use Config;
use LiteralField;
use RequiredFields;
use Controller;
use Convert;
use Email;
/**
* Log-in form for the "member" authentication method.
*
@ -20,7 +40,7 @@ class MemberLoginForm extends LoginForm {
*/
public $loggedInAsField = 'FirstName';
protected $authenticator_class = 'MemberAuthenticator';
protected $authenticator_class = 'SilverStripe\\Security\\MemberAuthenticator';
/**
* Since the logout and dologin actions may be conditionally removed, it's necessary to ensure these
@ -38,7 +58,7 @@ class MemberLoginForm extends LoginForm {
* create the appropriate form action tag.
* @param string $name The method on the controller that will return this
* form object.
* @param FieldList|FormField $fields All of the fields in the form - a
* @param FieldList $fields All of the fields in the form - a
* {@link FieldList} of {@link FormField}
* objects.
* @param FieldList|FormAction $actions All of the action buttons in the
@ -47,7 +67,6 @@ class MemberLoginForm extends LoginForm {
* @param bool $checkCurrentUser If set to TRUE, it will be checked if a
* the user is currently logged in, and if
* so, only a logout button will be rendered
* @param string $authenticatorClassName Name of the authenticator class that this form uses.
*/
public function __construct($controller, $name, $fields = null, $actions = null,
$checkCurrentUser = true) {
@ -75,7 +94,7 @@ class MemberLoginForm extends LoginForm {
);
} else {
if(!$fields) {
$label=singleton('Member')->fieldLabel(Member::config()->unique_identifier_field);
$label=singleton('SilverStripe\\Security\\Member')->fieldLabel(Member::config()->unique_identifier_field);
$fields = FieldList::create(
HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this),
// Regardless of what the unique identifer field is (usually 'Email'), it will be held in the
@ -99,7 +118,7 @@ class MemberLoginForm extends LoginForm {
'title',
sprintf(
_t('Member.REMEMBERME', "Remember me next time? (for %d days on this device)"),
Config::inst()->get('RememberLoginHash', 'token_expiry_days')
Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'token_expiry_days')
)
)
);
@ -212,7 +231,7 @@ JS;
if(isset($_REQUEST['BackURL']) && $backURL = $_REQUEST['BackURL']) {
Session::set('BackURL', $backURL);
}
$cp = ChangePasswordForm::create($this->controller, 'ChangePasswordForm');
$cp = ChangePasswordForm::create($this->controller, 'SilverStripe\\Security\\ChangePasswordForm');
$cp->sessionMessage(
_t('Member.PASSWORDEXPIRED', 'Your password has expired. Please choose a new one.'),
'good'
@ -275,7 +294,7 @@ JS;
/**
* Try to authenticate the user
*
* @param array Submitted data
* @param array $data Submitted data
* @return Member Returns the member object on successful authentication
* or NULL on failure.
*/
@ -300,6 +319,7 @@ JS;
* in the form detailing why the action was denied.
*
* @param array $data Submitted data
* @return SS_HTTPResponse
*/
public function forgotPassword($data) {
// Ensure password is given

View File

@ -1,6 +1,11 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
/**
* Keep track of users' previous passwords, so that we can check that new passwords aren't changed back to old ones.
* @package framework
@ -22,18 +27,16 @@ class MemberPassword extends DataObject {
);
private static $has_one = array(
'Member' => 'Member'
'Member' => 'SilverStripe\\Security\\Member'
);
private static $has_many = array();
private static $many_many = array();
private static $belongs_many_many = array();
private static $table_name = "MemberPassword";
/**
* Log a password change from the given member.
* Call MemberPassword::log($this) from within Member whenever the password is changed.
*
* @param Member $member
*/
public static function log($member) {
$record = new MemberPassword();

View File

@ -1,6 +1,13 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DB;
use Config;
use ReflectionClass;
use Exception;
/**
* Allows pluggable password encryption.
* By default, this might be PHP's integrated sha1()
@ -22,10 +29,10 @@ abstract class PasswordEncryptor {
private static $encryptors = array();
/**
* @return Array Map of encryptor code to the used class.
* @return array Map of encryptor code to the used class.
*/
public static function get_encryptors() {
return Config::inst()->get('PasswordEncryptor', 'encryptors');
return Config::inst()->get('SilverStripe\\Security\\PasswordEncryptor', 'encryptors');
}
/**
@ -73,9 +80,9 @@ abstract class PasswordEncryptor {
*
* @uses RandomGenerator
*
* @param String $password Cleartext password
* @param string $password Cleartext password
* @param Member $member (Optional)
* @return String Maximum of 50 characters
* @return string Maximum of 50 characters
*/
public function salt($password, $member = null) {
$generator = new RandomGenerator();
@ -87,6 +94,12 @@ abstract class PasswordEncryptor {
* but is necessary for retain compatibility with password hashed
* with flawed algorithms - see {@link PasswordEncryptor_LegacyPHPHash} and
* {@link PasswordEncryptor_Blowfish}
*
* @param string $hash
* @param string $password
* @param string $salt
* @param Member $member
* @return bool
*/
public function check($hash, $password, $salt = null, $member = null) {
return $hash === $this->encrypt($password, $salt, $member);
@ -129,8 +142,7 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
/**
* Gets the cost that is set for the blowfish algorithm
*
* @param int $cost
* @return null
* @return int
*/
public static function get_cost() {
return self::$cost;
@ -242,6 +254,10 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
/**
* self::$cost param is forced to be two digits with leading zeroes for ints 4-9
*
* @param string $password
* @param Member $member
* @return string
*/
public function salt($password, $member = null) {
$generator = new RandomGenerator();
@ -274,7 +290,8 @@ class PasswordEncryptor_PHPHash extends PasswordEncryptor {
protected $algorithm = 'sha1';
/**
* @param String $algorithm A PHP built-in hashing algorithm as defined by hash_algos()
* @param string $algorithm A PHP built-in hashing algorithm as defined by hash_algos()
* @throws Exception
*/
public function __construct($algorithm) {
if(!in_array($algorithm, hash_algos())) {

View File

@ -1,6 +1,11 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\ValidationResult;
use Object;
/**
* This class represents a validator for member passwords.

View File

@ -1,8 +1,16 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\SS_List;
use TemplateGlobalProvider;
use ClassInfo;
use TestOnly;
/**
* Represents a permission assigned to a group.
* @package framework
@ -25,20 +33,20 @@ class Permission extends DataObject implements TemplateGlobalProvider {
"Arg" => "Int",
"Type" => "Int(1)"
);
private static $has_one = array(
"Group" => "Group"
"Group" => "SilverStripe\\Security\\Group"
);
private static $indexes = array(
"Code" => true
);
private static $defaults = array(
"Type" => 1
);
private static $has_many = array();
private static $many_many = array();
private static $belongs_many_many = array();
private static $table_name = "Permission";
/**
* This is the value to use for the "Type" field if a permission should be
@ -63,7 +71,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
* Method to globally disable "strict" checking, which means a permission
* will be granted if the key does not exist at all.
*
* @var bool
* @var array
*/
private static $declared_permissions = null;
@ -172,10 +180,14 @@ class Permission extends DataObject implements TemplateGlobalProvider {
}
// Turn the code into an array as we may need to add other permsissions to the set we check
if(!is_array($code)) $code = array($code);
if(!is_array($code)) {
$code = array($code);
}
// Check if admin should be treated as holding all permissions
$adminImpliesAll = (bool)static::config()->admin_implies_all;
if($arg == 'any') {
$adminImpliesAll = (bool)Config::inst()->get('Permission', 'admin_implies_all');
// Cache the permissions in memory
if(!isset(self::$cache_permissions[$memberID])) {
self::$cache_permissions[$memberID] = self::permissions_for_member($memberID);
@ -208,8 +220,8 @@ class Permission extends DataObject implements TemplateGlobalProvider {
// Code filters
$codeParams = is_array($code) ? $code : array($code);
$codeClause = DB::placeholders($codeParams);
$adminParams = (self::$admin_implies_all) ? array('ADMIN') : array();
$adminClause = (self::$admin_implies_all) ? ", ?" : '';
$adminParams = $adminImpliesAll ? array('ADMIN') : array();
$adminClause = $adminImpliesAll ? ", ?" : '';
// The following code should only be used if you're not using the "any" arg. This is kind
// of obselete functionality and could possibly be deprecated.
@ -235,7 +247,6 @@ class Permission extends DataObject implements TemplateGlobalProvider {
user_error("Permission::checkMember: bad arg '$arg'", E_USER_ERROR);
}
}
$adminFilter = (Config::inst()->get('Permission', 'admin_implies_all')) ? ",'ADMIN'" : '';
// Raw SQL for efficiency
$permission = DB::prepared_query(
@ -259,7 +270,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
if($permission) return $permission;
// Strict checking disabled?
if(!Config::inst()->get('Permission', 'strict_checking') || !$strict) {
if(!static::config()->strict_checking || !$strict) {
$hasPermission = DB::prepared_query(
"SELECT COUNT(*)
FROM \"Permission\"
@ -270,7 +281,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
array_merge($codeParams, array(self::GRANT_PERMISSION))
)->value();
if(!$hasPermission) return;
if(!$hasPermission) return false;
}
return false;
@ -279,6 +290,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
/**
* Get all the 'any' permission codes available to the given member.
*
* @param int $memberID
* @return array
*/
public static function permissions_for_member($memberID) {
@ -332,7 +344,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
if($member && isset($_SESSION['Permission_groupList'][$member->ID]))
return $_SESSION['Permission_groupList'][$member->ID];
} else {
$member = DataObject::get_by_id("Member", $memberID);
$member = DataObject::get_by_id("SilverStripe\\Security\\Member", $memberID);
}
if($member) {
@ -364,7 +376,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
*
* @param int $groupID The ID of the group
* @param string $code The permission code
* @param string Optional: The permission argument (e.g. a page ID).
* @param string $arg Optional: The permission argument (e.g. a page ID).
* @returns Permission Returns the new permission object.
*/
public static function grant($groupID, $code, $arg = "any") {
@ -379,6 +391,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
break;
case "all":
$perm->Arg = -1;
break;
default:
if(is_numeric($arg)) {
$perm->Arg = $arg;
@ -398,7 +411,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
*
* @param int $groupID The ID of the group
* @param string $code The permission code
* @param string Optional: The permission argument (e.g. a page ID).
* @param string $arg Optional: The permission argument (e.g. a page ID).
* @returns Permission Returns the new permission object.
*/
public static function deny($groupID, $code, $arg = "any") {
@ -413,6 +426,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
break;
case "all":
$perm->Arg = -1;
break;
default:
if(is_numeric($arg)) {
$perm->Arg = $arg;
@ -448,6 +462,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
if(empty($groupIDs)) return new ArrayList();
$groupClause = DB::placeholders($groupIDs);
/** @skipUpgrade */
$members = Member::get()
->where(array("\"Group\".\"ID\" IN ($groupClause)" => $groupIDs))
->leftJoin("Group_Members", '"Member"."ID" = "Group_Members"."MemberID"')
@ -458,7 +473,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
/**
* Return all of the groups that have one of the given permission codes
* @param $codes array|string Either a single permission code, or an array of permission codes
* @param array|string $codes Either a single permission code, or an array of permission codes
* @return SS_List The matching group objects
*/
public static function get_groups_by_permission($codes) {
@ -466,7 +481,8 @@ class Permission extends DataObject implements TemplateGlobalProvider {
$codeClause = DB::placeholders($codeParams);
// Via Roles are groups that have the permission via a role
return DataObject::get('Group')
/** @skipUpgrade */
return Group::get()
->where(array(
"\"PermissionRoleCode\".\"Code\" IN ($codeClause) OR \"Permission\".\"Code\" IN ($codeClause)"
=> array_merge($codeParams, $codeParams)
@ -491,7 +507,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
* suitable for using in an interface.
*/
public static function get_codes($grouped = true) {
$classes = ClassInfo::implementorsOf('PermissionProvider');
$classes = ClassInfo::implementorsOf('SilverStripe\\Security\\PermissionProvider');
$allCodes = array();
$adminCategory = _t('Permission.AdminGroup', 'Administrator');
@ -571,6 +587,9 @@ class Permission extends DataObject implements TemplateGlobalProvider {
/**
* Sort permissions based on their sort value, or name
*
* @param array $a
* @param array $b
* @return int
*/
public static function sort_permissions($a, $b) {
if ($a['sort'] == $b['sort']) {
@ -582,48 +601,6 @@ class Permission extends DataObject implements TemplateGlobalProvider {
}
}
/**
* add a permission represented by the $code to the {@link slef::$hidden_permissions} list
*
* @deprecated 4.0 Use "Permission.hidden_permissions" config setting instead
* @param $code string - the permissions code
* @return void
*/
public static function add_to_hidden_permissions($code){
if(is_string($codes)) $codes = array($codes);
Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
Config::inst()->update('Permission', 'hidden_permissions', $codes);
}
/**
* remove a permission represented by the $code from the {@link slef::$hidden_permissions} list
*
* @deprecated 4.0 Use "Permission.hidden_permissions" config setting instead
* @param $code string - the permissions code
* @return void
*/
public static function remove_from_hidden_permissions($code){
if(is_string($codes)) $codes = array($codes);
Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
Config::inst()->remove('Permission', 'hidden_permissions', $codes);
}
/**
* Declare an array of permissions for the system.
*
* Permissions can be grouped by nesting arrays. Scalar values are always
* treated as permissions.
*
* @deprecated 4.0 Use "Permission.declared_permissions" config setting instead
* @param array $permArray A (possibly nested) array of permissions to
* declare for the system.
*/
public static function declare_permissions($permArray) {
Deprecation::notice('4.0', 'Use "Permission.declared_permissions" config setting instead');
self::config()->declared_permissions = $permArray;
}
/**
* Get a linear list of the permissions in the system.
*
@ -638,8 +615,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
self::$declared_permissions_list = array();
self::traverse_declared_permissions(self::$declared_permissions,
self::$declared_permissions_list);
self::traverse_declared_permissions(self::$declared_permissions, self::$declared_permissions_list);
return self::$declared_permissions_list;
}
@ -647,8 +623,8 @@ class Permission extends DataObject implements TemplateGlobalProvider {
/**
* Look up the human-readable title for the permission as defined by <code>Permission::declare_permissions</code>
*
* @param $perm Permission code
* @return Label for the given permission, or the permission itself if the label doesn't exist
* @param string $perm Permission code
* @return string Label for the given permission, or the permission itself if the label doesn't exist
*/
public static function get_label_for_permission($perm) {
$list = self::get_declared_permissions_list();
@ -660,8 +636,8 @@ class Permission extends DataObject implements TemplateGlobalProvider {
* Recursively traverse the nested list of declared permissions and create
* a linear list.
*
* @param aeeay $declared Nested structure of permissions.
* @param $list List of permissions in the structure. The result will be
* @param array $declared Nested structure of permissions.
* @param array $list List of permissions in the structure. The result will be
* written to this array.
*/
protected static function traverse_declared_permissions($declared, &$list) {

View File

@ -1,10 +1,19 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\FieldType\DBHTMLText;
use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\DataObjectInterface;
use FormField;
use InvalidArgumentException;
use Requirements;
use Config;
/**
@ -21,7 +30,7 @@ use SilverStripe\ORM\DataObjectInterface;
class PermissionCheckboxSetField extends FormField {
/**
* @var Array Filter certain permission codes from the output.
* @var array Filter certain permission codes from the output.
* Useful to simplify the interface
*/
protected $hiddenPermissions = array();
@ -66,14 +75,14 @@ class PermissionCheckboxSetField extends FormField {
}
/**
* @param Array $codes
* @param array $codes
*/
public function setHiddenPermissions($codes) {
$this->hiddenPermissions = $codes;
}
/**
* @return Array
* @return array
*/
public function getHiddenPermissions() {
return $this->hiddenPermissions;
@ -81,7 +90,7 @@ class PermissionCheckboxSetField extends FormField {
/**
* @param array $properties
* @return HTMLText
* @return DBHTMLText
*/
public function Field($properties = array()) {
Requirements::css(FRAMEWORK_DIR . '/client/dist/styles/CheckboxSetField.css');
@ -96,7 +105,7 @@ class PermissionCheckboxSetField extends FormField {
$record = $this->form->getRecord();
if(
$record
&& (is_a($record, 'Group') || is_a($record, 'PermissionRole'))
&& ($record instanceof Group || $record instanceof PermissionRole)
&& !$records->find('ID', $record->ID)
) {
$records->push($record);
@ -117,7 +126,7 @@ class PermissionCheckboxSetField extends FormField {
// Special case for Group records (not PermissionRole):
// Determine inherited assignments
if(is_a($record, 'Group')) {
if(is_a($record, 'SilverStripe\\Security\\Group')) {
// Get all permissions from roles
if ($record->Roles()->Count()) {
foreach($record->Roles() as $role) {
@ -172,7 +181,7 @@ class PermissionCheckboxSetField extends FormField {
$odd = 0;
$options = '';
$globalHidden = (array)Config::inst()->get('Permission', 'hidden_permissions');
$globalHidden = (array)Config::inst()->get('SilverStripe\\Security\\Permission', 'hidden_permissions');
if($this->source) {
$privilegedPermissions = Permission::config()->privileged_permissions;
@ -188,7 +197,7 @@ class PermissionCheckboxSetField extends FormField {
$odd = ($odd + 1) % 2;
$extraClass = $odd ? 'odd' : 'even';
$extraClass .= ' val' . str_replace(' ', '', $code);
$itemID = $this->id() . '_' . preg_replace('/[^a-zA-Z0-9]+/', '', $code);
$itemID = $this->ID() . '_' . preg_replace('/[^a-zA-Z0-9]+/', '', $code);
$checked = $disabled = $inheritMessage = '';
$checked = (isset($uninheritedCodes[$code]) || isset($inheritedCodes[$code]))
? ' checked="checked"'
@ -240,7 +249,7 @@ class PermissionCheckboxSetField extends FormField {
}
if($this->readonly) {
return DBField::create_field('HTMLText',
"<ul id=\"{$this->id()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" .
"<ul id=\"{$this->ID()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" .
"<li class=\"help\">" .
_t(
'Permissions.UserPermissionsIntro',
@ -253,7 +262,7 @@ class PermissionCheckboxSetField extends FormField {
);
} else {
return DBField::create_field('HTMLText',
"<ul id=\"{$this->id()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" .
"<ul id=\"{$this->ID()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" .
$options .
"</ul>\n"
);
@ -263,7 +272,7 @@ class PermissionCheckboxSetField extends FormField {
/**
* Update the permission set associated with $record DataObject
*
* @param DataObject $record
* @param DataObjectInterface $record
*/
public function saveInto(DataObjectInterface $record) {
$fieldname = $this->name;

View File

@ -1,4 +1,9 @@
<?php
namespace SilverStripe\Security;
use Exception;
/**
* Throw this exception to register that a user doesn't have permission to do the given action
* and potentially redirect them to the log-in page. The exception message may be presented to the

View File

@ -1,4 +1,9 @@
<?php
namespace SilverStripe\Security;
/**
* Used to let classes provide new permission codes.
* Every implementor of PermissionProvider is accessed and providePermissions() called to get the full list of

View File

@ -1,6 +1,12 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\HasManyList;
use SilverStripe\ORM\ManyManyList;
/**
* A PermissionRole represents a collection of permission codes that can be applied to groups.
*
@ -28,13 +34,15 @@ class PermissionRole extends DataObject {
);
private static $has_many = array(
"Codes" => "PermissionRoleCode",
"Codes" => "SilverStripe\\Security\\PermissionRoleCode",
);
private static $belongs_many_many = array(
"Groups" => "Group",
"Groups" => "SilverStripe\\Security\\Group",
);
private static $table_name = "PermissionRole";
private static $default_sort = '"Title"';
private static $singular_name = 'Role';
@ -51,13 +59,13 @@ class PermissionRole extends DataObject {
'Root.Main',
$permissionField = new PermissionCheckboxSetField(
'Codes',
singleton('Permission')->i18n_plural_name(),
'PermissionRoleCode',
Permission::singleton()->i18n_plural_name(),
'SilverStripe\\Security\\PermissionRoleCode',
'RoleID'
)
);
$permissionField->setHiddenPermissions(
Config::inst()->get('Permission', 'hidden_permissions')
Permission::config()->hidden_permissions
);
return $fields;

View File

@ -1,6 +1,9 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
/**
* A PermissionRoleCode represents a single permission code assigned to a {@link PermissionRole}.
*
@ -19,14 +22,16 @@ class PermissionRoleCode extends DataObject {
);
private static $has_one = array(
"Role" => "PermissionRole",
"Role" => "SilverStripe\\Security\\PermissionRole",
);
private static $table_name = "PermissionRoleCode";
public function validate() {
$result = parent::validate();
// Check that new code doesn't increase privileges, unless an admin is editing.
$privilegedCodes = Config::inst()->get('Permission', 'privileged_permissions');
$privilegedCodes = Permission::config()->privileged_permissions;
if(
$this->Code
&& in_array($this->Code, $privilegedCodes)

View File

@ -1,4 +1,9 @@
<?php
namespace SilverStripe\Security;
use Exception;
/**
* Generates entropy values based on strongest available methods
* (mcrypt_create_iv(), openssl_random_pseudo_bytes(), /dev/urandom, COM.CAPICOM.Utilities.1, mt_rand()).
@ -46,7 +51,7 @@ class RandomGenerator {
// try to read from the windows RNG
if($isWin && class_exists('COM')) {
try {
$comObj = new COM('CAPICOM.Utilities.1');
$comObj = new \COM('CAPICOM.Utilities.1');
if(is_callable(array($comObj,'GetRandom'))) {
return base64_decode($comObj->GetRandom(64, 0));

View File

@ -1,7 +1,13 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\DataObject;
use DateTime;
use DateInterval;
/**
* Persists a token associated with a device for users who opted for the "Remember Me"
* feature when logging in.
@ -26,7 +32,7 @@ class RememberLoginHash extends DataObject {
);
private static $has_one = array (
'Member' => 'Member',
'Member' => 'SilverStripe\\Security\\Member',
);
private static $indexes = array(
@ -34,6 +40,8 @@ class RememberLoginHash extends DataObject {
'Hash' => true
);
private static $table_name = "RememberLoginHash";
/**
* Determines if logging out on one device also clears existing login tokens
* on all other devices owned by the member.
@ -95,7 +103,7 @@ class RememberLoginHash extends DataObject {
/**
* Creates a new random token and hashes it using the
* member information
* @param Member The logged in user
* @param Member $member The logged in user
* @return string The hash to be stored in the database
*/
public function getNewHash(Member $member){
@ -109,25 +117,27 @@ class RememberLoginHash extends DataObject {
* The device is assigned a globally unique device ID
* The returned login hash stores the hashed token in the
* database, for this device and this member
* @param Member The logged in user
* @param Member $member The logged in user
* @return RememberLoginHash The generated login hash
*/
public static function generate(Member $member) {
if(!$member->exists()) { return; }
if (Config::inst()->get('RememberLoginHash', 'force_single_token') == true) {
$rememberLoginHash = RememberLoginHash::get()->filter('MemberID', $member->ID)->removeAll();
if(!$member->exists()) {
return null;
}
if (static::config()->force_single_token) {
RememberLoginHash::get()->filter('MemberID', $member->ID)->removeAll();
}
$rememberLoginHash = RememberLoginHash::create();
do {
$deviceID = $rememberLoginHash->getNewDeviceID();
} while (RememberLoginHash::get()->filter('DeviceID', $deviceID)->Count());
} while (RememberLoginHash::get()->filter('DeviceID', $deviceID)->count());
$rememberLoginHash->DeviceID = $deviceID;
$rememberLoginHash->Hash = $rememberLoginHash->getNewHash($member);
$rememberLoginHash->MemberID = $member->ID;
$now = DBDatetime::now();
$expiryDate = new DateTime($now->Rfc2822());
$tokenExpiryDays = Config::inst()->get('RememberLoginHash', 'token_expiry_days');
$tokenExpiryDays = static::config()->token_expiry_days;
$expiryDate->add(new DateInterval('P'.$tokenExpiryDays.'D'));
$rememberLoginHash->ExpiryDate = $expiryDate->format('Y-m-d H:i:s');
$rememberLoginHash->extend('onAfterGenerateToken');
@ -137,7 +147,7 @@ class RememberLoginHash extends DataObject {
/**
* Generates a new hash for this member but keeps the device ID intact
* @param Member the logged in user
*
* @return RememberLoginHash
*/
public function renew() {
@ -152,11 +162,14 @@ class RememberLoginHash extends DataObject {
* Deletes existing tokens for this member
* if logout_across_devices is true, all tokens are deleted, otherwise
* only the token for the provided device ID will be removed
*
* @param Member $member
* @param string $alcDevice
*/
public static function clear(Member $member, $alcDevice = null) {
if(!$member->exists()) { return; }
$filter = array('MemberID'=>$member->ID);
if ((Config::inst()->get('RememberLoginHash', 'logout_across_devices') == false) && $alcDevice) {
if (!static::config()->logout_across_devices && $alcDevice) {
$filter['DeviceID'] = $alcDevice;
}
RememberLoginHash::get()

View File

@ -1,8 +1,30 @@
<?php
namespace SilverStripe\Security;
use Form;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DB;
use Controller;
use SS_HTTPRequest;
use TemplateGlobalProvider;
use Deprecation;
use Director;
use SS_HTTPResponse;
use Session;
use Config;
use Exception;
use Page;
use Page_Controller;
use ArrayData;
use FieldList;
use EmailField;
use FormAction;
use Convert;
use Object;
use ClassInfo;
/**
* Implements a basic security model
* @package framework
@ -303,7 +325,7 @@ class Security extends Controller implements TemplateGlobalProvider {
$controller->extend('permissionDenied', $member);
return $controller->redirect(
Config::inst()->get('Security', 'login_url')
Config::inst()->get('SilverStripe\\Security\\Security', 'login_url')
. "?BackURL=" . urlencode($_SERVER['REQUEST_URI'])
);
}
@ -341,6 +363,7 @@ class Security extends Controller implements TemplateGlobalProvider {
* Get the login form to process according to the submitted data
*
* @return Form
* @throws Exception
*/
public function LoginForm() {
$authenticator = $this->getAuthenticator();
@ -375,6 +398,7 @@ class Security extends Controller implements TemplateGlobalProvider {
* @return string Returns the link to the given action
*/
public function Link($action = null) {
/** @skipUpgrade */
return Controller::join_links(Director::baseURL(), "Security", $action);
}
@ -448,6 +472,7 @@ class Security extends Controller implements TemplateGlobalProvider {
// Use sitetree pages to render the security page
$tmpPage = new Page();
$tmpPage->Title = $title;
/** @skipUpgrade */
$tmpPage->URLSegment = "Security";
// Disable ID-based caching of the log-in page by making it a random number
$tmpPage->ID = -1 * rand(1,10000000);
@ -465,6 +490,7 @@ class Security extends Controller implements TemplateGlobalProvider {
* @return array Template list
*/
public function getTemplatesFor($action) {
/** @skipUpgrade */
return array("Security_{$action}", 'Security', $this->stat('template_main'), 'BlankPage');
}
@ -558,7 +584,7 @@ class Security extends Controller implements TemplateGlobalProvider {
public function basicauthlogin() {
$member = BasicAuth::requireLogin("SilverStripe login", 'ADMIN');
$member->LogIn();
$member->logIn();
}
/**
@ -652,7 +678,8 @@ class Security extends Controller implements TemplateGlobalProvider {
* - t: plaintext token
*
* @param Member $member Member object associated with this link.
* @param string $autoLoginHash The auto login token.
* @param string $autologinToken The auto login token.
* @return string
*/
public static function getPasswordResetLink($member, $autologinToken) {
$autologinToken = urldecode($autologinToken);
@ -682,7 +709,7 @@ class Security extends Controller implements TemplateGlobalProvider {
// Extract the member from the URL.
$member = null;
if (isset($_REQUEST['m'])) {
$member = Member::get()->filter('ID', (int)$_REQUEST['m'])->First();
$member = Member::get()->filter('ID', (int)$_REQUEST['m'])->first();
}
// Check whether we are merely changin password, or resetting.
@ -743,17 +770,23 @@ class Security extends Controller implements TemplateGlobalProvider {
/**
* Factory method for the lost password form
*
* @return Form Returns the lost password form
* @return ChangePasswordForm Returns the lost password form
*/
public function ChangePasswordForm() {
return Object::create('ChangePasswordForm', $this, 'ChangePasswordForm');
/** @skipUpgrade */
$formName = 'ChangePasswordForm';
return \Injector::inst()->createWithArgs(
'SilverStripe\\Security\\ChangePasswordForm',
[ $this, $formName]
);
}
/**
* Gets the template for an include used for security.
* For use in any subclass.
*
* @return string|array Returns the template(s) for rendering
* @param string $name
* @return array Returns the template(s) for rendering
*/
public function getIncludeTemplate($name) {
return array('Security_' . $name);
@ -776,17 +809,17 @@ class Security extends Controller implements TemplateGlobalProvider {
// coupling to subsites module
$origSubsite = null;
if(is_callable('Subsite::changeSubsite')) {
$origSubsite = Subsite::currentSubsiteID();
Subsite::changeSubsite(0);
$origSubsite = \Subsite::currentSubsiteID();
\Subsite::changeSubsite(0);
}
$member = null;
// find a group with ADMIN permission
$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
if(is_callable('Subsite::changeSubsite')) {
Subsite::changeSubsite($origSubsite);
\Subsite::changeSubsite($origSubsite);
}
if ($adminGroup) {
@ -794,13 +827,13 @@ class Security extends Controller implements TemplateGlobalProvider {
}
if(!$adminGroup) {
singleton('Group')->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
Group::singleton()->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
}
if(!$member) {
singleton('Member')->requireDefaultRecords();
$member = Permission::get_members_by_permission('ADMIN')->First();
Member::singleton()->requireDefaultRecords();
$member = Permission::get_members_by_permission('ADMIN')->first();
}
if(!$member) {
@ -841,6 +874,7 @@ class Security extends Controller implements TemplateGlobalProvider {
*
* @param string $username The user name
* @param string $password The password (in cleartext)
* @return bool
*/
public static function setDefaultAdmin($username, $password) {
// don't overwrite if already set
@ -1004,9 +1038,9 @@ class Security extends Controller implements TemplateGlobalProvider {
return self::$database_is_ready;
}
$requiredClasses = ClassInfo::dataClassesFor('Member');
$requiredClasses[] = 'Group';
$requiredClasses[] = 'Permission';
$requiredClasses = ClassInfo::dataClassesFor('SilverStripe\\Security\\Member');
$requiredClasses[] = 'SilverStripe\\Security\\Group';
$requiredClasses[] = 'SilverStripe\\Security\\Permission';
foreach($requiredClasses as $class) {
// Skip test classes, as not all test classes are scaffolded at once

View File

@ -1,4 +1,15 @@
<?php
namespace SilverStripe\Security;
use FieldList;
use Object;
use SS_HTTPRequest;
use TemplateGlobalProvider;
use Session;
use HiddenField;
use Controller;
/**
* @package framework
* @subpackage security
@ -110,7 +121,8 @@ class SecurityToken extends Object implements TemplateGlobalProvider {
}
/**
* @return String
* @param string $name
* @return string
*/
public function setName($name) {
$val = $this->getValue();

View File

@ -1,17 +1,17 @@
---
name: coreencryptors
---
PasswordEncryptor:
'SilverStripe\Security\PasswordEncryptor':
encryptors:
none:
PasswordEncryptor_None:
'SilverStripe\Security\PasswordEncryptor_None':
md5:
PasswordEncryptor_LegacyPHPHash: md5
'SilverStripe\Security\PasswordEncryptor_LegacyPHPHash': md5
sha1:
PasswordEncryptor_LegacyPHPHash: sha1
'SilverStripe\Security\PasswordEncryptor_LegacyPHPHash': sha1
md5_v2.4:
PasswordEncryptor_PHPHash: md5
'SilverStripe\Security\PasswordEncryptor_PHPHash': md5
sha1_v2.4:
PasswordEncryptor_PHPHash: sha1
'SilverStripe\Security\PasswordEncryptor_PHPHash': sha1
blowfish:
PasswordEncryptor_Blowfish:
'SilverStripe\Security\PasswordEncryptor_Blowfish':

View File

@ -14,8 +14,8 @@ After:
---
Director:
rules:
'Security//$Action/$ID/$OtherID': 'Security'
'CMSSecurity//$Action/$ID/$OtherID': 'CMSSecurity'
'Security//$Action/$ID/$OtherID': 'SilverStripe\Security\Security'
'CMSSecurity//$Action/$ID/$OtherID': 'SilverStripe\Security\CMSSecurity'
'dev': 'DevelopmentAdmin'
'interactive': 'SapphireREPL'
'InstallerTest//$Action/$ID/$OtherID': 'InstallerTest'

View File

@ -2,8 +2,11 @@
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\SecurityToken;
/**
* Special request handler for admin/batchaction
@ -28,6 +31,9 @@ class CMSBatchActionHandler extends RequestHandler {
'handleConfirmation',
);
/**
* @var Controller
*/
protected $parentController;
/**
@ -43,7 +49,7 @@ class CMSBatchActionHandler extends RequestHandler {
protected $recordClass = 'SiteTree';
/**
* @param string $parentController
* @param Controller $parentController
* @param string $urlSegment
* @param string $recordClass
*/
@ -61,9 +67,10 @@ class CMSBatchActionHandler extends RequestHandler {
* Register a new batch action. Each batch action needs to be represented by a subclass
* of {@link CMSBatchAction}.
*
* @param $urlSegment The URL Segment of the batch action - the URL used to process this
* @param string $urlSegment The URL Segment of the batch action - the URL used to process this
* action will be admin/batchactions/(urlSegment)
* @param $batchActionClass The name of the CMSBatchAction subclass to register
* @param string $batchActionClass The name of the CMSBatchAction subclass to register
* @param string $recordClass
*/
public static function register($urlSegment, $batchActionClass, $recordClass = 'SiteTree') {
if(is_subclass_of($batchActionClass, 'CMSBatchAction')) {

View File

@ -1,4 +1,6 @@
<?php
use SilverStripe\Security\Member;
/**
* The object manages the main CMS menu. See {@link LeftAndMain::init()} for
* example usage.
@ -53,7 +55,6 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
* Add a LeftAndMain controller to the CMS menu.
*
* @param string $controllerClass The class name of the controller
* @return The result of the operation
* @todo A director rule is added when a controller link is added, but it won't be removed
* when the item is removed. Functionality needed in {@link Director}.
*/
@ -65,6 +66,9 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
/**
* Return a CMSMenuItem to add the given controller to the CMSMenu
*
* @param string $controllerClass
* @return CMSMenuItem
*/
protected static function menuitem_for_controller($controllerClass) {
$urlBase = Config::inst()->get($controllerClass, 'url_base', Config::FIRST_SET);
@ -113,9 +117,9 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
* @param string $controllerClass The controller class for this menu, used to check permisssions.
* If blank, it's assumed that this is public, and always shown to users who
* have the rights to access some other part of the admin area.
* @param int $priority
* @param array $attributes an array of attributes to include on the link.
*
* @return boolean Success
* @return bool Success
*/
public static function add_menu_item($code, $menuTitle, $url, $controllerClass = null, $priority = -1,
$attributes = null) {
@ -244,9 +248,9 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
* @param string $controllerClass The controller class for this menu, used to check permisssions.
* If blank, it's assumed that this is public, and always shown to users who
* have the rights to access some other part of the admin area.
* @param int $priority
* @param array $attributes an array of attributes to include on the link.
*
* @return boolean Success
* @return bool Success
*/
public static function replace_menu_item($code, $menuTitle, $url, $controllerClass = null, $priority = -1,
$attributes = null) {
@ -265,6 +269,9 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
/**
* Add a previously built menu item object to the menu
*
* @param string $code
* @param CMSMenuItem $cmsMenuItem
*/
protected static function add_menu_item_obj($code, $cmsMenuItem) {
self::$menu_item_changes[] = array(

View File

@ -1,7 +1,9 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\ArrayList;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
/**
* @package framework
@ -15,7 +17,7 @@ class CMSProfileController extends LeftAndMain {
private static $required_permission_codes = false;
private static $tree_class = 'Member';
private static $tree_class = 'SilverStripe\\Security\\Member';
public function getEditForm($id = null, $fields = null) {
$this->setCurrentPageID(Member::currentUserID());
@ -40,7 +42,7 @@ class CMSProfileController extends LeftAndMain {
if($member = Member::currentUser()) {
$form->setValidator($member->getValidator());
} else {
$form->setValidator(Injector::inst()->get('Member')->getValidator());
$form->setValidator(Member::singleton()->getValidator());
}
if($form->Fields()->hasTabset()) {
@ -70,7 +72,7 @@ class CMSProfileController extends LeftAndMain {
}
public function save($data, $form) {
$member = DataObject::get_by_id("Member", $data['ID']);
$member = Member::get()->byID($data['ID']);
if(!$member) return $this->httpError(404);
$origLocale = $member->Locale;
@ -93,6 +95,9 @@ class CMSProfileController extends LeftAndMain {
* Only show first element, as the profile form is limited to editing
* the current member it doesn't make much sense to show the member name
* in the breadcrumbs.
*
* @param bool $unlinked
* @return ArrayList
*/
public function Breadcrumbs($unlinked = false) {
$items = parent::Breadcrumbs($unlinked);

View File

@ -1,8 +1,12 @@
<?php
use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\Versioning\ChangeSet;
use SilverStripe\ORM\Versioning\ChangeSetItem;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\SecurityToken;
use SilverStripe\Security\PermissionProvider;
/**
* Campaign section of the CMS

View File

@ -1,5 +1,8 @@
<?php
use SilverStripe\Security\Group;
use SilverStripe\Security\GroupCsvBulkLoader;
/**
* Imports {@link Group} records by CSV upload, as defined in
* {@link GroupCsvBulkLoader}.

View File

@ -7,6 +7,8 @@
use SilverStripe\Forms\Schema\FormSchema;
use SilverStripe\ORM\Hierarchy\Hierarchy;
use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\DataModel;
use SilverStripe\ORM\ValidationException;
@ -15,6 +17,12 @@ use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\Queries\SQLSelect;
use SilverStripe\Security\SecurityToken;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
use SilverStripe\Security\PermissionProvider;
/**
@ -660,6 +668,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
* You should implement a Link() function in your subclass of LeftAndMain,
* to point to the URL of that particular controller.
*
* @param string $action
* @return string
*/
public function Link($action = null) {
@ -733,6 +742,11 @@ class LeftAndMain extends Controller implements PermissionProvider {
return '';
}
/**
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
* @throws SS_HTTPResponse_Exception
*/
public function show($request) {
// TODO Necessary for TableListField URLs to work properly
if($request->param('ID')) $this->setCurrentPageID($request->param('ID'));
@ -775,7 +789,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
* Returns the main menu of the CMS. This is also used by init()
* to work out which sections the user has access to.
*
* @param Boolean
* @param bool $cached
* @return SS_List
*/
public function MainMenu($cached = true) {
@ -874,6 +888,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
* Return a list of appropriate templates for this class, with the given suffix using
* {@link SSViewer::get_templates_by_class()}
*
* @param string $suffix
* @return array
*/
public function getTemplatesWithSuffix($suffix) {
@ -898,6 +913,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
}
/**
* @param bool $unlinked
* @return ArrayList
*/
public function Breadcrumbs($unlinked = false) {
@ -965,12 +981,15 @@ class LeftAndMain extends Controller implements PermissionProvider {
/**
* Get a site tree HTML listing which displays the nodes under the given criteria.
*
* @param $className The class of the root object
* @param $rootID The ID of the root object. If this is null then a complete tree will be
* @param string $className The class of the root object
* @param string $rootID The ID of the root object. If this is null then a complete tree will be
* shown
* @param $childrenMethod The method to call to get the children of the tree. For example,
* @param string $childrenMethod The method to call to get the children of the tree. For example,
* Children, AllChildrenIncludingDeleted, or AllHistoricalChildren
* @return String Nested unordered list with links to each page
* @param string $numChildrenMethod
* @param callable $filterFunction
* @param int $nodeCountThreshold
* @return string Nested unordered list with links to each page
*/
public function getSiteTreeFor($className, $rootID = null, $childrenMethod = null, $numChildrenMethod = null,
$filterFunction = null, $nodeCountThreshold = 30) {
@ -1100,6 +1119,9 @@ class LeftAndMain extends Controller implements PermissionProvider {
/**
* Get a subtree underneath the request param 'ID'.
* If ID = 0, then get the whole tree.
*
* @param SS_HTTPRequest $request
* @return string
*/
public function getsubtree($request) {
$html = $this->getSiteTreeFor(
@ -1124,7 +1146,8 @@ class LeftAndMain extends Controller implements PermissionProvider {
* all children with the node. Useful to refresh views after
* state modifications, e.g. saving a form.
*
* @return String JSON
* @param SS_HTTPRequest $request
* @return string JSON
*/
public function updatetreenodes($request) {
$data = array();
@ -1264,7 +1287,9 @@ class LeftAndMain extends Controller implements PermissionProvider {
* - 'SiblingIDs': Array of all sibling nodes to the moved node (incl. the node itself).
* In case of a 'ParentID' change, relates to the new siblings under the new parent.
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse JSON string with a
* @throws SS_HTTPResponse_Exception
*/
public function savetreenode($request) {
if (!SecurityToken::inst()->checkRequest($request)) {

View File

@ -1,5 +1,7 @@
<?php
use SilverStripe\Security\MemberCsvBulkLoader;
/**
* Imports {@link Member} records by CSV upload, as defined in
* {@link MemberCsvBulkLoader}.

View File

@ -1,6 +1,9 @@
<?php
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\SS_List;
use SilverStripe\Security\Member;
/**
* Generates a three-pane UI for editing model classes, with an
* automatically generated search panel, tabular results and edit forms.
@ -248,6 +251,8 @@ abstract class ModelAdmin extends LeftAndMain {
/**
* Sanitise a model class' name for inclusion in a link
*
* @param string $class
* @return string
*/
protected function sanitiseClassName($class) {
@ -256,6 +261,8 @@ abstract class ModelAdmin extends LeftAndMain {
/**
* Unsanitise a model class' name from a URL param
*
* @param string $class
* @return string
*/
protected function unsanitiseClassName($class) {
@ -444,6 +451,7 @@ abstract class ModelAdmin extends LeftAndMain {
}
/**
* @param bool $unlinked
* @return ArrayList
*/
public function Breadcrumbs($unlinked = false) {

View File

@ -1,5 +1,12 @@
<?php
use SilverStripe\Security\Security;
use SilverStripe\Security\Member;
use SilverStripe\Security\Group;
use SilverStripe\Security\Permission;
use SilverStripe\Security\PermissionRole;
use SilverStripe\Security\PermissionProvider;
/**
* Security section of the CMS
*
@ -14,9 +21,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
private static $menu_title = 'Security';
private static $tree_class = 'Group';
private static $tree_class = 'SilverStripe\\Security\\Group';
private static $subitem_class = 'Member';
private static $subitem_class = 'SilverStripe\\Security\\Member';
private static $allowed_actions = array(
'EditForm',
@ -36,6 +43,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
/**
* Shortcut action for setting the correct active tab.
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
*/
public function users($request) {
return $this->index($request);
@ -43,6 +53,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
/**
* Shortcut action for setting the correct active tab.
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
*/
public function groups($request) {
return $this->index($request);
@ -50,6 +63,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
/**
* Shortcut action for setting the correct active tab.
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
*/
public function roles($request) {
return $this->index($request);
@ -79,7 +95,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
if($record && method_exists($record, 'getValidator')) {
$validator = $record->getValidator();
} else {
$validator = Injector::inst()->get('Member')->getValidator();
$validator = Member::singleton()->getValidator();
}
$memberListConfig
@ -94,7 +110,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
);
$columns = $groupList->getConfig()->getComponentByType('GridFieldDataColumns');
$columns->setDisplayFields(array(
'Breadcrumbs' => singleton('Group')->fieldLabel('Title')
'Breadcrumbs' => singleton('SilverStripe\\Security\\Group')->fieldLabel('Title')
));
$columns->setFieldFormatting(array(
'Breadcrumbs' => function($val, $item) {
@ -117,7 +133,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
)
)
),
$groupsTab = new Tab('Groups', singleton('Group')->i18n_plural_name(),
$groupsTab = new Tab('Groups', singleton('SilverStripe\\Security\\Group')->i18n_plural_name(),
$groupList
)
),
@ -276,7 +292,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
$firstCrumb = $crumbs->shift();
if($params['FieldName'] == 'Groups') {
$crumbs->unshift(new ArrayData(array(
'Title' => singleton('Group')->i18n_plural_name(),
'Title' => singleton('SilverStripe\\Security\\Group')->i18n_plural_name(),
'Link' => $this->Link('groups')
)));
} elseif($params['FieldName'] == 'Users') {
@ -335,7 +351,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
public static function add_hidden_permission($codes){
if(is_string($codes)) $codes = array($codes);
Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
Config::inst()->update('Permission', 'hidden_permissions', $codes);
Config::inst()->update('SilverStripe\\Security\\Permission', 'hidden_permissions', $codes);
}
/**
@ -345,7 +361,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
public static function remove_hidden_permission($codes){
if(is_string($codes)) $codes = array($codes);
Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
Config::inst()->remove('Permission', 'hidden_permissions', $codes);
Config::inst()->remove('SilverStripe\\Security\\Permission', 'hidden_permissions', $codes);
}
/**
@ -354,7 +370,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
*/
public static function get_hidden_permissions(){
Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
Config::inst()->get('Permission', 'hidden_permissions', Config::FIRST_SET);
Config::inst()->get('SilverStripe\\Security\\Permission', 'hidden_permissions', Config::FIRST_SET);
}
/**
@ -364,6 +380,6 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
*/
public static function clear_hidden_permissions(){
Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
Config::inst()->remove('Permission', 'hidden_permissions', Config::anything());
Config::inst()->remove('SilverStripe\\Security\\Permission', 'hidden_permissions', Config::anything());
}
}

View File

@ -64,7 +64,7 @@ class LeftAndMainTest extends FunctionalTest {
public function testExtraCssAndJavascript() {
$admin = $this->objFromFixture('Member', 'admin');
$admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$this->session()->inst_set('loggedInAs', $admin->ID);
$response = $this->get('LeftAndMainTest_Controller');
@ -146,7 +146,7 @@ class LeftAndMainTest extends FunctionalTest {
* Check that all subclasses of leftandmain can be accessed
*/
public function testLeftAndMainSubclasses() {
$adminuser = $this->objFromFixture('Member','admin');
$adminuser = $this->objFromFixture('SilverStripe\\Security\\Member','admin');
$this->session()->inst_set('loggedInAs', $adminuser->ID);
$this->resetMenu();
@ -172,9 +172,9 @@ class LeftAndMainTest extends FunctionalTest {
}
public function testCanView() {
$adminuser = $this->objFromFixture('Member', 'admin');
$securityonlyuser = $this->objFromFixture('Member', 'securityonlyuser');
$allcmssectionsuser = $this->objFromFixture('Member', 'allcmssectionsuser');
$adminuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$securityonlyuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'securityonlyuser');
$allcmssectionsuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'allcmssectionsuser');
$allValsFn = create_function('$obj', 'return $obj->getValue();');
// anonymous user

View File

@ -89,7 +89,7 @@ LeftAndMainTest_Object:
Title: Home
URLSegment: home
Sort: 0
Group:
SilverStripe\Security\Group:
admin:
Title: Administrators
empty:
@ -100,30 +100,30 @@ Group:
Title: allcmssections
rooteditusers:
Title: rooteditusers
Member:
SilverStripe\Security\Member:
admin:
Email: admin@example.com
Password: ZXXlkwecxz2390232233
Groups: =>Group.admin
Groups: =>SilverStripe\Security\Group.admin
securityonlyuser:
Email: securityonlyuser@test.com
Groups: =>Group.securityonly
Groups: =>SilverStripe\Security\Group.securityonly
allcmssectionsuser:
Email: allcmssectionsuser@test.com
Groups: =>Group.allcmssections
Groups: =>SilverStripe\Security\Group.allcmssections
rootedituser:
Email: rootedituser@test.com
Groups: =>Group.rooteditusers
Permission:
Groups: =>SilverStripe\Security\Group.rooteditusers
SilverStripe\Security\Permission:
admin:
Code: ADMIN
GroupID: =>Group.admin
GroupID: =>SilverStripe\Security\Group.admin
securityonly:
Code: CMS_ACCESS_SecurityAdmin
GroupID: =>Group.securityonly
GroupID: =>SilverStripe\Security\Group.securityonly
allcmssections:
Code: CMS_ACCESS_LeftAndMain
GroupID: =>Group.allcmssections
GroupID: =>SilverStripe\Security\Group.allcmssections
allcmssections2:
Code: CMS_ACCESS_LeftAndMain
GroupID: =>Group.rooteditusers
GroupID: =>SilverStripe\Security\Group.rooteditusers

View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Permission;
class ModelAdminTest extends FunctionalTest {
protected static $fixture_file = 'ModelAdminTest.yml';

View File

@ -6,14 +6,14 @@ ModelAdminTest_Contact:
Name: ingo
Phone: 04 987 6543
Member:
SilverStripe\Security\Member:
admin:
FirstName: admin
Group:
SilverStripe\Security\Group:
admin:
Title: Admin
Members: =>Member.admin
Permission:
Members: =>SilverStripe\Security\Member.admin
SilverStripe\Security\Permission:
admin:
Code: ADMIN
Group: =>Group.admin
Group: =>SilverStripe\Security\Group.admin

View File

@ -46,11 +46,11 @@ class SecurityAdminTest extends FunctionalTest {
// }
public function testPermissionFieldRespectsHiddenPermissions() {
$this->session()->inst_set('loggedInAs', $this->idFromFixture('Member', 'admin'));
$this->session()->inst_set('loggedInAs', $this->idFromFixture('SilverStripe\\Security\\Member', 'admin'));
$group = $this->objFromFixture('Group', 'admin');
$group = $this->objFromFixture('SilverStripe\\Security\\Group', 'admin');
Config::inst()->update('Permission', 'hidden_permissions', array('CMS_ACCESS_ReportAdmin'));
Config::inst()->update('SilverStripe\\Security\\Permission', 'hidden_permissions', array('CMS_ACCESS_ReportAdmin'));
$response = $this->get(sprintf('admin/security/EditForm/field/Groups/item/%d/edit', $group->ID));
$this->assertContains(

View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* Base class invoked from CLI rather than the webserver (Cron jobs, handling email bounces).
* You can call subclasses of CliController directly, which will trigger a

View File

@ -52,6 +52,8 @@
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
use SilverStripe\Security\Security;
/*
* _ss_environment.php handler
@ -139,7 +141,7 @@ if(defined('SS_DEFAULT_ADMIN_USERNAME')) {
Security::setDefaultAdmin(SS_DEFAULT_ADMIN_USERNAME, SS_DEFAULT_ADMIN_PASSWORD);
}
if(defined('SS_USE_BASIC_AUTH') && SS_USE_BASIC_AUTH) {
Config::inst()->update('BasicAuth', 'entire_site_protected', SS_USE_BASIC_AUTH);
Config::inst()->update('SilverStripe\\Security\\BasicAuth', 'entire_site_protected', SS_USE_BASIC_AUTH);
}
if(defined('SS_ERROR_LOG')) {

View File

@ -1,6 +1,10 @@
<?php
use SilverStripe\ORM\DataModel;
use SilverStripe\ORM\FieldType\DBHTMLText;
use SilverStripe\Security\BasicAuth;
use SilverStripe\Security\Member;
/**
* Controllers are the cornerstone of all site functionality in SilverStripe. The {@link Director}
@ -221,7 +225,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
* Prepare the response (we can receive an assortment of response types (strings/objects/HTTPResponses) and
* changes the controller response object appropriately
*
* @param $response
* @param SS_HTTPResponse|Object $response
*/
protected function prepareResponse($response) {
if ($response instanceof SS_HTTPResponse) {
@ -263,7 +267,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
* @param SS_HTTPRequest $request
* @param string $action
*
* @return HTMLText|SS_HTTPResponse
* @return DBHTMLText|SS_HTTPResponse
*/
protected function handleAction($request, $action) {
foreach($request->latestParams() as $k => $v) {
@ -302,6 +306,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
/**
* @param array $urlParams
* @return $this
*/
public function setURLParams($urlParams) {
$this->urlParams = $urlParams;
@ -373,8 +378,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
* controller object with the template returned by {@link getViewer()}.
*
* @param string $action
*
* @return HTMLText
* @return DBHTMLText
*/
public function defaultAction($action) {
return $this->getViewer($action)->process($this);

View File

@ -1,6 +1,10 @@
<?php
use SilverStripe\ORM\DataModel;
use SilverStripe\Security\Security;
use SilverStripe\Security\PermissionFailureException;
use SilverStripe\Security\Permission;
/**
* This class is the base class of any SilverStripe object that can be used to handle HTTP requests.
@ -123,6 +127,8 @@ class RequestHandler extends ViewableData {
/**
* Set the DataModel for this request.
*
* @param DataModel $model
*/
public function setDataModel($model) {
$this->model = $model;
@ -144,9 +150,8 @@ class RequestHandler extends ViewableData {
* action will return an array of data with which to
* customise the controller.
*
* @param $request The {@link SS_HTTPRequest} object that is reponsible for distributing URL parsing
* @uses SS_HTTPRequest
* @uses SS_HTTPRequest->match()
* @param SS_HTTPRequest $request The object that is reponsible for distributing URL parsing
* @param DataModel $model
* @return SS_HTTPResponse|RequestHandler|string|array
*/
public function handleRequest(SS_HTTPRequest $request, DataModel $model) {
@ -240,6 +245,10 @@ class RequestHandler extends ViewableData {
return $this;
}
/**
* @param SS_HTTPRequest $request
* @return array
*/
protected function findAction($request) {
$handlerClass = ($this->class) ? $this->class : get_class($this);
@ -386,6 +395,9 @@ class RequestHandler extends ViewableData {
/**
* Return the class that defines the given action, so that we know where to check allowed_actions.
*
* @param string $actionOrigCasing
* @return string
*/
protected function definingClassForAction($actionOrigCasing) {
$action = strtolower($actionOrigCasing);
@ -403,6 +415,10 @@ class RequestHandler extends ViewableData {
/**
* Check that the given action is allowed to be called from a URL.
* It will interrogate {@link self::$allowed_actions} to determine this.
*
* @param string $action
* @return bool
* @throws Exception
*/
public function checkAccessAction($action) {
$actionOrigCasing = $action;

View File

@ -2,6 +2,8 @@
use SilverStripe\ORM\DataModel;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\Security\Security;
/**
* Initialises the versioned stage when a request is made.

View File

@ -1,5 +1,7 @@
<?php
use SilverStripe\Security\RandomGenerator;
/**
* Class ParameterConfirmationToken
*

View File

@ -20,24 +20,24 @@ class SS_Backtrace {
array('mysqli', 'mysqli'),
array('mysqli', 'select_db'),
array('SilverStripe\\ORM\\DB', 'connect'),
array('Security', 'check_default_admin'),
array('Security', 'encrypt_password'),
array('Security', 'setDefaultAdmin'),
array('SilverStripe\\Security\\Security', 'check_default_admin'),
array('SilverStripe\\Security\\Security', 'encrypt_password'),
array('SilverStripe\\Security\\Security', 'setDefaultAdmin'),
array('SilverStripe\\ORM\\DB', 'createDatabase'),
array('Member', 'checkPassword'),
array('Member', 'changePassword'),
array('MemberPassword', 'checkPassword'),
array('PasswordValidator', 'validate'),
array('PasswordEncryptor_PHPHash', 'encrypt'),
array('PasswordEncryptor_PHPHash', 'salt'),
array('PasswordEncryptor_LegacyPHPHash', 'encrypt'),
array('PasswordEncryptor_LegacyPHPHash', 'salt'),
array('PasswordEncryptor_MySQLPassword', 'encrypt'),
array('PasswordEncryptor_MySQLPassword', 'salt'),
array('PasswordEncryptor_MySQLOldPassword', 'encrypt'),
array('PasswordEncryptor_MySQLOldPassword', 'salt'),
array('PasswordEncryptor_Blowfish', 'encrypt'),
array('PasswordEncryptor_Blowfish', 'salt'),
array('SilverStripe\\Security\\Member', 'checkPassword'),
array('SilverStripe\\Security\\Member', 'changePassword'),
array('SilverStripe\\Security\\MemberPassword', 'checkPassword'),
array('SilverStripe\\Security\\PasswordValidator', 'validate'),
array('SilverStripe\\Security\\PasswordEncryptor_PHPHash', 'encrypt'),
array('SilverStripe\\Security\\PasswordEncryptor_PHPHash', 'salt'),
array('SilverStripe\\Security\\PasswordEncryptor_LegacyPHPHash', 'encrypt'),
array('SilverStripe\\Security\\PasswordEncryptor_LegacyPHPHash', 'salt'),
array('SilverStripe\\Security\\PasswordEncryptor_MySQLPassword', 'encrypt'),
array('SilverStripe\\Security\\PasswordEncryptor_MySQLPassword', 'salt'),
array('SilverStripe\\Security\\PasswordEncryptor_MySQLOldPassword', 'encrypt'),
array('SilverStripe\\Security\\PasswordEncryptor_MySQLOldPassword', 'salt'),
array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'encrypt'),
array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'salt'),
);
/**
@ -113,9 +113,10 @@ class SS_Backtrace {
/**
* Render or return a backtrace from the given scope.
*
* @param unknown_type $returnVal
* @param unknown_type $ignoreAjax
* @return unknown
* @param mixed $returnVal
* @param bool $ignoreAjax
* @param array $ignoredFunctions
* @return mixed
*/
public static function backtrace($returnVal = false, $ignoreAjax = false, $ignoredFunctions = null) {
$plainText = Director::is_cli() || (Director::is_ajax() && !$ignoreAjax);
@ -132,9 +133,9 @@ class SS_Backtrace {
* shown
*
* @param Object $item
* @param boolean $showArg
* @param Int $argCharLimit
* @return String
* @param bool $showArgs
* @param int $argCharLimit
* @return string
*/
public static function full_func_name($item, $showArgs = false, $argCharLimit = 10000) {
$funcName = '';
@ -164,7 +165,7 @@ class SS_Backtrace {
*
* @param array $bt The trace array, as returned by debug_backtrace() or Exception::getTrace()
* @param boolean $plainText Set to false for HTML output, or true for plain-text output
* @param array List of functions that should be ignored. If not set, a default is provided
* @param array $ignoredFunctions List of functions that should be ignored. If not set, a default is provided
* @return string The rendered backtrace
*/
public static function get_rendered_backtrace($bt, $plainText = false, $ignoredFunctions = null) {

View File

@ -1,6 +1,9 @@
<?php
use SilverStripe\ORM\DB;
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* Supports debugging and core error handling.
@ -30,6 +33,9 @@ class Debug {
/**
* Show the contents of val in a debug-friendly way.
* Debug::show() is intended to be equivalent to dprintr()
*
* @param mixed $val
* @param bool $showHeader
*/
public static function show($val, $showHeader = true) {
if(!Director::isLive()) {
@ -195,9 +201,9 @@ class Debug {
// This basically does the same as
// Security::permissionFailure(null, "You need to login with developer access to make use of debugging tools.")
// We have to do this because of how early this method is called in execution.
$_SESSION['Security']['Message']['message']
$_SESSION['SilverStripe\\Security\\Security']['Message']['message']
= "You need to login with developer access to make use of debugging tools.";
$_SESSION['Security']['Message']['type'] = 'warning';
$_SESSION['SilverStripe\\Security\\Security']['Message']['type'] = 'warning';
$_SESSION['BackURL'] = $_SERVER['REQUEST_URI'];
header($_SERVER['SERVER_PROTOCOL'] . " 302 Found");
header("Location: " . Director::baseURL() . Security::login_url());

View File

@ -218,10 +218,10 @@ class DebugView extends Object
*
* @param string $title The main title
* @param string $subtitle The subtitle
* @param string|false $description The description to show
* @param string|bool $description The description to show
* @return string
*/
public function renderInfo($title, $subtitle, $description=false) {
public function renderInfo($title, $subtitle, $description = false) {
$output = '<div class="info">';
$output .= "<h1>" . Convert::raw2xml($title) . "</h1>";
if($subtitle) $output .= "<h3>" . Convert::raw2xml($subtitle) . "</h3>";
@ -274,7 +274,7 @@ class DebugView extends Object
* Render a fragment of the a source file
*
* @param array $lines An array of file lines; the keys should be the original line numbers
* @param int errLine The line of the error
* @param int $errline The line of the error
* @return string
*/
public function renderSourceFragment($lines, $errline) {

View File

@ -2,6 +2,10 @@
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\DatabaseAdmin;
use SilverStripe\Security\Permission;
use SilverStripe\Security\RandomGenerator;
use SilverStripe\Security\Security;
/**
* Base class for development tools.
@ -202,7 +206,7 @@ class DevelopmentAdmin extends Controller {
* Returns the token and suggests PHP configuration to set it.
*/
public function generatesecuretoken() {
$generator = Injector::inst()->create('RandomGenerator');
$generator = Injector::inst()->create('SilverStripe\\Security\\RandomGenerator');
$token = $generator->randomToken('sha1');
$body = <<<TXT
Generated new token. Please add the following code to your YAML configuration:

View File

@ -1,5 +1,9 @@
<?php
use SilverStripe\Security\BasicAuth;
use SilverStripe\Security\Member;
use SilverStripe\Security\SecurityToken;
/**
* SilverStripe-specific testing object designed to support functional testing of your web app. It simulates get/post
* requests, form submission, and can validate resulting HTML, looking up content by CSS selector.
@ -362,12 +366,13 @@ class FunctionalTest extends SapphireTest {
/**
* Log in as the given member
* @param $member The ID, fixture codename, or Member object of the member that you want to log in
*
* @param Member|int|string $member The ID, fixture codename, or Member object of the member that you want to log in
*/
public function logInAs($member) {
if(is_object($member)) $memberID = $member->ID;
elseif(is_numeric($member)) $memberID = $member;
else $memberID = $this->idFromFixture('Member', $member);
else $memberID = $this->idFromFixture('SilverStripe\\Security\\Member', $member);
$this->session()->inst_set('loggedInAs', $memberID);
}
@ -377,7 +382,7 @@ class FunctionalTest extends SapphireTest {
* This is helpful if you're not testing publication functionality and don't want "stage management" cluttering
* your test.
*
* @param bool toggle the use of the draft site
* @param bool $enabled toggle the use of the draft site
*/
public function useDraftSite($enabled = true) {
if($enabled) {

View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* Returns information about the current site instance.
* @package framework

View File

@ -9,6 +9,11 @@ use SilverStripe\ORM\DataModel;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\DB;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
use SilverStripe\Security\Group;
use SilverStripe\Security\Permission;
/**
@ -1015,7 +1020,7 @@ class SapphireTest extends PHPUnit_Framework_TestCase {
$group->Permissions()->add($permission);
}
$member = DataObject::get_one('Member', array(
$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
'"Member"."Email"' => "$permCode@example.org"
));
if (!$member) {

View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* @package framework
* @subpackage dev
@ -59,6 +62,9 @@ class TaskRunner extends Controller {
}
}
/**
* @param SS_HTTPRequest $request
*/
public function runTask($request) {
$name = $request->param('TaskName');
$tasks = $this->getTasks();

View File

@ -31,6 +31,7 @@
* `File` is now versioned, and should be published before they can be used on the frontend.
See section on [Migrating File DataObject from 3.x to 4.0](#migrating-file-dataobject-from-3x-to-40)
below for upgrade notes.
* Removed `RegenerateCachedImagesTask`
* Removed `dev/tests/` controller in favour of standard `vendor/bin/phpunit` command
* Updated PHPUnit from 3.7 to 4.8 ([upgrade notes](https://github.com/sebastianbergmann/phpunit/wiki/Release-Announcement-for-PHPUnit-4.0.0#backwards-compatibility-issues)).
Please remove any PHPUnit related `require_once()` calls (e.g. in `FeatureContext`

View File

@ -4,13 +4,15 @@ namespace SilverStripe\Filesystem;
use Injector;
use Member;
use SilverStripe\Filesystem\Storage\AssetStore;
use SilverStripe\Filesystem\Storage\DBFile;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\DataExtension;
use SilverStripe\Security\Member;
/**

View File

@ -9,6 +9,9 @@ use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\ValidationResult;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
/**
@ -100,7 +103,7 @@ class File extends DataObject implements ShortcodeHandler, AssetContainer, Thumb
private static $has_one = array(
"Parent" => "File",
"Owner" => "Member"
"Owner" => "SilverStripe\\Security\\Member"
);
private static $defaults = array(
@ -186,7 +189,7 @@ class File extends DataObject implements ShortcodeHandler, AssetContainer, Thumb
/**
* @config
* @var If this is true, then restrictions set in {@link $allowed_max_file_size} and
* @var bool If this is true, then restrictions set in {@link $allowed_max_file_size} and
* {@link $allowed_extensions} will be applied to users with admin privileges as
* well.
*/

View File

@ -1,6 +1,9 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* A collection of static methods for manipulating the filesystem.
*
@ -105,9 +108,10 @@ class Filesystem extends Object {
/**
* Return the most recent modification time of anything in the folder.
*
* @param $folder The folder, relative to the site root
* @param $extensionList An option array of file extensions to limit the search to
* @return String Same as filemtime() format.
* @param string $folder The folder, relative to the site root
* @param array $extensionList An option array of file extensions to limit the search to
* @param bool $recursiveCall Not used
* @return string Same as filemtime() format.
*/
public static function folderModTime($folder, $extensionList = null, $recursiveCall = false) {
//$cacheID = $folder . ',' . implode(',', $extensionList);

View File

@ -4,6 +4,8 @@ use SilverStripe\Filesystem\Storage\AssetContainer;
use SilverStripe\Filesystem\Storage\AssetNameGenerator;
use SilverStripe\Filesystem\Storage\AssetStore;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
/**
@ -148,8 +150,8 @@ class Upload extends Controller {
/**
* Save an file passed from a form post into the AssetStore directly
*
* @param $tmpFile array Indexed array that PHP generated for every file it uploads.
* @param $folderPath string Folder path relative to /assets
* @param array $tmpFile Indexed array that PHP generated for every file it uploads.
* @param string|bool $folderPath Folder path relative to /assets
* @return array|false Either the tuple array, or false if the file could not be saved
*/
public function load($tmpFile, $folderPath = false) {
@ -174,7 +176,9 @@ class Upload extends Controller {
*
* @param array $tmpFile
* @param AssetContainer $file
* @param string|bool $folderPath
* @return bool True if the file was successfully saved into this record
* @throws Exception
*/
public function loadIntoFile($tmpFile, $file = null, $folderPath = false) {
$this->file = $file;

View File

@ -10,12 +10,14 @@ use Injector;
use AssetField;
use File;
use Director;
use Permission;
use SilverStripe\ORM\ValidationResult;
use SilverStripe\ORM\ValidationException;
use SilverStripe\ORM\FieldType\DBComposite;
use SilverStripe\Security\Permission;
/**

View File

@ -6,6 +6,8 @@ use SilverStripe\Filesystem\Storage\DBFile;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\ValidationException;
use SilverStripe\ORM\DataObjectInterface;
use SilverStripe\Security\Permission;
/**
@ -149,7 +151,6 @@ class AssetField extends FileField {
*
* @param string $name The internal field name, passed to forms.
* @param string $title The field label.
* @param Form $form Reference to the container form
*/
public function __construct($name, $title = null) {
$this->addExtraClass('ss-upload'); // class, used by js
@ -237,7 +238,9 @@ class AssetField extends FileField {
/**
* Force a record to be used as "Parent" for uploaded Files (eg a Page with a has_one to File)
*
* @param DataObject $record
* @return $this
*/
public function setRecord($record) {
$this->record = $record;
@ -444,7 +447,7 @@ class AssetField extends FileField {
* Defaults to 'ss-uploadfield-uploadtemplate'
*
* @see javascript/UploadField_uploadtemplate.js
* @var string
* @return string
*/
public function getUploadTemplateName() {
return $this->getConfig('uploadTemplateName');
@ -465,7 +468,7 @@ class AssetField extends FileField {
* Defaults to 'ss-downloadfield-downloadtemplate'
*
* @see javascript/DownloadField_downloadtemplate.js
* @var string
* @return string
*/
public function getDownloadTemplateName() {
return $this->getConfig('downloadTemplateName');
@ -753,7 +756,7 @@ class AssetField extends FileField {
* Gets the foreign class that needs to be created, or 'File' as default if there
* is no relationship, or it cannot be determined.
*
* @param $default Default value to return if no value could be calculated
* @param string $default Default value to return if no value could be calculated
* @return string Foreign class name.
*/
public function getRelationAutosetClass($default = 'File') {

View File

@ -2,6 +2,9 @@
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DataObjectInterface;
use SilverStripe\ORM\FieldType\DBHTMLText;
use SilverStripe\Security\Member;
/**
* Two masked input fields, checks for matching passwords.
@ -141,7 +144,7 @@ class ConfirmedPasswordField extends FormField {
/**
* @param array $properties
*
* @return HTMLText
* @return DBHTMLText
*/
public function Field($properties = array()) {
Requirements::javascript(FRAMEWORK_DIR . '/thirdparty/jquery/jquery.js');

View File

@ -1,5 +1,7 @@
<?php
use SilverStripe\Security\Member;
/**
* A simple extension to dropdown field, pre-configured to list countries.
* It will default to the country of the current visitor.

View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\FieldType\DBHTMLText;
/**
* Dropdown field, created from a <select> tag.
*
@ -112,7 +114,7 @@ class DropdownField extends SingleSelectField {
/**
* @param array $properties
* @return HTMLText
* @return DBHTMLText
*/
public function Field($properties = array()) {
$options = array();

View File

@ -89,6 +89,7 @@ class FieldGroup extends CompositeField {
$compositeTitle .= $subfield->getName();
if($subfield->getName()) $count++;
}
/** @skipUpgrade */
if($count == 1) $compositeTitle .= 'Group';
return preg_replace("/[^a-zA-Z0-9]+/", "", $compositeTitle);
}

View File

@ -1,7 +1,13 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\DataObjectInterface;
use SilverStripe\ORM\FieldType\DBHTMLText;
use SilverStripe\ORM\SS_List;
use SilverStripe\Security\SecurityToken;
use SilverStripe\Security\NullSecurityToken;
/**
* Base class for all forms.
* The form class is an extensible base for all forms on a SilverStripe application. It can be used
@ -700,6 +706,7 @@ class Form extends RequestHandler {
* Set actions that are exempt from validation
*
* @param array
* @return $this
*/
public function setValidationExemptActions($actions) {
$this->validationExemptActions = $actions;
@ -855,7 +862,8 @@ class Form extends RequestHandler {
}
/**
* @return string $name
* @param string $name
* @return string
*/
public function getAttribute($name) {
if(isset($this->attributes[$name])) return $this->attributes[$name];
@ -887,7 +895,7 @@ class Form extends RequestHandler {
/**
* Return the attributes of the form tag - used by the templates.
*
* @param array Custom attributes to process. Falls back to {@link getAttributes()}.
* @param array $attrs Custom attributes to process. Falls back to {@link getAttributes()}.
* If at least one argument is passed as a string, all arguments act as excludes by name.
*
* @return string HTML attributes, ready for insertion into an HTML tag
@ -966,7 +974,7 @@ class Form extends RequestHandler {
* Set the target of this form to any value - useful for opening the form
* contents in a new window or refreshing another frame.
*
* @param target $target The value of the target
* @param string $target The value of the target
* @return $this
*/
public function setTarget($target) {
@ -1611,7 +1619,7 @@ class Form extends RequestHandler {
* This is returned when you access a form as $FormObject rather
* than <% with FormObject %>
*
* @return HTML
* @return DBHTMLText
*/
public function forTemplate() {
$return = $this->renderWith(array_merge(
@ -1631,7 +1639,7 @@ class Form extends RequestHandler {
* It triggers slightly different behaviour, such as disabling the rewriting
* of # links.
*
* @return HTML
* @return DBHTMLText
*/
public function forAjaxTemplate() {
$view = new SSViewer(array(
@ -1654,7 +1662,7 @@ class Form extends RequestHandler {
* and _form_enctype. These are the attributes of the form. These fields
* can be used to send the form to Ajax.
*
* @return HTML
* @return DBHTMLText
*/
public function formHtmlContent() {
$this->IncludeFormTag = false;
@ -1674,7 +1682,7 @@ class Form extends RequestHandler {
* Render this form using the given template, and return the result as a string
* You can pass either an SSViewer or a template name
* @param string|array $template
* @return HTMLText
* @return DBHTMLText
*/
public function renderWithoutActionButton($template) {
$custom = $this->customise(array(

View File

@ -1201,7 +1201,8 @@ class FormField extends RequestHandler {
* @return string
*/
public function Type() {
return strtolower(preg_replace('/Field$/', '', $this->class));
$type = new ReflectionClass($this);
return strtolower(preg_replace('/Field$/', '', $type->getShortName()));
}
/**

View File

@ -41,9 +41,9 @@ class FormTemplateHelper {
return Convert::raw2htmlid($id);
}
return Convert::raw2htmlid(
get_class($form) . '_' . str_replace(array('.', '/'), '', $form->getName())
);
$reflection = new ReflectionClass($form);
$shortName = str_replace(array('.', '/'), '', $form->getName());
return Convert::raw2htmlid($reflection->getShortName() . '_' . $shortName);
}
/**

View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\FieldType\DBHTMLText;
/**
* Dropdown-like field that allows you to select an item from a hierarchical
* AJAX-expandable tree.
@ -95,7 +97,7 @@ class TreeDropdownField extends FormField {
* @param bool $showSearch enable the ability to search the tree by
* entering the text in the input field.
*/
public function __construct($name, $title = null, $sourceObject = 'Group', $keyField = 'ID',
public function __construct($name, $title = null, $sourceObject = 'SilverStripe\\Security\\Group', $keyField = 'ID',
$labelField = 'TreeTitle', $showSearch = true
) {
@ -120,6 +122,7 @@ class TreeDropdownField extends FormField {
* displays the whole tree.
*
* @param int $ID
* @return $this
*/
public function setTreeBaseID($ID) {
$this->baseID = (int) $ID;
@ -131,6 +134,7 @@ class TreeDropdownField extends FormField {
* displaying to the user.
*
* @param callback $callback
* @return $this
*/
public function setFilterFunction($callback) {
if(!is_callable($callback, true)) {
@ -145,6 +149,7 @@ class TreeDropdownField extends FormField {
* Set a callback used to disable checkboxes for some items in the tree
*
* @param callback $callback
* @return $this
*/
public function setDisableFunction($callback) {
if(!is_callable($callback, true)) {
@ -160,6 +165,7 @@ class TreeDropdownField extends FormField {
* applying the filter.
*
* @param callback $callback
* @return $this
*/
public function setSearchFunction($callback) {
if(!is_callable($callback, true)) {
@ -175,7 +181,8 @@ class TreeDropdownField extends FormField {
}
/**
* @param Boolean
* @param bool $bool
* @return $this
*/
public function setShowSearch($bool) {
$this->showSearch = $bool;
@ -183,12 +190,13 @@ class TreeDropdownField extends FormField {
}
/**
* @param $method The parameter to ChildrenMethod to use when calling Hierarchy->getChildrenAsUL in
* @param string $method The parameter to ChildrenMethod to use when calling Hierarchy->getChildrenAsUL in
* {@link Hierarchy}. The method specified determines the structure of the returned list. Use "ChildFolders"
* in place of the default to get a drop-down listing with only folders, i.e. not including the child elements in
* the currently selected folder. setNumChildrenMethod() should be used as well for proper functioning.
*
* See {@link Hierarchy} for a complete list of possible methods.
* @return $this
*/
public function setChildrenMethod($method) {
$this->childrenMethod = $method;
@ -196,9 +204,10 @@ class TreeDropdownField extends FormField {
}
/**
* @param $method The parameter to numChildrenMethod to use when calling Hierarchy->getChildrenAsUL in
* @param string $method The parameter to numChildrenMethod to use when calling Hierarchy->getChildrenAsUL in
* {@link Hierarchy}. Should be used in conjunction with setChildrenMethod().
*
* @return $this
*/
public function setNumChildrenMethod($method) {
$this->numChildrenMethod = $method;
@ -206,7 +215,8 @@ class TreeDropdownField extends FormField {
}
/**
* @return HTMLText
* @param array $properties
* @return DBHTMLText
*/
public function Field($properties = array()) {
Requirements::add_i18n_javascript(FRAMEWORK_DIR . '/client/lang');
@ -263,6 +273,7 @@ class TreeDropdownField extends FormField {
*
* @param SS_HTTPRequest $request
* @return string
* @throws Exception
*/
public function tree(SS_HTTPRequest $request) {
// Array sourceObject is an explicit list of values - construct a "flat tree"
@ -387,8 +398,8 @@ class TreeDropdownField extends FormField {
* Marking public function for the tree, which combines different filters sensibly.
* If a filter function has been set, that will be called. And if search text is set,
* filter on that too. Return true if all applicable conditions are true, false otherwise.
* @param $node
* @return unknown_type
* @param object $node
* @return mixed
*/
public function filterMarking($node) {
if ($this->filterCallback && !call_user_func($this->filterCallback, $node)) return false;
@ -409,7 +420,8 @@ class TreeDropdownField extends FormField {
}
/**
* @param String $field
* @param string $field
* @return $this
*/
public function setLabelField($field) {
$this->labelField = $field;
@ -424,7 +436,8 @@ class TreeDropdownField extends FormField {
}
/**
* @param String $field
* @param string $field
* @return $this
*/
public function setKeyField($field) {
$this->keyField = $field;
@ -439,7 +452,8 @@ class TreeDropdownField extends FormField {
}
/**
* @param String $field
* @param string $class
* @return $this
*/
public function setSourceObject($class) {
$this->sourceObject = $class;

View File

@ -3,6 +3,8 @@
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DataObjectInterface;
use SilverStripe\ORM\FieldType\DBHTMLText;
/**
* This formfield represents many-many joins using a tree selector shown in a dropdown styled element
* which can be added to any form usually in the CMS.
@ -48,7 +50,7 @@ use SilverStripe\ORM\DataObjectInterface;
* @subpackage fields-relational
*/
class TreeMultiselectField extends TreeDropdownField {
public function __construct($name, $title=null, $sourceObject="Group", $keyField="ID", $labelField="Title") {
public function __construct($name, $title=null, $sourceObject="SilverStripe\\Security\\Group", $keyField="ID", $labelField="Title") {
parent::__construct($name, $title, $sourceObject, $keyField, $labelField);
$this->removeExtraClass('single');
$this->addExtraClass('multiple');
@ -88,9 +90,13 @@ class TreeMultiselectField extends TreeDropdownField {
return $record->$fieldName();
}
}
/**
* We overwrite the field attribute to add our hidden fields, as this
* formfield can contain multiple values.
*
* @param array $properties
* @return DBHTMLText
*/
public function Field($properties = array()) {
Requirements::add_i18n_javascript(FRAMEWORK_DIR . '/client/lang');
@ -146,6 +152,8 @@ class TreeMultiselectField extends TreeDropdownField {
* Save the results into the form
* Calls function $record->onChange($items) before saving to the assummed
* Component set.
*
* @param DataObjectInterface $record
*/
public function saveInto(DataObjectInterface $record) {
// Detect whether this field has actually been updated

View File

@ -9,6 +9,8 @@ use SilverStripe\ORM\DataObjectInterface;
use SilverStripe\ORM\RelationList;
use SilverStripe\ORM\UnsavedRelationList;
use SilverStripe\ORM\DataList;
use SilverStripe\Security\Permission;
/**
@ -220,7 +222,6 @@ class UploadField extends FileField {
* @param string $title The field label.
* @param SS_List $items If no items are defined, the field will try to auto-detect an existing relation on
* @link $record}, with the same name as the field name.
* @param Form $form Reference to the container form
*/
public function __construct($name, $title = null, SS_List $items = null) {
@ -248,7 +249,8 @@ class UploadField extends FileField {
/**
* Set name of template used for Buttons on each file (replace, edit, remove, delete) (without path or extension)
*
* @param string
* @param string $template
* @return $this
*/
public function setTemplateFileButtons($template) {
$this->templateFileButtons = $template;
@ -265,7 +267,8 @@ class UploadField extends FileField {
/**
* Set name of template used for the edit (inline & popup) of a file file (without path or extension)
*
* @param string
* @param string $template
* @return $this
*/
public function setTemplateFileEdit($template) {
$this->templateFileEdit = $template;
@ -328,7 +331,8 @@ class UploadField extends FileField {
}
/**
* @param String
* @param string $name
* @return $this
*/
public function setDisplayFolderName($name) {
$this->displayFolderName = $name;
@ -344,7 +348,9 @@ class UploadField extends FileField {
/**
* Force a record to be used as "Parent" for uploaded Files (eg a Page with a has_one to File)
*
* @param DataObject $record
* @return $this
*/
public function setRecord($record) {
$this->record = $record;
@ -389,6 +395,7 @@ class UploadField extends FileField {
* @param array|DataObject|SS_List $record Full source record, either as a DataObject,
* SS_List of items, or an array of submitted form data
* @return $this Self reference
* @throws ValidationException
*/
public function setValue($value, $record = null) {
@ -727,7 +734,7 @@ class UploadField extends FileField {
* Defaults to 'ss-uploadfield-uploadtemplate'
*
* @see javascript/UploadField_uploadtemplate.js
* @var string
* @return string
*/
public function getUploadTemplateName() {
return $this->getConfig('uploadTemplateName');
@ -748,7 +755,7 @@ class UploadField extends FileField {
* Defaults to 'ss-downloadfield-downloadtemplate'
*
* @see javascript/DownloadField_downloadtemplate.js
* @var string
* @return string
*/
public function getDownloadTemplateName() {
return $this->getConfig('downloadTemplateName');
@ -1295,6 +1302,7 @@ class UploadField extends FileField {
* Determines if a specified file exists
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
*/
public function fileexists(SS_HTTPRequest $request) {
// Assert that requested filename doesn't attempt to escape the directory
@ -1327,7 +1335,7 @@ class UploadField extends FileField {
* Gets the foreign class that needs to be created, or 'File' as default if there
* is no relationship, or it cannot be determined.
*
* @param $default Default value to return if no value could be calculated
* @param string $default Default value to return if no value could be calculated
* @return string Foreign class name.
*/
public function getRelationAutosetClass($default = 'File') {
@ -1605,7 +1613,7 @@ class UploadField_SelectHandler extends RequestHandler {
}
/**
* @param $folderID The ID of the folder to display.
* @param int $folderID The ID of the folder to display.
* @return FormField
*/
protected function getListField($folderID) {

View File

@ -3,6 +3,9 @@
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\FieldType\DBHTMLText;
use SilverStripe\Security\Member;
/**
@ -81,10 +84,11 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
/**
* Handle the print action.
*
* @param GridField
* @param string
* @param array
* @param array
* @param GridField $gridField
* @param string $actionName
* @param array $arguments
* @param array $data
* @return DBHTMLText
*/
public function handleAction(GridField $gridField, $actionName, $arguments, $data) {
if($actionName == 'print') {
@ -106,6 +110,10 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
/**
* Handle the print, for both the action button and the URL
*
* @param GridField $gridField
* @param SS_HTTPRequest $request
* @return DBHTMLText
*/
public function handlePrint($gridField, $request = null) {
set_time_limit(60);
@ -172,7 +180,8 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
/**
* Export core.
*
* @param GridField
* @param GridField $gridField
* @return ArrayData
*/
public function generatePrintData(GridField $gridField) {
$printColumns = $this->getPrintColumnsForGridField($gridField);
@ -234,7 +243,8 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
}
/**
* @param array
* @param array $cols
* @return $this
*/
public function setPrintColumns($cols) {
$this->printColumns = $cols;
@ -250,7 +260,8 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
}
/**
* @param boolean
* @param bool $bool
* @return $this
*/
public function setPrintHasHeader($bool) {
$this->printHasHeader = $bool;

View File

@ -2,6 +2,9 @@
use SilverStripe\ORM\DB;
use SilverStripe\ORM\DataModel;
use SilverStripe\Security\Security;
use SilverStripe\Security\Permission;
/************************************************************************************
************************************************************************************
@ -162,7 +165,7 @@ $chain
}
// Fail and redirect the user to the login page
$loginPage = Director::absoluteURL(Config::inst()->get('Security', 'login_url'));
$loginPage = Director::absoluteURL(Security::config()->login_url);
$loginPage .= "?BackURL=" . urlencode($_SERVER['REQUEST_URI']);
header('location: '.$loginPage, true, 302);
die;

View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* Cleans up leftover databases from aborted test executions (starting with ss_tmpdb)
* Task is restricted to users with administrator rights or running through CLI.

View File

@ -1,6 +1,10 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* Encrypt all passwords
*
@ -37,7 +41,7 @@ class EncryptAllPasswordsTask extends BuildTask {
}
// Are there members with a clear text password?
$members = DataObject::get("Member")->where(array(
$members = Member::get()->where(array(
'"Member"."PasswordEncryption"' => 'none',
'"Member"."Password" IS NOT NULL'
));

View File

@ -1,46 +0,0 @@
<?php
use SilverStripe\ORM\DataObject;
/**
* Regenerate all cached images that have been created as the result of a manipulation method being called on a
* {@link Image} object
*
* @package framework
* @subpackage filesystem
*/
class RegenerateCachedImagesTask extends BuildTask {
protected $title = 'Regenerate Cached Images Task';
protected $description = 'Regenerate all cached images created as the result of an image manipulation';
/**
* Check that the user has appropriate permissions to execute this task
*/
public function init() {
if(!Director::is_cli() && !Director::isDev() && !Permission::check('ADMIN')) {
return Security::permissionFailure();
}
parent::init();
}
/**
* Actually regenerate all the images
*/
public function run($request) {
$processedImages = 0;
$regeneratedImages = 0;
if($images = DataObject::get('Image')) foreach($images as $image) {
if($generated = $image->regenerateFormattedImages()) {
$regeneratedImages += $generated;
}
$processedImages++;
}
echo "Regenerated $regeneratedImages cached images from $processedImages Image objects stored in the Database.";
}
}

View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* @package framework
* @subpackage tasks

View File

@ -1,14 +0,0 @@
Group:
admins:
Title: Administrators
Permission:
admin:
Code: ADMIN
Group: =>Group.admins
Member:
admin:
Email: admin
Password: password
Groups: =>Group.admins

View File

@ -42,11 +42,11 @@ class FeatureContext extends SilverStripeContext {
// Use blueprints to set user name from identifier
$factory = $fixtureContext->getFixtureFactory();
$blueprint = \Injector::inst()->create('FixtureBlueprint', 'Member');
$blueprint = \Injector::inst()->create('FixtureBlueprint', 'SilverStripe\\Security\\Member');
$blueprint->addCallback('beforeCreate', function($identifier, &$data, &$fixtures) {
if(!isset($data['FirstName'])) $data['FirstName'] = $identifier;
});
$factory->define('Member', $blueprint);
$factory->define('SilverStripe\\Security\\Member', $blueprint);
}
public function setMinkParameters(array $parameters) {

View File

@ -13,8 +13,8 @@ class CMSProfileControllerTest extends FunctionalTest {
public $autoFollowRedirection = false;
public function testMemberCantEditAnother() {
$member = $this->objFromFixture('Member', 'user1');
$anotherMember = $this->objFromFixture('Member', 'user2');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user1');
$anotherMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'user2');
$this->session()->inst_set('loggedInAs', $member->ID);
$response = $this->post('admin/myprofile/EditForm', array(
@ -28,13 +28,13 @@ class CMSProfileControllerTest extends FunctionalTest {
'Password[_ConfirmPassword]' => 'password',
));
$anotherMember = $this->objFromFixture('Member', 'user2');
$anotherMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'user2');
$this->assertNotEquals($anotherMember->FirstName, 'JoeEdited', 'FirstName field stays the same');
}
public function testMemberEditsOwnProfile() {
$member = $this->objFromFixture('Member', 'user3');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user3');
$this->session()->inst_set('loggedInAs', $member->ID);
$response = $this->post('admin/myprofile/EditForm', array(
@ -48,16 +48,16 @@ class CMSProfileControllerTest extends FunctionalTest {
'Password[_ConfirmPassword]' => 'password',
));
$member = $this->objFromFixture('Member', 'user3');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user3');
$this->assertEquals('JoeEdited', $member->FirstName, 'FirstName field was changed');
}
public function testExtendedPermissionsStopEditingOwnProfile() {
$existingExtensions = Config::inst()->get('Member', 'extensions');
Config::inst()->update('Member', 'extensions', array('CMSProfileControllerTestExtension'));
$existingExtensions = Config::inst()->get('SilverStripe\\Security\\Member', 'extensions');
Config::inst()->update('SilverStripe\\Security\\Member', 'extensions', array('CMSProfileControllerTestExtension'));
$member = $this->objFromFixture('Member', 'user1');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user1');
$this->session()->inst_set('loggedInAs', $member->ID);
$response = $this->post('admin/myprofile/EditForm', array(
@ -71,13 +71,13 @@ class CMSProfileControllerTest extends FunctionalTest {
'Password[_ConfirmPassword]' => 'password',
));
$member = $this->objFromFixture('Member', 'user1');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user1');
$this->assertNotEquals($member->FirstName, 'JoeEdited',
'FirstName field was NOT changed because we modified canEdit');
Config::inst()->remove('Member', 'extensions');
Config::inst()->update('Member', 'extensions', $existingExtensions);
Config::inst()->remove('SilverStripe\\Security\\Member', 'extensions');
Config::inst()->update('SilverStripe\\Security\\Member', 'extensions', $existingExtensions);
}
}

View File

@ -1,4 +1,4 @@
Permission:
'SilverStripe\Security\Permission':
admin:
Code: ADMIN
cmsmain:
@ -8,31 +8,31 @@ Permission:
test:
Code: CMS_ACCESS_TestController
Group:
'SilverStripe\Security\Group':
admins:
Title: Administrators
Permissions: =>Permission.admin
Permissions: '=>SilverStripe\Security\Permission.admin'
cmsusers:
Title: CMS Users
Permissions: =>Permission.cmsmain, =>Permission.leftandmain
Permissions: '=>SilverStripe\Security\Permission.cmsmain, =>SilverStripe\Security\Permission.leftandmain'
test:
Title: Test group
Permissions: =>Permission.test
Permissions: '=>SilverStripe\Security\Permission.test'
Member:
'SilverStripe\Security\Member':
admin:
FirstName: Admin
Email: admin@user.com
Groups: =>Group.admins
Groups: '=>SilverStripe\Security\Group.admins'
user1:
FirstName: Joe
Email: user1@user.com
Groups: =>Group.cmsusers
Groups: '=>SilverStripe\Security\Group.cmsusers'
user2:
FirstName: Steve
Email: user2@user.com
Groups: =>Group.cmsusers
Groups: '=>SilverStripe\Security\Group.cmsusers'
user3:
FirstName: Files
Email: user3@example.com
Groups: =>Group.test
Groups: '=>SilverStripe\Security\Group.test'

View File

@ -57,7 +57,7 @@ class ControllerTest extends FunctionalTest {
}
public function testAllowedActions() {
$adminUser = $this->objFromFixture('Member', 'admin');
$adminUser = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$response = $this->get("ControllerTest_UnsecuredController/");
$this->assertEquals(200, $response->getStatusCode(),

View File

@ -1,11 +1,11 @@
Permission:
'SilverStripe\Security\Permission':
admin:
Code: ADMIN
Group:
'SilverStripe\Security\Group':
admins:
Code: admins
Permissions: =>Permission.admin
Member:
Permissions: '=>SilverStripe\Security\Permission.admin'
'SilverStripe\Security\Member':
admin:
Email: admin@test.com
Groups: =>Group.admins
Groups: '=>SilverStripe\Security\Group.admins'

View File

@ -394,7 +394,7 @@ class DirectorTest extends SapphireTest {
}
public function testForceSSLOnSubPagesPattern() {
$_SERVER['REQUEST_URI'] = Director::baseURL() . Config::inst()->get('Security', 'login_url');
$_SERVER['REQUEST_URI'] = Director::baseURL() . Config::inst()->get('SilverStripe\\Security\\Security', 'login_url');
$output = Director::forceSSL(array('/^Security/'));
$this->assertEquals($output, 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
}

View File

@ -1,5 +1,7 @@
<?php
use SilverStripe\Security\SecurityToken;
/**
* Tests for RequestHandler and SS_HTTPRequest.
* We've set up a simple URL handling model based on

View File

@ -8,6 +8,10 @@
class NamespacedClassManifestTest extends SapphireTest {
protected $base;
/**
* @var SS_ClassManifest
*/
protected $manifest;
public function setUp() {
@ -28,13 +32,14 @@ class NamespacedClassManifestTest extends SapphireTest {
$tokens = token_get_all($file);
$parsedTokens = SS_ClassManifest::get_imported_namespace_parser()->findAll($tokens);
/** @skipUpgrade */
$expectedItems = array(
array('ModelAdmin'),
array('Controller', ' ', 'as', ' ', 'Cont'),
array(
'SS_HTTPRequest', ' ', 'as', ' ', 'Request', ',',
'SS_HTTPResponse', ' ', 'AS', ' ', 'Response', ',',
'PermissionProvider', ' ', 'AS', ' ', 'P',
'SS_HTTPResponse', ' ', 'as', ' ', 'Response', ',',
'SilverStripe', '\\', 'Security', '\\', 'PermissionProvider', ' ', 'as', ' ', 'P',
),
array('silverstripe', '\\', 'test', '\\', 'ClassA'),
array('\\', 'Object'),
@ -59,7 +64,7 @@ class NamespacedClassManifestTest extends SapphireTest {
'Cont' => 'Controller',
'Request' => 'SS_HTTPRequest',
'Response' => 'SS_HTTPResponse',
'P' => 'PermissionProvider',
'P' => 'SilverStripe\\Security\\PermissionProvider',
'silverstripe\test\ClassA',
'\Object',
);
@ -71,7 +76,7 @@ class NamespacedClassManifestTest extends SapphireTest {
}
public function testClassInfoIsCorrect() {
$this->assertContains('SilverStripe\Framework\Tests\ClassI', ClassInfo::implementorsOf('PermissionProvider'));
$this->assertContains('SilverStripe\Framework\Tests\ClassI', ClassInfo::implementorsOf('SilverStripe\\Security\\PermissionProvider'));
//because we're using a nested manifest we have to "coalesce" the descendants again to correctly populate the
// descendants of the core classes we want to test against - this is a limitation of the test manifest not
@ -83,20 +88,26 @@ class NamespacedClassManifestTest extends SapphireTest {
$this->assertContains('SilverStripe\Framework\Tests\ClassI', ClassInfo::subclassesFor('ModelAdmin'));
}
/**
* @skipUpgrade
*/
public function testFindClassOrInterfaceFromCandidateImports() {
$method = new ReflectionMethod($this->manifest, 'findClassOrInterfaceFromCandidateImports');
$method->setAccessible(true);
$this->assertTrue(ClassInfo::exists('silverstripe\test\ClassA'));
$this->assertEquals('PermissionProvider', $method->invokeArgs($this->manifest, array(
$this->assertEquals(
'PermissionProvider',
$method->invokeArgs($this->manifest, [
'\PermissionProvider',
'Test\Namespace',
array(
'TestOnly',
'Controller',
),
)));
])
);
$this->assertEquals('PermissionProvider', $method->invokeArgs($this->manifest, array(
'PermissionProvider',
@ -236,7 +247,7 @@ class NamespacedClassManifestTest extends SapphireTest {
'silverstripe\test\interfacea' => array('silverstripe\test\ClassE'),
'interfacea' => array('silverstripe\test\ClassF'),
'silverstripe\test\subtest\interfacea' => array('silverstripe\test\ClassG'),
'permissionprovider' => array('SilverStripe\Framework\Tests\ClassI'),
'silverstripe\security\permissionprovider' => array('SilverStripe\Framework\Tests\ClassI'),
);
$this->assertEquals($expect, $this->manifest->getImplementors());
}

View File

@ -4,9 +4,10 @@ namespace SilverStripe\Framework\Tests;
//whitespace here is important for tests, please don't change it
use ModelAdmin;
use Controller as Cont ;
use SS_HTTPRequest as Request,SS_HTTPResponse AS Response, PermissionProvider AS P;
use SS_HTTPRequest as Request, SS_HTTPResponse as Response, SilverStripe\Security\PermissionProvider as P;
use silverstripe\test\ClassA;
use \Object;
class ClassI extends ModelAdmin implements P {
}

View File

@ -2,6 +2,8 @@
use SilverStripe\Filesystem\Storage\AssetStore;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
/**

View File

@ -5,6 +5,8 @@ use SilverStripe\Filesystem\Storage\AssetStore;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\ValidationException;
use SilverStripe\Security\Member;
/**
@ -509,23 +511,23 @@ class FileTest extends SapphireTest {
$this->assertFalse($file->canEdit(), "Anonymous users can't edit files");
// Test permissionless user
$this->objFromFixture('Member', 'frontend')->logIn();
$this->objFromFixture('SilverStripe\\Security\\Member', 'frontend')->logIn();
$this->assertFalse($file->canEdit(), "Permissionless users can't edit files");
// Test global CMS section users
$this->objFromFixture('Member', 'cms')->logIn();
$this->objFromFixture('SilverStripe\\Security\\Member', 'cms')->logIn();
$this->assertTrue($file->canEdit(), "Users with all CMS section access can edit files");
// Test cms access users without file access
$this->objFromFixture('Member', 'security')->logIn();
$this->objFromFixture('SilverStripe\\Security\\Member', 'security')->logIn();
$this->assertFalse($file->canEdit(), "Security CMS users can't edit files");
// Test asset-admin user
$this->objFromFixture('Member', 'assetadmin')->logIn();
$this->objFromFixture('SilverStripe\\Security\\Member', 'assetadmin')->logIn();
$this->assertTrue($file->canEdit(), "Asset admin users can edit files");
// Test admin
$this->objFromFixture('Member', 'admin')->logIn();
$this->objFromFixture('SilverStripe\\Security\\Member', 'admin')->logIn();
$this->assertTrue($file->canEdit(), "Admins can edit files");
}

View File

@ -45,7 +45,7 @@ Image:
FileFilename: FileTest.png
FileHash: 55b443b60176235ef09801153cca4e6da7494a0c
Name: FileTest.png
Permission:
'SilverStripe\Security\Permission':
admin:
Code: ADMIN
cmsmain:
@ -54,31 +54,31 @@ Permission:
Code: CMS_ACCESS_AssetAdmin
securityadmin:
Code: CMS_ACCESS_SecurityAdmin
Group:
'SilverStripe\Security\Group':
admins:
Title: Administrators
Permissions: =>Permission.admin
Permissions: '=>SilverStripe\Security\Permission.admin'
cmsusers:
Title: 'CMS Users'
Permissions: =>Permission.cmsmain
Permissions: '=>SilverStripe\Security\Permission.cmsmain'
securityusers:
Title: 'Security Users'
Permissions: =>Permission.securityadmin
Permissions: '=>SilverStripe\Security\Permission.securityadmin'
assetusers:
Title: 'Asset Users'
Permissions: =>Permission.assetadmin
Member:
Permissions: '=>SilverStripe\Security\Permission.assetadmin'
'SilverStripe\Security\Member':
frontend:
Email: frontend@example.com
cms:
Email: cms@silverstripe.com
Groups: =>Group.cmsusers
Groups: '=>SilverStripe\Security\Group.cmsusers'
admin:
Email: admin@silverstripe.com
Groups: =>Group.admins
Groups: '=>SilverStripe\Security\Group.admins'
assetadmin:
Email: assetadmin@silverstripe.com
Groups: =>Group.assetusers
Groups: '=>SilverStripe\Security\Group.assetusers'
security:
Email: security@silverstripe.com
Groups: =>Group.securityusers
Groups: '=>SilverStripe\Security\Group.securityusers'

View File

@ -1,4 +1,6 @@
<?php
use SilverStripe\Security\Member;
/**
* @package framework
* @subpackage tests

View File

@ -2,6 +2,8 @@
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DataExtension;
use SilverStripe\Security\Member;
/**
* Tests for DataObject FormField scaffolding

View File

@ -2,6 +2,9 @@
use SilverStripe\ORM\DataModel;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\SecurityToken;
use SilverStripe\Security\RandomGenerator;
/**
* @package framework
@ -387,12 +390,12 @@ class FormTest extends FunctionalTest {
SecurityToken::enable();
$form1 = $this->getStubForm();
$this->assertInstanceOf('SecurityToken', $form1->getSecurityToken());
$this->assertInstanceOf('SilverStripe\\Security\\SecurityToken', $form1->getSecurityToken());
SecurityToken::disable();
$form2 = $this->getStubForm();
$this->assertInstanceOf('NullSecurityToken', $form2->getSecurityToken());
$this->assertInstanceOf('SilverStripe\\Security\\NullSecurityToken', $form2->getSecurityToken());
SecurityToken::enable();
}

View File

@ -3,6 +3,8 @@
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
class GridFieldTest extends SapphireTest {
/**
@ -75,7 +77,7 @@ class GridFieldTest extends SapphireTest {
*/
public function testGridFieldModelClass() {
$obj = new GridField('testfield', 'testfield', Member::get());
$this->assertEquals('Member', $obj->getModelClass(), 'Should return Member');
$this->assertEquals('SilverStripe\\Security\\Member', $obj->getModelClass(), 'Should return Member');
$obj->setModelClass('SilverStripe\\ORM\\DataModel');
$this->assertEquals('SilverStripe\\ORM\\DataModel', $obj->getModelClass(), 'Should return Member');
}

View File

@ -66,11 +66,11 @@ class LookupFieldTest extends SapphireTest {
}
public function testArrayValueWithSqlMapSource() {
$member1 = $this->objFromFixture('Member', 'member1');
$member2 = $this->objFromFixture('Member', 'member2');
$member3 = $this->objFromFixture('Member', 'member3');
$member1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'member1');
$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'member2');
$member3 = $this->objFromFixture('SilverStripe\\Security\\Member', 'member3');
$source = DataObject::get('Member');
$source = DataObject::get('SilverStripe\\Security\\Member');
$f = new LookupField('test', 'test', $source->map('ID', 'FirstName'));
$f->setValue(array($member1->ID, $member2->ID));

View File

@ -1,4 +1,4 @@
Member:
'SilverStripe\Security\Member':
member1:
FirstName: member1
member2:

View File

@ -45,7 +45,7 @@ class MemberDatetimeOptionsetFieldTest extends SapphireTest {
public function testDateFormatDefaultCheckedInFormField() {
Config::inst()->update('i18n', 'date_format', 'yyyy-MM-dd');
$field = $this->createDateFormatFieldForMember($this->objFromFixture('Member', 'noformatmember'));
$field = $this->createDateFormatFieldForMember($this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember'));
$field->setForm(new Form(new MemberDatetimeOptionsetFieldTest_Controller(), 'Form', new FieldList(),
new FieldList())); // fake form
$parser = new CSSContentParser($field->Field());
@ -55,7 +55,7 @@ class MemberDatetimeOptionsetFieldTest extends SapphireTest {
public function testTimeFormatDefaultCheckedInFormField() {
Config::inst()->update('i18n', 'time_format', 'h:mm:ss a');
$field = $this->createTimeFormatFieldForMember($this->objFromFixture('Member', 'noformatmember'));
$field = $this->createTimeFormatFieldForMember($this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember'));
$field->setForm(new Form(new MemberDatetimeOptionsetFieldTest_Controller(), 'Form', new FieldList(),
new FieldList())); // fake form
$parser = new CSSContentParser($field->Field());
@ -64,7 +64,7 @@ class MemberDatetimeOptionsetFieldTest extends SapphireTest {
}
public function testDateFormatChosenIsCheckedInFormField() {
$member = $this->objFromFixture('Member', 'noformatmember');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember');
$member->setField('DateFormat', 'MM/dd/yyyy');
$field = $this->createDateFormatFieldForMember($member);
$field->setForm(new Form(new MemberDatetimeOptionsetFieldTest_Controller(), 'Form', new FieldList(),
@ -75,7 +75,7 @@ class MemberDatetimeOptionsetFieldTest extends SapphireTest {
}
public function testDateFormatCustomFormatAppearsInCustomInputInField() {
$member = $this->objFromFixture('Member', 'noformatmember');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember');
$member->setField('DateFormat', 'dd MM yy');
$field = $this->createDateFormatFieldForMember($member);
$field->setForm(new Form(new MemberDatetimeOptionsetFieldTest_Controller(), 'Form', new FieldList(),

View File

@ -1,4 +1,4 @@
Member:
'SilverStripe\Security\Member':
noformatmember:
Email: noformat@test.com
delocalemember:

View File

@ -1,4 +1,6 @@
<?php
use SilverStripe\Security\Member;
class GridFieldDataColumnsTest extends SapphireTest {
/**
@ -6,7 +8,7 @@ class GridFieldDataColumnsTest extends SapphireTest {
*/
public function testGridFieldGetDefaultDisplayFields() {
$obj = new GridField('testfield', 'testfield', Member::get());
$expected = singleton('Member')->summaryFields();
$expected = singleton('SilverStripe\\Security\\Member')->summaryFields();
$columns = $obj->getConfig()->getComponentByType('GridFieldDataColumns');
$this->assertEquals($expected, $columns->getDisplayFields($obj));
}

View File

@ -2,6 +2,9 @@
use SilverStripe\ORM\DataList;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
use SilverStripe\Security\SecurityToken;
class GridFieldDeleteActionTest extends SapphireTest {

View File

@ -2,6 +2,8 @@
use SilverStripe\ORM\DataList;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
class GridFieldEditButtonTest extends SapphireTest {

View File

@ -590,15 +590,15 @@ class i18nTest_DataObject extends DataObject implements TestOnly {
);
private static $has_one = array(
'HasOneRelation' => 'Member'
'HasOneRelation' => 'SilverStripe\\Security\\Member'
);
private static $has_many = array(
'HasManyRelation' => 'Member'
'HasManyRelation' => 'SilverStripe\\Security\\Member'
);
private static $many_many = array(
'ManyManyRelation' => 'Member'
'ManyManyRelation' => 'SilverStripe\\Security\\Member'
);
/**

View File

@ -12,7 +12,7 @@ class i18nTextCollectorTestMyObject extends DataObject implements TestOnly {
);
private static $has_many = array(
'Relation' => 'Group'
'Relation' => 'SilverStripe\\Security\\Group'
);
private static $singular_name = "My Object";

View File

@ -9,7 +9,7 @@ class i18nTextCollectorTestMySubObject extends i18nTextCollectorTestMyObject imp
);
private static $has_many = array(
'SubRelation' => 'Group'
'SubRelation' => 'SilverStripe\\Security\\Group'
);
private static $singular_name = "My Sub Object";

View File

@ -4,6 +4,8 @@ use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\Versioning\ChangeSet;
use SilverStripe\ORM\Versioning\ChangeSetItem;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\Security\Permission;
/**
* Provides a set of targettable permissions for tested models

View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
/**
* @package framework
* @subpackage tests

View File

@ -253,7 +253,7 @@ class DBDateTest extends SapphireTest {
public function testFormatFromSettings() {
$memberID = $this->logInWithPermission();
$member = DataObject::get_by_id('Member', $memberID);
$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $memberID);
$member->DateFormat = 'dd/MM/YYYY';
$member->write();

View File

@ -120,8 +120,8 @@ class DataExtensionTest extends SapphireTest {
// in SiteTree->can*() methods to test one single feature reliably with them
$obj = $this->objFromFixture('DataExtensionTest_MyObject', 'object1');
$websiteuser = $this->objFromFixture('Member', 'websiteuser');
$admin = $this->objFromFixture('Member', 'admin');
$websiteuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'websiteuser');
$admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$this->assertFalse(
$obj->canOne($websiteuser),

View File

@ -3,16 +3,16 @@ DataExtensionTest_RelatedObject:
FieldOne: Obj1
obj2:
FieldOne: Obj2
Permission:
'SilverStripe\Security\Permission':
adminpermission:
Code: ADMIN
Group:
'SilverStripe\Security\Group':
admingroup:
Permissions: =>Permission.adminpermission
Member:
Permissions: '=>SilverStripe\Security\Permission.adminpermission'
'SilverStripe\Security\Member':
admin:
Email: admin@test.com
Groups: =>Group.admingroup
Groups: '=>SilverStripe\Security\Group.admingroup'
websiteuser:
Email: websiteuser@test.com
DataExtensionTest_Member:

View File

@ -7,6 +7,8 @@ use SilverStripe\ORM\DB;
use SilverStripe\ORM\Connect\MySQLDatabase;
use SilverStripe\ORM\DataExtension;
use SilverStripe\ORM\ValidationResult;
use SilverStripe\Security\Member;
/**

View File

@ -43,12 +43,12 @@ class DataQueryTest extends SapphireTest {
* Test the leftJoin() and innerJoin method of the DataQuery object
*/
public function testJoins() {
$dq = new DataQuery('Member');
$dq = new DataQuery('SilverStripe\\Security\\Member');
$dq->innerJoin("Group_Members", "\"Group_Members\".\"MemberID\" = \"Member\".\"ID\"");
$this->assertSQLContains("INNER JOIN \"Group_Members\" ON \"Group_Members\".\"MemberID\" = \"Member\".\"ID\"",
$dq->sql($parameters));
$dq = new DataQuery('Member');
$dq = new DataQuery('SilverStripe\\Security\\Member');
$dq->leftJoin("Group_Members", "\"Group_Members\".\"MemberID\" = \"Member\".\"ID\"");
$this->assertSQLContains("LEFT JOIN \"Group_Members\" ON \"Group_Members\".\"MemberID\" = \"Member\".\"ID\"",
$dq->sql($parameters));

View File

@ -4,6 +4,8 @@ use SilverStripe\ORM\DB;
use SilverStripe\ORM\Connect\MySQLDatabase;
use SilverStripe\ORM\Connect\MySQLSchemaManager;
use SilverStripe\ORM\DataObject;
use SilverStripe\MSSQL\MSSQLDatabase;
/**
* @package framework
* @subpackage Testing

View File

@ -202,7 +202,7 @@ class DBDatetimeTest extends SapphireTest {
public function testFormatFromSettings() {
$memberID = $this->logInWithPermission();
$member = DataObject::get_by_id('Member', $memberID);
$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $memberID);
$member->DateFormat = 'dd/MM/YYYY';
$member->TimeFormat = 'hh:mm:ss';
$member->write();

View File

@ -4,6 +4,9 @@ use SilverStripe\ORM\DB;
use SilverStripe\ORM\Connect\MySQLDatabase;
use SilverStripe\ORM\Queries\SQLSelect;
use SilverStripe\ORM\DataObject;
use SilverStripe\SQLite\SQLite3Database;
use SilverStripe\PostgreSQL\PostgreSQLDatabase;
/**
* @package framework

View File

@ -1,4 +1,8 @@
<?php
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
use SilverStripe\Security\BasicAuth;
/**
* @package framework
* @subpackage tests

View File

@ -1,11 +1,11 @@
Group:
'SilverStripe\Security\Group':
mygroup:
Code: mygroup
Member:
SilverStripe\Security\Member:
user-in-mygroup:
Email: user-in-mygroup@test.com
Password: test
Groups: =>Group.mygroup
Groups: '=>SilverStripe\Security\Group.mygroup'
user-without-groups:
Email: user-without-groups@test.com
Password: test
@ -13,7 +13,7 @@ Member:
Email: failedlogin@test.com
Password: Password
FailedLoginCount: 0
Permission:
'SilverStripe\Security\Permission':
mycode:
Code: MYCODE
Group: =>Group.mygroup
Group: '=>SilverStripe\Security\Group.mygroup'

View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\GroupCsvBulkLoader;
use SilverStripe\Security\Group;
/**
* @package framework
* @subpackage tests

View File

@ -1,7 +1,7 @@
Permission:
'SilverStripe\Security\Permission':
permission1:
Code: CODE1
Group:
'SilverStripe\Security\Group':
existinggroup:
Code: existinggroup
Permissions: =>Permission.permission1
Permissions: '=>SilverStripe\Security\Permission.permission1'

View File

@ -1,6 +1,9 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Group;
use SilverStripe\Security\Member;
/**
* @package framework
* @subpackage tests
@ -30,9 +33,9 @@ class GroupTest extends FunctionalTest {
public function testMemberGroupRelationForm() {
Session::set('loggedInAs', $this->idFromFixture('GroupTest_Member', 'admin'));
$adminGroup = $this->objFromFixture('Group', 'admingroup');
$parentGroup = $this->objFromFixture('Group', 'parentgroup');
$childGroup = $this->objFromFixture('Group', 'childgroup');
$adminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'admingroup');
$parentGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'parentgroup');
$childGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'childgroup');
// Test single group relation through checkboxsetfield
$form = new GroupTest_MemberForm($this, 'Form');
@ -86,8 +89,8 @@ class GroupTest extends FunctionalTest {
}
public function testCollateAncestorIDs() {
$parentGroup = $this->objFromFixture('Group', 'parentgroup');
$childGroup = $this->objFromFixture('Group', 'childgroup');
$parentGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'parentgroup');
$childGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'childgroup');
$orphanGroup = new Group();
$orphanGroup->ParentID = 99999;
$orphanGroup->write();
@ -110,26 +113,26 @@ class GroupTest extends FunctionalTest {
}
public function testDelete() {
$group = $this->objFromFixture('Group', 'parentgroup');
$group = $this->objFromFixture('SilverStripe\\Security\\Group', 'parentgroup');
$groupID = $group->ID;
$childGroupID = $this->idFromFixture('Group', 'childgroup');
$childGroupID = $this->idFromFixture('SilverStripe\\Security\\Group', 'childgroup');
$group->delete();
$this->assertEquals(0, DataObject::get('Group', "\"ID\" = {$groupID}")->Count(),
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Group', "\"ID\" = {$groupID}")->Count(),
'Group is removed');
$this->assertEquals(0, DataObject::get('Permission', "\"GroupID\" = {$groupID}")->Count(),
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Permission', "\"GroupID\" = {$groupID}")->Count(),
'Permissions removed along with the group');
$this->assertEquals(0, DataObject::get('Group', "\"ParentID\" = {$groupID}")->Count(),
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Group', "\"ParentID\" = {$groupID}")->Count(),
'Child groups are removed');
$this->assertEquals(0, DataObject::get('Group', "\"ParentID\" = {$childGroupID}")->Count(),
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Group', "\"ParentID\" = {$childGroupID}")->Count(),
'Grandchild groups are removed');
}
public function testValidatesPrivilegeLevelOfParent() {
$nonAdminUser = $this->objFromFixture('GroupTest_Member', 'childgroupuser');
$adminUser = $this->objFromFixture('GroupTest_Member', 'admin');
$nonAdminGroup = $this->objFromFixture('Group', 'childgroup');
$adminGroup = $this->objFromFixture('Group', 'admingroup');
$nonAdminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'childgroup');
$adminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'admingroup');
$nonAdminValidateMethod = new ReflectionMethod($nonAdminGroup, 'validate');
$nonAdminValidateMethod->setAccessible(true);
@ -154,7 +157,7 @@ class GroupTest extends FunctionalTest {
$newlyAdminGroup = $nonAdminGroup;
$this->logInWithPermission('ADMIN');
$inheritedAdminGroup = $this->objFromFixture('Group', 'group1');
$inheritedAdminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'group1');
$inheritedAdminMethod = new ReflectionMethod($inheritedAdminGroup, 'validate');
$inheritedAdminMethod->setAccessible(true);
$inheritedAdminGroup->ParentID = $adminGroup->ID;
@ -173,7 +176,7 @@ class GroupTest extends FunctionalTest {
class GroupTest_Member extends Member implements TestOnly {
public function getCMSFields() {
$groups = DataObject::get('Group');
$groups = DataObject::get('SilverStripe\\Security\\Group');
$groupsMap = ($groups) ? $groups->map() : false;
$fields = new FieldList(
new HiddenField('ID', 'ID'),

View File

@ -1,14 +1,14 @@
Group:
'SilverStripe\Security\Group':
admingroup:
Code: admingroup
parentgroup:
Code: parentgroup
childgroup:
Code: childgroup
Parent: =>Group.parentgroup
Parent: '=>SilverStripe\Security\Group.parentgroup'
grandchildgroup:
Code: grandchildgroup
Parent: =>Group.childgroup
Parent: '=>SilverStripe\Security\Group.childgroup'
group1:
Title: Group 1
group2:
@ -16,17 +16,17 @@ Group:
GroupTest_Member:
admin:
FirstName: Admin
Groups: =>Group.admingroup
Groups: '=>SilverStripe\Security\Group.admingroup'
parentgroupuser:
FirstName: Parent Group User
Groups: =>Group.parentgroup
Groups: '=>SilverStripe\Security\Group.parentgroup'
childgroupuser:
FirstName: Child Group User
Groups: =>Group.childgroup
Groups: '=>SilverStripe\Security\Group.childgroup'
allgroupuser:
FirstName: All Group User
Groups: =>Group.admingroup,=>Group.parentgroup,=>Group.childgroup
Permission:
Groups: '=>SilverStripe\Security\Group.admingroup,=>SilverStripe\Security\Group.parentgroup,=>SilverStripe\Security\Group.childgroup'
'SilverStripe\Security\Permission':
admincode:
Code: ADMIN
Group: =>Group.admingroup
Group: '=>SilverStripe\Security\Group.admingroup'

View File

@ -2,6 +2,12 @@
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\Security\Security;
use SilverStripe\Security\Member;
use SilverStripe\Security\MemberAuthenticator;
use SilverStripe\Security\MemberLoginForm;
use SilverStripe\Security\CMSMemberLoginForm;
/**
* @package framework
* @subpackage tests
@ -43,15 +49,18 @@ class MemberAuthenticatorTest extends SapphireTest {
);
MemberAuthenticator::authenticate($data);
$member = DataObject::get_by_id('Member', $member->ID);
$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $member->ID);
$this->assertEquals($member->PasswordEncryption, "sha1_v2.4");
$result = $member->checkPassword('mypassword');
$this->assertTrue($result->valid());
}
public function testNoLegacyPasswordHashMigrationOnIncompatibleAlgorithm() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('crc32'=>array('PasswordEncryptor_PHPHash'=>'crc32')));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
array('crc32' => array('SilverStripe\\Security\\PasswordEncryptor_PHPHash' => 'crc32'))
);
$field=Member::config()->unique_identifier_field;
$member = new Member();
@ -66,7 +75,7 @@ class MemberAuthenticatorTest extends SapphireTest {
);
MemberAuthenticator::authenticate($data);
$member = DataObject::get_by_id('Member', $member->ID);
$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $member->ID);
$this->assertEquals($member->PasswordEncryption, "crc32");
$result = $member->checkPassword('mypassword');
$this->assertTrue($result->valid());
@ -77,7 +86,7 @@ class MemberAuthenticatorTest extends SapphireTest {
$origField = Member::config()->unique_identifier_field;
Member::config()->unique_identifier_field = 'Username';
$label=singleton('Member')->fieldLabel(Member::config()->unique_identifier_field);
$label=singleton('SilverStripe\\Security\\Member')->fieldLabel(Member::config()->unique_identifier_field);
$this->assertEquals($label, 'Username');
@ -170,8 +179,8 @@ class MemberAuthenticatorTest extends SapphireTest {
public function testDefaultAdminLockOut()
{
Config::inst()->update('Member', 'lock_out_after_incorrect_logins', 1);
Config::inst()->update('Member', 'lock_out_delay_mins', 10);
Config::inst()->update('SilverStripe\\Security\\Member', 'lock_out_after_incorrect_logins', 1);
Config::inst()->update('SilverStripe\\Security\\Member', 'lock_out_delay_mins', 10);
DBDatetime::set_mock_now('2016-04-18 00:00:00');
$controller = new Security();
$form = new Form($controller, 'Form', new FieldList(), new FieldList());

View File

@ -1,6 +1,10 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\MemberCsvBulkLoader;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
/**
* @package framework
* @subpackage tests
@ -35,7 +39,7 @@ class MemberCsvBulkLoaderTest extends SapphireTest {
}
public function testAddToPredefinedGroups() {
$existinggroup = $this->objFromFixture('Group', 'existinggroup');
$existinggroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'existinggroup');
$loader = new MemberCsvBulkLoader();
$loader->setGroups(array($existinggroup));
@ -51,12 +55,12 @@ class MemberCsvBulkLoaderTest extends SapphireTest {
}
public function testAddToCsvColumnGroupsByCode() {
$existinggroup = $this->objFromFixture('Group', 'existinggroup');
$existinggroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'existinggroup');
$loader = new MemberCsvBulkLoader();
$results = $loader->load($this->getCurrentRelativePath() . '/MemberCsvBulkLoaderTest_withGroups.csv');
$newgroup = DataObject::get_one('Group', array(
$newgroup = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => 'newgroup'
));
$this->assertEquals($newgroup->Title, 'newgroup');
@ -78,7 +82,7 @@ class MemberCsvBulkLoaderTest extends SapphireTest {
$member = $results->Created()->First();
$memberID = $member->ID;
DataObject::flush_and_destroy_cache();
$member = DataObject::get_by_id('Member', $memberID);
$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $memberID);
// TODO Direct getter doesn't work, wtf!
$this->assertEquals(Security::config()->password_encryption_algorithm, $member->getField('PasswordEncryption'));

View File

@ -1,7 +1,7 @@
Group:
'SilverStripe\Security\Group':
existinggroup:
Code: existinggroup
Member:
'SilverStripe\Security\Member':
existingauthor:
Email: existingauthor@test.com
FirstName: Existing Author

View File

@ -4,6 +4,16 @@ use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\DataExtension;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
use SilverStripe\Security\MemberPassword;
use SilverStripe\Security\Group;
use SilverStripe\Security\Permission;
use SilverStripe\Security\PasswordEncryptor_Blowfish;
use SilverStripe\Security\RememberLoginHash;
use SilverStripe\Security\Member_Validator;
use SilverStripe\Security\PasswordValidator;
/**
* @package framework
@ -16,7 +26,7 @@ class MemberTest extends FunctionalTest {
protected $local = null;
protected $illegalExtensions = array(
'Member' => array(
'SilverStripe\\Security\\Member' => array(
// TODO Coupling with modules, this should be resolved by automatically
// removing all applied extensions before a unit test
'ForumRole',
@ -140,7 +150,7 @@ class MemberTest extends FunctionalTest {
}
public function testSetPassword() {
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$member->Password = "test1";
$member->write();
$result = $member->checkPassword('test1');
@ -151,7 +161,7 @@ class MemberTest extends FunctionalTest {
* Test that password changes are logged properly
*/
public function testPasswordChangeLogging() {
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$this->assertNotNull($member);
$member->Password = "test1";
$member->write();
@ -162,7 +172,7 @@ class MemberTest extends FunctionalTest {
$member->Password = "test3";
$member->write();
$passwords = DataObject::get("MemberPassword", "\"MemberID\" = $member->ID", "\"Created\" DESC, \"ID\" DESC")
$passwords = DataObject::get("SilverStripe\\Security\\MemberPassword", "\"MemberID\" = $member->ID", "\"Created\" DESC, \"ID\" DESC")
->getIterator();
$this->assertNotNull($passwords);
$passwords->rewind();
@ -191,11 +201,11 @@ class MemberTest extends FunctionalTest {
* Test that changed passwords will send an email
*/
public function testChangedPasswordEmaling() {
Config::inst()->update('Member', 'notify_password_change', true);
Config::inst()->update('SilverStripe\\Security\\Member', 'notify_password_change', true);
$this->clearEmails();
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$this->assertNotNull($member);
$valid = $member->changePassword('32asDF##$$%%');
$this->assertTrue($valid->valid());
@ -212,7 +222,7 @@ class MemberTest extends FunctionalTest {
$this->clearEmails();
$this->autoFollowRedirection = false;
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$this->assertNotNull($member);
// Initiate a password-reset
@ -236,7 +246,7 @@ class MemberTest extends FunctionalTest {
* - at least 7 characters long
*/
public function testValidatePassword() {
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$this->assertNotNull($member);
Member::set_password_validator(new MemberTest_PasswordValidator());
@ -320,7 +330,7 @@ class MemberTest extends FunctionalTest {
public function testPasswordExpirySetting() {
Member::config()->password_expiry_days = 90;
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$this->assertNotNull($member);
$valid = $member->changePassword("Xx?1234234");
$this->assertTrue($valid->valid());
@ -336,15 +346,15 @@ class MemberTest extends FunctionalTest {
}
public function testIsPasswordExpired() {
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$this->assertNotNull($member);
$this->assertFalse($member->isPasswordExpired());
$member = $this->objFromFixture('Member', 'noexpiry');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'noexpiry');
$member->PasswordExpiry = null;
$this->assertFalse($member->isPasswordExpired());
$member = $this->objFromFixture('Member', 'expiredpassword');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'expiredpassword');
$this->assertTrue($member->isPasswordExpired());
// Check the boundary conditions
@ -361,21 +371,21 @@ class MemberTest extends FunctionalTest {
public function testMemberWithNoDateFormatFallsbackToGlobalLocaleDefaultFormat() {
Config::inst()->update('i18n', 'date_format', 'yyyy-MM-dd');
Config::inst()->update('i18n', 'time_format', 'H:mm');
$member = $this->objFromFixture('Member', 'noformatmember');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember');
$this->assertEquals('yyyy-MM-dd', $member->DateFormat);
$this->assertEquals('H:mm', $member->TimeFormat);
}
public function testInGroups() {
$staffmember = $this->objFromFixture('Member', 'staffmember');
$managementmember = $this->objFromFixture('Member', 'managementmember');
$accountingmember = $this->objFromFixture('Member', 'accountingmember');
$ceomember = $this->objFromFixture('Member', 'ceomember');
$staffmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
$managementmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'managementmember');
$accountingmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'accountingmember');
$ceomember = $this->objFromFixture('SilverStripe\\Security\\Member', 'ceomember');
$staffgroup = $this->objFromFixture('Group', 'staffgroup');
$managementgroup = $this->objFromFixture('Group', 'managementgroup');
$accountinggroup = $this->objFromFixture('Group', 'accountinggroup');
$ceogroup = $this->objFromFixture('Group', 'ceogroup');
$staffgroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'staffgroup');
$managementgroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'managementgroup');
$accountinggroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'accountinggroup');
$ceogroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'ceogroup');
$this->assertTrue(
$staffmember->inGroups(array($staffgroup, $managementgroup)),
@ -392,8 +402,8 @@ class MemberTest extends FunctionalTest {
}
public function testAddToGroupByCode() {
$grouplessMember = $this->objFromFixture('Member', 'grouplessmember');
$memberlessGroup = $this->objFromFixture('Group','memberlessgroup');
$grouplessMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'grouplessmember');
$memberlessGroup = $this->objFromFixture('SilverStripe\\Security\\Group','memberlessgroup');
$this->assertFalse($grouplessMember->Groups()->exists());
$this->assertFalse($memberlessGroup->Members()->exists());
@ -406,7 +416,7 @@ class MemberTest extends FunctionalTest {
$grouplessMember->addToGroupByCode('somegroupthatwouldneverexist', 'New Group');
$this->assertEquals($grouplessMember->Groups()->Count(), 2);
$group = DataObject::get_one('Group', array(
$group = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => 'somegroupthatwouldneverexist'
));
$this->assertNotNull($group);
@ -416,8 +426,8 @@ class MemberTest extends FunctionalTest {
}
public function testRemoveFromGroupByCode() {
$grouplessMember = $this->objFromFixture('Member', 'grouplessmember');
$memberlessGroup = $this->objFromFixture('Group','memberlessgroup');
$grouplessMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'grouplessmember');
$memberlessGroup = $this->objFromFixture('SilverStripe\\Security\\Group','memberlessgroup');
$this->assertFalse($grouplessMember->Groups()->exists());
$this->assertFalse($memberlessGroup->Members()->exists());
@ -430,7 +440,7 @@ class MemberTest extends FunctionalTest {
$grouplessMember->addToGroupByCode('somegroupthatwouldneverexist', 'New Group');
$this->assertEquals($grouplessMember->Groups()->Count(), 2);
$group = DataObject::get_one('Group', "\"Code\" = 'somegroupthatwouldneverexist'");
$group = DataObject::get_one('SilverStripe\\Security\\Group', "\"Code\" = 'somegroupthatwouldneverexist'");
$this->assertNotNull($group);
$this->assertEquals($group->Code, 'somegroupthatwouldneverexist');
$this->assertEquals($group->Title, 'New Group');
@ -444,15 +454,15 @@ class MemberTest extends FunctionalTest {
}
public function testInGroup() {
$staffmember = $this->objFromFixture('Member', 'staffmember');
$managementmember = $this->objFromFixture('Member', 'managementmember');
$accountingmember = $this->objFromFixture('Member', 'accountingmember');
$ceomember = $this->objFromFixture('Member', 'ceomember');
$staffmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
$managementmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'managementmember');
$accountingmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'accountingmember');
$ceomember = $this->objFromFixture('SilverStripe\\Security\\Member', 'ceomember');
$staffgroup = $this->objFromFixture('Group', 'staffgroup');
$managementgroup = $this->objFromFixture('Group', 'managementgroup');
$accountinggroup = $this->objFromFixture('Group', 'accountinggroup');
$ceogroup = $this->objFromFixture('Group', 'ceogroup');
$staffgroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'staffgroup');
$managementgroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'managementgroup');
$accountinggroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'accountinggroup');
$ceogroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'ceogroup');
$this->assertTrue(
$staffmember->inGroup($staffgroup),
@ -501,9 +511,9 @@ class MemberTest extends FunctionalTest {
* edit and delete their own record too.
*/
public function testCanManipulateOwnRecord() {
$extensions = $this->removeExtensions(Object::get_extensions('Member'));
$member = $this->objFromFixture('Member', 'test');
$member2 = $this->objFromFixture('Member', 'staffmember');
$extensions = $this->removeExtensions(Object::get_extensions('SilverStripe\\Security\\Member'));
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
$this->session()->inst_set('loggedInAs', null);
@ -529,9 +539,9 @@ class MemberTest extends FunctionalTest {
}
public function testAuthorisedMembersCanManipulateOthersRecords() {
$extensions = $this->removeExtensions(Object::get_extensions('Member'));
$member = $this->objFromFixture('Member', 'test');
$member2 = $this->objFromFixture('Member', 'staffmember');
$extensions = $this->removeExtensions(Object::get_extensions('SilverStripe\\Security\\Member'));
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
/* Group members with SecurityAdmin permissions can manipulate other records */
$this->session()->inst_set('loggedInAs', $member->ID);
@ -544,8 +554,8 @@ class MemberTest extends FunctionalTest {
}
public function testExtendedCan() {
$extensions = $this->removeExtensions(Object::get_extensions('Member'));
$member = $this->objFromFixture('Member', 'test');
$extensions = $this->removeExtensions(Object::get_extensions('SilverStripe\\Security\\Member'));
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
/* Normal behaviour is that you can't view a member unless canView() on an extension returns true */
$this->assertFalse($member->canView());
@ -554,7 +564,7 @@ class MemberTest extends FunctionalTest {
/* Apply a extension that allows viewing in any case (most likely the case for member profiles) */
Member::add_extension('MemberTest_ViewingAllowedExtension');
$member2 = $this->objFromFixture('Member', 'staffmember');
$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
$this->assertTrue($member2->canView());
$this->assertFalse($member2->canDelete());
@ -563,7 +573,7 @@ class MemberTest extends FunctionalTest {
/* Apply a extension that denies viewing of the Member */
Member::remove_extension('MemberTest_ViewingAllowedExtension');
Member::add_extension('MemberTest_ViewingDeniedExtension');
$member3 = $this->objFromFixture('Member', 'managementmember');
$member3 = $this->objFromFixture('SilverStripe\\Security\\Member', 'managementmember');
$this->assertFalse($member3->canView());
$this->assertFalse($member3->canDelete());
@ -572,7 +582,7 @@ class MemberTest extends FunctionalTest {
/* Apply a extension that allows viewing and editing but denies deletion */
Member::remove_extension('MemberTest_ViewingDeniedExtension');
Member::add_extension('MemberTest_EditingAllowedDeletingDeniedExtension');
$member4 = $this->objFromFixture('Member', 'accountingmember');
$member4 = $this->objFromFixture('SilverStripe\\Security\\Member', 'accountingmember');
$this->assertTrue($member4->canView());
$this->assertFalse($member4->canDelete());
@ -586,7 +596,7 @@ class MemberTest extends FunctionalTest {
* Tests for {@link Member::getName()} and {@link Member::setName()}
*/
public function testName() {
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$member->setName('Test Some User');
$this->assertEquals('Test Some User', $member->getName());
$member->setName('Test');
@ -597,10 +607,10 @@ class MemberTest extends FunctionalTest {
}
public function testMembersWithSecurityAdminAccessCantEditAdminsUnlessTheyreAdminsThemselves() {
$adminMember = $this->objFromFixture('Member', 'admin');
$otherAdminMember = $this->objFromFixture('Member', 'other-admin');
$securityAdminMember = $this->objFromFixture('Member', 'test');
$ceoMember = $this->objFromFixture('Member', 'ceomember');
$adminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$otherAdminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'other-admin');
$securityAdminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$ceoMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'ceomember');
// Careful: Don't read as english language.
// More precisely this should read canBeEditedBy()
@ -615,9 +625,9 @@ class MemberTest extends FunctionalTest {
}
public function testOnChangeGroups() {
$staffGroup = $this->objFromFixture('Group', 'staffgroup');
$staffMember = $this->objFromFixture('Member', 'staffmember');
$adminMember = $this->objFromFixture('Member', 'admin');
$staffGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'staffgroup');
$staffMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
$adminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$newAdminGroup = new Group(array('Title' => 'newadmin'));
$newAdminGroup->write();
Permission::grant($newAdminGroup->ID, 'ADMIN');
@ -654,8 +664,8 @@ class MemberTest extends FunctionalTest {
* Test Member_GroupSet::add
*/
public function testOnChangeGroupsByAdd() {
$staffMember = $this->objFromFixture('Member', 'staffmember');
$adminMember = $this->objFromFixture('Member', 'admin');
$staffMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
$adminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
// Setup new admin group
$newAdminGroup = new Group(array('Title' => 'newadmin'));
@ -704,7 +714,7 @@ class MemberTest extends FunctionalTest {
* Test Member_GroupSet::add
*/
public function testOnChangeGroupsBySetIDList() {
$staffMember = $this->objFromFixture('Member', 'staffmember');
$staffMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
// Setup new admin group
$newAdminGroup = new Group(array('Title' => 'newadmin'));
@ -726,7 +736,7 @@ class MemberTest extends FunctionalTest {
public function testUpdateCMSFields() {
Member::add_extension('MemberTest_FieldsExtension');
$member = singleton('Member');
$member = singleton('SilverStripe\\Security\\Member');
$fields = $member->getCMSFields();
$this->assertNotNull($fields->dataFieldByName('Email'), 'Scaffolded fields are retained');
@ -748,11 +758,11 @@ class MemberTest extends FunctionalTest {
* Test that only admin members are returned
*/
public function testMap_in_groupsReturnsAdmins() {
$adminID = $this->objFromFixture('Group', 'admingroup')->ID;
$adminID = $this->objFromFixture('SilverStripe\\Security\\Group', 'admingroup')->ID;
$members = Member::map_in_groups($adminID)->toArray();
$admin = $this->objFromFixture('Member', 'admin');
$otherAdmin = $this->objFromFixture('Member', 'other-admin');
$admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$otherAdmin = $this->objFromFixture('SilverStripe\\Security\\Member', 'other-admin');
$this->assertTrue(in_array($admin->getTitle(), $members),
$admin->getTitle().' should be in the returned list.');
@ -822,7 +832,7 @@ class MemberTest extends FunctionalTest {
}
public function testRememberMeHashGeneration() {
$m1 = $this->objFromFixture('Member', 'grouplessmember');
$m1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'grouplessmember');
$m1->login(true);
$hashes = RememberLoginHash::get()->filter('MemberID', $m1->ID);
@ -833,9 +843,10 @@ class MemberTest extends FunctionalTest {
}
public function testRememberMeHashAutologin() {
$m1 = $this->objFromFixture('Member', 'noexpiry');
/** @var Member $m1 */
$m1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'noexpiry');
$m1->login(true);
$m1->logIn(true);
$firstHash = RememberLoginHash::get()->filter('MemberID', $m1->ID)->First();
$this->assertNotNull($firstHash);
@ -892,7 +903,7 @@ class MemberTest extends FunctionalTest {
array(
'Email' => $m1->Email,
'Password' => '1nitialPassword',
'AuthenticationMethod' => 'MemberAuthenticator',
'AuthenticationMethod' => 'SilverStripe\\Security\\MemberAuthenticator',
'action_dologin' => 'action_dologin'
),
null,
@ -907,7 +918,7 @@ class MemberTest extends FunctionalTest {
}
public function testExpiredRememberMeHashAutologin() {
$m1 = $this->objFromFixture('Member', 'noexpiry');
$m1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'noexpiry');
$m1->login(true);
$firstHash = RememberLoginHash::get()->filter('MemberID', $m1->ID)->First();
@ -962,7 +973,7 @@ class MemberTest extends FunctionalTest {
}
public function testRememberMeMultipleDevices() {
$m1 = $this->objFromFixture('Member', 'noexpiry');
$m1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'noexpiry');
// First device
$m1->login(true);
@ -1021,10 +1032,10 @@ class MemberTest extends FunctionalTest {
);
$this->assertContains($message, $response->getBody());
$logout_across_devices = Config::inst()->get('RememberLoginHash', 'logout_across_devices');
$logout_across_devices = Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'logout_across_devices');
// Logging out from the second device - only one device being logged out
Config::inst()->update('RememberLoginHash', 'logout_across_devices', false);
Config::inst()->update('SilverStripe\\Security\\RememberLoginHash', 'logout_across_devices', false);
$response = $this->get(
'Security/logout',
$this->session(),
@ -1040,7 +1051,7 @@ class MemberTest extends FunctionalTest {
);
// Logging out from any device when all login hashes should be removed
Config::inst()->update('RememberLoginHash', 'logout_across_devices', true);
Config::inst()->update('SilverStripe\\Security\\RememberLoginHash', 'logout_across_devices', true);
$m1->login(true);
$response = $this->get('Security/logout', $this->session());
$this->assertEquals(
@ -1048,14 +1059,14 @@ class MemberTest extends FunctionalTest {
0
);
Config::inst()->update('RememberLoginHash', 'logout_across_devices', $logout_across_devices);
Config::inst()->update('SilverStripe\\Security\\RememberLoginHash', 'logout_across_devices', $logout_across_devices);
}
public function testCanDelete() {
$admin1 = $this->objFromFixture('Member', 'admin');
$admin2 = $this->objFromFixture('Member', 'other-admin');
$member1 = $this->objFromFixture('Member', 'grouplessmember');
$member2 = $this->objFromFixture('Member', 'noformatmember');
$admin1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$admin2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'other-admin');
$member1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'grouplessmember');
$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember');
$this->assertTrue(
$admin1->canDelete($admin2),
@ -1083,9 +1094,9 @@ class MemberTest extends FunctionalTest {
$maxFailedLoginsAllowed = 3;
//set up the config variables to enable login lockouts
Config::nest();
Config::inst()->update('Member', 'lock_out_after_incorrect_logins', $maxFailedLoginsAllowed);
Config::inst()->update('SilverStripe\\Security\\Member', 'lock_out_after_incorrect_logins', $maxFailedLoginsAllowed);
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$failedLoginCount = $member->FailedLoginCount;
for ($i = 1; $i < $maxFailedLoginsAllowed; ++$i) {
@ -1107,9 +1118,9 @@ class MemberTest extends FunctionalTest {
public function testMemberValidator()
{
// clear custom requirements for this test
Config::inst()->update('Member_Validator', 'customRequired', null);
$memberA = $this->objFromFixture('Member', 'admin');
$memberB = $this->objFromFixture('Member', 'test');
Config::inst()->update('SilverStripe\\Security\\Member_Validator', 'customRequired', null);
$memberA = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$memberB = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
// create a blank form
$form = new MemberTest_ValidatorForm();
@ -1173,7 +1184,7 @@ class MemberTest extends FunctionalTest {
public function testMemberValidatorWithExtensions()
{
// clear custom requirements for this test
Config::inst()->update('Member_Validator', 'customRequired', null);
Config::inst()->update('SilverStripe\\Security\\Member_Validator', 'customRequired', null);
// create a blank form
$form = new MemberTest_ValidatorForm();
@ -1231,9 +1242,9 @@ class MemberTest extends FunctionalTest {
public function testCustomMemberValidator()
{
// clear custom requirements for this test
Config::inst()->update('Member_Validator', 'customRequired', null);
Config::inst()->update('SilverStripe\\Security\\Member_Validator', 'customRequired', null);
$member = $this->objFromFixture('Member', 'admin');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$form = new MemberTest_ValidatorForm();
$form->loadDataFrom($member);

View File

@ -1,51 +1,51 @@
Permission:
'SilverStripe\Security\Permission':
admin:
Code: ADMIN
security-admin:
Code: CMS_ACCESS_SecurityAdmin
Group:
'SilverStripe\Security\Group':
admingroup:
Title: Admin
Code: admin
Permissions: =>Permission.admin
Permissions: '=>SilverStripe\Security\Permission.admin'
securityadminsgroup:
Title: securityadminsgroup
Code: securityadminsgroup
Permissions: =>Permission.security-admin
Permissions: '=>SilverStripe\Security\Permission.security-admin'
staffgroup:
Title: staffgroup
Code: staffgroup
managementgroup:
Title: managementgroup
Code: managementgroup
Parent: =>Group.staffgroup
Parent: '=>SilverStripe\Security\Group.staffgroup'
accountinggroup:
Title: accountinggroup
Code: accountinggroup
Parent: =>Group.staffgroup
Parent: '=>SilverStripe\Security\Group.staffgroup'
ceogroup:
Title: ceogroup
Code: ceogroup
Parent: =>Group.managementgroup
Parent: '=>SilverStripe\Security\Group.managementgroup'
memberlessgroup:
Title: Memberless Group
code: memberless
Member:
'SilverStripe\Security\Member':
admin:
FirstName: Admin
Email: admin@silverstripe.com
Groups: =>Group.admingroup
Groups: '=>SilverStripe\Security\Group.admingroup'
other-admin:
FirstName: OtherAdmin
Email: other-admin@silverstripe.com
Groups: =>Group.admingroup
Groups: '=>SilverStripe\Security\Group.admingroup'
test:
FirstName: Test
Surname: User
Email: testuser@example.com
Password: 1nitialPassword
PasswordExpiry: 2030-01-01
Groups: =>Group.securityadminsgroup
Groups: '=>SilverStripe\Security\Group.securityadminsgroup'
expiredpassword:
FirstName: Test
Surname: User
@ -59,16 +59,16 @@ Member:
Password: 1nitialPassword
staffmember:
Email: staffmember@test.com
Groups: =>Group.staffgroup
Groups: '=>SilverStripe\Security\Group.staffgroup'
managementmember:
Email: managementmember@test.com
Groups: =>Group.managementgroup
Groups: '=>SilverStripe\Security\Group.managementgroup'
accountingmember:
Email: accountingmember@test.com
Groups: =>Group.accountinggroup
Groups: '=>SilverStripe\Security\Group.accountinggroup'
ceomember:
Email: ceomember@test.com
Groups: =>Group.ceogroup
Groups: '=>SilverStripe\Security\Group.ceogroup'
grouplessmember:
FirstName: Groupless Member
noformatmember:

View File

@ -1,4 +1,8 @@
<?php
use SilverStripe\Security\PasswordEncryptor_Blowfish;
use SilverStripe\Security\PasswordEncryptor;
class PasswordEncryptorTest extends SapphireTest {
/**
@ -19,22 +23,28 @@ class PasswordEncryptorTest extends SapphireTest {
}
public function testCreateForCode() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test'=>array('PasswordEncryptorTest_TestEncryptor'=>null)));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test' => ['PasswordEncryptorTest_TestEncryptor' => null]]
);
$e = PasswordEncryptor::create_for_algorithm('test');
$this->assertInstanceOf('PasswordEncryptorTest_TestEncryptor', $e );
}
/**
* @expectedException PasswordEncryptor_NotFoundException
* @expectedException SilverStripe\Security\PasswordEncryptor_NotFoundException
*/
public function testCreateForCodeNotFound() {
PasswordEncryptor::create_for_algorithm('unknown');
}
public function testRegister() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test'=>array('PasswordEncryptorTest_TestEncryptor'=>null)));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
array('test' => array('PasswordEncryptorTest_TestEncryptor' => null))
);
$encryptors = PasswordEncryptor::get_encryptors();
$this->assertContains('test', array_keys($encryptors));
$encryptor = $encryptors['test'];
@ -42,22 +52,31 @@ class PasswordEncryptorTest extends SapphireTest {
}
public function testUnregister() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test'=>array('PasswordEncryptorTest_TestEncryptor'=>null)));
Config::inst()->remove('PasswordEncryptor', 'encryptors', 'test');
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
array('test' => array('PasswordEncryptorTest_TestEncryptor' => null))
);
Config::inst()->remove('SilverStripe\\Security\\PasswordEncryptor', 'encryptors', 'test');
$this->assertNotContains('test', array_keys(PasswordEncryptor::get_encryptors()));
}
public function testEncryptorPHPHashWithArguments() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test_md5'=>array('PasswordEncryptor_PHPHash'=>'md5')));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_md5' => ['SilverStripe\\Security\\PasswordEncryptor_PHPHash'=>'md5']]
);
$e = PasswordEncryptor::create_for_algorithm('test_md5');
$this->assertEquals('md5', $e->getAlgorithm());
}
public function testEncryptorPHPHash() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test_sha1'=>array('PasswordEncryptor_PHPHash'=>'sha1')));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_sha1' => ['SilverStripe\\Security\\PasswordEncryptor_PHPHash' => 'sha1']]
);
$e = PasswordEncryptor::create_for_algorithm('test_sha1');
$password = 'mypassword';
$salt = 'mysalt';
@ -68,8 +87,11 @@ class PasswordEncryptorTest extends SapphireTest {
}
public function testEncryptorBlowfish() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test_blowfish'=>array('PasswordEncryptor_Blowfish'=>'')));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_blowfish' => ['SilverStripe\\Security\\PasswordEncryptor_Blowfish' => '']]
);
$e = PasswordEncryptor::create_for_algorithm('test_blowfish');
$password = 'mypassword';
@ -114,8 +136,11 @@ class PasswordEncryptorTest extends SapphireTest {
}
public function testEncryptorPHPHashCheck() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test_sha1'=>array('PasswordEncryptor_PHPHash'=>'sha1')));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_sha1' => ['SilverStripe\\Security\\PasswordEncryptor_PHPHash' => 'sha1']]
);
$e = PasswordEncryptor::create_for_algorithm('test_sha1');
$this->assertTrue($e->check(sha1('mypassword'), 'mypassword'));
$this->assertFalse($e->check(sha1('mypassword'), 'mywrongpassword'));
@ -128,8 +153,11 @@ class PasswordEncryptorTest extends SapphireTest {
* php -r "echo(base_convert(sha1('mypassword'), 16, 36));"
*/
public function testEncryptorLegacyPHPHashCheck() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test_sha1legacy'=>array('PasswordEncryptor_LegacyPHPHash'=>'sha1')));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_sha1legacy' => ['SilverStripe\\Security\\PasswordEncryptor_LegacyPHPHash' => 'sha1']]
);
$e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
// precomputed hashes for 'mypassword' from different architectures
$amdHash = 'h1fj0a6m4o6k0sosks88oo08ko4gc4s';

View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\PasswordValidator;
use SilverStripe\Security\Member;
/**
* @package framework
* @subpackage tests

View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\PermissionCheckboxSetField;
/**
* @package framework
* @subpackage tests
@ -12,7 +14,7 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
$f = new PermissionCheckboxSetField(
'Permissions',
'Permissions',
'Permission',
'SilverStripe\\Security\\Permission',
'GroupID'
);
$f->setHiddenPermissions(
@ -27,19 +29,19 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
}
public function testSaveInto() {
$group = $this->objFromFixture('Group', 'group'); // tested group
$untouchable = $this->objFromFixture('Group', 'untouchable'); // group that should not change
$group = $this->objFromFixture('SilverStripe\\Security\\Group', 'group'); // tested group
$untouchable = $this->objFromFixture('SilverStripe\\Security\\Group', 'untouchable'); // group that should not change
$field = new PermissionCheckboxSetField(
'Permissions',
'Permissions',
'Permission',
'SilverStripe\\Security\\Permission',
'GroupID',
$group
);
// get the number of permissions before we start
$baseCount = DataObject::get('Permission')->Count();
$baseCount = DataObject::get('SilverStripe\\Security\\Permission')->Count();
// there are currently no permissions, save empty checkbox
$field->saveInto($group);
@ -51,7 +53,7 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
$this->assertEquals($untouchable->Permissions()->where("\"Code\"='ADMIN'")->Count(), 1,
'The other group has ADMIN permission');
$this->assertEquals(DataObject::get('Permission')->Count(), $baseCount, 'There are no orphaned permissions');
$this->assertEquals(DataObject::get('SilverStripe\\Security\\Permission')->Count(), $baseCount, 'There are no orphaned permissions');
// add some permissions
$field->setValue(array(
@ -74,7 +76,7 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
$this->assertEquals($untouchable->Permissions()->where("\"Code\"='ADMIN'")->Count(), 1,
'The other group has ADMIN permission');
$this->assertEquals(DataObject::get('Permission')->Count(), $baseCount+2,
$this->assertEquals(DataObject::get('SilverStripe\\Security\\Permission')->Count(), $baseCount+2,
'There are no orphaned permissions');
// remove permission
@ -95,7 +97,7 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
$this->assertEquals($untouchable->Permissions()->where("\"Code\"='ADMIN'")->Count(), 1,
'The other group has ADMIN permission');
$this->assertEquals(DataObject::get('Permission')->Count(), $baseCount+1,
$this->assertEquals(DataObject::get('SilverStripe\\Security\\Permission')->Count(), $baseCount+1,
'There are no orphaned permissions');
}
}

View File

@ -1,11 +1,11 @@
Group:
'SilverStripe\Security\Group':
group:
Code: group
untouchable:
Code: untouchable
Permission:
'SilverStripe\Security\Permission':
perm1:
Code: ADMIN
Group: =>Group.untouchable
Group: '=>SilverStripe\Security\Group.untouchable'
perm2:
Code: NON-ADMIN

View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\PermissionRoleCode;
/**
* @package framework
* @subpackage tests
@ -9,13 +11,13 @@ class PermissionRoleTest extends FunctionalTest {
protected static $fixture_file = 'PermissionRoleTest.yml';
public function testDelete() {
$role = $this->objFromFixture('PermissionRole', 'role');
$role = $this->objFromFixture('SilverStripe\\Security\\PermissionRole', 'role');
$role->delete();
$this->assertEquals(0, DataObject::get('PermissionRole', "\"ID\"={$role->ID}")->count(),
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\PermissionRole', "\"ID\"={$role->ID}")->count(),
'Role is removed');
$this->assertEquals(0, DataObject::get('PermissionRoleCode',"\"RoleID\"={$role->ID}")->count(),
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\PermissionRoleCode',"\"RoleID\"={$role->ID}")->count(),
'Permissions removed along with the role');
}

View File

@ -1,7 +1,7 @@
PermissionRole:
'SilverStripe\Security\PermissionRole':
role:
Title: role
PermissionRoleCode:
'SilverStripe\Security\PermissionRoleCode':
code:
Code: ADMIN
Role: =>PermissionRole.role
Role: '=>SilverStripe\Security\PermissionRole.role'

View File

@ -1,5 +1,9 @@
<?php
use SilverStripe\Security\Permission;
use SilverStripe\Security\Member;
use SilverStripe\Security\PermissionCheckboxSetField;
/**
* @package framework
* @subpackage tests
@ -19,12 +23,12 @@ class PermissionTest extends SapphireTest {
}
public function testDirectlyAppliedPermissions() {
$member = $this->objFromFixture('Member', 'author');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'author');
$this->assertTrue(Permission::checkMember($member, "SITETREE_VIEW_ALL"));
}
public function testCMSAccess() {
$members = Member::get()->byIDs($this->allFixtureIDs('Member'));
$members = Member::get()->byIDs($this->allFixtureIDs('SilverStripe\\Security\\Member'));
foreach ($members as $member) {
$this->assertTrue(Permission::checkMember($member, 'CMS_ACCESS'));
}
@ -41,7 +45,7 @@ class PermissionTest extends SapphireTest {
public function testLeftAndMainAccessAll() {
//add user and group
$member = $this->objFromFixture('Member', 'leftandmain');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'leftandmain');
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_MyAdmin"));
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
@ -49,14 +53,14 @@ class PermissionTest extends SapphireTest {
}
public function testPermissionAreInheritedFromOneRole() {
$member = $this->objFromFixture('Member', 'author');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'author');
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_MyAdmin"));
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
$this->assertFalse(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));
}
public function testPermissionAreInheritedFromMultipleRoles() {
$member = $this->objFromFixture('Member', 'access');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'access');
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_MyAdmin"));
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));
@ -65,7 +69,7 @@ class PermissionTest extends SapphireTest {
}
public function testPermissionsForMember() {
$member = $this->objFromFixture('Member', 'access');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'access');
$permissions = Permission::permissions_for_member($member->ID);
$this->assertEquals(4, count($permissions));
$this->assertTrue(in_array('CMS_ACCESS_MyAdmin', $permissions));
@ -73,7 +77,7 @@ class PermissionTest extends SapphireTest {
$this->assertTrue(in_array('CMS_ACCESS_SecurityAdmin', $permissions));
$this->assertTrue(in_array('EDIT_PERMISSIONS', $permissions));
$group = $this->objFromFixture("Group", "access");
$group = $this->objFromFixture("SilverStripe\\Security\\Group", "access");
Permission::deny($group->ID, "CMS_ACCESS_MyAdmin");
$permissions = Permission::permissions_for_member($member->ID);
@ -82,7 +86,7 @@ class PermissionTest extends SapphireTest {
}
public function testRolesAndPermissionsFromParentGroupsAreInherited() {
$member = $this->objFromFixture('Member', 'globalauthor');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'globalauthor');
// Check that permissions applied to the group are there
$this->assertTrue(Permission::checkMember($member, "SITETREE_EDIT_ALL"));
@ -101,8 +105,8 @@ class PermissionTest extends SapphireTest {
* Ensure the the get_*_by_permission functions are permission role aware
*/
public function testGettingMembersByPermission() {
$accessMember = $this->objFromFixture('Member', 'access');
$accessAuthor = $this->objFromFixture('Member', 'author');
$accessMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'access');
$accessAuthor = $this->objFromFixture('SilverStripe\\Security\\Member', 'author');
$result = Permission::get_members_by_permission(array('CMS_ACCESS_SecurityAdmin'));
$resultIDs = $result ? $result->column() : array();
@ -114,14 +118,14 @@ class PermissionTest extends SapphireTest {
public function testHiddenPermissions(){
$permissionCheckboxSet = new PermissionCheckboxSetField('Permissions','Permissions','Permission','GroupID');
$permissionCheckboxSet = new PermissionCheckboxSetField('Permissions','Permissions','SilverStripe\\Security\\Permission','GroupID');
$this->assertContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field());
Config::inst()->update('Permission', 'hidden_permissions', array('CMS_ACCESS_LeftAndMain'));
Config::inst()->update('SilverStripe\\Security\\Permission', 'hidden_permissions', array('CMS_ACCESS_LeftAndMain'));
$this->assertNotContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field());
Config::inst()->remove('Permission', 'hidden_permissions');
Config::inst()->remove('SilverStripe\\Security\\Permission', 'hidden_permissions');
$this->assertContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field());
}

View File

@ -1,25 +1,25 @@
PermissionRole:
'SilverStripe\Security\PermissionRole':
author:
Title: Author
access:
Title: Access Administrator
PermissionRoleCode:
'SilverStripe\Security\PermissionRoleCode':
author1:
Role: =>PermissionRole.author
Role: '=>SilverStripe\Security\PermissionRole.author'
Code: CMS_ACCESS_MyAdmin
author2:
Role: =>PermissionRole.author
Role: '=>SilverStripe\Security\PermissionRole.author'
Code: CMS_ACCESS_AssetAdmin
access1:
Role: =>PermissionRole.access
Role: '=>SilverStripe\Security\PermissionRole.access'
Code: CMS_ACCESS_SecurityAdmin
access2:
Role: =>PermissionRole.access
Role: '=>SilverStripe\Security\PermissionRole.access'
Code: EDIT_PERMISSIONS
Member:
'SilverStripe\Security\Member':
author:
FirstName: Test
Surname: Author
@ -34,30 +34,30 @@ Member:
Surname: AndMain
Email: leftandmain@example.com
Group:
'SilverStripe\Security\Group':
author:
Title: Authors
Members: =>Member.author
Roles: =>PermissionRole.author
Members: '=>SilverStripe\Security\Member.author'
Roles: '=>SilverStripe\Security\PermissionRole.author'
access:
Title: Access Administrators + Authors
Members: =>Member.access
Roles: =>PermissionRole.access,=>PermissionRole.author
Members: '=>SilverStripe\Security\Member.access'
Roles: '=>SilverStripe\Security\PermissionRole.access,=>SilverStripe\Security\PermissionRole.author'
globalauthor:
Parent: =>Group.author
Parent: '=>SilverStripe\Security\Group.author'
Title: Global Authors
Members: =>Member.globalauthor
Members: '=>SilverStripe\Security\Member.globalauthor'
leftandmain:
Title: LeftAndMain
Members: =>Member.leftandmain
Members: '=>SilverStripe\Security\Member.leftandmain'
Permission:
'SilverStripe\Security\Permission':
extra1:
Code: SITETREE_VIEW_ALL
Group: =>Group.author
Group: '=>SilverStripe\Security\Group.author'
globalauthor:
Code: SITETREE_EDIT_ALL
Group: =>Group.globalauthor
Group: '=>SilverStripe\Security\Group.globalauthor'
leftandmain:
Code: CMS_ACCESS_LeftAndMain
Group: =>Group.leftandmain
Group: '=>SilverStripe\Security\Group.leftandmain'

View File

@ -1,4 +1,6 @@
<?php
use SilverStripe\Security\RandomGenerator;
/**
* @package framework
* @subpackage tests

View File

@ -1,4 +1,8 @@
<?php
use SilverStripe\Security\Security;
use SilverStripe\Security\Permission;
use SilverStripe\Security\Member;
class SecurityDefaultAdminTest extends SapphireTest {
protected $usesDatabase = true;
@ -49,7 +53,7 @@ class SecurityDefaultAdminTest extends SapphireTest {
$admin = Security::findAnAdministrator();
$this->assertInstanceOf('Member', $admin);
$this->assertInstanceOf('SilverStripe\\Security\\Member', $admin);
$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
$this->assertEquals($admin->Email, Security::default_admin_username());
$this->assertNull($admin->Password);
@ -64,7 +68,7 @@ class SecurityDefaultAdminTest extends SapphireTest {
$admin = Security::findAnAdministrator();
$this->assertInstanceOf('Member', $admin);
$this->assertInstanceOf('SilverStripe\\Security\\Member', $admin);
$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
// User should be blank
@ -78,7 +82,7 @@ class SecurityDefaultAdminTest extends SapphireTest {
$admin = Member::default_admin();
$this->assertInstanceOf('Member', $admin);
$this->assertInstanceOf('SilverStripe\\Security\\Member', $admin);
$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
$this->assertEquals($admin->Email, Security::default_admin_username());
$this->assertNull($admin->Password);

View File

@ -6,6 +6,11 @@ use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\FieldType\DBClassName;
use SilverStripe\ORM\DB;
use SilverStripe\Security\Authenticator;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
use SilverStripe\Security\Permission;
/**
@ -35,8 +40,8 @@ class SecurityTest extends FunctionalTest {
Authenticator::unregister($authenticator);
}
Authenticator::register('MemberAuthenticator');
Authenticator::set_default_authenticator('MemberAuthenticator');
Authenticator::register('SilverStripe\\Security\\MemberAuthenticator');
Authenticator::set_default_authenticator('SilverStripe\\Security\\MemberAuthenticator');
// And that the unique identified field is 'Email'
$this->priorUniqueIdentifierField = Member::config()->unique_identifier_field;
@ -50,8 +55,8 @@ class SecurityTest extends FunctionalTest {
// Restore selected authenticator
// MemberAuthenticator might not actually be present
if(!in_array('MemberAuthenticator', $this->priorAuthenticators)) {
Authenticator::unregister('MemberAuthenticator');
if(!in_array('SilverStripe\\Security\\MemberAuthenticator', $this->priorAuthenticators)) {
Authenticator::unregister('SilverStripe\\Security\\MemberAuthenticator');
}
foreach($this->priorAuthenticators as $authenticator) {
Authenticator::register($authenticator);
@ -71,7 +76,7 @@ class SecurityTest extends FunctionalTest {
$response = $this->get('SecurityTest_SecuredController');
$this->assertEquals(302, $response->getStatusCode());
$this->assertContains(
Config::inst()->get('Security', 'login_url'),
Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'),
$response->getHeader('Location')
);
@ -94,13 +99,13 @@ class SecurityTest extends FunctionalTest {
$this->assertEquals('Oops, not allowed', Session::get('Security.Message.message'));
// Test that config values are used correctly
Config::inst()->update('Security', 'default_message_set', 'stringvalue');
Config::inst()->update('SilverStripe\\Security\\Security', 'default_message_set', 'stringvalue');
Security::permissionFailure($controller);
$this->assertEquals('stringvalue', Session::get('Security.Message.message'),
'Default permission failure message value was not present');
Config::inst()->remove('Security', 'default_message_set');
Config::inst()->update('Security', 'default_message_set', array('default' => 'arrayvalue'));
Config::inst()->remove('SilverStripe\\Security\\Security', 'default_message_set');
Config::inst()->update('SilverStripe\\Security\\Security', 'default_message_set', array('default' => 'arrayvalue'));
Security::permissionFailure($controller);
$this->assertEquals('arrayvalue', Session::get('Security.Message.message'),
'Default permission failure message value was not present');
@ -110,7 +115,7 @@ class SecurityTest extends FunctionalTest {
// been fetched and output as part of it, so has been removed from the session
$this->logInWithPermission('EDITOR');
Config::inst()->update('Security', 'default_message_set',
Config::inst()->update('SilverStripe\\Security\\Security', 'default_message_set',
array('default' => 'default', 'alreadyLoggedIn' => 'You are already logged in!'));
Security::permissionFailure($controller);
$this->assertContains('You are already logged in!', $controller->getResponse()->getBody(),
@ -182,13 +187,13 @@ class SecurityTest extends FunctionalTest {
}
public function testLogInAsSomeoneElse() {
$member = DataObject::get_one('Member');
$member = DataObject::get_one('SilverStripe\\Security\\Member');
/* Log in with any user that we can find */
$this->session()->inst_set('loggedInAs', $member->ID);
/* View the Security/login page */
$response = $this->get(Config::inst()->get('Security', 'login_url'));
$response = $this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
$items = $this->cssParser()->getBySelector('#MemberLoginForm_LoginForm input.action');
@ -202,7 +207,7 @@ class SecurityTest extends FunctionalTest {
'MemberLoginForm_LoginForm',
null,
array(
'AuthenticationMethod' => 'MemberAuthenticator',
'AuthenticationMethod' => 'SilverStripe\\Security\\MemberAuthenticator',
'action_dologout' => 1,
)
);
@ -222,7 +227,7 @@ class SecurityTest extends FunctionalTest {
$this->autoFollowRedirection = true;
/* Attempt to get into the admin section */
$response = $this->get(Config::inst()->get('Security', 'login_url'));
$response = $this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
$items = $this->cssParser()->getBySelector('#MemberLoginForm_LoginForm input.text');
@ -239,7 +244,7 @@ class SecurityTest extends FunctionalTest {
// Test that username does not persist
$this->session()->inst_set('SessionForms.MemberLoginForm.Email', 'myuser@silverstripe.com');
Security::config()->remember_username = false;
$this->get(Config::inst()->get('Security', 'login_url'));
$this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
$items = $this
->cssParser()
->getBySelector('#MemberLoginForm_LoginForm #MemberLoginForm_LoginForm_Email');
@ -253,7 +258,7 @@ class SecurityTest extends FunctionalTest {
// Test that username does persist when necessary
$this->session()->inst_set('SessionForms.MemberLoginForm.Email', 'myuser@silverstripe.com');
Security::config()->remember_username = true;
$this->get(Config::inst()->get('Security', 'login_url'));
$this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
$items = $this
->cssParser()
->getBySelector('#MemberLoginForm_LoginForm #MemberLoginForm_LoginForm_Email');
@ -322,7 +327,7 @@ class SecurityTest extends FunctionalTest {
Controller::join_links(Director::absoluteBaseURL(), 'test/link'),
$goodResponse->getHeader('Location')
);
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
/* EXPIRED PASSWORDS ARE SENT TO THE CHANGE PASSWORD FORM */
$expiredResponse = $this->doTestLoginForm('expired@silverstripe.com' , '1nitialPassword');
@ -331,7 +336,7 @@ class SecurityTest extends FunctionalTest {
Controller::join_links(Director::baseURL(), 'Security/changepassword'),
$expiredResponse->getHeader('Location')
);
$this->assertEquals($this->idFromFixture('Member', 'expiredpassword'),
$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'expiredpassword'),
$this->session()->inst_get('loggedInAs'));
// Make sure it redirects correctly after the password has been changed
@ -355,7 +360,7 @@ class SecurityTest extends FunctionalTest {
Controller::join_links(Director::absoluteBaseURL(), 'test/back'),
$changedResponse->getHeader('Location')
);
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
// Check if we can login with the new password
$goodResponse = $this->doTestLoginForm('testuser@example.com' , 'changedPassword');
@ -364,11 +369,11 @@ class SecurityTest extends FunctionalTest {
Controller::join_links(Director::absoluteBaseURL(), 'test/link'),
$goodResponse->getHeader('Location')
);
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
}
public function testChangePasswordFromLostPassword() {
$admin = $this->objFromFixture('Member', 'test');
$admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$admin->FailedLoginCount = 99;
$admin->LockedOutUntil = DBDatetime::now()->Format('Y-m-d H:i:s');
$admin->write();
@ -382,7 +387,7 @@ class SecurityTest extends FunctionalTest {
$this->assertEmailSent('testuser@example.com');
// Load password link from email
$admin = DataObject::get_by_id('Member', $admin->ID);
$admin = DataObject::get_by_id('SilverStripe\\Security\\Member', $admin->ID);
$this->assertNotNull($admin->AutoLoginHash, 'Hash has been written after lost password');
// We don't have access to the token - generate a new token and hash pair.
@ -396,14 +401,14 @@ class SecurityTest extends FunctionalTest {
// Follow redirection to form without hash in GET parameter
$response = $this->get('Security/changepassword');
$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
// Check if we can login with the new password
$goodResponse = $this->doTestLoginForm('testuser@example.com' , 'changedPassword');
$this->assertEquals(302, $goodResponse->getStatusCode());
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
$admin = DataObject::get_by_id('Member', $admin->ID, false);
$admin = DataObject::get_by_id('SilverStripe\\Security\\Member', $admin->ID, false);
$this->assertNull($admin->LockedOutUntil);
$this->assertEquals(0, $admin->FailedLoginCount);
}
@ -418,7 +423,7 @@ class SecurityTest extends FunctionalTest {
// Login with a wrong password for more than the defined threshold
for($i = 1; $i <= Member::config()->lock_out_after_incorrect_logins+1; $i++) {
$this->doTestLoginForm('testuser@example.com' , 'incorrectpassword');
$member = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
$member = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'test'));
if($i < Member::config()->lock_out_after_incorrect_logins) {
$this->assertNull(
@ -454,7 +459,7 @@ class SecurityTest extends FunctionalTest {
);
// (We fake this by re-setting LockedOutUntil)
$member = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
$member = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'test'));
$member->LockedOutUntil = date('Y-m-d H:i:s', time() - 30);
$member->write();
$this->doTestLoginForm('testuser@example.com' , '1nitialPassword');
@ -499,8 +504,8 @@ class SecurityTest extends FunctionalTest {
$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword');
$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword');
$member1 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
$member2 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'noexpiry'));
$member1 = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'test'));
$member2 = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'noexpiry'));
$this->assertNull($member1->LockedOutUntil);
$this->assertNull($member2->LockedOutUntil);
@ -509,11 +514,11 @@ class SecurityTest extends FunctionalTest {
// THIS SESSION
$this->doTestLoginForm('testuser@example.com' , 'incorrectpassword');
$member1 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
$member1 = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'test'));
$this->assertNotNull($member1->LockedOutUntil);
$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword');
$member2 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'noexpiry'));
$member2 = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'noexpiry'));
$this->assertNotNull($member2->LockedOutUntil);
}
@ -522,11 +527,11 @@ class SecurityTest extends FunctionalTest {
/* UNSUCCESSFUL ATTEMPTS WITH WRONG PASSWORD FOR EXISTING USER ARE LOGGED */
$this->doTestLoginForm('testuser@example.com', 'wrongpassword');
$attempt = DataObject::get_one('LoginAttempt', array(
$attempt = DataObject::get_one('SilverStripe\\Security\\LoginAttempt', array(
'"LoginAttempt"."Email"' => 'testuser@example.com'
));
$this->assertTrue(is_object($attempt));
$member = DataObject::get_one('Member', array(
$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
'"Member"."Email"' => 'testuser@example.com'
));
$this->assertEquals($attempt->Status, 'Failure');
@ -535,7 +540,7 @@ class SecurityTest extends FunctionalTest {
/* UNSUCCESSFUL ATTEMPTS WITH NONEXISTING USER ARE LOGGED */
$this->doTestLoginForm('wronguser@silverstripe.com', 'wrongpassword');
$attempt = DataObject::get_one('LoginAttempt', array(
$attempt = DataObject::get_one('SilverStripe\\Security\\LoginAttempt', array(
'"LoginAttempt"."Email"' => 'wronguser@silverstripe.com'
));
$this->assertTrue(is_object($attempt));
@ -551,10 +556,10 @@ class SecurityTest extends FunctionalTest {
/* SUCCESSFUL ATTEMPTS ARE LOGGED */
$this->doTestLoginForm('testuser@example.com', '1nitialPassword');
$attempt = DataObject::get_one('LoginAttempt', array(
$attempt = DataObject::get_one('SilverStripe\\Security\\LoginAttempt', array(
'"LoginAttempt"."Email"' => 'testuser@example.com'
));
$member = DataObject::get_one('Member', array(
$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
'"Member"."Email"' => 'testuser@example.com'
));
$this->assertTrue(is_object($attempt));
@ -571,6 +576,7 @@ class SecurityTest extends FunctionalTest {
// Assumption: The database has been built correctly by the test runner,
// and has all columns present in the ORM
/** @skipUpgrade */
DB::get_schema()->renameField('Member', 'Email', 'Email_renamed');
// Email column is now missing, which means we're not ready to do permission checks
@ -588,9 +594,9 @@ class SecurityTest extends FunctionalTest {
* Helper method for the tests above
*/
public function doTestLoginForm($email, $password, $backURL = 'test/link') {
$this->get(Config::inst()->get('Security', 'logout_url'));
$this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'logout_url'));
$this->session()->inst_set('BackURL', $backURL);
$this->get(Config::inst()->get('Security', 'login_url'));
$this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
return $this->submitForm(
"MemberLoginForm_LoginForm",
@ -598,7 +604,7 @@ class SecurityTest extends FunctionalTest {
array(
'Email' => $email,
'Password' => $password,
'AuthenticationMethod' => 'MemberAuthenticator',
'AuthenticationMethod' => 'SilverStripe\\Security\\MemberAuthenticator',
'action_dologin' => 1,
)
);

View File

@ -1,4 +1,6 @@
<?php
use SilverStripe\Security\SecurityToken;
/**
* @package framework
* @subpackage tests
@ -41,7 +43,7 @@ class SecurityTokenTest extends SapphireTest {
public function testInst() {
$inst1 = SecurityToken::inst();
$this->assertInstanceOf('SecurityToken', $inst1);
$this->assertInstanceOf('SilverStripe\\Security\\SecurityToken', $inst1);
}
public function testInstReturnsSingleton() {

View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
/**
* @package framework
* @subpackage tests
@ -15,7 +17,7 @@ class EncryptAllPasswordsTaskTest extends SapphireTest {
$t = new EncryptAllPasswordsTask();
$t->run(null);
$m = DataObject::get_by_id('Member', $m->ID);
$m = DataObject::get_by_id('SilverStripe\\Security\\Member', $m->ID);
$this->assertEquals($m->PasswordEncryption, 'blowfish');
$this->assertNotEquals($m->Password, 'plain');
$result = $m->checkPassword('plain');

View File

@ -2,6 +2,10 @@
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
use SilverStripe\Security\SecurityToken;
use SilverStripe\Security\Permission;
class SSViewerTest extends SapphireTest {

View File

@ -2,6 +2,8 @@
use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\Security\Permission;
/**