ENHANCEMENT Creating default "Content Authors" group with limited rights if no other groups exist.

MINOR Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords().
MINOR Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100799 467b73ca-7a2a-4603-9d3b-597d59a354a9

security/Group.php

@@ -450,6 +450,44 @@ class Group extends DataObject {
 		}
 		return false;
 	}
+	
+	/**
+	 * Add default records to database.
+	 *
+	 * This function is called whenever the database is built, after the
+	 * database tables have all been created.
+	 */
+	public function requireDefaultRecords() {
+		parent::requireDefaultRecords();
+		
+		// Add default author group if no other group exists
+		$allGroups = DataObject::get('Group');
+		if(!$allGroups) {
+			$authorGroup = new Group();
+			$authorGroup->Code = 'content-authors';
+			$authorGroup->Title = _t('Group.DefaultGroupTitleContentAuthors', 'Content Authors');
+			$authorGroup->Sort = 1;
+			$authorGroup->write();
+			Permission::grant($authorGroup->ID, 'CMS_ACCESS_CMSMain');
+			Permission::grant($authorGroup->ID, 'CMS_ACCESS_AssetAdmin');
+			Permission::grant($authorGroup->ID, 'CMS_ACCESS_CommentAdmin');
+			Permission::grant($authorGroup->ID, 'CMS_ACCESS_ReportAdmin');
+			Permission::grant($authorGroup->ID, 'SITETREE_REORGANISE');
+		}
+	
+		// Add default admin group if none with permission code ADMIN exists
+		$adminGroups = Permission::get_groups_by_permission('ADMIN');
+		if(!$adminGroups) {
+			$adminGroup = new Group();
+			$adminGroup->Code = 'administrators';
+			$adminGroup->Title = _t('Group.DefaultGroupTitleAdministrators', 'Administrators');
+			$adminGroup->Sort = 0;
+			$adminGroup->write();
+			Permission::grant($adminGroup->ID, 'ADMIN');
+		}		
+		
+		// Members are populated through Member->requireDefaultRecords()
+	}
 }
 	
 ?>

security/Member.php

@@ -115,6 +115,32 @@ class Member extends DataObject {
 		parent::populateDefaults();
 		$this->Locale = i18n::get_locale();
 	}
+	
+	function requireDefaultRecords() {
+		// Default groups should've been built by Group->requireDefaultRecords() already
+		
+		// Find or create ADMIN group
+		$adminGroups = Permission::get_groups_by_permission('ADMIN');
+		if($adminGroups) {
+			singleton('Group')->requireDefaultRecords();
+			$adminGroups = Permission::get_groups_by_permission('ADMIN');
+			$adminGroup = $adminGroups->First();
+		} else {
+			$adminGroup = $adminGroups->First();
+		}
+		
+		// Add a default administrator to the first ADMIN group found (most likely the default
+		// group created through Group->requireDefaultRecords()).
+		$admins = Permission::get_members_by_permission('ADMIN');
+		if(!$admins) {
+			// Leave 'Email' and 'Password' are not set to avoid creating
+			// persistent logins in the database. See Security::setDefaultAdmin().
+			$admin = Object::create('Member');
+			$admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
+			$admin->write();
+			$admin->Groups()->add($adminGroup);
+		}		
+	}
 
 	/**
 	 * If this is called, then a session cookie will be set to "1" whenever a user

security/Permission.php

@@ -370,41 +370,6 @@ class Permission extends DataObject {
 		return $perm;
 	}
 
-
-	/**
-	 * Add default records to database.
-	 *
-	 * This function is called whenever the database is built, after the
-	 * database tables have all been created.
-	 */
-	public function requireDefaultRecords() {
-		parent::requireDefaultRecords();
-
-		// Add default content if blank
-		if(!DB::query("SELECT \"ID\" FROM \"Permission\"")->value() && array_key_exists('CanCMSAdmin', DB::fieldList('Group'))) {
-			$admins = DB::query("SELECT \"ID\" FROM \"Group\" WHERE \"CanCMSAdmin\" = 1")
-				->column();
-
-			if(isset($admins)) {
-				foreach($admins as $admin)
-					Permission::grant($admin, "ADMIN");
-			}
-
-			$authors = DB::query("SELECT \"ID\" FROM \"Group\" WHERE \"CanCMS\" = 1")
-				->column();
-			if(isset($authors)) {
-				foreach($authors as $author) {
-					Permission::grant($author, "CMS_ACCESS_CMSMain");
-					Permission::grant($author, "CMS_ACCESS_AssetAdmin");
-					Permission::grant($author, "CMS_ACCESS_NewsletterAdmin");
-					Permission::grant($author, "CMS_ACCESS_ReportAdmin");
-				}
-			}
-
-		}
-	}
-
-
 	/**
 	 * Returns all members for a specific permission.
 	 * 

security/Security.php

@@ -644,20 +644,13 @@ class Security extends Controller {
 		}
 
 		if(!$adminGroup) {
-			$adminGroup = Object::create('Group');
-			$adminGroup->Title = 'Administrators';
-			$adminGroup->Code = "administrators";
-			$adminGroup->write();
-			Permission::grant($adminGroup->ID, "ADMIN");
+			singleton('Group')->requireDefaultRecords();
 		}
 		
 		if(!isset($member)) {
-			// Leave 'Email' and 'Password' are not set to avoid creating
-			// persistent logins in the database. See Security::setDefaultAdmin().
-			$member = Object::create('Member');
-			$member->FirstName = 'Default Admin';
-			$member->write();
-			$member->Groups()->add($adminGroup);
+			singleton('Member')->requireDefaultRecords();
+			$members = Permission::get_members_by_permission('ADMIN');
+			$member = $members->First();
 		}
 
 		return $member;