mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
ENHANCEMENT Creating default "Content Authors" group with limited rights if no other groups exist.
MINOR Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords(). MINOR Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords() git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100799 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
54720e62e6
commit
e7806f28cf
@ -450,6 +450,44 @@ class Group extends DataObject {
|
|||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add default records to database.
|
||||||
|
*
|
||||||
|
* This function is called whenever the database is built, after the
|
||||||
|
* database tables have all been created.
|
||||||
|
*/
|
||||||
|
public function requireDefaultRecords() {
|
||||||
|
parent::requireDefaultRecords();
|
||||||
|
|
||||||
|
// Add default author group if no other group exists
|
||||||
|
$allGroups = DataObject::get('Group');
|
||||||
|
if(!$allGroups) {
|
||||||
|
$authorGroup = new Group();
|
||||||
|
$authorGroup->Code = 'content-authors';
|
||||||
|
$authorGroup->Title = _t('Group.DefaultGroupTitleContentAuthors', 'Content Authors');
|
||||||
|
$authorGroup->Sort = 1;
|
||||||
|
$authorGroup->write();
|
||||||
|
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CMSMain');
|
||||||
|
Permission::grant($authorGroup->ID, 'CMS_ACCESS_AssetAdmin');
|
||||||
|
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CommentAdmin');
|
||||||
|
Permission::grant($authorGroup->ID, 'CMS_ACCESS_ReportAdmin');
|
||||||
|
Permission::grant($authorGroup->ID, 'SITETREE_REORGANISE');
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add default admin group if none with permission code ADMIN exists
|
||||||
|
$adminGroups = Permission::get_groups_by_permission('ADMIN');
|
||||||
|
if(!$adminGroups) {
|
||||||
|
$adminGroup = new Group();
|
||||||
|
$adminGroup->Code = 'administrators';
|
||||||
|
$adminGroup->Title = _t('Group.DefaultGroupTitleAdministrators', 'Administrators');
|
||||||
|
$adminGroup->Sort = 0;
|
||||||
|
$adminGroup->write();
|
||||||
|
Permission::grant($adminGroup->ID, 'ADMIN');
|
||||||
|
}
|
||||||
|
|
||||||
|
// Members are populated through Member->requireDefaultRecords()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
@ -116,6 +116,32 @@ class Member extends DataObject {
|
|||||||
$this->Locale = i18n::get_locale();
|
$this->Locale = i18n::get_locale();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function requireDefaultRecords() {
|
||||||
|
// Default groups should've been built by Group->requireDefaultRecords() already
|
||||||
|
|
||||||
|
// Find or create ADMIN group
|
||||||
|
$adminGroups = Permission::get_groups_by_permission('ADMIN');
|
||||||
|
if($adminGroups) {
|
||||||
|
singleton('Group')->requireDefaultRecords();
|
||||||
|
$adminGroups = Permission::get_groups_by_permission('ADMIN');
|
||||||
|
$adminGroup = $adminGroups->First();
|
||||||
|
} else {
|
||||||
|
$adminGroup = $adminGroups->First();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add a default administrator to the first ADMIN group found (most likely the default
|
||||||
|
// group created through Group->requireDefaultRecords()).
|
||||||
|
$admins = Permission::get_members_by_permission('ADMIN');
|
||||||
|
if(!$admins) {
|
||||||
|
// Leave 'Email' and 'Password' are not set to avoid creating
|
||||||
|
// persistent logins in the database. See Security::setDefaultAdmin().
|
||||||
|
$admin = Object::create('Member');
|
||||||
|
$admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
|
||||||
|
$admin->write();
|
||||||
|
$admin->Groups()->add($adminGroup);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* If this is called, then a session cookie will be set to "1" whenever a user
|
* If this is called, then a session cookie will be set to "1" whenever a user
|
||||||
* logs in. This lets 3rd party tools, such as apache's mod_rewrite, detect
|
* logs in. This lets 3rd party tools, such as apache's mod_rewrite, detect
|
||||||
|
@ -370,41 +370,6 @@ class Permission extends DataObject {
|
|||||||
return $perm;
|
return $perm;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Add default records to database.
|
|
||||||
*
|
|
||||||
* This function is called whenever the database is built, after the
|
|
||||||
* database tables have all been created.
|
|
||||||
*/
|
|
||||||
public function requireDefaultRecords() {
|
|
||||||
parent::requireDefaultRecords();
|
|
||||||
|
|
||||||
// Add default content if blank
|
|
||||||
if(!DB::query("SELECT \"ID\" FROM \"Permission\"")->value() && array_key_exists('CanCMSAdmin', DB::fieldList('Group'))) {
|
|
||||||
$admins = DB::query("SELECT \"ID\" FROM \"Group\" WHERE \"CanCMSAdmin\" = 1")
|
|
||||||
->column();
|
|
||||||
|
|
||||||
if(isset($admins)) {
|
|
||||||
foreach($admins as $admin)
|
|
||||||
Permission::grant($admin, "ADMIN");
|
|
||||||
}
|
|
||||||
|
|
||||||
$authors = DB::query("SELECT \"ID\" FROM \"Group\" WHERE \"CanCMS\" = 1")
|
|
||||||
->column();
|
|
||||||
if(isset($authors)) {
|
|
||||||
foreach($authors as $author) {
|
|
||||||
Permission::grant($author, "CMS_ACCESS_CMSMain");
|
|
||||||
Permission::grant($author, "CMS_ACCESS_AssetAdmin");
|
|
||||||
Permission::grant($author, "CMS_ACCESS_NewsletterAdmin");
|
|
||||||
Permission::grant($author, "CMS_ACCESS_ReportAdmin");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns all members for a specific permission.
|
* Returns all members for a specific permission.
|
||||||
*
|
*
|
||||||
|
@ -644,20 +644,13 @@ class Security extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(!$adminGroup) {
|
if(!$adminGroup) {
|
||||||
$adminGroup = Object::create('Group');
|
singleton('Group')->requireDefaultRecords();
|
||||||
$adminGroup->Title = 'Administrators';
|
|
||||||
$adminGroup->Code = "administrators";
|
|
||||||
$adminGroup->write();
|
|
||||||
Permission::grant($adminGroup->ID, "ADMIN");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!isset($member)) {
|
if(!isset($member)) {
|
||||||
// Leave 'Email' and 'Password' are not set to avoid creating
|
singleton('Member')->requireDefaultRecords();
|
||||||
// persistent logins in the database. See Security::setDefaultAdmin().
|
$members = Permission::get_members_by_permission('ADMIN');
|
||||||
$member = Object::create('Member');
|
$member = $members->First();
|
||||||
$member->FirstName = 'Default Admin';
|
|
||||||
$member->write();
|
|
||||||
$member->Groups()->add($adminGroup);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return $member;
|
return $member;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user