ENHANCEMENT Creating default "Content Authors" group with limited rights if no other groups exist.

MINOR Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords(). MINOR Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords() git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100799 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 12:05:37 +00:00 · 2010-03-10 05:11:05 +00:00 · 2010-03-10 05:11:05 +00:00 · e7806f28cf
commit e7806f28cf
parent 54720e62e6
4 changed files with 68 additions and 46 deletions
--- a/security/Group.php
+++ b/security/Group.php
@ -450,6 +450,44 @@ class Group extends DataObject {
 		}
 		return false;
 	}
 	/**
 	 * Add default records to database.
 	 *
 	 * This function is called whenever the database is built, after the
 	 * database tables have all been created.
 	 */
 	public function requireDefaultRecords() {
 		parent::requireDefaultRecords();
 		// Add default author group if no other group exists
 		$allGroups = DataObject::get('Group');
 		if(!$allGroups) {
 			$authorGroup = new Group();
 			$authorGroup->Code = 'content-authors';
 			$authorGroup->Title = _t('Group.DefaultGroupTitleContentAuthors', 'Content Authors');
 			$authorGroup->Sort = 1;
 			$authorGroup->write();
 			Permission::grant($authorGroup->ID, 'CMS_ACCESS_CMSMain');
 			Permission::grant($authorGroup->ID, 'CMS_ACCESS_AssetAdmin');
 			Permission::grant($authorGroup->ID, 'CMS_ACCESS_CommentAdmin');
 			Permission::grant($authorGroup->ID, 'CMS_ACCESS_ReportAdmin');
 			Permission::grant($authorGroup->ID, 'SITETREE_REORGANISE');
 		}
 		// Add default admin group if none with permission code ADMIN exists
 		$adminGroups = Permission::get_groups_by_permission('ADMIN');
 		if(!$adminGroups) {
 			$adminGroup = new Group();
 			$adminGroup->Code = 'administrators';
 			$adminGroup->Title = _t('Group.DefaultGroupTitleAdministrators', 'Administrators');
 			$adminGroup->Sort = 0;
 			$adminGroup->write();
 			Permission::grant($adminGroup->ID, 'ADMIN');
 		}		
 		// Members are populated through Member->requireDefaultRecords()
 	}
 }
 ?>
--- a/security/Member.php
+++ b/security/Member.php
@ -115,6 +115,32 @@ class Member extends DataObject {
 		parent::populateDefaults();
 		$this->Locale = i18n::get_locale();
 	}
 	function requireDefaultRecords() {
 		// Default groups should've been built by Group->requireDefaultRecords() already
 		// Find or create ADMIN group
 		$adminGroups = Permission::get_groups_by_permission('ADMIN');
 		if($adminGroups) {
 			singleton('Group')->requireDefaultRecords();
 			$adminGroups = Permission::get_groups_by_permission('ADMIN');
 			$adminGroup = $adminGroups->First();
 		} else {
 			$adminGroup = $adminGroups->First();
 		}
 		// Add a default administrator to the first ADMIN group found (most likely the default
 		// group created through Group->requireDefaultRecords()).
 		$admins = Permission::get_members_by_permission('ADMIN');
 		if(!$admins) {
 			// Leave 'Email' and 'Password' are not set to avoid creating
 			// persistent logins in the database. See Security::setDefaultAdmin().
 			$admin = Object::create('Member');
 			$admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
 			$admin->write();
 			$admin->Groups()->add($adminGroup);
 		}		
 	}
 	/**
 	 * If this is called, then a session cookie will be set to "1" whenever a user
--- a/security/Permission.php
+++ b/security/Permission.php
@ -370,41 +370,6 @@ class Permission extends DataObject {
 		return $perm;
 	}
 	/**
 	 * Add default records to database.
 	 *
 	 * This function is called whenever the database is built, after the
 	 * database tables have all been created.
 	 */
 	public function requireDefaultRecords() {
 		parent::requireDefaultRecords();
 		// Add default content if blank
 		if(!DB::query("SELECT \"ID\" FROM \"Permission\"")->value() && array_key_exists('CanCMSAdmin', DB::fieldList('Group'))) {
 			$admins = DB::query("SELECT \"ID\" FROM \"Group\" WHERE \"CanCMSAdmin\" = 1")
 				->column();
 			if(isset($admins)) {
 				foreach($admins as $admin)
 					Permission::grant($admin, "ADMIN");
 			}
 			$authors = DB::query("SELECT \"ID\" FROM \"Group\" WHERE \"CanCMS\" = 1")
 				->column();
 			if(isset($authors)) {
 				foreach($authors as $author) {
 					Permission::grant($author, "CMS_ACCESS_CMSMain");
 					Permission::grant($author, "CMS_ACCESS_AssetAdmin");
 					Permission::grant($author, "CMS_ACCESS_NewsletterAdmin");
 					Permission::grant($author, "CMS_ACCESS_ReportAdmin");
 				}
 			}
 		}
 	}
 	/**
 	 * Returns all members for a specific permission.
 	 * 
--- a/security/Security.php
+++ b/security/Security.php
@ -644,20 +644,13 @@ class Security extends Controller {
 		}
 		if(!$adminGroup) {
-			$adminGroup = Object::create('Group');
+			singleton('Group')->requireDefaultRecords();
 			$adminGroup->Title = 'Administrators';
 			$adminGroup->Code = "administrators";
 			$adminGroup->write();
 			Permission::grant($adminGroup->ID, "ADMIN");
 		}
 		if(!isset($member)) {
-			// Leave 'Email' and 'Password' are not set to avoid creating
+			singleton('Member')->requireDefaultRecords();
-			// persistent logins in the database. See Security::setDefaultAdmin().
+			$members = Permission::get_members_by_permission('ADMIN');
-			$member = Object::create('Member');
+			$member = $members->First();
 			$member->FirstName = 'Default Admin';
 			$member->write();
 			$member->Groups()->add($adminGroup);
 		}
 		return $member;