tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
60333f68ee
silverstripe-framework/security/PermissionRoleCode.php
Sean Harvey 6fc9db6f0e API DataObject::validate() visibility changed to public (issue #1659) 
DataObject::validate() is currently set to protected, but this means
you can't call validate() from outside the context of itself unless
you overload the method to use a public visibility and then call
parent::validate()

As it would turn out, most classes that overload this method already
set the visibility to public, so it would make sense the parent matches
that as well.
2013-12-19 16:36:39 +13:00

51 lines
1.2 KiB
PHP
Raw Blame History

<?php
/**
* A PermissionRoleCode represents a single permission code assigned to a {@link PermissionRole}.
*
* @package framework
* @subpackage security
*/
class PermissionRoleCode extends DataObject {
private static $db = array(
"Code" => "Varchar",
);
private static $has_one = array(
"Role" => "PermissionRole",
);
public function validate() {
$result = parent::validate();
// Check that new code doesn't increase privileges, unless an admin is editing.
$privilegedCodes = Config::inst()->get('Permission', 'privileged_permissions');
if(
$this->Code
&& in_array($this->Code, $privilegedCodes)
&& !Permission::check('ADMIN')
) {
$result->error(sprintf(
_t(
'PermissionRoleCode.PermsError',
'Can\'t assign code "%s" with privileged permissions (requires ADMIN access)'
),
$this->Code
));
}
return $result;
}
public function canCreate($member = null) {
return Permission::check('APPLY_ROLES', 'any', $member);
}
public function canEdit($member = null) {
return Permission::check('APPLY_ROLES', 'any', $member);
}
public function canDelete($member = null) {
return Permission::check('APPLY_ROLES', 'any', $member);
}
}
Reference in New Issue View Git Blame Copy Permalink