mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
fd7f2eb469
SecurityAdmin, to be consistent with Members and Groups grid instantiation. MINOR Removing comments referring to CTF
279 lines
8.4 KiB
PHP
Executable File
279 lines
8.4 KiB
PHP
Executable File
<?php
|
|
/**
|
|
* Security section of the CMS
|
|
* @package cms
|
|
* @subpackage security
|
|
*/
|
|
class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
|
|
|
static $url_segment = 'security';
|
|
|
|
static $url_rule = '/$Action/$ID/$OtherID';
|
|
|
|
static $menu_title = 'Users';
|
|
|
|
static $tree_class = 'Group';
|
|
|
|
static $subitem_class = 'Member';
|
|
|
|
static $allowed_actions = array(
|
|
'EditForm',
|
|
'MemberImportForm',
|
|
'memberimport',
|
|
'GroupImportForm',
|
|
'groupimport',
|
|
);
|
|
|
|
/**
|
|
* @var Array
|
|
*/
|
|
static $hidden_permissions = array();
|
|
|
|
public function init() {
|
|
parent::init();
|
|
Requirements::javascript(SAPPHIRE_ADMIN_DIR . '/javascript/SecurityAdmin.js');
|
|
}
|
|
|
|
public function getEditForm($id = null, $fields = null) {
|
|
// TODO Duplicate record fetching (see parent implementation)
|
|
if(!$id) $id = $this->currentPageID();
|
|
$form = parent::getEditForm($id);
|
|
|
|
// TODO Duplicate record fetching (see parent implementation)
|
|
$record = $this->getRecord($id);
|
|
if($record && !$record->canView()) return Security::permissionFailure($this);
|
|
|
|
$memberList = Object::create('GridField',
|
|
'Members',
|
|
false,
|
|
DataList::create('Member'),
|
|
$memberListConfig = GridFieldConfig_RecordEditor::create()
|
|
->addComponent(new GridFieldExportButton())
|
|
)->addExtraClass("members_grid");
|
|
$memberListConfig->getComponentByType('GridFieldDetailForm')->setValidator(new Member_Validator());
|
|
|
|
$groupList = Object::create('GridField',
|
|
'Groups',
|
|
false,
|
|
DataList::create('Group'),
|
|
GridFieldConfig_RecordEditor::create()
|
|
)->setDisplayFields(array(
|
|
'Breadcrumbs' => singleton('Group')->fieldLabel('Title')
|
|
));
|
|
|
|
|
|
$fields = new FieldList(
|
|
$root = new TabSet(
|
|
'Root',
|
|
new Tab('Users', _t('SecurityAdmin.Users', 'Users'),
|
|
$memberList,
|
|
new LiteralField('MembersCautionText',
|
|
sprintf('<p class="caution-remove"><strong>%s</strong></p>',
|
|
_t(
|
|
'SecurityAdmin.MemberListCaution',
|
|
'Caution: Removing members from this list will remove them from all groups and the database'
|
|
)
|
|
)
|
|
),
|
|
new HeaderField(_t('SecurityAdmin.IMPORTUSERS', 'Import users'), 3),
|
|
new LiteralField(
|
|
'MemberImportFormIframe',
|
|
sprintf(
|
|
'<iframe src="%s" id="MemberImportFormIframe" width="100%%" height="250px" border="0"></iframe>',
|
|
$this->Link('memberimport')
|
|
)
|
|
)
|
|
),
|
|
new Tab('Groups', singleton('Group')->plural_name(),
|
|
$groupList,
|
|
new HeaderField(_t('SecurityAdmin.IMPORTGROUPS', 'Import groups'), 3),
|
|
new LiteralField(
|
|
'GroupImportFormIframe',
|
|
sprintf(
|
|
'<iframe src="%s" id="GroupImportFormIframe" width="100%%" height="250px" border="0"></iframe>',
|
|
$this->Link('groupimport')
|
|
)
|
|
)
|
|
)
|
|
),
|
|
// necessary for tree node selection in LeftAndMain.EditForm.js
|
|
new HiddenField('ID', false, 0)
|
|
);
|
|
|
|
$root->setTemplate('CMSTabSet');
|
|
|
|
// Add roles editing interface
|
|
if(Permission::check('APPLY_ROLES')) {
|
|
$rolesField = Object::create('GridField',
|
|
'Roles',
|
|
false,
|
|
DataList::create('PermissionRole'),
|
|
GridFieldConfig_RecordEditor::create()
|
|
);
|
|
|
|
$rolesTab = $fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.TABROLES', 'Roles'));
|
|
$rolesTab->push($rolesField);
|
|
}
|
|
|
|
$actions = new FieldList();
|
|
|
|
$form = new Form(
|
|
$this,
|
|
'EditForm',
|
|
$fields,
|
|
$actions
|
|
);
|
|
$form->addExtraClass('cms-edit-form');
|
|
$form->setTemplate($this->getTemplatesWithSuffix('_EditForm'));
|
|
if($form->Fields()->hasTabset()) $form->Fields()->findOrMakeTab('Root')->setTemplate('CMSTabSet');
|
|
$form->addExtraClass('center ss-tabset ' . $this->BaseCSSClasses());
|
|
|
|
$this->extend('updateEditForm', $form);
|
|
|
|
return $form;
|
|
}
|
|
|
|
public function memberimport() {
|
|
Requirements::clear();
|
|
Requirements::css(SAPPHIRE_ADMIN_DIR . '/css/screen.css');
|
|
Requirements::javascript(THIRDPARTY_DIR . '/jquery/jquery.js');
|
|
Requirements::javascript(THIRDPARTY_DIR . '/jquery-livequery/jquery.livequery.js');
|
|
Requirements::css(SAPPHIRE_ADMIN_DIR . '/css/MemberImportForm.css');
|
|
Requirements::javascript(SAPPHIRE_DIR . '/thirdparty/jquery-entwine/dist/jquery.entwine-dist.js');
|
|
Requirements::javascript(SAPPHIRE_ADMIN_DIR . '/javascript/MemberImportForm.js');
|
|
|
|
return $this->renderWith('BlankPage', array(
|
|
'Form' => $this->MemberImportForm(),
|
|
'Content' => ' '
|
|
));
|
|
}
|
|
|
|
/**
|
|
* @see SecurityAdmin_MemberImportForm
|
|
*
|
|
* @return Form
|
|
*/
|
|
public function MemberImportForm() {
|
|
$group = $this->currentPage();
|
|
$form = new MemberImportForm(
|
|
$this,
|
|
'MemberImportForm'
|
|
);
|
|
$form->setGroup($group);
|
|
|
|
return $form;
|
|
}
|
|
|
|
public function groupimport() {
|
|
Requirements::clear();
|
|
Requirements::css(SAPPHIRE_ADMIN_DIR . '/css/screen.css');
|
|
Requirements::javascript(THIRDPARTY_DIR . '/jquery/jquery.js');
|
|
Requirements::javascript(THIRDPARTY_DIR . '/jquery-livequery/jquery.livequery.js');
|
|
Requirements::css(SAPPHIRE_ADMIN_DIR . '/css/MemberImportForm.css');
|
|
Requirements::javascript(SAPPHIRE_DIR . '/thirdparty/jquery-entwine/dist/jquery.entwine-dist.js');
|
|
Requirements::javascript(SAPPHIRE_ADMIN_DIR . '/javascript/MemberImportForm.js');
|
|
|
|
return $this->renderWith('BlankPage', array(
|
|
'Content' => ' ',
|
|
'Form' => $this->GroupImportForm()
|
|
));
|
|
}
|
|
|
|
/**
|
|
* @see SecurityAdmin_MemberImportForm
|
|
*
|
|
* @return Form
|
|
*/
|
|
public function GroupImportForm() {
|
|
$form = new GroupImportForm(
|
|
$this,
|
|
'GroupImportForm'
|
|
);
|
|
|
|
return $form;
|
|
}
|
|
|
|
public function Breadcrumbs($unlinked = false) {
|
|
$crumbs = parent::Breadcrumbs($unlinked);
|
|
|
|
// Name root breadcrumb based on which record is edited,
|
|
// which can only be determined by looking for the fieldname of the GridField.
|
|
// Note: Titles should be same titles as tabs in RootForm().
|
|
$params = $this->request->allParams();
|
|
if(isset($params['FieldName'])) {
|
|
if($params['FieldName'] == 'Groups') {
|
|
$crumbs->First()->Title = singleton('Group')->plural_name();
|
|
} elseif($params['FieldName'] == 'Users') {
|
|
$crumbs->First()->Title = _t('SecurityAdmin.Users', 'Users');
|
|
} elseif($params['FieldName'] == 'Roles') {
|
|
$crumbs->First()->Title = _t('SecurityAdmin.TABROLES', 'Roles');
|
|
}
|
|
} else {
|
|
// Avoid writing "Users" (the controller menu title) as a breadcrumb
|
|
// because its confusing and inaccurate.
|
|
$crumbs = new ArrayList();
|
|
}
|
|
|
|
return $crumbs;
|
|
}
|
|
|
|
function providePermissions() {
|
|
$title = _t("SecurityAdmin.MENUTITLE", LeftAndMain::menu_title_for_class($this->class));
|
|
return array(
|
|
"CMS_ACCESS_SecurityAdmin" => array(
|
|
'name' => sprintf(_t('CMSMain.ACCESS', "Access to '%s' section"), $title),
|
|
'category' => _t('Permission.CMS_ACCESS_CATEGORY', 'CMS Access'),
|
|
'help' => _t(
|
|
'SecurityAdmin.ACCESS_HELP',
|
|
'Allow viewing, adding and editing users, as well as assigning permissions and roles to them.'
|
|
)
|
|
),
|
|
'EDIT_PERMISSIONS' => array(
|
|
'name' => _t('SecurityAdmin.EDITPERMISSIONS', 'Manage permissions for groups'),
|
|
'category' => _t('Permissions.PERMISSIONS_CATEGORY', 'Roles and access permissions'),
|
|
'help' => _t('SecurityAdmin.EDITPERMISSIONS_HELP', 'Ability to edit Permissions and IP Addresses for a group. Requires the "Access to \'Security\' section" permission.'),
|
|
'sort' => 0
|
|
),
|
|
'APPLY_ROLES' => array(
|
|
'name' => _t('SecurityAdmin.APPLY_ROLES', 'Apply roles to groups'),
|
|
'category' => _t('Permissions.PERMISSIONS_CATEGORY', 'Roles and access permissions'),
|
|
'help' => _t('SecurityAdmin.APPLY_ROLES_HELP', 'Ability to edit the roles assigned to a group. Requires the "Access to \'Users\' section" permission.'),
|
|
'sort' => 0
|
|
)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* The permissions represented in the $codes will not appearing in the form
|
|
* containing {@link PermissionCheckboxSetField} so as not to be checked / unchecked.
|
|
*
|
|
* @param $codes String|Array
|
|
*/
|
|
static function add_hidden_permission($codes){
|
|
if(is_string($codes)) $codes = array($codes);
|
|
self::$hidden_permissions = array_merge(self::$hidden_permissions, $codes);
|
|
}
|
|
|
|
/**
|
|
* @param $codes String|Array
|
|
*/
|
|
static function remove_hidden_permission($codes){
|
|
if(is_string($codes)) $codes = array($codes);
|
|
self::$hidden_permissions = array_diff(self::$hidden_permissions, $codes);
|
|
}
|
|
|
|
/**
|
|
* @return Array
|
|
*/
|
|
static function get_hidden_permissions(){
|
|
return self::$hidden_permissions;
|
|
}
|
|
|
|
/**
|
|
* Clear all permissions previously hidden with {@link add_hidden_permission}
|
|
*/
|
|
static function clear_hidden_permissions(){
|
|
self::$hidden_permissions = array();
|
|
}
|
|
}
|