2007-07-19 12:40:05 +02:00
|
|
|
<?php
|
2008-02-25 03:10:37 +01:00
|
|
|
/**
|
|
|
|
* Security section of the CMS
|
|
|
|
* @package cms
|
|
|
|
* @subpackage security
|
|
|
|
*/
|
2007-08-31 02:31:49 +02:00
|
|
|
class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
2008-10-08 01:27:07 +02:00
|
|
|
|
2008-11-02 22:27:55 +01:00
|
|
|
static $url_segment = 'security';
|
|
|
|
|
|
|
|
static $url_rule = '/$Action/$ID/$OtherID';
|
|
|
|
|
|
|
|
static $menu_title = 'Security';
|
|
|
|
|
2008-10-08 01:27:07 +02:00
|
|
|
static $tree_class = 'Group';
|
|
|
|
|
|
|
|
static $subitem_class = 'Member';
|
2008-02-25 03:10:37 +01:00
|
|
|
|
|
|
|
static $allowed_actions = array(
|
|
|
|
'addmember',
|
|
|
|
'autocomplete',
|
|
|
|
'removememberfromgroup',
|
|
|
|
'savemember',
|
2008-08-09 05:54:55 +02:00
|
|
|
'AddRecordForm',
|
2009-02-03 04:46:15 +01:00
|
|
|
'MemberForm',
|
2009-11-21 04:16:38 +01:00
|
|
|
'EditForm',
|
2010-02-11 00:06:31 +01:00
|
|
|
'MemberImportForm',
|
2010-02-11 00:06:35 +01:00
|
|
|
'memberimport',
|
|
|
|
'GroupImportForm',
|
|
|
|
'groupimport',
|
2008-02-25 03:10:37 +01:00
|
|
|
);
|
2007-07-19 12:40:05 +02:00
|
|
|
|
2009-11-21 06:24:43 +01:00
|
|
|
/**
|
|
|
|
* @var Array
|
|
|
|
*/
|
|
|
|
static $hidden_permissions = array();
|
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
public function init() {
|
|
|
|
parent::init();
|
|
|
|
|
2009-11-21 04:20:17 +01:00
|
|
|
Requirements::javascript(CMS_DIR . '/javascript/SecurityAdmin.js');
|
|
|
|
Requirements::javascript(CMS_DIR . '/javascript/SecurityAdmin.Tree.js');
|
|
|
|
|
|
|
|
CMSBatchActionHandler::register('delete', 'SecurityAdmin_DeleteBatchAction', 'Group');
|
|
|
|
}
|
|
|
|
|
|
|
|
function getEditForm($id = null) {
|
|
|
|
$form = parent::getEditForm($id);
|
2010-02-11 00:06:35 +01:00
|
|
|
|
|
|
|
if($id && is_numeric($id)) {
|
|
|
|
$fields = $form->Fields();
|
2010-02-11 00:06:31 +01:00
|
|
|
|
2010-02-11 00:06:35 +01:00
|
|
|
if($fields->hasTabSet()) {
|
|
|
|
$fields->findOrMakeTab('Root.Import',_t('Group.IMPORTTABTITLE', 'Import'));
|
|
|
|
$fields->addFieldToTab('Root.Import',
|
|
|
|
new LiteralField(
|
|
|
|
'MemberImportFormIframe',
|
|
|
|
sprintf(
|
|
|
|
'<iframe src="%s" id="MemberImportFormIframe" width="100%%" height="400px" border="0"></iframe>',
|
|
|
|
$this->Link('memberimport')
|
|
|
|
)
|
2010-02-11 00:06:31 +01:00
|
|
|
)
|
2010-02-11 00:06:35 +01:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
$form->Actions()->insertBefore(
|
|
|
|
new FormAction('addmember',_t('SecurityAdmin.ADDMEMBER','Add Member')),
|
|
|
|
'action_save'
|
2010-02-11 00:06:31 +01:00
|
|
|
);
|
2010-02-11 00:06:35 +01:00
|
|
|
|
|
|
|
// Filter permissions
|
|
|
|
$permissionField = $form->Fields()->dataFieldByName('Permissions');
|
|
|
|
if($permissionField) $permissionField->setHiddenPermissions(self::$hidden_permissions);
|
2010-02-11 00:06:31 +01:00
|
|
|
}
|
|
|
|
|
2010-02-11 00:06:35 +01:00
|
|
|
return $form;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @return FieldSet
|
|
|
|
*/
|
|
|
|
function RootForm() {
|
|
|
|
$fields = new FieldSet(
|
|
|
|
new TabSet(
|
|
|
|
'Root',
|
|
|
|
new Tab('Import', _t('SecurityAdmin.TABIMPORT', 'Import'),
|
|
|
|
new LiteralField(
|
|
|
|
'GroupImportFormIframe',
|
|
|
|
sprintf(
|
|
|
|
'<iframe src="%s" id="GroupImportFormIframe" width="100%%" height="400px" border="0"></iframe>',
|
|
|
|
$this->Link('groupimport')
|
|
|
|
)
|
|
|
|
)
|
|
|
|
)
|
|
|
|
),
|
|
|
|
// necessary for tree node selection in LeftAndMain.EditForm.js
|
|
|
|
new HiddenField('ID', false, 0)
|
2009-11-21 04:20:17 +01:00
|
|
|
);
|
2010-02-11 00:06:35 +01:00
|
|
|
$actions = new FieldSet();
|
2009-04-29 03:44:28 +02:00
|
|
|
|
2010-02-11 00:06:35 +01:00
|
|
|
$form = new Form(
|
|
|
|
$this,
|
|
|
|
'Form',
|
|
|
|
$fields,
|
|
|
|
$actions
|
|
|
|
);
|
|
|
|
|
2009-11-21 04:20:17 +01:00
|
|
|
return $form;
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
2010-02-11 00:06:31 +01:00
|
|
|
|
|
|
|
public function memberimport() {
|
|
|
|
Requirements::clear();
|
|
|
|
Requirements::css(SAPPHIRE_DIR . '/css/Form.css');
|
|
|
|
Requirements::css(CMS_DIR . '/css/typography.css');
|
|
|
|
Requirements::css(CMS_DIR . '/css/cms_right.css');
|
|
|
|
|
|
|
|
Requirements::javascript(CMS_DIR . '/javascript/MemberImportForm.js');
|
|
|
|
|
|
|
|
return $this->renderWith('BlankPage', array(
|
|
|
|
'Form' => $this->MemberImportForm()
|
|
|
|
));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @see SecurityAdmin_MemberImportForm
|
|
|
|
*
|
|
|
|
* @return Form
|
|
|
|
*/
|
|
|
|
public function MemberImportForm() {
|
|
|
|
$group = $this->currentPage();
|
|
|
|
$form = new MemberImportForm(
|
|
|
|
$this,
|
|
|
|
'MemberImportForm'
|
|
|
|
);
|
|
|
|
$form->setGroup($group);
|
|
|
|
|
|
|
|
return $form;
|
|
|
|
}
|
2010-02-11 00:06:35 +01:00
|
|
|
|
|
|
|
public function groupimport() {
|
|
|
|
Requirements::clear();
|
|
|
|
Requirements::css(SAPPHIRE_DIR . '/css/Form.css');
|
|
|
|
Requirements::css(CMS_DIR . '/css/typography.css');
|
|
|
|
Requirements::css(CMS_DIR . '/css/cms_right.css');
|
|
|
|
|
|
|
|
Requirements::javascript(CMS_DIR . '/javascript/MemberImportForm.js');
|
|
|
|
|
|
|
|
return $this->renderWith('BlankPage', array(
|
|
|
|
'Form' => $this->GroupImportForm()
|
|
|
|
));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @see SecurityAdmin_MemberImportForm
|
|
|
|
*
|
|
|
|
* @return Form
|
|
|
|
*/
|
|
|
|
public function GroupImportForm() {
|
|
|
|
$form = new GroupImportForm(
|
|
|
|
$this,
|
|
|
|
'GroupImportForm'
|
|
|
|
);
|
|
|
|
|
|
|
|
return $form;
|
|
|
|
}
|
2007-07-19 12:40:05 +02:00
|
|
|
|
|
|
|
public function AddRecordForm() {
|
2008-08-10 23:41:10 +02:00
|
|
|
$m = Object::create('MemberTableField',
|
2007-07-19 12:40:05 +02:00
|
|
|
$this,
|
2007-09-14 21:40:56 +02:00
|
|
|
"Members",
|
2007-07-19 12:40:05 +02:00
|
|
|
$this->currentPageID()
|
|
|
|
);
|
|
|
|
return $m->AddRecordForm();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Ajax autocompletion
|
|
|
|
*/
|
|
|
|
public function autocomplete() {
|
|
|
|
$fieldName = $this->urlParams['ID'];
|
|
|
|
$fieldVal = $_REQUEST[$fieldName];
|
2008-02-25 03:10:37 +01:00
|
|
|
$result = '';
|
2009-07-17 04:23:57 +02:00
|
|
|
|
2008-12-04 23:38:58 +01:00
|
|
|
// Make sure we only autocomplete on keys that actually exist, and that we don't autocomplete on password
|
2009-07-17 04:23:57 +02:00
|
|
|
if(!singleton($this->stat('subitem_class'))->hasDatabaseField($fieldName) || $fieldName == 'Password') return;
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2008-12-04 23:38:58 +01:00
|
|
|
$matches = DataObject::get($this->stat('subitem_class'),"\"$fieldName\" LIKE '" . Convert::raw2sql($fieldVal) . "%'");
|
2007-07-19 12:40:05 +02:00
|
|
|
if($matches) {
|
|
|
|
$result .= "<ul>";
|
|
|
|
foreach($matches as $match) {
|
2009-02-04 00:34:14 +01:00
|
|
|
if(!$match->canView()) continue;
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
$data = $match->FirstName;
|
|
|
|
$data .= ",$match->Surname";
|
|
|
|
$data .= ",$match->Email";
|
|
|
|
$result .= "<li>" . $match->$fieldName . "<span class=\"informal\">($match->FirstName $match->Surname, $match->Email)</span><span class=\"informal data\">$data</span></li>";
|
|
|
|
}
|
|
|
|
$result .= "</ul>";
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function MemberForm() {
|
|
|
|
$id = $_REQUEST['ID'] ? $_REQUEST['ID'] : Session::get('currentMember');
|
2009-02-03 03:50:25 +01:00
|
|
|
if($id) return $this->getMemberForm($id);
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
public function getMemberForm($id) {
|
2009-02-03 03:50:25 +01:00
|
|
|
if($id && $id != 'new') $record = DataObject::get_by_id('Member', (int) $id);
|
2007-07-19 12:40:05 +02:00
|
|
|
if($record || $id == 'new') {
|
|
|
|
$fields = new FieldSet(
|
|
|
|
new HiddenField('MemberListBaseGroup', '', $this->currentPageID() )
|
|
|
|
);
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2009-02-03 03:50:25 +01:00
|
|
|
if($extraFields = $record->getCMSFields()) {
|
|
|
|
foreach($extraFields as $extra) {
|
2007-07-19 12:40:05 +02:00
|
|
|
$fields->push( $extra );
|
2009-02-03 03:50:25 +01:00
|
|
|
}
|
|
|
|
}
|
2007-07-19 12:40:05 +02:00
|
|
|
|
2009-02-03 03:50:25 +01:00
|
|
|
$fields->push($idField = new HiddenField('ID'));
|
|
|
|
$fields->push($groupIDField = new HiddenField('GroupID'));
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
$actions = new FieldSet();
|
2009-02-03 03:50:25 +01:00
|
|
|
$actions->push(new FormAction('savemember', _t('SecurityAdmin.SAVE')));
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2009-02-03 03:50:25 +01:00
|
|
|
$form = new Form($this, 'MemberForm', $fields, $actions);
|
2007-07-19 12:40:05 +02:00
|
|
|
if($record) $form->loadDataFrom($record);
|
|
|
|
|
|
|
|
$idField->setValue($id);
|
|
|
|
$groupIDField->setValue($this->currentPageID());
|
2009-02-04 00:34:14 +01:00
|
|
|
|
|
|
|
if($record && !$record->canEdit()) {
|
|
|
|
$readonlyFields = $form->Fields()->makeReadonly();
|
|
|
|
$form->setFields($readonlyFields);
|
|
|
|
}
|
2007-07-19 12:40:05 +02:00
|
|
|
|
|
|
|
return $form;
|
|
|
|
}
|
|
|
|
}
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
function savemember() {
|
|
|
|
$data = $_REQUEST;
|
|
|
|
$className = $this->stat('subitem_class');
|
|
|
|
|
|
|
|
$id = $_REQUEST['ID'];
|
|
|
|
if($id == 'new') $id = null;
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
if($id) {
|
2009-03-17 23:20:03 +01:00
|
|
|
$record = DataObject::get_by_id($className, $id);
|
2009-02-04 00:34:14 +01:00
|
|
|
if($record && !$record->canEdit()) return Security::permissionFailure($this);
|
2007-07-19 12:40:05 +02:00
|
|
|
} else {
|
2009-02-04 00:34:14 +01:00
|
|
|
if(!singleton($this->stat('subitem_class'))->canCreate()) return Security::permissionFailure($this);
|
2007-07-19 12:40:05 +02:00
|
|
|
$record = new $className();
|
|
|
|
}
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
$record->update($data);
|
|
|
|
$record->ID = $id;
|
|
|
|
$record->write();
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
$record->Groups()->add($data['GroupID']);
|
|
|
|
|
|
|
|
FormResponse::add("reloadMemberTableField();");
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
return FormResponse::respond();
|
|
|
|
}
|
|
|
|
|
|
|
|
function addmember($className=null) {
|
|
|
|
$data = $_REQUEST;
|
|
|
|
unset($data['ID']);
|
2009-02-03 03:50:25 +01:00
|
|
|
if($className == null) $className = $this->stat('subitem_class');
|
|
|
|
|
2009-02-04 00:34:14 +01:00
|
|
|
if(!singleton($this->stat('subitem_class'))->canCreate()) return Security::permissionFailure($this);
|
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
$record = new $className();
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
$record->update($data);
|
|
|
|
$record->write();
|
2009-02-03 03:50:25 +01:00
|
|
|
|
2009-03-17 23:20:03 +01:00
|
|
|
if($data['GroupID']) $record->Groups()->add((int)$data['GroupID']);
|
2007-07-19 12:40:05 +02:00
|
|
|
|
|
|
|
FormResponse::add("reloadMemberTableField();");
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
return FormResponse::respond();
|
|
|
|
}
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
public function removememberfromgroup() {
|
|
|
|
$groupID = $this->urlParams['ID'];
|
|
|
|
$memberID = $this->urlParams['OtherID'];
|
|
|
|
if(is_numeric($groupID) && is_numeric($memberID)) {
|
2009-02-03 03:50:25 +01:00
|
|
|
$member = DataObject::get_by_id('Member', (int) $memberID);
|
2009-04-29 03:44:28 +02:00
|
|
|
|
2009-02-04 00:34:14 +01:00
|
|
|
if(!$member->canDelete()) return Security::permissionFailure($this);
|
2009-04-29 03:44:28 +02:00
|
|
|
|
2009-03-17 23:20:03 +01:00
|
|
|
$member->Groups()->remove((int)$groupID);
|
2009-04-29 03:44:28 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
FormResponse::add("reloadMemberTableField();");
|
|
|
|
} else {
|
|
|
|
user_error("SecurityAdmin::removememberfromgroup: Bad parameters: Group=$groupID, Member=$memberID", E_USER_ERROR);
|
|
|
|
}
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
return FormResponse::respond();
|
|
|
|
}
|
2009-11-21 04:16:38 +01:00
|
|
|
|
2009-11-21 04:21:03 +01:00
|
|
|
function getSiteTreeFor($className, $rootID = null, $childrenMethod = null, $filterFunction = null, $minNodeCount = 30) {
|
|
|
|
if (!$childrenMethod) $childrenMethod = 'stageChildren';
|
|
|
|
return parent::getSiteTreeFor($className, $rootID, $childrenMethod, $filterFunction, $minNodeCount);
|
|
|
|
}
|
|
|
|
|
2009-11-21 04:21:00 +01:00
|
|
|
function getCMSTreeTitle() {
|
|
|
|
return _t('SecurityAdmin.SGROUPS', 'Security Groups');
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-07-19 12:40:05 +02:00
|
|
|
public function EditedMember() {
|
2009-02-03 03:50:25 +01:00
|
|
|
if(Session::get('currentMember')) return DataObject::get_by_id('Member', (int) Session::get('currentMember'));
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
2007-09-14 21:40:56 +02:00
|
|
|
|
2007-08-31 02:31:49 +02:00
|
|
|
function providePermissions() {
|
|
|
|
return array(
|
2009-10-29 01:55:20 +01:00
|
|
|
'EDIT_PERMISSIONS' => array(
|
|
|
|
'name' => _t('SecurityAdmin.EDITPERMISSIONS', 'Manage permissions for groups'),
|
2009-10-30 02:43:34 +01:00
|
|
|
'category' => _t('Permissions.PERMISSIONS_CATEGORY', 'Roles and access permissions'),
|
|
|
|
'help' => _t('SecurityAdmin.EDITPERMISSIONS_HELP', 'Ability to edit Permissions and IP Addresses for a group. Requires "Access to Security".'),
|
2009-10-29 01:55:20 +01:00
|
|
|
'sort' => 0
|
2009-10-29 22:36:13 +01:00
|
|
|
),
|
|
|
|
'APPLY_ROLES' => array(
|
|
|
|
'name' => _t('SecurityAdmin.APPLY_ROLES', 'Apply roles to groups'),
|
2009-10-30 02:43:34 +01:00
|
|
|
'category' => _t('Permissions.PERMISSIONS_CATEGORY', 'Roles and access permissions'),
|
|
|
|
'help' => _t('SecurityAdmin.APPLY_ROLES_HELP', 'Ability to edit the roles assigned to a group. Requires "Access to Security.".'),
|
2009-10-29 22:36:13 +01:00
|
|
|
'sort' => 0
|
2009-10-29 01:55:20 +01:00
|
|
|
)
|
2007-08-31 02:31:49 +02:00
|
|
|
);
|
|
|
|
}
|
2009-11-21 03:01:21 +01:00
|
|
|
|
|
|
|
/**
|
2009-11-21 06:24:43 +01:00
|
|
|
* The permissions represented in the $codes will not appearing in the form
|
|
|
|
* containing {@link PermissionCheckboxSetField} so as not to be checked / unchecked.
|
|
|
|
*
|
|
|
|
* @param $codes String|Array
|
2009-11-21 03:01:21 +01:00
|
|
|
*/
|
2009-11-21 06:24:43 +01:00
|
|
|
static function add_hidden_permission($codes){
|
|
|
|
if(is_string($codes)) $codes = array($codes);
|
2009-12-16 06:54:23 +01:00
|
|
|
self::$hidden_permissions = array_merge(self::$hidden_permissions, $codes);
|
2009-11-21 06:24:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param $codes String|Array
|
|
|
|
*/
|
|
|
|
static function remove_hidden_permission($codes){
|
|
|
|
if(is_string($codes)) $codes = array($codes);
|
|
|
|
self::$hidden_permissions = array_diff(self::$hidden_permissions, $codes);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @return Array
|
|
|
|
*/
|
|
|
|
static function get_hidden_permissions(){
|
|
|
|
return self::$hidden_permissions;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Clear all permissions previously hidden with {@link add_hidden_permission}
|
|
|
|
*/
|
|
|
|
static function clear_hidden_permissions(){
|
|
|
|
self::$hidden_permissions = array();
|
2009-11-21 03:01:21 +01:00
|
|
|
}
|
2007-07-19 12:40:05 +02:00
|
|
|
}
|
|
|
|
|
2009-11-21 04:20:17 +01:00
|
|
|
/**
|
|
|
|
* Delete multiple {@link Group} records. Usually used through the {@link SecurityAdmin} interface.
|
|
|
|
*
|
|
|
|
* @package cms
|
|
|
|
* @subpackage batchactions
|
|
|
|
*/
|
|
|
|
class SecurityAdmin_DeleteBatchAction extends CMSBatchAction {
|
|
|
|
function getActionTitle() {
|
|
|
|
return _t('AssetAdmin_DeleteBatchAction.TITLE', 'Delete groups');
|
|
|
|
}
|
|
|
|
|
|
|
|
function run(DataObjectSet $records) {
|
|
|
|
$status = array(
|
|
|
|
'modified'=>array(),
|
|
|
|
'deleted'=>array()
|
|
|
|
);
|
|
|
|
|
|
|
|
foreach($records as $record) {
|
|
|
|
// TODO Provide better feedback if permission was denied
|
|
|
|
if(!$record->canDelete()) continue;
|
|
|
|
|
|
|
|
$id = $record->ID;
|
|
|
|
$record->delete();
|
|
|
|
$status['deleted'][$id] = array();
|
|
|
|
$record->destroy();
|
|
|
|
unset($record);
|
|
|
|
}
|
|
|
|
|
|
|
|
return Convert::raw2json($status);
|
|
|
|
}
|
|
|
|
}
|
2009-02-03 04:46:15 +01:00
|
|
|
?>
|