From 1739d9932ae20c6cf57df38a6b9754dba917cbe1 Mon Sep 17 00:00:00 2001 From: Sam Minnee Date: Fri, 31 Aug 2007 00:31:49 +0000 Subject: [PATCH] Added EDIT_PERMISSIONS permission code for SecurityAdmin Added LeftAndMain::alternateAccessCheck() / alternateMenuDisplayCheck() so that subsite could hook a new security model into the admin Added support for Group::alternateTreeTitle() to allow subsites to put *s before global groups git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@41098 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- code/LeftAndMain.php | 29 +++++++++++++++++++++++------ code/SecurityAdmin.php | 12 ++++++++++-- 2 files changed, 33 insertions(+), 8 deletions(-) diff --git a/code/LeftAndMain.php b/code/LeftAndMain.php index 096784d1..5b4dd46a 100644 --- a/code/LeftAndMain.php +++ b/code/LeftAndMain.php @@ -14,18 +14,27 @@ abstract class LeftAndMain extends Controller { parent::init(); - // Security check for LeftAndMain sub-class permissions - if(!Permission::check("CMS_ACCESS_$this->class")) { - // When access /admin/, we should try a redirect to another part of the admin rather than a - if($this->class == 'CMSMain') { + // Allow customisation of the access check by a decorator + if($this->hasMethod('alternateAccessCheck')) { + $isAllowed = $this->alternateAccessCheck(); + + // Default security check for LeftAndMain sub-class permissions + } else { + $isAllowed = Permission::check("CMS_ACCESS_$this->class"); + if(!$isAllowed && $this->class == 'CMSMain') { + // When access /admin/, we should try a redirect to another part of the admin rather than be locked out $menu = $this->MainMenu(); if(($first = $menu->First()) && $first->Link) { Director::redirect($first->Link); - return; } } + } + // Don't continue if there's already been a redirection request. + if(Director::redirected_to()) return; + // Access failure! + if(!$isAllowed) { $messageSet = array( 'default' => "Enter your email address and password to access the CMS.", 'alreadyLoggedIn' => "I'm sorry, but you can't access that part of the CMS. If you want to log in as someone else, do so below", @@ -213,7 +222,15 @@ abstract class LeftAndMain extends Controller { $itemsWithPermission = 0; foreach($menuSrc as $title => $menuItem) { if(is_numeric($title) && isset($menuItem['title'])) $title = $menuItem['title']; - if(!isset($menuItem[2]) || Permission::check("CMS_ACCESS_$menuItem[2]")) { + + if(isset($menuItem[2])) { + if($this->hasMethod('alternateMenuDisplayCheck')) $isAllowed = $this->alternateMenuDisplayCheck($menuItem[2]); + else $isAllowed = Permission::check("CMS_ACCESS_" . $menuItem[2]); + } else { + $isAllowed = true; + } + + if($isAllowed) { // Count up the number of items that have specific permission settings if(isset($menuItem[2])) $itemsWithPermission++; diff --git a/code/SecurityAdmin.php b/code/SecurityAdmin.php index f03e34ca..aef8fab8 100644 --- a/code/SecurityAdmin.php +++ b/code/SecurityAdmin.php @@ -1,6 +1,6 @@ removeFieldFromTab('Root', 'Permissions'); + $memberList->setController($this); $fields->push($idField = new HiddenField("ID")); @@ -220,7 +222,7 @@ class SecurityAdmin extends LeftAndMain { $siteTree = $obj->getChildrenAsUL("", ' "
  • ID\" class=\"$child->class " . ($child->Locked ? " nodelete" : "") . ' . ' ($extraArg->isCurrentPage($child) ? " current" : "") . "\">" . ' . - ' "ID) . "\" >" . $child->Title . "" ',$this); + ' "ID) . "\" >" . $child->TreeTitle() . "" ',$this); $siteTree = "