mirror of
https://github.com/silverstripe/silverstripe-reports
synced 2024-10-06 16:18:56 +02:00
ENHANCEMENT Enforcing Member->can*() and Group->can*() permissions in SecurityAdmin
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@71330 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
06a007f394
commit
173c495afe
@ -63,6 +63,11 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
|||||||
$form = new Form($this, "EditForm", $fields, $actions);
|
$form = new Form($this, "EditForm", $fields, $actions);
|
||||||
$form->loadDataFrom($record);
|
$form->loadDataFrom($record);
|
||||||
|
|
||||||
|
if(!$record->canEdit()) {
|
||||||
|
$readonlyFields = $form->Fields()->makeReadonly();
|
||||||
|
$form->setFields($readonlyFields);
|
||||||
|
}
|
||||||
|
|
||||||
return $form;
|
return $form;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -90,6 +95,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
|||||||
if($matches) {
|
if($matches) {
|
||||||
$result .= "<ul>";
|
$result .= "<ul>";
|
||||||
foreach($matches as $match) {
|
foreach($matches as $match) {
|
||||||
|
if(!$match->canView()) continue;
|
||||||
|
|
||||||
$data = $match->FirstName;
|
$data = $match->FirstName;
|
||||||
$data .= ",$match->Surname";
|
$data .= ",$match->Surname";
|
||||||
@ -131,6 +137,11 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
|||||||
$idField->setValue($id);
|
$idField->setValue($id);
|
||||||
$groupIDField->setValue($this->currentPageID());
|
$groupIDField->setValue($this->currentPageID());
|
||||||
|
|
||||||
|
if($record && !$record->canEdit()) {
|
||||||
|
$readonlyFields = $form->Fields()->makeReadonly();
|
||||||
|
$form->setFields($readonlyFields);
|
||||||
|
}
|
||||||
|
|
||||||
return $form;
|
return $form;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -144,7 +155,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
|||||||
|
|
||||||
if($id) {
|
if($id) {
|
||||||
$record = DataObject::get_one($className, "\"$className\".\"ID\" = $id");
|
$record = DataObject::get_one($className, "\"$className\".\"ID\" = $id");
|
||||||
|
if($record && !$record->canEdit()) return Security::permissionFailure($this);
|
||||||
} else {
|
} else {
|
||||||
|
if(!singleton($this->stat('subitem_class'))->canCreate()) return Security::permissionFailure($this);
|
||||||
$record = new $className();
|
$record = new $className();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -164,6 +177,8 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
|||||||
unset($data['ID']);
|
unset($data['ID']);
|
||||||
if($className == null) $className = $this->stat('subitem_class');
|
if($className == null) $className = $this->stat('subitem_class');
|
||||||
|
|
||||||
|
if(!singleton($this->stat('subitem_class'))->canCreate()) return Security::permissionFailure($this);
|
||||||
|
|
||||||
$record = new $className();
|
$record = new $className();
|
||||||
|
|
||||||
$record->update($data);
|
$record->update($data);
|
||||||
@ -181,6 +196,8 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
|||||||
$memberID = $this->urlParams['OtherID'];
|
$memberID = $this->urlParams['OtherID'];
|
||||||
if(is_numeric($groupID) && is_numeric($memberID)) {
|
if(is_numeric($groupID) && is_numeric($memberID)) {
|
||||||
$member = DataObject::get_by_id('Member', (int) $memberID);
|
$member = DataObject::get_by_id('Member', (int) $memberID);
|
||||||
|
if(!$member->canDelete()) return Security::permissionFailure($this);
|
||||||
|
|
||||||
$member->Groups()->remove($groupID);
|
$member->Groups()->remove($groupID);
|
||||||
FormResponse::add("reloadMemberTableField();");
|
FormResponse::add("reloadMemberTableField();");
|
||||||
} else {
|
} else {
|
||||||
@ -213,6 +230,8 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function addgroup() {
|
public function addgroup() {
|
||||||
|
if(!singleton($this->stat('tree_class'))->canCreate()) return Security::permissionFailure($this);
|
||||||
|
|
||||||
$newGroup = Object::create($this->stat('tree_class'));
|
$newGroup = Object::create($this->stat('tree_class'));
|
||||||
$newGroup->Title = _t('SecurityAdmin.NEWGROUP',"New Group");
|
$newGroup->Title = _t('SecurityAdmin.NEWGROUP',"New Group");
|
||||||
$newGroup->Code = "new-group";
|
$newGroup->Code = "new-group";
|
||||||
|
Loading…
Reference in New Issue
Block a user