<?php class SecurityAdmin extends LeftAndMain { static $tree_class = "Group"; static $subitem_class = "Member"; public function init() { // Check permissions // if(!Member::currentUser() || !Member::currentUser()->isAdmin()) Security::permissionFailure($this); parent::init(); Requirements::javascript("jsparty/hover.js"); Requirements::javascript("jsparty/scriptaculous/controls.js"); // needed for MemberTableField (Requirements not determined before Ajax-Call) Requirements::javascript("sapphire/javascript/TableListField.js"); Requirements::javascript("sapphire/javascript/TableField.js"); Requirements::javascript("sapphire/javascript/ComplexTableField.js"); Requirements::javascript("cms/javascript/MemberTableField.js"); Requirements::css("jsparty/greybox/greybox.css"); Requirements::css("sapphire/css/ComplexTableField.css"); Requirements::javascript("cms/javascript/SecurityAdmin.js"); Requirements::javascript("cms/javascript/SecurityAdmin_left.js"); Requirements::javascript("cms/javascript/SecurityAdmin_right.js"); Requirements::javascript("jsparty/greybox/AmiJS.js"); Requirements::javascript("jsparty/greybox/greybox.js"); } public function getEditForm($id) { $record = DataObject::get_by_id("Group", $id); if($record) { $fields = new FieldSet( new TabSet("Root", new Tab("Members", new TextField("Title", "Group name"), $memberList = new MemberTableField( $this, "Members", $record ) ), new Tab("Permissions", new LiteralField("", "<p>This section is for advanced users only. See <a href=\"http://doc.silverstripe.com/doku.php?id=permissions:codes\" target=\"_blank\">this page</a> for more information.</p>"), new TableField( "Permissions", "Permission", array("Code" => "Code", "Arg" => "Optional ID"), array("Code" => "PermissionDropdownField", "Arg" => "TextField"), "GroupID", $id ) ) ) ); $memberList->setController($this); $fields->push($idField = new HiddenField("ID")); $idField->setValue($id); $actions = new FieldSet( new FormAction('addmember','Add Member') ); $actions->push(new FormAction('save','Save')); $form = new Form($this, "EditForm", $fields, $actions); $form->loadDataFrom($record); return $form; } } public function AddRecordForm() { $m = new MemberTableField( $this, "Members", $this->currentPageID() ); return $m->AddRecordForm(); } /** * Ajax autocompletion */ public function autocomplete() { $fieldName = $this->urlParams['ID']; $fieldVal = $_REQUEST[$fieldName]; $matches = DataObject::get("Member","$fieldName LIKE '" . addslashes($fieldVal) . "%'"); if($matches) { $result .= "<ul>"; foreach($matches as $match) { $data = $match->FirstName; $data .= ",$match->Surname"; $data .= ",$match->Email"; $data .= ",$match->Password"; $result .= "<li>" . $match->$fieldName . "<span class=\"informal\">($match->FirstName $match->Surname, $match->Email)</span><span class=\"informal data\">$data</span></li>"; } $result .= "</ul>"; return $result; } } public function getmember() { Session::set('currentMember', $_REQUEST['ID']); SSViewer::setOption('rewriteHashlinks', false); $result = $this->renderWith($this->class . "_rightbottom"); $parts = split('</?form[^>]*>', $result); echo $parts[1]; } public function MemberForm() { $id = $_REQUEST['ID'] ? $_REQUEST['ID'] : Session::get('currentMember'); if($id) return $this->getMemberForm($id); } public function getMemberForm($id) { if($id && $id != 'new') $record = DataObject::get_one("Member", "`Member`.ID = $id"); if($record || $id == 'new') { $fields = new FieldSet( new HiddenField('MemberListBaseGroup', '', $this->currentPageID() ) ); if( $extraFields = $record->getCMSFields() ) foreach( $extraFields as $extra ) $fields->push( $extra ); $fields->push($idField = new HiddenField("ID")); $fields->push($groupIDField = new HiddenField("GroupID")); $actions = new FieldSet(); $actions->push(new FormAction('savemember','Save')); $form = new Form($this, "MemberForm", $fields, $actions); if($record) $form->loadDataFrom($record); $idField->setValue($id); $groupIDField->setValue($this->currentPageID()); return $form; } } function savemember() { $data = $_REQUEST; $className = $this->stat('subitem_class'); $id = $_REQUEST['ID']; if($id == 'new') $id = null; if($id) { $record = DataObject::get_one($className, "`$className`.ID = $id"); } else { $record = new $className(); } $record->update($data); $record->ID = $id; $record->write(); $record->Groups()->add($data['GroupID']); FormResponse::add("reloadMemberTableField();"); return FormResponse::respond(); } function addmember($className=null) { $data = $_REQUEST; unset($data['ID']); if($className == null); $className = $this->stat('subitem_class'); $record = new $className(); $record->update($data); $record->write(); if($data['GroupID']) $record->Groups()->add($data['GroupID']); FormResponse::add("reloadMemberTableField();"); return FormResponse::respond(); } public function removememberfromgroup() { $groupID = $this->urlParams['ID']; $memberID = $this->urlParams['OtherID']; if(is_numeric($groupID) && is_numeric($memberID)) { $member = DataObject::get_by_id('Member', $memberID); $member->Groups()->remove($groupID); FormResponse::add("reloadMemberTableField();"); } else { user_error("SecurityAdmin::removememberfromgroup: Bad parameters: Group=$groupID, Member=$memberID", E_USER_ERROR); } return FormResponse::respond(); } /** * Return the entire site tree as a nested set of ULs */ public function SiteTreeAsUL() { $className = "Group"; $obj = singleton($className); // getChildrenAsUL is a flexible and complex way of traversing the tree $siteTree = $obj->getChildrenAsUL("", ' "<li id=\"record-$child->ID\" class=\"$child->class " . ($child->Locked ? " nodelete" : "") . ' . ' ($extraArg->isCurrentPage($child) ? " current" : "") . "\">" . ' . ' "<a href=\"" . Director::link("admin", "show", $child->ID) . "\" >" . $child->Title . "</a>" ',$this); $siteTree = "<ul id=\"sitetree\" class=\"tree unformatted\">" . "<li id=\"record-0\" class=\"Root\">" . "<a href=\"admin/security/show/0\" >Security groups</a>" . $siteTree . "</li>" . "</ul>"; return $siteTree; } public function addgroup() { $parent = $_REQUEST['ParentID'] ? $_REQUEST['ParentID'] : 0; $p = new Group(); $p->Title = "New Group"; $p->Code = "new-group"; $p->ParentID = $parent; $p->write(); return $this->returnItemToUser($p); } public function newmember() { Session::clear('currentMember'); $newMemberForm = array( "MemberForm" => $this->getMemberForm('new'), ); // This should be using FormResponse ;-) if(Director::is_ajax()) { SSViewer::setOption('rewriteHashlinks', false); $customised = $this->customise($newMemberForm); $result = $customised->renderWith($this->class . "_rightbottom"); $parts = split('</?form[^>]*>', $result); return $parts[1]; } else { return $newMemberForm; } } public function EditedMember() { if(Session::get('currentMember')) return DataObject::get_by_id("Member", Session::get('currentMember')); } public function Link($action = null) { if(!$action) $action = "index"; return "admin/security/$action/" . $this->currentPageID(); } public function listmembers( $baseGroup = null ) { if( !$baseGroup ) $baseGroup = $this->urlParams['ID']; // Debug::message( $_REQUEST['MemberListOrderByField'] ); // construct the filter and sort if( $_REQUEST['MemberListOrderByField'] ) $sort = "`" . $_REQUEST['MemberListOrderByField'] . "`" . addslashes( $_REQUEST['MemberListOrderByOrder'] ); $whereClauses = array(); $search = addslashes( $_REQUEST['MemberListSearch'] ); if( $_REQUEST['MemberListPage'] ) { $pageSize = 10; $limitClause = ( $_REQUEST['MemberListPage'] ) . ", $pageSize"; } if( !empty($_REQUEST['MemberListSearch']) ) $whereClauses[] = "( `Email`='$search' OR `FirstName`='$search' OR `Surname`='$search' )"; if( is_numeric( $_REQUEST['MemberListBaseGroup'] ) ) { $whereClauses[] = "`GroupID`='".$_REQUEST['MemberListBaseGroup']."'"; $join = "INNER JOIN `Group_Members` ON `MemberID`=`Member`.`ID`"; } // $_REQUEST['showqueries'] = 1; $members = DataObject::get('Member', implode( ' AND ', $whereClauses ), $sort, $join, $limitClause ); if( is_numeric( $_REQUEST['MemberListGroup'] ) ) { $baseMembers = new DataObjectSet(); if( $members ) foreach( $members as $member ) if( $member->inGroup( $_REQUEST['MemberListGroup'] ) ) $baseMembers->push( $member ); } else $baseMembers = $members; $baseMembers = null; // user_error( $_REQUEST['MemberListBaseGroup'], E_USER_ERROR ); $memberListField = new MemberTableField( $this, 'MemberList', $_REQUEST['MemberListBaseGroup'], $baseMembers, $_REQUEST['MemberListDontShowPassword'] ); return $memberListField->renderWith('MemberList_Table'); } } ?>