silverstripe-subsites/code/GroupSubsites.php

<?php
/**
 * Extension for the Group object to add subsites support
 *
 * @package subsites
 */
class GroupSubsites extends DataObjectDecorator implements PermissionProvider {

	function extraStatics() {
		if(!method_exists('DataObjectDecorator', 'load_extra_statics')) {
			if($this->owner->class != 'Group') return null;
		}
		return array(
			'has_one' => array(
				'Subsite' => 'Subsite',
			),
		);
	}
	
	function updateCMSFields(&$fields) {
		if($this->owner->canEdit() ){
			$subsites = Subsite::accessible_sites(array('ADMIN', 'SECURITY_SUBSITE_GROUP'), true,
				"All sites");
			$subsiteMap = $subsites->toDropdownMap();
			
			$tab = $fields->findOrMakeTab(
				'Root.Subsites',
				_t('GroupSubsites.SECURITYTABTITLE', 'Subsites')
			);
			
			// This will trick the $dropdown code below to displaying the correct human val,
			// readonly
			if(!isset($subsiteMap[$this->owner->SubsiteID])) {
				if($this->owner->SubsiteID) $subsiteTitle = $this->owner->Subsite()->Title;
				else $subsiteTitle = "All sites";
				$subsiteMap = array($this->owner->SubsiteID => $subsiteTitle);
			}
				
			$dropdown = new DropdownField(
				'SubsiteID',
				_t('GroupSubsites.SECURITYACCESS', 'Limit CMS access to subsites', PR_MEDIUM, 'Dropdown listing existing subsites which this group has access to'),
				$subsiteMap
			);
			
			if (sizeof($subsiteMap) <= 1) $dropdown = $dropdown->transform(new ReadonlyTransformation()) ;
			$tab->push($dropdown);
		}
	}

	/**
	 * If this group belongs to a subsite,
	 * append the subsites title to the group title
	 * to make it easy to distinguish in the tree-view
	 * of the security admin interface.
	 */
	function alternateTreeTitle() {
		if($this->owner->SubsiteID == 0) {
			return $this->owner->Title . ' <i>(global group)</i>';
		} else {
			return $this->owner->Title; //. ' <i>(' . $this->owner->Subsite()->Title . ')</i>';
		}
	}

	/**
	 * Update any requests to limit the results to the current site
	 */
	function augmentSQL(SQLQuery &$query) {
		if(Subsite::$disable_subsite_filter) return;
		if(Cookie::get('noSubsiteFilter') == 'true') return;

		if(defined('DB::USE_ANSI_SQL')) 
			$q="\"";
		else $q='`';
		
		// If you're querying by ID, ignore the sub-site - this is a bit ugly...
		if(!$query->where || (strpos($query->where[0], ".{$q}ID{$q} = ") === false && strpos($query->where[0], ".{$q}ID{$q} = ") === false && strpos($query->where[0], ".{$q}ID{$q} = ") === false)) {

			if($context = DataObject::context_obj()) $subsiteID = (int) $context->SubsiteID;
			else $subsiteID = (int) Subsite::currentSubsiteID();

			// The foreach is an ugly way of getting the first key :-)
			foreach($query->from as $tableName => $info) {
				$where = "{$q}$tableName{$q}.{$q}SubsiteID{$q} IN (0, $subsiteID)";
				$query->where[] = $where;
				break;
			}
		}
	}

	function augmentBeforeWrite() {
		if((!is_numeric($this->owner->ID) || !$this->owner->ID) && !$this->owner->SubsiteID) $this->owner->SubsiteID = Subsite::currentSubsiteID();
	}

	function alternateCanEdit() {
		// Check the CMS_ACCESS_SecurityAdmin privileges on the subsite that owns this group
		$oldSubsiteID = Session::get('SubsiteID');

		Subsite::changeSubsite($this->owner->SubsiteID) ;
		$access = Permission::check('CMS_ACCESS_SecurityAdmin');
		Subsite::changeSubsite($oldSubsiteID) ;

		return $access;
	}

	/**
	 * Create a duplicate of this group and save it to another subsite.
	 * The group and permissions will be duplicated, but not the members.
	 * @param $subsiteID int|Subsite The Subsite to copy to, or its ID
	 */
	public function duplicateToSubsite($subsiteID = null) {
		if(is_object($subsiteID)) {
			$subsite = $subsiteID;
			$subsiteID = $subsite->ID;
		} else {
			$subsite = DataObject::get_by_id('Subsite', $subsiteID);
		}

		$group = $this->owner->duplicate(false);

		$subsiteID = ($subsiteID ? $subsiteID : Subsite::currentSubsiteID());
		$group->SubsiteID = $subsiteID;
		$group->write();

		// Duplicate permissions
		$permissions = $this->owner->Permissions();
		foreach($permissions as $permission) {
			$newPerm = $permission->duplicate(false);
			$newPerm->GroupID = $group->ID;
			$newPerm->write();
		}

		return $group;
	}
	
	function providePermissions() {
		return array(
			'SECURITY_SUBSITE_GROUP' => 'Edit the subsite a group can access'
		);
	}

}

?>
Initial alpha version of the subsites module 2007-08-16 08:38:29 +02:00			`<?php`
			`/**`
			`* Extension for the Group object to add subsites support`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00			`*`
MINOR Documentation for subsites module BUGFIX Added Subsite::allowed_domains() which selects base_domain() if no custom domains are specified. This avoids having an empty dropdown in the URL domain selection dropdown in SubsitesAdmin 2008-11-24 04:22:01 +01:00			`* @package subsites`
Initial alpha version of the subsites module 2007-08-16 08:38:29 +02:00			`*/`
MINOR added a permission to manage who can edit the subsite a group is associated with (from r88849) 2010-03-01 22:26:30 +01:00			`class GroupSubsites extends DataObjectDecorator implements PermissionProvider {`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00
MINOR Changed deprecated extraDBFields() on Subsite decorators to extraStatics() 2009-05-20 07:36:14 +02:00			`function extraStatics() {`
BUGFIX Made GroupSubsites, FileSubsites and SiteTreeSubsites work properly if DataObjectDecorator::load_extra_statics() is defined 2009-06-22 14:03:04 +02:00			`if(!method_exists('DataObjectDecorator', 'load_extra_statics')) {`
			`if($this->owner->class != 'Group') return null;`
Initial alpha version of the subsites module 2007-08-16 08:38:29 +02:00			`}`
BUGFIX Made GroupSubsites, FileSubsites and SiteTreeSubsites work properly if DataObjectDecorator::load_extra_statics() is defined 2009-06-22 14:03:04 +02:00			`return array(`
			`'has_one' => array(`
			`'Subsite' => 'Subsite',`
			`),`
			`);`
Initial alpha version of the subsites module 2007-08-16 08:38:29 +02:00			`}`
MINOR allow subsite groups to not be filtered at all via a cookie (from r87883) 2010-03-01 22:16:58 +01:00
ENHANCEMENT Added subsites dropdown to groups in /admin/security to make relation between groups and subsites more obvious and not dependant on (non-editable) defaults set through SubsiteAdmin 2008-11-24 05:04:55 +01:00			`function updateCMSFields(&$fields) {`
BUGFIX: Only show the subsites that you can actually access in the subsite tab of the group. (from r88952) 2010-03-01 22:26:59 +01:00			`if($this->owner->canEdit() ){`
ENHANCEMENT: Relabelled global group on Group subsites tab to 'All sites' (from r89145) 2010-03-01 22:34:21 +01:00			`$subsites = Subsite::accessible_sites(array('ADMIN', 'SECURITY_SUBSITE_GROUP'), true,`
			`"All sites");`
API CHANGE: Added includeMainSite argument to Subsite::accessible_sites() and replaced all usage of hasMainSitePermission with this method. (from r88971) 2010-03-01 22:32:37 +01:00			`$subsiteMap = $subsites->toDropdownMap();`
BUGFIX: Only show the subsites that you can actually access in the subsite tab of the group. (from r88952) 2010-03-01 22:26:59 +01:00
			`$tab = $fields->findOrMakeTab(`
			`'Root.Subsites',`
			`_t('GroupSubsites.SECURITYTABTITLE', 'Subsites')`
			`);`

			`// This will trick the $dropdown code below to displaying the correct human val,`
			`// readonly`
			`if(!isset($subsiteMap[$this->owner->SubsiteID])) {`
			`if($this->owner->SubsiteID) $subsiteTitle = $this->owner->Subsite()->Title;`
ENHANCEMENT: Relabelled global group on Group subsites tab to 'All sites' (from r89145) 2010-03-01 22:34:21 +01:00			`else $subsiteTitle = "All sites";`
BUGFIX: Only show the subsites that you can actually access in the subsite tab of the group. (from r88952) 2010-03-01 22:26:59 +01:00			`$subsiteMap = array($this->owner->SubsiteID => $subsiteTitle);`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00			`}`
BUGFIX: Only show the subsites that you can actually access in the subsite tab of the group. (from r88952) 2010-03-01 22:26:59 +01:00
			`$dropdown = new DropdownField(`
			`'SubsiteID',`
			`_t('GroupSubsites.SECURITYACCESS', 'Limit CMS access to subsites', PR_MEDIUM, 'Dropdown listing existing subsites which this group has access to'),`
			`$subsiteMap`
			`);`

			`if (sizeof($subsiteMap) <= 1) $dropdown = $dropdown->transform(new ReadonlyTransformation()) ;`
			`$tab->push($dropdown);`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00			`}`
ENHANCEMENT Added subsites dropdown to groups in /admin/security to make relation between groups and subsites more obvious and not dependant on (non-editable) defaults set through SubsiteAdmin 2008-11-24 05:04:55 +01:00			`}`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00
ENHANCMENENT Added SiteTreeSubsites->can*() methods for true permission control on model-layer rather than generic controller checks (incl. unit tests) MINOR documentation 2008-11-24 07:37:22 +01:00			`/**`
			`* If this group belongs to a subsite,`
			`* append the subsites title to the group title`
			`* to make it easy to distinguish in the tree-view`
			`* of the security admin interface.`
			`*/`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00			`function alternateTreeTitle() {`
			`if($this->owner->SubsiteID == 0) {`
BUGFIX: Fixed bug where you couldn't edit templates that had no subdomain. ENHANCEMENT: Mark global groups in the subsite list, rather than subsite groups. ENHANCEMENT: When creating a subsite from a template, copy the groups as well as the pages, but leave the groups empty. 2009-02-24 23:09:15 +01:00			`return $this->owner->Title . ' <i>(global group)</i>';`
ENHANCEMENT Automatically using subsites name in the group title instead of an asterisk (which doesn't really imply any meaning by itself without an index or tooltip) 2008-11-24 05:58:42 +01:00			`} else {`
MINOR allow subsite groups to not be filtered at all via a cookie (from r87883) 2010-03-01 22:16:58 +01:00			`return $this->owner->Title; //. ' <i>(' . $this->owner->Subsite()->Title . ')</i>';`
ENHANCEMENT Automatically using subsites name in the group title instead of an asterisk (which doesn't really imply any meaning by itself without an index or tooltip) 2008-11-24 05:58:42 +01:00			`}`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00			`}`

Initial alpha version of the subsites module 2007-08-16 08:38:29 +02:00			`/**`
			`* Update any requests to limit the results to the current site`
			`*/`
			`function augmentSQL(SQLQuery &$query) {`
Made GroupSubsites respect disable_subsite_filter, and added an accessor method for 3rd parties to use this functionality. 2008-08-21 07:50:38 +02:00			`if(Subsite::$disable_subsite_filter) return;`
MINOR allow subsite groups to not be filtered at all via a cookie (from r87883) 2010-03-01 22:16:58 +01:00			`if(Cookie::get('noSubsiteFilter') == 'true') return;`
Made GroupSubsites respect disable_subsite_filter, and added an accessor method for 3rd parties to use this functionality. 2008-08-21 07:50:38 +02:00
BUGFIX: queries changed to use $q as a placeholder for backticks or doublequotes 2009-10-29 02:40:46 +01:00			`if(defined('DB::USE_ANSI_SQL'))`
			`$q="\"";`
			else $q='`';

Added Group subsite behaviour and associated changes to the security model 2007-08-31 02:29:25 +02:00			`// If you're querying by ID, ignore the sub-site - this is a bit ugly...`
BUGFIX: queries changed to use $q as a placeholder for backticks or doublequotes 2009-10-29 02:40:46 +01:00			`if(!$query->where \|\| (strpos($query->where[0], ".{$q}ID{$q} = ") === false && strpos($query->where[0], ".{$q}ID{$q} = ") === false && strpos($query->where[0], ".{$q}ID{$q} = ") === false)) {`
Added Group subsite behaviour and associated changes to the security model 2007-08-31 02:29:25 +02:00
MINOR Whitespace fixes 2009-07-14 01:11:23 +02:00			`if($context = DataObject::context_obj()) $subsiteID = (int) $context->SubsiteID;`
			`else $subsiteID = (int) Subsite::currentSubsiteID();`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00
Added Group subsite behaviour and associated changes to the security model 2007-08-31 02:29:25 +02:00			`// The foreach is an ugly way of getting the first key :-)`
			`foreach($query->from as $tableName => $info) {`
BUGFIX: queries changed to use $q as a placeholder for backticks or doublequotes 2009-10-29 02:40:46 +01:00			`$where = "{$q}$tableName{$q}.{$q}SubsiteID{$q} IN (0, $subsiteID)";`
BUGFIX Fixed SQL queries with backticks that don't need them, and fixed queries on decorators that require double quote escaping 2009-07-14 01:10:00 +02:00			`$query->where[] = $where;`
Added Group subsite behaviour and associated changes to the security model 2007-08-31 02:29:25 +02:00			`break;`
			`}`
Initial alpha version of the subsites module 2007-08-16 08:38:29 +02:00			`}`
			`}`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00
Initial alpha version of the subsites module 2007-08-16 08:38:29 +02:00			`function augmentBeforeWrite() {`
BUGFIX: Set the SubsiteID on new groups correctly. (from r89103) 2010-03-01 22:33:52 +01:00			`if((!is_numeric($this->owner->ID) \|\| !$this->owner->ID) && !$this->owner->SubsiteID) $this->owner->SubsiteID = Subsite::currentSubsiteID();`
Initial alpha version of the subsites module 2007-08-16 08:38:29 +02:00			`}`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00
Updated Group::canEdit() to only allow editing if you have CMS_ACCESS_SecurityAdmin access on the subsite that owns the group. This is useful for hiding 'global groups' from people that shouldn't edit them. 2007-11-27 05:46:27 +01:00			`function alternateCanEdit() {`
			`// Check the CMS_ACCESS_SecurityAdmin privileges on the subsite that owns this group`
			`$oldSubsiteID = Session::get('SubsiteID');`

Merged from branches/0.1 2009-05-04 07:03:44 +02:00			`Subsite::changeSubsite($this->owner->SubsiteID) ;`
Updated Group::canEdit() to only allow editing if you have CMS_ACCESS_SecurityAdmin access on the subsite that owns the group. This is useful for hiding 'global groups' from people that shouldn't edit them. 2007-11-27 05:46:27 +01:00			`$access = Permission::check('CMS_ACCESS_SecurityAdmin');`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00			`Subsite::changeSubsite($oldSubsiteID) ;`

Updated Group::canEdit() to only allow editing if you have CMS_ACCESS_SecurityAdmin access on the subsite that owns the group. This is useful for hiding 'global groups' from people that shouldn't edit them. 2007-11-27 05:46:27 +01:00			`return $access;`
			`}`
BUGFIX: Fixed bug where you couldn't edit templates that had no subdomain. ENHANCEMENT: Mark global groups in the subsite list, rather than subsite groups. ENHANCEMENT: When creating a subsite from a template, copy the groups as well as the pages, but leave the groups empty. 2009-02-24 23:09:15 +01:00
			`/**`
			`* Create a duplicate of this group and save it to another subsite.`
			`* The group and permissions will be duplicated, but not the members.`
			`* @param $subsiteID int\|Subsite The Subsite to copy to, or its ID`
			`*/`
			`public function duplicateToSubsite($subsiteID = null) {`
			`if(is_object($subsiteID)) {`
			`$subsite = $subsiteID;`
			`$subsiteID = $subsite->ID;`
			`} else {`
			`$subsite = DataObject::get_by_id('Subsite', $subsiteID);`
			`}`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00
BUGFIX: Fixed bug where you couldn't edit templates that had no subdomain. ENHANCEMENT: Mark global groups in the subsite list, rather than subsite groups. ENHANCEMENT: When creating a subsite from a template, copy the groups as well as the pages, but leave the groups empty. 2009-02-24 23:09:15 +01:00			`$group = $this->owner->duplicate(false);`

			`$subsiteID = ($subsiteID ? $subsiteID : Subsite::currentSubsiteID());`
			`$group->SubsiteID = $subsiteID;`
			`$group->write();`
Merged from branches/0.1 2009-05-04 07:03:44 +02:00
BUGFIX: Fixed bug where you couldn't edit templates that had no subdomain. ENHANCEMENT: Mark global groups in the subsite list, rather than subsite groups. ENHANCEMENT: When creating a subsite from a template, copy the groups as well as the pages, but leave the groups empty. 2009-02-24 23:09:15 +01:00			`// Duplicate permissions`
			`$permissions = $this->owner->Permissions();`
			`foreach($permissions as $permission) {`
			`$newPerm = $permission->duplicate(false);`
			`$newPerm->GroupID = $group->ID;`
			`$newPerm->write();`
			`}`

			`return $group;`
			`}`
MINOR added a permission to manage who can edit the subsite a group is associated with (from r88849) 2010-03-01 22:26:30 +01:00
			`function providePermissions() {`
			`return array(`
			`'SECURITY_SUBSITE_GROUP' => 'Edit the subsite a group can access'`
			`);`
			`}`
BUGFIX: Fixed bug where you couldn't edit templates that had no subdomain. ENHANCEMENT: Mark global groups in the subsite list, rather than subsite groups. ENHANCEMENT: When creating a subsite from a template, copy the groups as well as the pages, but leave the groups empty. 2009-02-24 23:09:15 +01:00
Initial alpha version of the subsites module 2007-08-16 08:38:29 +02:00			`}`

			`?>`