2007-08-16 08:38:29 +02:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* Extension for the Group object to add subsites support
|
2009-05-04 07:03:44 +02:00
|
|
|
*
|
2008-11-24 04:22:01 +01:00
|
|
|
* @package subsites
|
2007-08-16 08:38:29 +02:00
|
|
|
*/
|
2010-03-01 22:26:30 +01:00
|
|
|
class GroupSubsites extends DataObjectDecorator implements PermissionProvider {
|
2009-05-04 07:03:44 +02:00
|
|
|
|
2009-05-20 07:36:14 +02:00
|
|
|
function extraStatics() {
|
2009-06-22 14:03:04 +02:00
|
|
|
if(!method_exists('DataObjectDecorator', 'load_extra_statics')) {
|
|
|
|
if($this->owner->class != 'Group') return null;
|
2007-08-16 08:38:29 +02:00
|
|
|
}
|
2009-06-22 14:03:04 +02:00
|
|
|
return array(
|
2010-03-01 22:37:56 +01:00
|
|
|
'db' => array(
|
|
|
|
'AccessAllSubsites' => 'Boolean',
|
|
|
|
),
|
|
|
|
'many_many' => array(
|
|
|
|
'Subsites' => 'Subsite',
|
|
|
|
),
|
|
|
|
'defaults' => array(
|
|
|
|
'AccessAllSubsites' => 1,
|
2009-06-22 14:03:04 +02:00
|
|
|
),
|
|
|
|
);
|
2007-08-16 08:38:29 +02:00
|
|
|
}
|
2010-03-01 22:16:58 +01:00
|
|
|
|
2010-03-01 22:37:56 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Migrations for GroupSubsites data.
|
|
|
|
*/
|
|
|
|
function requireDefaultRecords() {
|
|
|
|
// Migration for Group.SubsiteID data from when Groups only had a single subsite
|
|
|
|
$groupFields = DB::getConn()->fieldList('Group');
|
|
|
|
|
|
|
|
// Detection of SubsiteID field is the trigger for old-style-subsiteID migration
|
|
|
|
if(isset($groupFields['SubsiteID'])) {
|
|
|
|
// Migrate subsite-specific data
|
2010-03-01 22:39:04 +01:00
|
|
|
DB::query('INSERT INTO "Group_Subsites" ("GroupID", "SubsiteID")
|
2010-03-01 22:37:56 +01:00
|
|
|
SELECT "ID", "SubsiteID" FROM "Group" WHERE "SubsiteID" > 0');
|
|
|
|
|
|
|
|
// Migrate global-access data
|
|
|
|
DB::query('UPDATE "Group" SET "AccessAllSubsites" = 1 WHERE "SubsiteID" = 0');
|
|
|
|
|
|
|
|
// Move the field out of the way so that this migration doesn't get executed again
|
|
|
|
DB::getConn()->renameField('Group', 'SubsiteID', '_obsolete_SubsiteID');
|
|
|
|
|
|
|
|
// No subsite access on anything means that we've just installed the subsites module.
|
|
|
|
// Make all previous groups global-access groups
|
2010-03-01 22:39:04 +01:00
|
|
|
} else if(!DB::query('SELECT "Group"."ID" FROM "Group"
|
|
|
|
LEFT JOIN "Group_Subsites" ON "Group_Subsites"."GroupID" = "Group"."ID" AND "Group_Subsites"."SubsiteID" > 0
|
|
|
|
WHERE "AccessAllSubsites" = 1
|
|
|
|
OR "Group_Subsites"."GroupID" IS NOT NULL ')->value()) {
|
2010-03-01 22:37:56 +01:00
|
|
|
|
|
|
|
DB::query('UPDATE "Group" SET "AccessAllSubsites" = 1');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-11-24 05:04:55 +01:00
|
|
|
function updateCMSFields(&$fields) {
|
2010-03-01 22:26:59 +01:00
|
|
|
if($this->owner->canEdit() ){
|
2010-03-01 22:37:56 +01:00
|
|
|
// i18n tab
|
|
|
|
$fields->findOrMakeTab('Root.Subsites',_t('GroupSubsites.SECURITYTABTITLE','Subsites'));
|
|
|
|
|
|
|
|
$subsites = Subsite::accessible_sites(array('ADMIN', 'SECURITY_SUBSITE_GROUP'), true);
|
2010-03-01 22:32:37 +01:00
|
|
|
$subsiteMap = $subsites->toDropdownMap();
|
2010-03-01 22:26:59 +01:00
|
|
|
|
2010-03-01 22:37:56 +01:00
|
|
|
// Interface is different if you have the rights to modify subsite group values on
|
|
|
|
// all subsites
|
|
|
|
if(isset($subsiteMap[0])) {
|
|
|
|
$fields->addFieldToTab("Root.Subsites", new OptionsetField("AccessAllSubsites",
|
|
|
|
_t('GroupSubsites.ACCESSRADIOTITLE', 'Give this group access to'),
|
|
|
|
array(
|
|
|
|
1 => _t('GroupSubsites.ACCESSALL', "All subsites"),
|
|
|
|
0 => _t('GroupSubsites.ACCESSONLY', "Only these subsites"),
|
|
|
|
)
|
|
|
|
));
|
|
|
|
|
|
|
|
unset($subsiteMap[0]);
|
|
|
|
$fields->addFieldToTab("Root.Subsites", new CheckboxSetField("Subsites", "",
|
|
|
|
$subsiteMap));
|
|
|
|
|
|
|
|
} else {
|
2010-03-01 22:38:04 +01:00
|
|
|
if (sizeof($subsiteMap) <= 1) {
|
|
|
|
$fields->addFieldToTab("Root.Subsites", new ReadonlyField("SubsitesHuman",
|
|
|
|
_t('GroupSubsites.ACCESSRADIOTITLE', 'Give this group access to'),
|
|
|
|
reset($subsiteMap)));
|
|
|
|
} else {
|
|
|
|
$fields->addFieldToTab("Root.Subsites", new CheckboxSetField("Subsites",
|
|
|
|
_t('GroupSubsites.ACCESSRADIOTITLE', 'Give this group access to'),
|
|
|
|
$subsiteMap));
|
|
|
|
}
|
2009-05-04 07:03:44 +02:00
|
|
|
}
|
|
|
|
}
|
2008-11-24 05:04:55 +01:00
|
|
|
}
|
2009-05-04 07:03:44 +02:00
|
|
|
|
2008-11-24 07:37:22 +01:00
|
|
|
/**
|
|
|
|
* If this group belongs to a subsite,
|
|
|
|
* append the subsites title to the group title
|
|
|
|
* to make it easy to distinguish in the tree-view
|
|
|
|
* of the security admin interface.
|
|
|
|
*/
|
2009-05-04 07:03:44 +02:00
|
|
|
function alternateTreeTitle() {
|
2010-03-01 22:37:56 +01:00
|
|
|
if($this->owner->AccessAllSubsites) {
|
2009-02-24 23:09:15 +01:00
|
|
|
return $this->owner->Title . ' <i>(global group)</i>';
|
2008-11-24 05:58:42 +01:00
|
|
|
} else {
|
2010-03-01 22:37:56 +01:00
|
|
|
$subsites = Convert::raw2xml(implode(", ", $this->owner->Subsites()->column('Title')));
|
|
|
|
return $this->owner->Title . " <i>($subsites)</i>";
|
2008-11-24 05:58:42 +01:00
|
|
|
}
|
2009-05-04 07:03:44 +02:00
|
|
|
}
|
|
|
|
|
2007-08-16 08:38:29 +02:00
|
|
|
/**
|
|
|
|
* Update any requests to limit the results to the current site
|
|
|
|
*/
|
|
|
|
function augmentSQL(SQLQuery &$query) {
|
2008-08-21 07:50:38 +02:00
|
|
|
if(Subsite::$disable_subsite_filter) return;
|
2010-03-01 22:16:58 +01:00
|
|
|
if(Cookie::get('noSubsiteFilter') == 'true') return;
|
2008-08-21 07:50:38 +02:00
|
|
|
|
2007-08-31 02:29:25 +02:00
|
|
|
|
2010-03-01 22:37:56 +01:00
|
|
|
$q = defined('Database::USE_ANSI_SQL') ? "\"" : "`";
|
|
|
|
|
|
|
|
// If you're querying by ID, ignore the sub-site - this is a bit ugly...
|
|
|
|
if(!$query->filtersOnID()) {
|
2009-07-14 01:11:23 +02:00
|
|
|
if($context = DataObject::context_obj()) $subsiteID = (int) $context->SubsiteID;
|
|
|
|
else $subsiteID = (int) Subsite::currentSubsiteID();
|
2009-05-04 07:03:44 +02:00
|
|
|
|
2007-08-31 02:29:25 +02:00
|
|
|
// The foreach is an ugly way of getting the first key :-)
|
|
|
|
foreach($query->from as $tableName => $info) {
|
2009-10-29 02:40:46 +01:00
|
|
|
$where = "{$q}$tableName{$q}.{$q}SubsiteID{$q} IN (0, $subsiteID)";
|
2009-07-14 01:10:00 +02:00
|
|
|
$query->where[] = $where;
|
2007-08-31 02:29:25 +02:00
|
|
|
break;
|
|
|
|
}
|
2010-03-01 22:37:56 +01:00
|
|
|
|
|
|
|
// Don't filter by Group_Subsites if we've already done that
|
|
|
|
$hasGroupSubsites = false;
|
|
|
|
foreach($query->from as $item) if(strpos($item, 'Group_Subsites') !== false) {
|
|
|
|
$hasGroupSubsites = true;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(!$hasGroupSubsites) {
|
|
|
|
if($subsiteID) {
|
|
|
|
$query->leftJoin("Group_Subsites", "{$q}Group_Subsites{$q}.{$q}GroupID{$q}
|
|
|
|
= {$q}Group{$q}.{$q}ID{$q} AND {$q}Group_Subsites{$q}.{$q}SubsiteID{$q} = $subsiteID");
|
|
|
|
$query->where[] = "({$q}Group_Subsites{$q}.{$q}SubsiteID{$q} IS NOT NULL OR
|
|
|
|
{$q}Group{$q}.{$q}AccessAllSubsites{$q} = 1)";
|
2010-03-01 22:38:04 +01:00
|
|
|
|
|
|
|
if(!$query->groupby) $query->groupby[] = "\"Group\".\"ID\"";
|
2010-03-01 22:37:56 +01:00
|
|
|
} else {
|
|
|
|
$query->where[] = "{$q}Group{$q}.{$q}AccessAllSubsites{$q} = 1";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$query->orderby = "{$q}AccessAllSubsites{$q} DESC" . ($query->orderby ? ', ' : '') . $query->orderby;
|
2007-08-16 08:38:29 +02:00
|
|
|
}
|
|
|
|
}
|
2009-05-04 07:03:44 +02:00
|
|
|
|
2010-03-01 22:37:56 +01:00
|
|
|
function onBeforeWrite() {
|
|
|
|
// New record test approximated by checking whether the ID has changed.
|
|
|
|
// Note also that the after write test is only used when we're *not* on a subsite
|
|
|
|
if($this->owner->isChanged('ID') && !Subsite::currentSubsiteID()) {
|
|
|
|
$this->owner->AccessAllSubsites = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function onAfterWrite() {
|
|
|
|
// New record test approximated by checking whether the ID has changed.
|
|
|
|
// Note also that the after write test is only used when we're on a subsite
|
|
|
|
if($this->owner->isChanged('ID') && $currentSubsiteID = Subsite::currentSubsiteID()) {
|
|
|
|
$subsites = $this->owner->Subsites();
|
|
|
|
$subsites->add($currentSubsiteID);
|
|
|
|
}
|
2007-08-16 08:38:29 +02:00
|
|
|
}
|
2009-05-04 07:03:44 +02:00
|
|
|
|
2007-11-27 05:46:27 +01:00
|
|
|
function alternateCanEdit() {
|
2010-03-01 22:37:56 +01:00
|
|
|
// Find the sites that this group belongs to and the sites where we have appropriate perm.
|
|
|
|
$accessibleSites = Subsite::accessible_sites('CMS_ACCESS_SecurityAdmin')->column('ID');
|
|
|
|
$linkedSites = $this->owner->Subsites()->column('ID');
|
|
|
|
|
|
|
|
// We are allowed to access this site if at we have CMS_ACCESS_SecurityAdmin permission on
|
|
|
|
// at least one of the sites
|
|
|
|
return (bool)array_intersect($accessibleSites, $linkedSites);
|
2007-11-27 05:46:27 +01:00
|
|
|
}
|
2009-02-24 23:09:15 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a duplicate of this group and save it to another subsite.
|
|
|
|
* The group and permissions will be duplicated, but not the members.
|
|
|
|
* @param $subsiteID int|Subsite The Subsite to copy to, or its ID
|
|
|
|
*/
|
|
|
|
public function duplicateToSubsite($subsiteID = null) {
|
|
|
|
if(is_object($subsiteID)) {
|
|
|
|
$subsite = $subsiteID;
|
|
|
|
$subsiteID = $subsite->ID;
|
|
|
|
} else {
|
|
|
|
$subsite = DataObject::get_by_id('Subsite', $subsiteID);
|
|
|
|
}
|
2009-05-04 07:03:44 +02:00
|
|
|
|
2009-02-24 23:09:15 +01:00
|
|
|
$group = $this->owner->duplicate(false);
|
|
|
|
|
|
|
|
$group->write();
|
2009-05-04 07:03:44 +02:00
|
|
|
|
2010-03-01 22:37:56 +01:00
|
|
|
$subsite->Groups()->add($group->ID);
|
|
|
|
|
2009-02-24 23:09:15 +01:00
|
|
|
// Duplicate permissions
|
|
|
|
$permissions = $this->owner->Permissions();
|
|
|
|
foreach($permissions as $permission) {
|
|
|
|
$newPerm = $permission->duplicate(false);
|
|
|
|
$newPerm->GroupID = $group->ID;
|
|
|
|
$newPerm->write();
|
|
|
|
}
|
|
|
|
|
|
|
|
return $group;
|
|
|
|
}
|
2010-03-01 22:26:30 +01:00
|
|
|
|
|
|
|
function providePermissions() {
|
|
|
|
return array(
|
2010-03-01 22:39:48 +01:00
|
|
|
'SECURITY_SUBSITE_GROUP' => array(
|
2010-03-01 22:40:26 +01:00
|
|
|
'name' => _t('GroupSubsites.MANAGE_SUBSITES', 'Manage subsites for groups'),
|
|
|
|
'category' => _t('Permissions.PERMISSIONS_CATEGORY', 'Roles and access permissions'),
|
|
|
|
'help' => _t('GroupSubsites.MANAGE_SUBSITES_HELP', 'Ability to limit the permissions for a group to one or more subsites.'),
|
2010-03-01 22:39:48 +01:00
|
|
|
'sort' => 200
|
|
|
|
)
|
2010-03-01 22:26:30 +01:00
|
|
|
);
|
|
|
|
}
|
2009-02-24 23:09:15 +01:00
|
|
|
|
2007-08-16 08:38:29 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
?>
|