From 1400ba00b0e540ec82b212c0e16e260279fad7e0 Mon Sep 17 00:00:00 2001
From: Sam Minnee <sam@silverstripe.com>
Date: Tue, 27 Nov 2007 04:46:27 +0000
Subject: [PATCH] Updated Group::canEdit() to only allow editing if you have
 CMS_ACCESS_SecurityAdmin access on the subsite that owns the group.  This is
 useful for hiding 'global groups' from people that shouldn't edit them.

---
 code/GroupSubsites.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/code/GroupSubsites.php b/code/GroupSubsites.php
index 2b9cdde..f6a987e 100644
--- a/code/GroupSubsites.php
+++ b/code/GroupSubsites.php
@@ -44,6 +44,17 @@ class GroupSubsites extends DataObjectDecorator {
 	function augmentBeforeWrite() {
 		if(!is_numeric($this->owner->ID) && !$this->owner->SubsiteID) $this->owner->SubsiteID = Subsite::currentSubsiteID();
 	}
+	
+	function alternateCanEdit() {
+		// Check the CMS_ACCESS_SecurityAdmin privileges on the subsite that owns this group
+		$oldSubsiteID = Session::get('SubsiteID');
+
+		Session::set('SubsiteID', $this->owner->SubsiteID);
+		$access = Permission::check('CMS_ACCESS_SecurityAdmin');
+		Session::set('SubsiteID', $oldSubsiteID);
+		
+		return $access;
+	}
 }
 
 ?>
\ No newline at end of file