Fixed Subsite::hasMainSitePermission()

This commit is contained in:
Sam Minnee 2008-11-24 04:47:37 +00:00
parent 643a3bd14e
commit cd8211a385

View File

@ -1,24 +1,13 @@
<?php
/**
* A dynamically created subdomain. SiteTree objects can now belong to a subdomain
*
* @package subsites
*/
class Subsite extends DataObject implements PermissionProvider {
/**
* @var boolean $disable_subsite_filter If enabled, bypasses the query decoration
* to limit DataObject::get*() calls to a specific subsite. Useful for debugging.
*/
static $disable_subsite_filter = false;
static $default_sort = 'Title';
/**
* @var boolean $use_domain Checks for valid domain in addition to subdomain
* when searching for a matching page with {@link getSubsiteIDForDomain()}.
* By default, only the subdomain has to match.
*/
static $use_domain = false;
static $db = array(
@ -28,8 +17,6 @@ class Subsite extends DataObject implements PermissionProvider {
'DefaultSite' => 'Boolean',
'Theme' => 'Varchar',
'Domain' => 'Varchar',
// Used to hide unfinished/private subsites from public view.
// If unset, will default to
'IsPublic' => 'Boolean'
);
@ -45,61 +32,22 @@ class Subsite extends DataObject implements PermissionProvider {
'IsPublic' => 1,
);
/**
* @var string $base_domain If {@link Domain} is not set for this subsite instance,
* default to this domain (without subdomain or protocol prefix).
*/
static $base_domain;
static $base_domain, $default_subdomain;
static $cached_subsite = null;
/**
* @var string $default_subdomain If {@link Subdomain} is not set for this subsite instance,
* default to this domain (without domain or protocol prefix).
*/
static $default_subdomain;
/**
* @var Subsite $cached_subsite Internal cache used by {@link currentSubsite()}.
*/
protected static $cached_subsite = null;
/**
* @var array $allowed_domains Numeric array of all domains which are selectable for (without their subdomain-parts or http:// prefix)
*/
public static $allowed_domains = array();
/**
* @var array $allowed_themes Numeric array of all themes which are allowed to be selected for all subsites.
* Corresponds to subfolder names within the /themes folder. By default, all themes contained in this folder
* are listed.
*/
protected static $allowed_themes = array();
static function set_allowed_domains($domain){
if(is_array($domain)){
foreach($domain as $do){
self::set_allowed_domains($do);
Subsite::set_allowed_domains($do);
}
}else{
self::$allowed_domains[] = $domain;
}
}
/**
* Returns all domains (without their subdomain parts)
* which are allowed to be combined to the full URL
* (subdomain.domain). If no custom domains are set through
* {@link set_allowed_domains()}, will fall back to the {@link base_domain()}.
*
* @return array
*/
static function allowed_domains() {
if(self::$allowed_domains && count(self::$allowed_domains)) {
return self::$allowed_domains;
} else {
return array(self::base_domain());
}
}
static function set_allowed_themes($themes) {
self::$allowed_themes = $themes;
}
@ -124,9 +72,7 @@ class Subsite extends DataObject implements PermissionProvider {
/**
* Return the base domain for this set of subsites.
* You can set this by setting Subsite::$base_domain, otherwise it defaults to HTTP_HOST
*
* @return string Domain name (without protocol prefix).
* You can set this by setting Subsite::$Base_domain, otherwise it defaults to HTTP_HOST
*/
static function base_domain() {
if(self::$base_domain) return self::$base_domain;
@ -135,9 +81,7 @@ class Subsite extends DataObject implements PermissionProvider {
/**
* Return the default domain of this set of subsites. Generally this will be the base domain,
* but you can also set Subsite::$default_subdomain to add a default prefix to this.
*
* @return string Domain name (without protocol prefix).
* but hyou can also set Subsite::$default_subdomain to add a default prefix to this
*/
static function default_domain() {
if(self::$default_subdomain) return self::$default_subdomain . '.' . self::base_domain();
@ -146,8 +90,6 @@ class Subsite extends DataObject implements PermissionProvider {
/**
* Return the domain of this site
*
* @return string Domain name including subdomain (without protocol prefix)
*/
function domain() {
$base = $this->Domain ? $this->Domain : self::base_domain();
@ -157,9 +99,7 @@ class Subsite extends DataObject implements PermissionProvider {
else return $base;
}
/**
* Show the configuration fields for each subsite
*/
// Show the configuration fields for each subsite
function getCMSFields() {
$fields = new FieldSet(
new TabSet('Root',
@ -167,12 +107,12 @@ class Subsite extends DataObject implements PermissionProvider {
new HeaderField($this->getClassName() . ' configuration', 2),
new TextField('Title', 'Name of subsite:', $this->Title),
new FieldGroup('URL',
new TextField('Subdomain',"Subdomain <small>(without domain or protocol)</small>", $this->Subdomain),
new DropdownField('Domain','.', ArrayLib::valuekey(self::allowed_domains()), $this->Domain)
new TextField('Subdomain',"", $this->Subdomain),
new DropdownField('Domain','.', ArrayLib::valuekey($this->stat('allowed_domains')), $this->Domain)
),
// new TextField('RedirectURL', 'Redirect to URL', $this->RedirectURL),
new CheckboxField('DefaultSite', 'Default site', $this->DefaultSite),
new CheckboxField('IsPublic', 'Enable public access', $this->IsPublic),
new CheckboxField('DefaultSite', 'Use this subsite as the default site', $this->DefaultSite),
new CheckboxField('IsPublic', 'Can access this subsite publicly?', $this->IsPublic),
new DropdownField('Theme','Theme', $this->allowedThemes(), $this->Theme)
)
@ -190,9 +130,6 @@ class Subsite extends DataObject implements PermissionProvider {
return $fields;
}
/**
* @todo getClassName is redundant, already stored as a database field?
*/
function getClassName() {
return $this->class;
}
@ -212,39 +149,24 @@ class Subsite extends DataObject implements PermissionProvider {
JS;
}
/**
* Gets the subsite currently set in the session.
*
* @uses ControllerSubsites->controllerAugmentInit()
*
* @param boolean $cache
* @return Subsite
*/
static function currentSubsite($cache = true) {
if(!self::$cached_subsite || !$cache) self::$cached_subsite = DataObject::get_by_id('Subsite', self::currentSubsiteID());
static function currentSubsite() {
if(!self::$cached_subsite) self::$cached_subsite = DataObject::get_by_id('Subsite', self::currentSubsiteID());
return self::$cached_subsite;
}
/**
* This function gets the current subsite ID from the session. It used in the backend so Ajax requests
* use the correct subsite. The frontend handles subsites differently. It calls getSubsiteIDForDomain
* directly from ModelAsController::getNestedController. Only gets Subsite instances which have their
* {@link IsPublic} flag set to TRUE.
*
* @param boolean $cache
* @return int ID of the current subsite instance
* directly from ModelAsController::getNestedController.
*/
static function currentSubsiteID($cache = true) {
static function currentSubsiteID() {
$id = Session::get('SubsiteID');
if($id === null) Session::set('SubsiteID', $id = self::getSubsiteIDForDomain($cache));
if($id === null) Session::set('SubsiteID', $id = self::getSubsiteIDForDomain());
return (int)$id;
}
/**
* @todo Object::create() shoudln't be overloaded with different parameters.
*/
static function create($name) {
$newSubsite = Object::create('Subsite');
$newSubsite->Title = $name;
@ -287,18 +209,10 @@ JS;
Subsite::changeSubsite($this);
}
/**
* @todo Possible security issue, don't grant edit permissions to everybody.
*/
function canEdit() {
return true;
}
/**
* Get a matching subsite for the domain defined in HTTP_HOST.
*
* @return int Subsite ID
*/
static function getSubsiteIDForDomain() {
$domainNameParts = explode('.', $_SERVER['HTTP_HOST']);
@ -306,7 +220,7 @@ JS;
$SQL_subdomain = Convert::raw2sql(array_shift($domainNameParts));
$SQL_domain = join('.', Convert::raw2sql($domainNameParts));
// $_REQUEST['showqueries'] = 1;
$subsite = null;
if(self::$use_domain) {
$subsite = DataObject::get_one('Subsite',"`Subdomain` = '$SQL_subdomain' AND `Domain`='$SQL_domain' AND `IsPublic`=1");
@ -356,19 +270,27 @@ SQL;
return DataObject::get('Subsite', "`MemberID` = {$memberID}" . ($permissionCodes ? " AND `Permission`.`Code` IN ('$SQLa_permissionCodes')" : ''), '', "LEFT JOIN `Group` ON `Subsite`.`ID` = `SubsiteID` LEFT JOIN `Permission` ON `Group`.`ID` = `Permission`.`GroupID` LEFT JOIN `Group_Members` ON `Group`.`ID` = `Group_Members`.`GroupID`");
}
/**
* Returns true if the given user is able to access the main site (SubsiteID = 0) with the given permission code.
*/
static function hasMainSitePermission($member = null, $permissionCodes = array('ADMIN')) {
if(!is_array($permissionCodes))
user_error('Permissions must be passed to Subsite::hasMainSitePermission as an array', E_USER_ERROR);
if(!$member)
$member = Member::currentMember();
$member = Member::currentMember();
if(Permission::checkMember($member, "ADMIN")) return true;
$SQLa_perm = Convert::raw2sql($permissionCodes);
$SQL_perms = join("','", $SQLa_perm);
$memberID = (int)$member->ID;
// `SubsiteID` = 0 AND
return DB::query("SELECT COUNT(`Permission`.`ID`) FROM `Permission` LEFT JOIN `Group` ON `Group`.`ID` = `Permission`.`GroupID` LEFT JOIN `Group_Members` USING(`GroupID`) WHERE `Permission`.`Code` IN ('$SQL_perms') AND `MemberID` = {$memberID}")->value();
return DB::query("SELECT COUNT(`Permission`.`ID`) FROM `Permission`
INNER JOIN `Group` ON `Group`.`ID` = `Permission`.`GroupID` AND `Group`.`SubsiteID` = 0
INNER JOIN `Group_Members` USING(`GroupID`)
WHERE `Permission`.`Code` IN ('$SQL_perms') AND `MemberID` = {$memberID}")->value();
}
function createInitialRecords() {
@ -471,8 +393,6 @@ SQL;
/**
* An instance of subsite that can be duplicated to provide a quick way to create new subsites.
*
* @package subsites
*/
class Subsite_Template extends Subsite {
/**