BUGFIX Changed from implying "(all)" in group cmsfields for "limit subsite access" - if membership in a group with Group->SubsiteID = 0 implies "access all subsites", there is no distinction between explicit limitation and access to all subsites. Introduced a SUBSITE_ACCESS_ALL permission instead

code/GroupSubsites.php

@@ -29,7 +29,7 @@ class GroupSubsites extends DataObjectDecorator {
 			($subsites) ? $subsites->toDropDownMap() : null,
 			null,
 			null,
-			'(' . _t('GroupSubsites.SECURITYACCESS_ALL', 'all', PR_MEDIUM, 'Default for dropdown selection: Group has access to all existingsubsites') . ')'
+			''
 		));
 
 	}

code/SiteTreeSubsites.php

@@ -105,6 +105,8 @@ class SiteTreeSubsites extends DataObjectDecorator {
 	 */
 	function canEdit($member = null) {
 		if(!$member && $member !== FALSE) $member = Member::currentUser();
+
+		if(Permission::checkMember($member, 'SUBSITE_ACCESS_ALL')) return true;
 		
 		// if no subsites exist, member can edit from a subsites perspective
 		$allSubsites = DataObject::get('Subsite');

code/Subsite.php

@@ -367,6 +367,8 @@ JS;
 		
 		if(Permission::checkMember($member->ID, "ADMIN")) return true;
 
+		if(Permission::checkMember($member, "SUBSITE_ACCESS_ALL")) return true;
+
 		$SQLa_perm = Convert::raw2sql($permissionCodes);
 		$SQL_perms = join("','", $SQLa_perm);		
 		$memberID = (int)$member->ID;
@@ -471,6 +473,7 @@ JS;
 	function providePermissions() {
 		return array(
 			'SUBSITE_EDIT' => 'Edit Sub-site Details',
+			'SUBSITE_ACCESS_ALL' => 'Access all subsites',
 		);
 	}