Commit Graph

690 Commits

Author SHA1 Message Date
Mateusz Uzdowski
213356d6bc Make sure the security implication of subsites is clear in docs. 2014-01-22 12:27:53 +13:00
Mateusz U
67a66dbd3d Merge pull request #129 from mandrew/docupdate
Updates to documentation
2014-01-16 14:37:25 -08:00
Michael Andrewartha
7163fbe155 Refactored some of the text to make more sense 2014-01-17 11:14:40 +13:00
Michael Andrewartha
286a570dd0 Updates to documentation, added better intro and duplicating page
content instructions

- Adding documentation on using the ‘Disallow page types’ feature.
- Fix links
- Re-word documentation to clarify important points.
- Add new content from Sig, tidy up existing content.
- MINOR: Formatting update & draw attention to links at the bottom.
2014-01-17 10:10:52 +13:00
Sean Harvey
4e20228c2e Merge pull request #132 from mateusz/session-can-edit
Make canEdit fall back to session if the object's SubsiteID not there.
2014-01-14 14:07:32 -08:00
Mateusz U
e5b72df1d4 Merge pull request #130 from madmatt/pulls/permission-fix
Allow ‘ADMIN’ and ‘CMS_ACCESS_LeftAndMain’ CMS access. Fixes CWPBUG-113
2014-01-12 12:59:56 -08:00
Mateusz Uzdowski
82159e38d3 Make canEdit fall back to session if the object's SubsiteID not there.
This problem manifests when a GridField-managed relationship tries to
create an object that references the container from canEdit - the
container in this case has empty fields.

An example of that is a HomePage with CarouselItem - if the
CarouselItem::canEdit tries to call $this->Page()->canEdit(), the "Page"
will be a dummy object, not the actual instance of the HomePage that's
doing the manipulation.

This is similar to the behaviour of SiteTree::canEdit, which solves
this situation by falling back to "return
$this->getSiteConfig()->canEdit($member);"
2014-01-10 09:58:53 +13:00
Matt Peel
fb5d791444 BUGFIX: permissions to check the ‘CMS_ACCESS_LeftAndMain’ global permission.
‘CMS_ACCESS_LeftAndMain’ is used by the PermissionCheckboxSetField to allow
applicable Members to access all CMS sections. There are then further
permissions to restrict the Members (e.g. ‘CMS_ACCESS_LeftAndMain’ will give you
access to the ‘Pages’ section, but you still need the ‘Edit any page’ permission
to actually edit anything).

This patch ensures that the subsites module follows those permissions, and
doesn’t unnecessarily deny permission to legitimate users.
2014-01-10 09:31:44 +13:00
Matt Peel
083194857e Allow ‘ADMIN’ and ‘CMS_ACCESS_LeftAndMain’ access to CMS. Fixes CWPBUG-113.
Previously, only the global ‘ADMIN’ permission was allowing users to bypass the
stricter Permission check. We also need to allow the ‘CMS_ACCESS_LeftAndMain’
permission to bypass this check, as otherwise a user who is in a Group with the
‘Access to all CMS sections’ permission set (which only sets the
CMS_ACCESS_LeftAndMain permission code and no others) would be denied access to
the CMS for that sub site.
2014-01-09 17:12:47 +13:00
Mateusz U
d21c92a9e3 Merge pull request #125 from nedmas/patch-2
FIX: Ensure that ChangeTrackerOptions doesn't get overriden
2013-12-18 16:51:41 -08:00
Tom Densham
33e50ffe6f FIX: Ensure that ChangeTrackerOptions doesn't get overriden
From @hafriedlander:
Hi. Sorry, I was going to have a look at this on the back of that issue @chillu raised but you beat me to it. There's a couple of edge cases that aren't obvious that come from ChangeTrackerOptions being an object, and might need an Entwine API extension to fix nicely.

Objects in entwine properties are a bit dangerous, because javascript always passes them by reference instead of cloning them. Entwine also doesn't clone them when using them as default values.

The result is that this patch will repeatedly add that selector to the result every time getChangeTrackerOptions is called, so it'll be there once the first time it's called, twice the second, etc.

The right fix at the moment would look like:
```php
$('.cms-edit-form').entwine({
  getChangeTrackerOptions: function() {
    // Figure out if we're still returning the default value
    var isDefault = (this.entwineData('ChangeTrackerOptions') === undefined);
    // Get the current options
    var opts = this._super();

    if (isDefault) {
      // If it is the default then...
      // clone the object (so we don't modify the original),
      var opts = $.extend({}, opts);
      // modify it,
      opts.ignoreFieldSelector +=', input[name=IsSubsite]';
      // then set the clone as the value on this element
      // (so next call to this method gets this same clone)
      this.setChangeTrackerOptions(opts);
    }

    return opts;
});
```
This is super ugly though, non-obvious, and could maybe be handled better in the entwine layer.

See https://github.com/silverstripe/silverstripe-subsites/pull/125
2013-12-16 09:39:42 +00:00
Stig Lindqvist
a0f537142f Merge pull request #127 from mateusz/refactor-access
BUG Refactor the access checks and initial subsite redirections.
2013-12-04 12:37:30 -08:00
Mateusz Uzdowski
58b926af25 BUG Refactor the access checks and initial subsite redirections.
Remove the special AJAX handling to simplify the code. Now redirection
will be forced on any request that changes the subsite to re-synchronise
with the frontend.

Introduce canAccess method, and add it to alternateAccessCheck to make
sure this subsite-specific chceck is also done in situations that are
not captured by onBeforeInit.
2013-12-04 17:34:27 +13:00
Stig Lindqvist
e6f054f55b Merge pull request #126 from mateusz/session-fix
Do not change the session-stored subsite, if session is not enabled.
2013-11-25 16:35:57 -08:00
Mateusz Uzdowski
a771e2239b Do not change the session-stored subsite, if session is not enabled.
This causes issues with Security::findAnAdmistrator which incorrectly
forces the current session-stored subsite to 0 - it uses
Subsite::currentSubsiteID before the session support is enabled, and
hence obtains wrong value.
2013-11-26 13:12:17 +13:00
Mateusz U
c04208ed79 Merge pull request #121 from stojg/pr/cleanup
Minor cleanup of subsite code
2013-11-25 16:10:55 -08:00
Damian Mooyman
d21881d7b4 Merge pull request #123 from stojg/make-subsite-domain-decoratable
SubsiteDomain don't call decorators updateCMSFields
2013-11-17 11:51:08 -08:00
Ingo Schommer
51e8d98707 Fixed translation namespacing
The TEMPLATE.ss.ENTITY wording stuffs up the YAML
parser in transifex, which made most translations
invisible to SilverStripe since they're indented wrongly.
Also removed empty FR file since Transifex complains about it on upload.
2013-11-14 23:18:01 +01:00
Stig Lindqvist
ff7328ea94 Adding docblocks to SubsiteDomain 2013-11-15 09:50:21 +13:00
Stig Lindqvist
b7f1c66de7 Make SubsiteDomain#getCMSFields extendable 2013-11-15 09:50:15 +13:00
Stig Lindqvist
859bde1257 Reorder methods and variables to follow the SS coding conventions
The coding conventions is mentioned here http://doc.silverstripe.org/framework/en/trunk/misc/coding-conventions#class-member-ordering
2013-11-11 12:09:27 +13:00
Stig Lindqvist
7bb36eae7b Adding docblocks and visibility keywords to methods 2013-11-11 11:56:02 +13:00
Stig Lindqvist
dc7a0560fb Removed Subsite::set_allowed_domains()
Removed documentation and code since the method has been throwing user error since 2010-03-01
2013-11-11 11:56:02 +13:00
Stig Lindqvist
cc0349026e Removed unused variable 2013-11-11 11:34:52 +13:00
Stig Lindqvist
6fb36eab9f Merge pull request #120 from mateusz/subsite-model-switch
BUG Prevent session-interface mismatch.
2013-11-07 15:06:16 -08:00
Mateusz Uzdowski
aacaee08cd BUG Prevent session-interface mismatch.
Disables transparent subsite switch on AJAX requests.

Makes sure the subsite is appropriately set up when opening up the CMS
with a link to subsited object.
2013-11-08 11:37:10 +13:00
Ingo Schommer
c26a405d83 Updated Arabic/Teo Reo/Chinese translations 2013-11-06 12:13:02 +01:00
Ingo Schommer
5ff3b691d7 More globalisation 2013-10-30 13:44:06 +01:00
Ingo Schommer
dcae115723 Renamed en_US.yml to en.yml
More consistent with transifex source file mapping
2013-10-30 00:19:21 +01:00
Mateusz U
97c2db6386 Merge pull request #117 from mateusz/translations
Update pl_PL translation from transifex.
2013-10-24 19:43:21 -07:00
Mateusz Uzdowski
af5bdaf367 Update pl_PL translation from transifex. 2013-10-25 15:42:12 +13:00
Mateusz U
da9aa30859 Merge pull request #116 from mateusz/translations
Add transifex config file. Add missing files and merge translations.
2013-10-24 16:58:33 -07:00
Mateusz Uzdowski
43036854c5 Add transifex config file. Add missing files and merge translations. 2013-10-25 12:45:32 +13:00
Ingo Schommer
c0e6d1ad38 Added unit test around "forbidden section" redirection
See https://github.com/silverstripe/silverstripe-subsites/pull/115
2013-10-23 01:50:55 +02:00
Ingo Schommer
8b5a1c92b2 Hide subsites dropdown for collapsed sidebar
Its cut off otherwise, and not really operational.
This is consistent with hiding the "hi <user>" string
as default CMS behaviour.
2013-10-23 01:38:17 +02:00
Ingo Schommer
7c100f90d2 Merge pull request #115 from mateusz/admin-access
Fix CMS Admin access issues
2013-10-23 01:34:30 +02:00
Mateusz Uzdowski
d85412adf7 Fix the test coverage for the subsite access changes. 2013-10-18 11:58:11 +13:00
Mateusz Uzdowski
5b00ba352f API Refactor to always redirect to accessible Admin location.
Tries to find an accessible section in the current site, falls back to
searching across all sites and all sections.

Also adds more powerful and generic functionss:
Subsites::all_sites - get the full list
Subsites::all_accessible_sites - get Member accessible list
LeftAndMainExtension::sectionSites - get section-specific list
2013-10-16 16:40:20 +13:00
Mateusz Uzdowski
91cca0c64d BUG Move the SubsiteList PJAX request to a dedicated Controller.
Currently the request cannot be made if one doesn't have access to the
SubsiteAdmin section, which often happens with subsite-specific admins.
2013-10-16 13:20:54 +13:00
Simon Welsh
fc07486f9b Merge pull request #108 from adrexia/docs
Update Documentation
2013-09-11 21:15:04 -07:00
Simon Welsh
5c541358c9 Merge pull request #107 from spronkey/106-get-from-all-subsites
Fix for issue #106 get_from_all_subsites to force immediate eval instead of lazy with DataList
2013-09-11 20:38:12 -07:00
spronkey
23e9cd40a0 Better fix for #106 using DataQuery queryParams. Thanks simon_w 2013-09-12 15:33:18 +12:00
Naomi Guyer
a76b3c7808 Update Documentation
* Updated graphics
* Updated information around global dropdown
* Added Information about supporting subsites in modeladmins
* Changed 'working.md' to 'working_with.md', for clearer menu naming
2013-09-12 14:42:00 +12:00
spronkey
586d88562c Added test case for subsites virtual page onAfterWrite issue, plus changed get_from_all_subsites method to immediately eval and return an ArrayList, instead of lazy eval DataList. Fixes #106 2013-09-12 14:23:42 +12:00
Mateusz U
110ce7751d Merge pull request #104 from adrexia/subsites-ui
API: Subsite support for menu of cms (hides admins that don't declare support) (fixes #101 and #89 )
2013-08-21 18:16:29 -07:00
Naomi Guyer
37843f447e API: Subsite support for menu of cms (hide admins that don't declare support) (fixes #101 and #89 )
* Hide admins without subsite support from subsites menu
* Add subsite support to default site areas
* Enable reloading of subsites switcher dropdown when navigating the
site, and when editing subsite areas

API Fix parallel pjax menu fetching for subsites.
- thanks Mateusz!

Delint LeftAndMain_Subsites.js
2013-08-22 13:02:46 +12:00
Mateusz Uzdowski
2d41dc62bf Change dependency versions to work for 3.1.0-rc1. 2013-08-13 12:05:30 +12:00
Simon Welsh
9192954596 Use correct jQuery variable 2013-07-11 17:31:59 +12:00
Ingo Schommer
b49c86bd0b Require subsite title (fixes #26) 2013-07-10 16:28:08 +02:00
Ingo Schommer
6a9003e8df Less intrusive doSave() overwrite of GridFieldDetailForm
Fixes issues with valiation errors not showing due
to lack of PjaxResponseNegotiator support (parent implementation has changed).
2013-07-10 16:15:04 +02:00