BUGFIX: fixed permission system for the field editor view

code/editor/EditableFormField.php

@@ -29,12 +29,7 @@ class EditableFormField extends DataObject {
 	static $has_one = array(
 		"Parent" => "SiteTree",
 	);
-	
-	/**
-	 * @var bool Is this field readonly to the user
-	 */
-	protected $readonly;
-	
+
 	/**
 	 * @var FieldEditor The current editor
 	 */
@@ -47,8 +42,7 @@ class EditableFormField extends DataObject {
 	 * @param boolean $isSingleton This this to true if this is a singleton() object, a stub for calling methods. 
 	 */
 	public function __construct($record = null, $isSingleton = false) {
-		$this->setField('Default', -1);
-		parent::__construct( $record, $isSingleton );
+		parent::__construct($record, $isSingleton);
 	}	
 	
 	/**
@@ -56,7 +50,7 @@ class EditableFormField extends DataObject {
 	 *
 	 * @param FieldEditor The Editor window you wish to use
 	 */
-	protected function setEditor($editor) {
+	public function setEditor($editor) {
 		$this->editor = $editor;
 	}
 	
@@ -64,14 +58,35 @@ class EditableFormField extends DataObject {
 		return $this->renderWith('EditableFormField');
 	}
 	
-	function isReadonly() {
-		return $this->readonly;
-	}
-	
 	function ClassName() {
 		return $this->class;
 	}
 	
+	/**
+	 * Return whether a user can delete this form field
+	 * based on whether they can edit the page
+	 *
+	 * @return bool
+	 */
+	public function canDelete() {
+		return $this->Parent()->canEdit();
+	}
+	
+	/**
+	 * Return whether a user can edit this form field
+	 * based on whether they can edit the page
+	 *
+	 * @return bool
+	 */
+	public function canEdit() {
+		return $this->Parent()->canEdit();
+	}
+	
+	/**
+	 * Show this form on load or not
+	 *
+	 * @return bool
+	 */
 	function ShowOnLoad() {
 		return ($this->getSetting('ShowOnLoad') == "Show" || $this->getSetting('ShowOnLoad') == '') ? true : false;
 	}
@@ -185,20 +200,10 @@ class EditableFormField extends DataObject {
 		}
 		return $output;
 	}
-	
-	function makeReadonly() {
-		$this->readonly = true;
-		return $this;
-	}
-	
-	function ReadonlyEditSegment() {
-		$this->readonly = true;
-		return $this->EditSegment();
-	}
-	
+
 	function TitleField() {
 		$titleAttr = Convert::raw2att($this->Title);
-		$readOnlyAttr = ($this->readonly) ? ' disabled="disabled"' : '';
+		$readOnlyAttr = (!$this->canEdit()) ? ' disabled="disabled"' : '';
 		
 		return "<input type=\"text\" class=\"text\" title=\"("._t('EditableFormField.ENTERQUESTION', 'Enter Question').")\" value=\"$titleAttr\" name=\"Fields[{$this->ID}][Title]\"$readOnlyAttr />";
 	}
@@ -288,10 +293,16 @@ class EditableFormField extends DataObject {
 	 * @return FieldSet
 	 */
 	public function getFieldValidationOptions() {
-		return new FieldSet(
+		$fields = new FieldSet(
 			new CheckboxField("Fields[$this->ID][Required]", _t('EditableFormField.REQUIRED', 'Is this field Required?'), $this->Required),
 			new TextField("Fields[$this->ID][CustomErrorMessage]", _t('EditableFormField.CUSTOMERROR','Custom Error Message'), $this->CustomErrorMessage)
 		);
+		
+		if(!$this->canEdit()) {
+			foreach($fields as $field) {
+				$fields->performReadonlyTransformation();
+			}
+		}
 	}
 	
 	/**

code/editor/FieldEditor.php

@@ -7,27 +7,19 @@
 class FieldEditor extends FormField {
 	
 	protected $haveFormOptions = true;
-	
-	protected $readonly = false;
-	
-	function isReadonly() {
-		return $this->readonly;
-	}
-	
-	function performReadonlyTransformation() {
-		$clone = clone $this;
-		$clone->setReadonly(true);
-		return $clone;
-	}
-	
-	function makeReadonly() {
-		return $this->performReadonlyTransformation();
-	}
-	
+
 	function FieldHolder() {
 		return $this->renderWith("FieldEditor");
 	}
 	
+	/**
+	 * Can a user edit this field
+	 *
+	 * @return bool
+	 */
+	public function canEdit() {
+		return $this->form->getRecord()->canEdit();
+	}
 	function Fields() {
 		Requirements::css("userforms/css/FieldEditor.css");
 		Requirements::javascript("jsparty/jquery/ui/ui.core.js");
@@ -37,16 +29,15 @@ class FieldEditor extends FormField {
 		$relationName = $this->name;
 		
 		$fields = $this->form->getRecord()->$relationName();
-
-		if($this->readonly) {
-			$readonlyFields = new DataObjectSet();
-			
-			foreach($fields as $field) {
-				$field->setEditor($this);
-				$readonlyFields->push($field->makeReadonly());
+		
+		foreach($fields as $field) {
+			if(!$this->canEdit()) {
+				if(is_a($field, 'FormField')) {
+					$readonlyFields->push($field->performReadonlyTransformation());
+				}
 			}
-				
-			$fields = $readonlyFields;
+			
+			$field->setEditor($this);
 		}
 		return $fields;
 	}

templates/EditableFormField.ss

@@ -17,7 +17,7 @@
 			<a class="moreOptions" href="#" title="<% _t('SHOWOPTIONS', 'Show Options') %>"><% _t('SHOWOPTIONS','Show Options') %></a>
 		<% end_if %>
 		
-		<% if CanDelete %>
+		<% if canDelete %>
    			<a class="delete" href="#" title="<% _t('DELETE', 'Delete') %>">
 				<% _t('DELETE', 'Delete') %>
 			</a>
@@ -31,7 +31,7 @@
 					<legend><% _t('OPTIONS', 'Options') %></legend>
 					<ul class="editableOptions" id="$Name.Attr-list">
 
-						<% if isReadonly %>
+						<% if canEdit %>
 							<% control Options %>
 								$ReadonlyOption
 							<% end_control %>			

templates/Includes/AddField.ss

@@ -1,12 +1,14 @@
-<div class="MenuHolder">
-	<h2><% _t('ADD', 'Add') %></h2>
-	<select name="AddUserFormField" id="AddUserFormField">
-		<option value=""><% _t('SELECTAFIELD', 'Select a Field') %></option>
+<% if canEdit %>
+	<div class="MenuHolder">
+		<h2><% _t('ADD', 'Add') %></h2>
+		<select name="AddUserFormField" id="AddUserFormField">
+			<option value=""><% _t('SELECTAFIELD', 'Select a Field') %></option>
 		
-		<% control CreatableFields %>
-			<option value="$ClassName">$Title</option>
-		<% end_control %>
-	</select>
+			<% control CreatableFields %>
+				<option value="$ClassName">$Title</option>
+			<% end_control %>
+		</select>
 	
-	<input type="submit" class="action" value="<% _t('ADD', 'Add') %>" /> 
-</div>
+		<input type="submit" class="action" value="<% _t('ADD', 'Add') %>" /> 
+	</div>
+<% end_if %>