/**
* standard SS method
* @param Member $member
* @return Boolean
*/
public function canDelete($member = null)
{
if (Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) {
return true;
}
return parent::canEdit($member);
}
/**
*
* @param GridField $gridField
* @param DataObject $record
* @param string $columnName
* @return string - the HTML for the column
*/
public function getColumnContent($gridField, $record, $columnName)
{
if (!$record->canEdit()) {
return;
}
$data = new ArrayData(array('Link' => Controller::join_links(Director::baseURL(), '/admin/pages/edit/show/', $record->ID)));
return $data->renderWith('GridFieldEditButton');
}
/**
*
* @param GridField $gridField
* @param DataObject $record
* @param string $columnName
* @return string - the HTML for the column
*/
public function getColumnContent($gridField, $record, $columnName)
{
if (!$record->canEdit()) {
return;
}
$data = new ArrayData(array('Link' => Controller::join_links($gridField->Link('item'), $record->ID, 'edit')));
return $data->renderWith('GridFieldEditButton');
}
public function canEdit($member = null)
{
$this->beforeExtending(__FUNCTION__, function ($member = null) {
if ($this->Parent && $this->Parent->canEdit($member)) {
return true;
}
});
return parent::canEdit($member);
}
/**
* @param GridField $gridField
* @param DataObject $record
* @param string $columnName
* @return string - the HTML for the column
*/
public function getColumnContent($gridField, $record, $columnName)
{
if (!$record->canEdit()) {
return;
}
$history_controller = singleton('CMSPageHistoryController');
$data = new ArrayData(array('Link' => Controller::join_links($history_controller->Link('show'), $record->ID)));
return $data->renderWith('GridFieldPageHistoryButton');
}
/**
* Standard SS Method
* @param Member $member
* @var Boolean
*/
public function canEdit($member = null)
{
if (!$member) {
$member == Member::currentUser();
}
$shopAdminCode = EcommerceConfig::get("EcommerceRole", "admin_permission_code");
if ($member && Permission::checkMember($member, $shopAdminCode)) {
return true;
}
return parent::canEdit($member);
}
public function deleteinlinecomment(array $data, Form $form, $request)
{
if (!$this->context->canEdit()) {
return;
}
if (!isset($data['ID'])) {
throw new Exception("Invalid comment ID");
}
$comment = DataObject::get_by_id('InlineComment', $data['ID']);
$comment->delete();
return singleton('ICUtils')->ajaxResponse("Deleted", true);
}
/**
* Return true or false as to whether a given user can access an object
*
* @param DataObject $node
* The object to check perms on
* @param string $perm
* The permission to check against
* @param Member $member
* The member to check - if not set, the current user is used
*
* @return type
*/
public function checkPerm(DataObject $node, $perm, $member = null)
{
// if the node doesn't use the extension, fall back to SS logic
if (!$node->hasExtension('Restrictable')) {
switch ($perm) {
case 'View':
return $node->canView($member);
case 'Write':
return $node->canEdit($member);
default:
return $node->can($perm, $member);
}
}
if (!$node) {
return false;
}
if (!$member) {
$member = singleton('SecurityContext')->getMember();
}
if (is_int($member)) {
$member = DataObject::get_by_id('Member', $member);
}
if (Permission::check('ADMIN', 'any', $member)) {
return true;
}
$permCache = $this->getCache();
/* @var $permCache Zend_Cache_Core */
$key = $this->permCacheKey($node, $perm);
$userGrants = null;
if ($key) {
$userGrants = $permCache->load($key);
if (count($userGrants)) {
$userGrants = $this->sanitiseCacheData($userGrants);
}
}
if ($member && $userGrants && isset($userGrants[$perm][$member->ID])) {
return $userGrants[$perm][$member->ID];
}
// okay, we need to build up all the info we have about the node for permissions
$s = $this->realiseAllSources($node);
if (!$userGrants) {
$userGrants = array();
}
if (!isset($userGrants[$perm])) {
$userGrants[$perm] = array();
}
$result = null;
// if no member, just check public view
$public = $this->checkPublicPerms($node, $perm);
if ($public) {
$result = true;
}
// can return immediately
if (!$member) {
return $result;
}
if (is_null($result)) {
// see whether we're the owner, and if the perm we're checking is in that list
if ($this->checkOwnerPerms($node, $perm, $member)) {
$result = true;
}
}
$accessAuthority = '';
$directGrant = null;
$can = false;
if (is_null($result)) {
$filter = array('ItemID' => $node->ID, 'ItemType' => $node->class);
$existing = DataList::create('AccessAuthority')->filter($filter);
// get all access authorities for this object
$gids = isset($this->groups[$member->ID]) ? $this->groups[$member->ID] : null;
if (!$gids) {
$groups = $member ? $member->Groups() : array();
$gids = array();
if ($groups && $groups->Count()) {
$gids = $groups->map('ID', 'ID')->toArray();
}
$this->groups[$member->ID] = $gids;
}
$can = false;
$directGrant = 'NONE';
if ($existing && $existing->count()) {
foreach ($existing as $access) {
// check if this mentions the perm in question
$perms = $access->Perms->getValues();
if ($perms) {
if (!in_array($perm, $perms)) {
continue;
}
}
$grant = null;
$authority = $access->getAuthority();
if ($authority instanceof Group) {
if (isset($gids[$access->AuthorityID])) {
$grant = $access->Grant;
}
} elseif ($authority instanceof Member) {
if ($member->ID == $access->AuthorityID) {
$grant = $access->Grant;
}
} else {
// another mechanism that will require a lookup of members in a list
// TODO cache this
if ($authority instanceof ListOfMembers) {
$listMembers = $authority->getAllMembers()->map('ID', 'Title');
if (isset($listMembers[$member->ID])) {
$grant = $access->Grant;
}
}
}
if ($grant) {
// if it's deny, we can just break away immediately, otherwise we need to evaluate all the
// others in case there's another DENY in there somewhere
if ($grant === 'DENY') {
$directGrant = 'DENY';
// immediately break
break;
} else {
// mark that it's been granted for now
$directGrant = 'GRANT';
}
}
}
}
}
// return immediately if we have something
if ($directGrant === 'GRANT') {
$result = true;
}
if ($directGrant === 'DENY') {
$result = false;
}
// otherwise query our parents
if (is_null($result) && $node->InheritPerms) {
$permParents = $this->getEffectiveParents($node);
if (count($permParents) || $permParents instanceof IteratorAggregate) {
foreach ($permParents as $permParent) {
if ($permParent && $this->checkPerm($permParent, $perm, $member)) {
$result = true;
}
}
}
}
if (is_null($result)) {
$result = false;
}
$userGrants[$perm][$member->ID] = $result;
if ($key) {
$permCache->save($userGrants, $key);
}
return $result;
}
/**
* Shop Admins can edit
* @return Boolean
*/
function canEdit($member = null)
{
return true;
if (!$member) {
$member = Member::currentUser();
}
if ($member && $member->IsShopAdmin()) {
return true;
}
return parent::canEdit($member);
}
/**
* Standard SS method
* @param Member $member
* @return Boolean
*/
public function canDelete($member = null)
{
//cant delete last status if there are orders with this status
$nextOrderStepObject = $this->NextOrderStep();
if ($nextOrderStepObject) {
//do nothing
} else {
$orderCount = Order::get()->filter(array("StatusID" => intval($this->ID) - 0))->count();
if ($orderCount) {
return false;
}
}
if ($this->isDefaultStatusOption()) {
return false;
}
if (in_array($this->Code, self::get_codes_for_order_steps_to_include())) {
return false;
}
if (Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) {
return true;
}
return parent::canEdit($member);
}
/**
* Standard SS method
* @param Member $member
* @return Boolean
*/
function canDelete($member = null)
{
if (ShippingAddress::get()->filter(array("ShippingCountry" => $this->Code))->count()) {
return false;
}
if (BillingAddress::get()->filter(array("Country" => $this->Code))->count()) {
return false;
}
if (Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) {
return true;
}
return parent::canEdit($member);
}
public function canEdit($member = null)
{
$this->beforeExtending(__METHOD__, function ($member) {
if (!$this->checkIfHasGlobalMenuPermission($member)) {
return false;
}
});
return parent::canEdit($member);
}
public function canEdit($member = null)
{
$first = $this->Pages()->first();
return $first ? $first->canEdit() : parent::canEdit($member);
}
/**
* Standard SS method
* @param Member $member
* @return Boolean
*/
function canDelete($member = null)
{
if (!$this->InUse && EcommerceCurrency::get()->Count() > 1) {
if (Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) {
return true;
}
return parent::canEdit($member);
}
return false;
}
/**
*
* @param GridField $gridField
* @param DataObject $record
* @param string $columnName
* @return string - the HTML for the column
*/
public function getColumnContent($gridField, $record, $columnName)
{
if ($this->removeRelation) {
if (!$record->canEdit()) {
return;
}
$field = GridField_FormAction::create($gridField, 'UnlinkRelation' . $record->ID, _t('GridAction.UnlinkRelation', "Unlink"), "unlinkrelation", array('RecordID' => $record->ID))->addExtraClass('gridfield-button-unlink')->setAttribute('title', _t('GridAction.UnlinkRelation', "Unlink"))->setAttribute('data-icon', 'chain--minus');
} else {
if (!$record->canDelete()) {
return;
}
$field = GridField_FormAction::create($gridField, 'DeleteRecord' . $record->ID, _t('GridAction.Delete', "Delete"), "deleterecord", array('RecordID' => $record->ID))->addExtraClass('gridfield-button-delete')->setAttribute('title', _t('GridAction.Delete', "Delete"))->setAttribute('data-icon', 'cross-circle')->setDescription(_t('GridAction.DELETE_DESCRIPTION', 'Delete'));
}
return $field->Field();
}
/**
* standard SS method
* @param Member $member
* @return Boolean
*/
public function canDelete($member = null)
{
$array = EcommerceConfig::get("CheckoutPage_Controller", "checkout_steps");
if (in_array($this->getCode, $array)) {
return false;
}
if (Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) {
return true;
}
return parent::canEdit($member);
}
public function canEdit($member = null)
{
return parent::canEdit($member);
}
/**
*
* @param GridField $gridField
* @param DataObject $record
* @param string $columnName
* @return string - the HTML for the column
*/
public function getColumnContent($gridField, $record, $columnName)
{
if ($this->removeRelation) {
if (!$record->canEdit()) {
return;
}
$field = GridField_FormAction::create($gridField, 'UnlinkRelation' . $record->ID, false, "unlinkrelation", array('RecordID' => $record->ID))->addExtraClass('btn btn--no-text btn--icon-md font-icon-link-broken grid-field__icon-action gridfield-button-unlink')->setAttribute('title', _t('GridAction.UnlinkRelation', "Unlink"));
} else {
if (!$record->canDelete()) {
return;
}
$field = GridField_FormAction::create($gridField, 'DeleteRecord' . $record->ID, false, "deleterecord", array('RecordID' => $record->ID))->addExtraClass('gridfield-button-delete btn--icon-md font-icon-trash-bin btn--no-text grid-field__icon-action')->setAttribute('title', _t('GridAction.Delete', "Delete"))->setDescription(_t('GridAction.DELETE_DESCRIPTION', 'Delete'));
}
return $field->Field();
}
/**
* standard SS method
* @param Member $member
* @return Boolean
**/
function canEdit($member = null)
{
//if(Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) {return true;}
//we can only edit Order Modifiers that have not been submitted yet...
return parent::canEdit($member);
}
public function canEdit($member = null)
{
$method = __FUNCTION__;
$this->beforeExtending(__FUNCTION__, function ($member) use($method) {
if (!$this->checkIfHasGlobalMenuPermission($member)) {
return false;
}
if (singleton('SiteTree')->{$method}($member)) {
return true;
}
});
return parent::canEdit($member);
}
public function canEdit($member = null)
{
return !$this->Sent && parent::canEdit($member);
}
public function doSave($data, $form)
{
$isNewRecord = $this->record->ID == 0;
// Check permission
if (!$this->record->canEdit()) {
return $this->httpError(403);
}
// Save from form data
try {
$this->saveFormIntoRecord($data, $form);
} catch (ValidationException $e) {
return $this->generateValidationResponse($form, $e);
}
$link = '<a href="' . $this->Link('edit') . '">"' . htmlspecialchars($this->record->Title, ENT_QUOTES) . '"</a>';
$message = _t('GridFieldDetailForm.Saved', 'Saved {name} {link}', array('name' => $this->record->i18n_singular_name(), 'link' => $link));
$form->sessionMessage($message, 'good', false);
// Redirect after save
return $this->redirectAfterSave($isNewRecord);
}
public function doSave($data, $form)
{
$new_record = $this->record->ID == 0;
$controller = $this->getToplevelController();
$list = $this->gridField->getList();
if ($list instanceof ManyManyList) {
// Data is escaped in ManyManyList->add()
$extraData = isset($data['ManyMany']) ? $data['ManyMany'] : null;
} else {
$extraData = null;
}
if (!$this->record->canEdit()) {
return $controller->httpError(403);
}
if (isset($data['ClassName']) && $data['ClassName'] != $this->record->ClassName) {
$newClassName = $data['ClassName'];
// The records originally saved attribute was overwritten by $form->saveInto($record) before.
// This is necessary for newClassInstance() to work as expected, and trigger change detection
// on the ClassName attribute
$this->record->setClassName($this->record->ClassName);
// Replace $record with a new instance
$this->record = $this->record->newClassInstance($newClassName);
}
try {
$form->saveInto($this->record);
$this->record->write();
$list->add($this->record, $extraData);
} catch (ValidationException $e) {
$form->sessionMessage($e->getResult()->message(), 'bad', false);
$responseNegotiator = new PjaxResponseNegotiator(array('CurrentForm' => function () use(&$form) {
return $form->forTemplate();
}, 'default' => function () use(&$controller) {
return $controller->redirectBack();
}));
if ($controller->getRequest()->isAjax()) {
$controller->getRequest()->addHeader('X-Pjax', 'CurrentForm');
}
return $responseNegotiator->respond($controller->getRequest());
}
// TODO Save this item into the given relationship
$link = '<a href="' . $this->Link('edit') . '">"' . htmlspecialchars($this->record->Title, ENT_QUOTES) . '"</a>';
$message = _t('GridFieldDetailForm.Saved', 'Saved {name} {link}', array('name' => $this->record->i18n_singular_name(), 'link' => $link));
$form->sessionMessage($message, 'good', false);
if ($new_record) {
return $controller->redirect($this->Link());
} elseif ($this->gridField->getList()->byId($this->record->ID)) {
// Return new view, as we can't do a "virtual redirect" via the CMS Ajax
// to the same URL (it assumes that its content is already current, and doesn't reload)
return $this->edit($controller->getRequest());
} else {
// Changes to the record properties might've excluded the record from
// a filtered list, so return back to the main view if it can't be found
$noActionURL = $controller->removeAction($data['url']);
$controller->getRequest()->addHeader('X-Pjax', 'Content');
return $controller->redirect($noActionURL, 302);
}
}
public function canEdit($member = null)
{
$can = parent::canEdit($member);
return $can ? $can : Permission::check('CMS_ACCESS_FrontendAdmin');
}
