/**
* Update the details for the organisation
*/
function updatedetails($data, $form, $request)
{
if ($this->group) {
$this->saveInto($this->group);
$this->group->write();
$form->sessionMessage(_t('EcommerceCorporateAccount.DETAILSHAVEBEENUPDATED', 'Your details have been updated.'), 'good');
Director::redirectBack();
} else {
$form->sessionMessage(_t('EcommerceCorporateAccount.DETAILSCOULDNOTBEUPATED', 'Your details have not been updated.'), 'bad');
Director::redirectBack();
}
}
static function add_members_to_customer_group()
{
$gp = DataObject::get_one("Group", "\"Title\" = '" . self::get_group_name() . "'");
if (!$gp) {
$gp = new Group();
$gp->Title = self::get_group_name();
$gp->Sort = 999998;
$gp->write();
}
$allCombos = DB::query("Select \"ID\", \"MemberID\", \"GroupID\" FROM \"Group_Members\" WHERE \"Group_Members\".\"GroupID\" = " . $gp->ID . ";");
//make an array of all combos
$alreadyAdded = array();
$alreadyAdded[-1] = -1;
if ($allCombos) {
foreach ($allCombos as $combo) {
$alreadyAdded[$combo["MemberID"]] = $combo["MemberID"];
}
}
$extraWhere = $unlistedMembers = DataObject::get("Member", $where = "\"Member\".\"ID\" NOT IN (" . implode(",", $alreadyAdded) . ")", $sort = null, $join = "INNER JOIN \"Order\" ON \"Order\".\"MemberID\" = \"Member\".\"ID\"");
//add combos
if ($unlistedMembers) {
$existingMembers = $gp->Members();
foreach ($unlistedMembers as $member) {
$existingMembers->add($member);
}
}
}
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
// Add default author group if no other group exists
$frontend_group = Group::get()->filter("Code", "users-frontend");
if (!$frontend_group->exists()) {
$frontend_group = new Group();
$frontend_group->Code = 'users-frontend';
$frontend_group->Title = "Frontend Users";
$frontend_group->Sort = 1;
$frontend_group->write();
Permission::grant($frontend_group->ID, 'USERS_MANAGE_ACCOUNT');
DB::alteration_message('Front end users group created', 'created');
}
// Add a verified users group (only used if we turn on
// verification)
$verify_group = Group::get()->filter("Code", "users-verified");
if (!$verify_group->exists()) {
$verify_group = new Group();
$verify_group->Code = 'users-verified';
$verify_group->Title = "Verified Users";
$verify_group->Sort = 1;
$verify_group->write();
Permission::grant($verify_group->ID, 'USERS_VERIFIED');
DB::alteration_message('Verified users group created', 'created');
}
}
public function processRecord($record, $columnMap, &$results, $preview = false)
{
$objID = parent::processRecord($record, $columnMap, $results, $preview);
$_cache_groupByCode = array();
// Add to predefined groups
$member = DataObject::get_by_id($this->objectClass, $objID);
foreach ($this->groups as $group) {
// TODO This isnt the most memory effective way to add members to a group
$member->Groups()->add($group);
}
// Add to groups defined in CSV
if (isset($record['Groups']) && $record['Groups']) {
$groupCodes = explode(',', $record['Groups']);
foreach ($groupCodes as $groupCode) {
$groupCode = Convert::raw2url($groupCode);
if (!isset($_cache_groupByCode[$groupCode])) {
$group = Group::get()->filter('Code', $groupCode)->first();
if (!$group) {
$group = new Group();
$group->Code = $groupCode;
$group->Title = $groupCode;
$group->write();
}
$member->Groups()->add($group);
$_cache_groupByCode[$groupCode] = $group;
}
}
}
$member->destroy();
unset($member);
return $objID;
}
static function get_main_group()
{
$group = DataObject::get_one('Group', "Code = '" . strtolower(self::$main_group) . "'");
if (!$group) {
$group = new Group(array('Title' => self::$main_group));
$group->write();
}
return $group;
}
function testCollateAncestorIDs()
{
$parentGroup = $this->objFromFixture('Group', 'parentgroup');
$childGroup = $this->objFromFixture('Group', 'childgroup');
$orphanGroup = new Group();
$orphanGroup->ParentID = 99999;
$orphanGroup->write();
$this->assertEquals(array($parentGroup->ID), $parentGroup->collateAncestorIDs(), 'Root node only contains itself');
$this->assertEquals(array($childGroup->ID, $parentGroup->ID), $childGroup->collateAncestorIDs(), 'Contains parent nodes, with child node first');
$this->assertEquals(array($orphanGroup->ID), $orphanGroup->collateAncestorIDs(), 'Orphaned nodes dont contain invalid parent IDs');
}
function doUp()
{
global $database;
$members = array(1368, 270, 9202);
// EdgarMagana, JonProulx, ShillaSaebi
$group = new Group();
$group->setTitle('User Committee');
$group->setDescription('User Committee');
$group->setSlug('user-committee');
$group->write();
$group->Members()->setByIDList($members);
}
function testAlternateTreeTitle()
{
$group = new Group();
$group->Title = 'The A Team';
$group->AccessAllSubsites = true;
$this->assertEquals($group->getTreeTitle(), 'The A Team <i>(global group)</i>');
$group->AccessAllSubsites = false;
$group->write();
$group->Subsites()->add($this->objFromFixture('Subsite', 'domaintest1'));
$group->Subsites()->add($this->objFromFixture('Subsite', 'domaintest2'));
$this->assertEquals($group->getTreeTitle(), 'The A Team <i>(Test 1, Test 2)</i>');
}
/**
* Add a specific group in order to enable users/groups managemet
*/
public function requireDefaultRecords()
{
$group = DataObject::get('Group', "Code = 'users-manager'");
if (!$group->count()) {
$usersManagerGroup = new Group();
$usersManagerGroup->Code = 'users-manager';
$usersManagerGroup->Title = _t('Group.DefaultGroupTitleUsersManager', 'Users Manager');
$usersManagerGroup->Sort = 0;
$usersManagerGroup->write();
Permission::grant($usersManagerGroup->ID, 'CMS_ACCESS_SecurityAdmin');
}
}
function requireDefaultRecords()
{
if (!Group::get()->filter(array("Code" => "team-member"))->First()) {
$group = new Group();
$group->Title = "Team Member";
$group->Code = "team-member";
$group->Sort = 2;
$group->write();
$group->flushCache();
DB::alteration_message('Team Member Group created', 'created');
}
parent::requireDefaultRecords();
}
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
// Add default author group if no other group exists
$curr_group = Group::get()->filter("Code", "customers");
if (!$curr_group->exists()) {
$group = new Group();
$group->Code = 'customers';
$group->Title = "Customers";
$group->Sort = 1;
$group->write();
DB::alteration_message('Customers group created', 'created');
}
}
function requireDefaultRecords()
{
parent::requireDefaultRecords();
//Create a new group for customers
$allGroups = DataObject::get('Group');
$existingCustomerGroup = $allGroups->find('Title', 'Customers');
if (!$existingCustomerGroup) {
$customerGroup = new Group();
$customerGroup->Title = 'Customers';
$customerGroup->setCode($customerGroup->Title);
$customerGroup->write();
Permission::grant($customerGroup->ID, 'VIEW_ORDER');
}
}
function testOverwriteExistingImport()
{
$existinggroup = new Group();
$existinggroup->Title = 'Old Group Title';
$existinggroup->Code = 'newgroup1';
$existinggroup->write();
$loader = new GroupCsvBulkLoader();
$results = $loader->load('sapphire/tests/security/GroupCsvBulkLoaderTest.csv');
$created = $results->Created()->toArray();
$this->assertEquals(count($created), 1);
$this->assertEquals($created[0]->Code, 'newchildgroup1');
$updated = $results->Updated()->toArray();
$this->assertEquals(count($updated), 1);
$this->assertEquals($updated[0]->Code, 'newgroup1');
$this->assertEquals($updated[0]->Title, 'New Group 1');
}
public function testOverwriteExistingImport()
{
$existinggroup = new Group();
$existinggroup->Title = 'Old Group Title';
$existinggroup->Code = 'newgroup1';
$existinggroup->write();
$loader = new GroupCsvBulkLoader();
$results = $loader->load($this->getCurrentRelativePath() . '/GroupCsvBulkLoaderTest.csv');
$created = $results->Created()->toArray();
$this->assertEquals(count($created), 1);
$this->assertEquals($created[0]->Code, 'newchildgroup1');
$updated = $results->Updated()->toArray();
$this->assertEquals(count($updated), 1);
$this->assertEquals($updated[0]->Code, 'newgroup1');
$this->assertEquals($updated[0]->Title, 'New Group 1');
}
public function onAfterWrite()
{
parent::onAfterWrite();
// TODO: should test if this is needed or not
if (!$this->owner->ID) {
return;
}
// Apply the subsite title to config
$siteconfig = $this->getSiteConfig();
if ($siteconfig) {
if ($siteconfig->Title == _t('Subsite.SiteConfigTitle', 'Your Site Name') && $this->owner->Title) {
$siteconfig->Title = $this->owner->Title;
$siteconfig->write();
}
}
// Make sure we have groups for this subsite
$groupName = $this->getAdministratorGroupName();
$group = self::getGroupByName($groupName);
if ($groupName && !$group) {
$group = new Group();
$group->Title = $groupName;
$group->AccessAllSubsites = false;
$group->write();
$group->Subsites()->add($this->owner);
// Apply default permissions to this group
$codes = array_unique(array_keys(Permission::get_codes(false)));
$default_permissions = Config::inst()->get('SubsiteExtension', 'admin_default_permissions');
foreach ($default_permissions as $p) {
if (in_array($p, $codes)) {
$po = new Permission(array('Code' => $p));
$po->write();
$group->Permissions()->add($po);
}
}
$group->write();
}
$membersGroupName = $this->getMembersGroupName();
$membersGroup = self::getGroupByName($membersGroupName);
if ($membersGroupName && !$membersGroup) {
$membersGroup = new Group();
$membersGroup->Title = $membersGroupName;
$membersGroup->AccessAllSubsites = true;
$membersGroup->write();
$membersGroup->Subsites()->add($this->owner);
$membersGroup->write();
}
}
function up()
{
echo "Starting Migration Proc ...<BR>";
//check if migration already had ran ...
$migration = DataObject::get_one("Migration", "Name='{$this->title}'");
if (!$migration) {
$g = new Group();
$g->setTitle('Community Members');
$g->setDescription('Community Members');
$g->setSlug(IFoundationMember::CommunityMemberGroupSlug);
$g->write();
$migration = new Migration();
$migration->Name = $this->title;
$migration->Description = $this->description;
$migration->Write();
}
echo "Ending Migration Proc ...<BR>";
}
function up()
{
echo "Starting Migration Proc ...<BR>";
//check if migration already had ran ...
$migration = Migration::get()->filter('Name', $this->title)->first();
if (!$migration) {
$g = new Group();
$g->setTitle('CCLA Admin');
$g->setDescription('Company CCLA Admin');
$g->setSlug(ICLAMemberDecorator::CCLAGroupSlug);
$g->write();
Permission::grant($g->getIdentifier(), ICLAMemberDecorator::CCLAPermissionSlug);
$migration = new Migration();
$migration->Name = $this->title;
$migration->Description = $this->description;
$migration->Write();
}
echo "Ending Migration Proc ...<BR>";
}
/**
* Create permissions, groups and member records if they don't exist.
*/
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
$groups = array();
// create or update groups, cache id by title
foreach (self::$groups as $title => $description) {
if (!($group = DataObject::get_one('Group', " Title = '{$title}'"))) {
$group = new Group(array('Title' => $title));
}
// update description if exists, otherwise set
$group->Description = $description;
$group->write();
$groups[$title] = $group->ID;
}
// create or update permissions and assign to associated group
foreach (self::$permissions as $code => $groupTitle) {
if (!($perm = DataObject::get_one('Permission', " Code = '{$code}' "))) {
$perm = new Permission(array('Code' => $code));
}
$perm->GroupID = $groups[$groupTitle];
$perm->write();
}
// if config option is true create or update members, then add Member to group
if ($this->config()->get('create_members_and_assign_to_groups') === true) {
foreach (self::$members as $memberInfo) {
$email = $memberInfo['Email'];
if (!($member = DataObject::get_one('Member', " Email = '{$email}' "))) {
$member = new Member();
}
// set or update data
$member->update($memberInfo);
$member->write();
foreach (self::$member_groups[$email] as $groupTitle) {
// if not in the group already add it
$groupID = $groups[$groupTitle];
if (!$member->Groups()->filter('ID', $groupID)->first()) {
$member->Groups()->add($groupID);
}
$member->write();
}
}
}
}
public function DoRegister($data, $form)
{
if ($member = DataObject::get_one("Member", "`Email` = '" . Convert::raw2sql($data['Email']) . "'")) {
$form->AddErrorMessage('Email', _t("REGISTRATION.EMAILEXISTS", "Sorry, that email address already exists. Please choose another."), 'bad');
Session::set("FormInfo.Form_RegistrationForm.data", $data);
return $this->redirectBack();
}
$Member = new Member();
$form->saveInto($Member);
$Member->write();
$Member->logIn();
if (!($userGroup = DataObject::get_one('Group', "Code = 'register-user'"))) {
$userGroup = new Group();
$userGroup->Code = "register-user";
$userGroup->Title = "Register-user";
$userGroup->write();
}
$userGroup->Members()->add($Member);
return $this->redirect(Director::baseURL());
}
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
$intranetGroup = Group::get()->filter(array("Code" => $this->Config()->get("group_code")))->first();
if ($intranetGroup && $intranetGroup->exists()) {
//do nothing
} else {
$intranetGroup = new Group();
DB::alteration_message($this->Config()->get("group_name") . ' group created', "created");
}
if ($intranetGroup) {
$intranetGroup->Code = $this->Config()->get("group_code");
$intranetGroup->Title = $this->Config()->get("group_name");
$intranetGroup->write();
Permission::grant($intranetGroup->ID, $this->Config()->get("permission_code"));
if (DB::query("\r\n\t\t\t\tSELECT *\r\n\t\t\t\tFROM Permission\r\n\t\t\t\tWHERE \"GroupID\" = '" . $intranetGroup->ID . "'\r\n\t\t\t\t\tAND \"Code\" LIKE '" . $this->Config()->get("permission_code") . "'")->numRecords() == 0) {
Permission::grant($intranetGroup->ID, $this->Config()->get("permission_code"));
DB::alteration_message($this->Config()->get("group_name") . ' permissions granted', "created");
}
}
}
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
// Add default FrontendMember group if none with permission code ADMIN exists
if (!defined('CreateDefaultGroupsOnce')) {
define('CreateDefaultGroupsOnce', true);
$authorGroup = Group::get_one("Group", "Code='content-authors'");
if (!$authorGroup) {
$authorGroup = new Group();
$authorGroup->Code = 'content-authors';
$authorGroup->Title = _t('Group.DefaultGroupTitleContentAuthors', 'Content Authors');
$authorGroup->Sort = 1;
$authorGroup->write();
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CMSMain');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_AssetAdmin');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_ReportAdmin');
Permission::grant($authorGroup->ID, 'SITETREE_REORGANISE');
}
Permission::grant($authorGroup->ID, 'ACCESS_CONTENT');
DB::alteration_message('Content Authors Group Permissions added', "created");
}
}
/**
* Add default records to database.
*
* This function is called whenever the database is built, after the
* database tables have all been created.
*/
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
// Add default poster group if it doesn't exist
$poster = Group::get()->filter("Code", 'discussions-posters')->first();
if (!$poster) {
$poster = new Group();
$poster->Code = 'discussions-posters';
$poster->Title = _t('Discussions.DefaultGroupTitlePosters', 'Discussion Posters');
$poster->Sort = 1;
$poster->write();
Permission::grant($poster->ID, 'DISCUSSIONS_REPLY');
DB::alteration_message('Discussion Poster Group Created', 'created');
}
// Add default modrator group if none exists
$moderator = Permission::get_groups_by_permission('DISCUSSIONS_MODERATION')->first();
if (!$moderator) {
$moderator = new Group();
$moderator->Code = 'discussions-moderators';
$moderator->Title = _t('Discussions.DefaultGroupTitleModerators', 'Discussion Moderators');
$moderator->Sort = 0;
$moderator->write();
Permission::grant($moderator->ID, 'DISCUSSIONS_MODERATION');
DB::alteration_message('Discussion Moderator Group Created', 'created');
}
// Now add these groups to a discussion holder (if one exists)
foreach (DiscussionHolder::get() as $page) {
if (!$page->PosterGroups()->count()) {
$page->PosterGroups()->add($poster);
$page->write();
DB::alteration_message('Added Poster Group to Discussions Holder', 'created');
}
if (!$page->ModeratorGroups()->count()) {
$page->ModeratorGroups()->add($moderator);
$page->write();
DB::alteration_message('Added Moderator Group to Discussions Holder', 'created');
}
}
}
/**
* Create the default Groups
* and add default admin to admin group
*/
public function requireDefaultRecords()
{
// Readers
$readersGroup = DataObject::get('Group')->filter(array('Code' => 'restfulapi-readers'));
if (!$readersGroup->count()) {
$readerGroup = new Group();
$readerGroup->Code = 'restfulapi-readers';
$readerGroup->Title = 'RESTful API Readers';
$readerGroup->Sort = 0;
$readerGroup->write();
Permission::grant($readerGroup->ID, 'RESTfulAPI_VIEW');
}
// Editors
$editorsGroup = DataObject::get('Group')->filter(array('Code' => 'restfulapi-editors'));
if (!$editorsGroup->count()) {
$editorGroup = new Group();
$editorGroup->Code = 'restfulapi-editors';
$editorGroup->Title = 'RESTful API Editors';
$editorGroup->Sort = 0;
$editorGroup->write();
Permission::grant($editorGroup->ID, 'RESTfulAPI_VIEW');
Permission::grant($editorGroup->ID, 'RESTfulAPI_EDIT');
Permission::grant($editorGroup->ID, 'RESTfulAPI_CREATE');
}
// Admins
$adminsGroup = DataObject::get('Group')->filter(array('Code' => 'restfulapi-administrators'));
if (!$adminsGroup->count()) {
$adminGroup = new Group();
$adminGroup->Code = 'restfulapi-administrators';
$adminGroup->Title = 'RESTful API Administrators';
$adminGroup->Sort = 0;
$adminGroup->write();
Permission::grant($adminGroup->ID, 'RESTfulAPI_VIEW');
Permission::grant($adminGroup->ID, 'RESTfulAPI_EDIT');
Permission::grant($adminGroup->ID, 'RESTfulAPI_CREATE');
Permission::grant($adminGroup->ID, 'RESTfulAPI_DELETE');
}
}
function requireDefaultRecords()
{
parent::requireDefaultRecords();
// default checkoutpage
if ($this->class == 'ShopCheckoutPage') {
//create usergroup for shop client
if (!DataObject::get_one("Group", "Title LIKE 'ShopClients'")) {
$group = new Group();
$group->Title = "ShopClients";
$group->Code = "shop-clients";
$group->Sort = DataObject::get_one("Group", "1", null, "Sort DESC")->Sort + 1;
$group->write();
DB::alteration_message('ShopClients usergroup created', 'created');
}
if (!DataObject::get('ShopCheckoutPage')) {
$p = new ShopCheckoutPage();
$p->Title = _t('Shop.CheckoutPageTitleDefault', 'Checkout');
$p->Content = _t('SiteTree.CheckoutPageContentDefault', '
<h2>Welcome to the checkout Page</h2>
<p>Please feel free to replace this text with your own shopinformations...</p>
');
$p->URLSegment = 'checkout';
$p->writeToStage('Stage');
$p->publish('Stage', 'Live');
$p->ContentInvoiceAddress = "<h2>Billing Address</h2>\n\t\t\t\t<p>Please fill out the billing address.</p>";
$p->ContentDeliveryAddress = "<h2>Shipping Address</h2>\n\t\t\t\t<p>Please fill out the shipping address.</p>";
$p->ContentShipping = "<h2>Shipping Method</h2>\n\t\t\t\t<p>Please select your preferred shipping method.</p>";
$p->ContentPayment = "<h2>Payment Method</h2>\n\t\t\t\t<p>Please choose your preffered payment methos.</p>";
$p->ContentSummary = "<h2>Order summary</h2>\n\t\t\t\t<p>Take a look of your order and click on „Place order” to finish your shopping session.</p>";
$p->ContentComplete = "<h2>Thanks for your order!</h2>\n\t\t\t\t<p>Your order has been submitted.</p>\n\t\t\t\t<p>You'll recieve an eMail with your order details soon.</p>";
$p->ContentError = "<h2>Order could not be placed</h2>\n\t\t\t\t<p>Sorry, but your order couldn't proceed complety. Please contact us for further information. Thanks!</p>";
$p->writeToStage('Stage');
$p->publish('Stage', 'Live');
$p->flushCache();
DB::alteration_message('ShopCheckoutPage created', 'created');
}
}
}
/**
* run the task
*/
function run($request)
{
$approvedCustomerGroup = EcommerceCorporateGroupGroupDecorator::get_approved_customer_group();
$approveCustomerPermissionCode = EcommerceCorporateGroupGroupDecorator::get_permission_code();
if (!$approvedCustomerGroup) {
$approvedCustomerGroup = new Group();
$approvedCustomerGroup->Code = EcommerceCorporateGroupGroupDecorator::get_code();
$approvedCustomerGroup->Title = EcommerceCorporateGroupGroupDecorator::get_name();
//$approvedCustomerGroup->ParentID = $parentGroup->ID;
$approvedCustomerGroup->write();
Permission::grant($approvedCustomerGroup->ID, $approveCustomerPermissionCode);
DB::alteration_message(EcommerceCorporateGroupGroupDecorator::get_name() . ' Group created', "created");
} elseif (DB::query("SELECT * FROM \"Permission\" WHERE \"GroupID\" = '" . $approvedCustomerGroup->ID . "' AND \"Code\" LIKE '" . $approveCustomerPermissionCode . "'")->numRecords() == 0) {
Permission::grant($approvedCustomerGroup->ID, $approveCustomerPermissionCode);
DB::alteration_message(EcommerceCorporateGroupGroupDecorator::get_name() . ' permissions granted', "created");
}
$approvedCustomerGroup = EcommerceCorporateGroupGroupDecorator::get_approved_customer_group();
if (!$approvedCustomerGroup) {
user_error("could not create user group");
} else {
DB::alteration_message(EcommerceCorporateGroupGroupDecorator::get_name() . ' is ready for use', "created");
}
}
/**
* Automatically create an AccountPage if one is not found
* on the site at the time the database is built (dev/build).
*/
function requireDefaultRecords()
{
parent::requireDefaultRecords();
if (!DataObject::get_one('AccountPage')) {
$page = new AccountPage();
$page->Title = 'Account';
$page->Content = '';
$page->URLSegment = 'account';
$page->ShowInMenus = 0;
$page->writeToStage('Stage');
$page->publish('Stage', 'Live');
DB::alteration_message('Account page \'Account\' created', 'created');
}
//Create a new group for customers
$allGroups = DataObject::get('Group');
$existingCustomerGroup = $allGroups->find('Title', 'Customers');
if (!$existingCustomerGroup) {
$customerGroup = new Group();
$customerGroup->Title = 'Customers';
$customerGroup->setCode($customerGroup->Title);
$customerGroup->write();
}
}
/**
* Adds the member to a group. This will create the group if the given
* group code does not return a valid group object.
*
* @param string $groupcode
* @param string Title of the group
*/
public function addToGroupByCode($groupcode, $title = "")
{
$group = DataObject::get_one('Group', "\"Code\" = '" . Convert::raw2sql($groupcode) . "'");
if ($group) {
$this->Groups()->add($group);
} else {
if (!$title) {
$title = $groupcode;
}
$group = new Group();
$group->Code = $groupcode;
$group->Title = $title;
$group->write();
$this->Groups()->add($group);
}
}
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
if ($this->config()->create_default_pages) {
$groupHolder = DataObject::get_one('ScoutGroupHolder');
if (!$groupHolder) {
$groupHolder = new ScoutGroupHolder();
$groupHolder->Title = "Groups";
$groupHolder->URLSegment = 'groups';
$groupHolder->Status = 'Published';
$groupHolder->write();
$groupHolder->publish('Stage', 'Live');
DB::alteration_message('Scout Group Holder page created', 'created');
}
}
$districtAdmin = DataObject::get_one('Group', "Code = 'scout-district-admin'");
if (!$districtAdmin) {
$districtAdmin = new Group();
$districtAdmin->Code = 'scout-district-admin';
$districtAdmin->Title = _t('ScoutDistrict.Groups.SCOUTDISTRICTADMIN', 'Scout District Admin');
$districtAdmin->write();
Permission::grant($districtAdmin->ID, ScoutDistrictPermissions::$district_admin);
DB::alteration_message('Scout District Admin group created', 'created');
}
$groupManager = DataObject::get_one('Group', "Code = 'scout-group-manager'");
if (!$groupManager) {
$groupManager = new Group();
$groupManager->Code = 'scout-group-manager';
$groupManager->Title = _t('ScoutDistrict.Groups.SCOUTGROUPMANAGER', 'Scout Group Manager');
$groupManager->write();
Permission::grant($groupManager->ID, ScoutDistrictPermissions::$group_manager);
Permission::grant($groupManager->ID, "CMS_ACCESS_CMSMain");
DB::alteration_message('Scout Group Manager group created', 'created');
}
}
public function run($request)
{
// get all groups from LDAP, but only get the attributes we need.
// this is useful to avoid holding onto too much data in memory
// especially in the case where getGroups() would return a lot of groups
$ldapGroups = $this->ldapService->getGroups(false, array('objectguid', 'samaccountname', 'dn', 'name', 'description'), 'objectguid');
$start = time();
$count = 0;
foreach ($ldapGroups as $data) {
$group = Group::get()->filter('GUID', $data['objectguid'])->limit(1)->first();
if (!($group && $group->exists())) {
// create the initial Group with some internal fields
$group = new Group();
$group->GUID = $data['objectguid'];
$this->log(sprintf('Creating new Group (ID: %s, GUID: %s, sAMAccountName: %s)', $group->ID, $data['objectguid'], $data['samaccountname']));
} else {
$this->log(sprintf('Updating existing Group "%s" (ID: %s, GUID: %s, sAMAccountName: %s)', $group->getTitle(), $group->ID, $data['objectguid'], $data['samaccountname']));
}
// Synchronise specific guaranteed fields.
$group->Code = $data['samaccountname'];
if (!empty($data['name'])) {
$group->Title = $data['name'];
} else {
$group->Title = $data['samaccountname'];
}
if (!empty($data['description'])) {
$group->Description = $data['description'];
}
$group->DN = $data['dn'];
$group->LastSynced = (string) SS_Datetime::now();
$group->IsImportedFromLDAP = true;
$group->write();
// Mappings on this group are automatically maintained to contain just the group's DN.
// First, scan through existing mappings and remove ones that are not matching (in case the group moved).
$hasCorrectMapping = false;
foreach ($group->LDAPGroupMappings() as $mapping) {
if ($mapping->DN === $data['dn']) {
// This is the correct mapping we want to retain.
$hasCorrectMapping = true;
} else {
$this->log(sprintf('Deleting invalid mapping %s on %s.', $mapping->DN, $group->getTitle()));
$mapping->delete();
}
}
// Second, if the main mapping was not found, add it in.
if (!$hasCorrectMapping) {
$this->log(sprintf('Setting up missing group mapping from %s to %s', $group->getTitle(), $data['dn']));
$mapping = new LDAPGroupMapping();
$mapping->DN = $data['dn'];
$mapping->write();
$group->LDAPGroupMappings()->add($mapping);
}
// cleanup object from memory
$group->destroy();
$count++;
}
// remove Group records that were previously imported, but no longer exist in the directory
// NOTE: DB::query() here is used for performance and so we don't run out of memory
if ($this->config()->destructive) {
foreach (DB::query('SELECT "ID", "GUID" FROM "Group" WHERE "IsImportedFromLDAP" = 1') as $record) {
if (!isset($ldapGroups[$record['GUID']])) {
$group = Group::get()->byId($record['ID']);
// Cascade into mappings, just to clean up behind ourselves.
foreach ($group->LDAPGroupMappings() as $mapping) {
$mapping->delete();
}
$group->delete();
$this->log(sprintf('Removing Group "%s" (GUID: %s) that no longer exists in LDAP.', $group->Title, $group->GUID));
// cleanup object from memory
$group->destroy();
}
}
}
$end = time() - $start;
$this->log(sprintf('Done. Processed %s records. Duration: %s seconds', $count, round($end, 0)));
}
public function testOnChangeGroups()
{
$staffGroup = $this->objFromFixture('Group', 'staffgroup');
$adminGroup = $this->objFromFixture('Group', 'admingroup');
$staffMember = $this->objFromFixture('Member', 'staffmember');
$adminMember = $this->objFromFixture('Member', 'admin');
$newAdminGroup = new Group(array('Title' => 'newadmin'));
$newAdminGroup->write();
Permission::grant($newAdminGroup->ID, 'ADMIN');
$newOtherGroup = new Group(array('Title' => 'othergroup'));
$newOtherGroup->write();
$this->assertTrue($staffMember->onChangeGroups(array($staffGroup->ID)), 'Adding existing non-admin group relation is allowed for non-admin members');
$this->assertTrue($staffMember->onChangeGroups(array($newOtherGroup->ID)), 'Adding new non-admin group relation is allowed for non-admin members');
$this->assertFalse($staffMember->onChangeGroups(array($newAdminGroup->ID)), 'Adding new admin group relation is not allowed for non-admin members');
$this->session()->inst_set('loggedInAs', $adminMember->ID);
$this->assertTrue($staffMember->onChangeGroups(array($newAdminGroup->ID)), 'Adding new admin group relation is allowed for normal users, when granter is logged in as admin');
$this->session()->inst_set('loggedInAs', null);
$this->assertTrue($adminMember->onChangeGroups(array($newAdminGroup->ID)), 'Adding new admin group relation is allowed for admin members');
}
