public function providePermissions()
{
$perms = array("CMS_ACCESS_LeftAndMain" => array('name' => _t('CMSMain.ACCESSALLINTERFACES', 'Access to all CMS sections'), 'category' => _t('Permission.CMS_ACCESS_CATEGORY', 'CMS Access'), 'help' => _t('CMSMain.ACCESSALLINTERFACESHELP', 'Overrules more specific access settings.'), 'sort' => -100));
// Add any custom ModelAdmin subclasses. Can't put this on ModelAdmin itself
// since its marked abstract, and needs to be singleton instanciated.
foreach (ClassInfo::subclassesFor('SilverStripe\\Admin\\ModelAdmin') as $i => $class) {
if ($class == 'SilverStripe\\Admin\\ModelAdmin') {
continue;
}
if (ClassInfo::classImplements($class, 'SilverStripe\\Dev\\TestOnly')) {
continue;
}
// Check if modeladmin has explicit required_permission_codes option.
// If a modeladmin is namespaced you can apply this config to override
// the default permission generation based on fully qualified class name.
$code = $this->getRequiredPermissions();
if (!$code) {
continue;
}
// Get first permission if multiple specified
if (is_array($code)) {
$code = reset($code);
}
$title = LeftAndMain::menu_title($class);
$perms[$code] = array('name' => _t('CMSMain.ACCESS', "Access to '{title}' section", "Item in permission selection identifying the admin section. Example: Access to 'Files & Images'", array('title' => $title)), 'category' => _t('Permission.CMS_ACCESS_CATEGORY', 'CMS Access'));
}
return $perms;
}
public function testCanView()
{
$adminuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$securityonlyuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'securityonlyuser');
$allcmssectionsuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'allcmssectionsuser');
// anonymous user
$this->session()->inst_set('loggedInAs', null);
$this->resetMenu();
$menuItems = LeftAndMain::singleton()->MainMenu(false);
$this->assertEquals($menuItems->column('Code'), array(), 'Without valid login, members cant access any menu entries');
// restricted cms user
$this->logInAs($securityonlyuser);
$this->resetMenu();
$menuItems = LeftAndMain::singleton()->MainMenu(false);
$menuItems = $menuItems->column('Code');
sort($menuItems);
$this->assertEquals(array('Help', 'SilverStripe-Admin-CMSProfileController', 'SilverStripe-Admin-SecurityAdmin'), $menuItems, 'Groups with limited access can only access the interfaces they have permissions for');
// all cms sections user
$this->logInAs($allcmssectionsuser);
$this->resetMenu();
$menuItems = LeftAndMain::singleton()->MainMenu(false);
$this->assertContains('SilverStripe-Admin-CMSProfileController', $menuItems->column('Code'), 'Group with CMS_ACCESS_SilverStripe\\Admin\\LeftAndMain permission can edit own profile');
$this->assertContains('SilverStripe-Admin-SecurityAdmin', $menuItems->column('Code'), 'Group with CMS_ACCESS_SilverStripe\\Admin\\LeftAndMain permission can access all sections');
$this->assertContains('Help', $menuItems->column('Code'), 'Group with CMS_ACCESS_SilverStripe\\Admin\\LeftAndMain permission can access all sections');
// admin
$this->logInAs($adminuser);
$this->resetMenu();
$menuItems = LeftAndMain::singleton()->MainMenu(false);
$this->assertContains('SilverStripe-Admin-SecurityAdmin', $menuItems->column('Code'), 'Administrators can access Security Admin');
$this->session()->inst_set('loggedInAs', null);
}
/**
* Only show first element, as the profile form is limited to editing
* the current member it doesn't make much sense to show the member name
* in the breadcrumbs.
*
* @param bool $unlinked
* @return ArrayList
*/
public function Breadcrumbs($unlinked = false)
{
$items = parent::Breadcrumbs($unlinked);
return new ArrayList(array($items[0]));
}
/**
* @param bool $unlinked
* @return ArrayList
*/
public function Breadcrumbs($unlinked = false)
{
$items = parent::Breadcrumbs($unlinked);
// Show the class name rather than ModelAdmin title as root node
$models = $this->getManagedModels();
$params = $this->getRequest()->getVars();
if (isset($params['url'])) {
unset($params['url']);
}
$items[0]->Title = $models[$this->modelClass]['title'];
$items[0]->Link = Controller::join_links($this->Link($this->sanitiseClassName($this->modelClass)), '?' . http_build_query($params));
return $items;
}
public function schema($request)
{
// TODO Hardcoding schema until we can get GridField to generate a schema dynamically
$treeClassJS = Convert::raw2js($this->config()->tree_class);
$adminURL = Convert::raw2js(AdminRootController::admin_url());
$json = <<<JSON
{
\t"id": "{$adminURL}campaigns\\/schema\\/EditForm",
\t"schema": {
\t\t"name": "EditForm",
\t\t"id": "Form_EditForm",
\t\t"action": "schema",
\t\t"method": "GET",
\t\t"attributes": {
\t\t\t"id": "Form_EditForm",
\t\t\t"action": "{$adminURL}campaigns\\/EditForm",
\t\t\t"method": "POST",
\t\t\t"enctype": "multipart\\/form-data",
\t\t\t"target": null
\t\t},
\t\t"data": [],
\t\t"fields": [{
\t\t\t"name": "ID",
\t\t\t"id": "Form_EditForm_ID",
\t\t\t"type": "Hidden",
\t\t\t"component": null,
\t\t\t"holderId": null,
\t\t\t"title": false,
\t\t\t"source": null,
\t\t\t"extraClass": "hidden form-group--no-label",
\t\t\t"description": null,
\t\t\t"rightTitle": null,
\t\t\t"leftTitle": null,
\t\t\t"readOnly": false,
\t\t\t"disabled": false,
\t\t\t"customValidationMessage": "",
\t\t\t"attributes": [],
\t\t\t"data": []
\t\t}, {
\t\t\t"name": "ChangeSets",
\t\t\t"id": "Form_EditForm_ChangeSets",
\t\t\t"type": "Custom",
\t\t\t"component": "GridField",
\t\t\t"holderId": null,
\t\t\t"title": "Campaigns",
\t\t\t"source": null,
\t\t\t"extraClass": null,
\t\t\t"description": null,
\t\t\t"rightTitle": null,
\t\t\t"leftTitle": null,
\t\t\t"readOnly": false,
\t\t\t"disabled": false,
\t\t\t"customValidationMessage": "",
\t\t\t"attributes": [],
\t\t\t"data": {
\t\t\t\t"recordType": "{$treeClassJS}",
\t\t\t\t"collectionReadEndpoint": {
\t\t\t\t\t"url": "{$adminURL}campaigns\\/sets",
\t\t\t\t\t"method": "GET"
\t\t\t\t},
\t\t\t\t"itemReadEndpoint": {
\t\t\t\t\t"url": "{$adminURL}campaigns\\/set\\/:id",
\t\t\t\t\t"method": "GET"
\t\t\t\t},
\t\t\t\t"itemUpdateEndpoint": {
\t\t\t\t\t"url": "{$adminURL}campaigns\\/set\\/:id",
\t\t\t\t\t"method": "PUT"
\t\t\t\t},
\t\t\t\t"itemCreateEndpoint": {
\t\t\t\t\t"url": "{$adminURL}campaigns\\/set\\/:id",
\t\t\t\t\t"method": "POST"
\t\t\t\t},
\t\t\t\t"itemDeleteEndpoint": {
\t\t\t\t\t"url": "{$adminURL}campaigns\\/set\\/:id",
\t\t\t\t\t"method": "DELETE"
\t\t\t\t},
\t\t\t\t"editFormSchemaEndpoint": "{$adminURL}campaigns\\/schema\\/DetailEditForm",
\t\t\t\t"columns": [
\t\t\t\t\t{"name": "Title", "field": "Name"},
\t\t\t\t\t{"name": "Changes", "field": "ChangesCount"},
\t\t\t\t\t{"name": "Description", "field": "Description"}
\t\t\t\t]
\t\t\t}
\t\t}, {
\t\t\t"name": "SecurityID",
\t\t\t"id": "Form_EditForm_SecurityID",
\t\t\t"type": "Hidden",
\t\t\t"component": null,
\t\t\t"holderId": null,
\t\t\t"title": "Security ID",
\t\t\t"source": null,
\t\t\t"extraClass": "hidden",
\t\t\t"description": null,
\t\t\t"rightTitle": null,
\t\t\t"leftTitle": null,
\t\t\t"readOnly": false,
\t\t\t"disabled": false,
\t\t\t"customValidationMessage": "",
\t\t\t"attributes": [],
\t\t\t"data": []
\t\t}],
\t\t"actions": []
\t}
}
JSON;
$formName = $request->param('ID');
if ($formName == 'EditForm') {
$response = $this->getResponse();
$response->addHeader('Content-Type', 'application/json');
$response->setBody($json);
return $response;
} else {
return parent::schema($request);
}
}
public function Breadcrumbs($unlinked = false)
{
$crumbs = parent::Breadcrumbs($unlinked);
// Name root breadcrumb based on which record is edited,
// which can only be determined by looking for the fieldname of the GridField.
// Note: Titles should be same titles as tabs in RootForm().
$params = $this->getRequest()->allParams();
if (isset($params['FieldName'])) {
// TODO FieldName param gets overwritten by nested GridFields,
// so shows "Members" rather than "Groups" for the following URL:
// admin/security/EditForm/field/Groups/item/2/ItemEditForm/field/Members/item/1/edit
$firstCrumb = $crumbs->shift();
if ($params['FieldName'] == 'Groups') {
$crumbs->unshift(new ArrayData(array('Title' => Group::singleton()->i18n_plural_name(), 'Link' => $this->Link('groups'))));
} elseif ($params['FieldName'] == 'Users') {
$crumbs->unshift(new ArrayData(array('Title' => _t('SecurityAdmin.Users', 'Users'), 'Link' => $this->Link('users'))));
} elseif ($params['FieldName'] == 'Roles') {
$crumbs->unshift(new ArrayData(array('Title' => _t('SecurityAdmin.TABROLES', 'Roles'), 'Link' => $this->Link('roles'))));
}
$crumbs->unshift($firstCrumb);
}
return $crumbs;
}
/**
* Get a map of all members in the groups given that have CMS permissions
*
* If no groups are passed, all groups with CMS permissions will be used.
*
* @param array $groups Groups to consider or NULL to use all groups with
* CMS permissions.
* @return Map Returns a map of all members in the groups given that
* have CMS permissions.
*/
public static function mapInCMSGroups($groups = null)
{
if (!$groups || $groups->Count() == 0) {
$perms = array('ADMIN', 'CMS_ACCESS_AssetAdmin');
if (class_exists('SilverStripe\\CMS\\Controllers\\CMSMain')) {
$cmsPerms = CMSMain::singleton()->providePermissions();
} else {
$cmsPerms = LeftAndMain::singleton()->providePermissions();
}
if (!empty($cmsPerms)) {
$perms = array_unique(array_merge($perms, array_keys($cmsPerms)));
}
$permsClause = DB::placeholders($perms);
/** @skipUpgrade */
$groups = Group::get()->innerJoin("Permission", '"Permission"."GroupID" = "Group"."ID"')->where(array("\"Permission\".\"Code\" IN ({$permsClause})" => $perms));
}
$groupIDList = array();
if ($groups instanceof SS_List) {
foreach ($groups as $group) {
$groupIDList[] = $group->ID;
}
} elseif (is_array($groups)) {
$groupIDList = $groups;
}
/** @skipUpgrade */
$members = Member::get()->innerJoin("Group_Members", '"Group_Members"."MemberID" = "Member"."ID"')->innerJoin("Group", '"Group"."ID" = "Group_Members"."GroupID"');
if ($groupIDList) {
$groupClause = DB::placeholders($groupIDList);
$members = $members->where(array("\"Group\".\"ID\" IN ({$groupClause})" => $groupIDList));
}
return $members->sort('"Member"."Surname", "Member"."FirstName"')->map();
}
/**
* Provide menu titles to the i18n entity provider
*/
public function provideI18nEntities()
{
$cmsClasses = self::get_cms_classes();
$entities = array();
foreach ($cmsClasses as $cmsClass) {
$defaultTitle = LeftAndMain::menu_title($cmsClass, false);
$ownerModule = i18n::get_owner_module($cmsClass);
$entities["{$cmsClass}.MENUTITLE"] = array($defaultTitle, 'Menu title', $ownerModule);
}
return $entities;
}
/**
* Gets a JSON schema representing the current edit form.
*
* WARNING: Experimental API.
*
* @param HTTPRequest $request
* @return HTTPResponse
*/
public function schema($request)
{
$formName = $request->param('FormName');
if ($formName !== 'fileHistoryForm') {
return parent::schema($request);
}
// Get schema for history form
// @todo Eventually all form scaffolding will be based on context rather than record ID
// See https://github.com/silverstripe/silverstripe-framework/issues/6362
$itemID = $request->param('ItemID');
$version = $request->param('OtherItemID');
$form = $this->getFileHistoryForm(['RecordID' => $itemID, 'RecordVersion' => $version]);
// Respond with this schema
$response = $this->getResponse();
$response->addHeader('Content-Type', 'application/json');
$schemaID = $this->getRequest()->getURL();
return $this->getSchemaResponse($schemaID, $form);
}
