/** * Get the default admin record if it exists, or creates it otherwise if enabled * * @return Member */ public static function default_admin() { // Check if set if (!Security::has_default_admin()) { return null; } // Find or create ADMIN group Group::singleton()->requireDefaultRecords(); $adminGroup = Permission::get_groups_by_permission('ADMIN')->first(); // Find member $admin = Member::get()->filter('Email', Security::default_admin_username())->first(); if (!$admin) { // 'Password' is not set to avoid creating // persistent logins in the database. See Security::setDefaultAdmin(). // Set 'Email' to identify this as the default admin $admin = Member::create(); $admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin'); $admin->Email = Security::default_admin_username(); $admin->write(); } // Ensure this user is in the admin group if (!$admin->inGroup($adminGroup)) { // Add member to group instead of adding group to member // This bypasses the privilege escallation code in Member_GroupSet $adminGroup->DirectMembers()->add($admin); } return $admin; }
/** * Return an existing member with administrator privileges, or create one of necessary. * * Will create a default 'Administrators' group if no group is found * with an ADMIN permission. Will create a new 'Admin' member with administrative permissions * if no existing Member with these permissions is found. * * Important: Any newly created administrator accounts will NOT have valid * login credentials (Email/Password properties), which means they can't be used for login * purposes outside of any default credentials set through {@link Security::setDefaultAdmin()}. * * @return Member */ public static function findAnAdministrator() { // coupling to subsites module $origSubsite = null; if (is_callable('Subsite::changeSubsite')) { $origSubsite = \Subsite::currentSubsiteID(); \Subsite::changeSubsite(0); } $member = null; // find a group with ADMIN permission $adminGroup = Permission::get_groups_by_permission('ADMIN')->first(); if (is_callable('Subsite::changeSubsite')) { \Subsite::changeSubsite($origSubsite); } if ($adminGroup) { $member = $adminGroup->Members()->First(); } if (!$adminGroup) { Group::singleton()->requireDefaultRecords(); $adminGroup = Permission::get_groups_by_permission('ADMIN')->first(); } if (!$member) { Member::singleton()->requireDefaultRecords(); $member = Permission::get_members_by_permission('ADMIN')->first(); } if (!$member) { $member = Member::default_admin(); } if (!$member) { // Failover to a blank admin $member = Member::create(); $member->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin'); $member->write(); // Add member to group instead of adding group to member // This bypasses the privilege escallation code in Member_GroupSet $adminGroup->DirectMembers()->add($member); } return $member; }
public function Breadcrumbs($unlinked = false) { $crumbs = parent::Breadcrumbs($unlinked); // Name root breadcrumb based on which record is edited, // which can only be determined by looking for the fieldname of the GridField. // Note: Titles should be same titles as tabs in RootForm(). $params = $this->getRequest()->allParams(); if (isset($params['FieldName'])) { // TODO FieldName param gets overwritten by nested GridFields, // so shows "Members" rather than "Groups" for the following URL: // admin/security/EditForm/field/Groups/item/2/ItemEditForm/field/Members/item/1/edit $firstCrumb = $crumbs->shift(); if ($params['FieldName'] == 'Groups') { $crumbs->unshift(new ArrayData(array('Title' => Group::singleton()->i18n_plural_name(), 'Link' => $this->Link('groups')))); } elseif ($params['FieldName'] == 'Users') { $crumbs->unshift(new ArrayData(array('Title' => _t('SecurityAdmin.Users', 'Users'), 'Link' => $this->Link('users')))); } elseif ($params['FieldName'] == 'Roles') { $crumbs->unshift(new ArrayData(array('Title' => _t('SecurityAdmin.TABROLES', 'Roles'), 'Link' => $this->Link('roles')))); } $crumbs->unshift($firstCrumb); } return $crumbs; }