public function canView($member = null) { $parent = $this->Parent(); if ($parent && $parent->ID) { return $parent->canView($member); } return parent::canView($member); }
public function canView($member = null) { $this->beforeExtending(__FUNCTION__, function ($member = null) { if ($this->Parent && $this->Parent->canView($member)) { return true; } }); return parent::canView($member); }
/** * Standard SS method * @param Member $member * @return Boolean */ public function canView($member = null) { if (Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) { return true; } if (!$this->InternalUseOnly) { if ($this->Order()) { if ($this->Order()->MemberID == $member->ID) { return true; } } } return parent::canView($member); }
/** * Builds an item edit form. The arguments to getCMSFields() are the popupController and * popupFormName, however this is an experimental API and may change. * * @todo In the future, we will probably need to come up with a tigher object representing a partially * complete controller with gaps for extra functionality. This, for example, would be a better way * of letting Security/login put its log-in form inside a UI specified elsewhere. * * @return Form */ public function ItemEditForm() { $list = $this->gridField->getList(); if (empty($this->record)) { $controller = $this->getToplevelController(); $noActionURL = $controller->removeAction($_REQUEST['url']); $controller->getResponse()->removeHeader('Location'); //clear the existing redirect return $controller->redirect($noActionURL, 302); } $canView = $this->record->canView(); $canEdit = $this->record->canEdit(); $canDelete = $this->record->canDelete(); $canCreate = $this->record->canCreate(); if (!$canView) { $controller = $this->getToplevelController(); // TODO More friendly error return $controller->httpError(403); } $actions = new FieldList(); if ($this->record->ID !== 0) { if ($canEdit) { $actions->push(FormAction::create('doSave', _t('GridFieldDetailForm.Save', 'Save'))->setUseButtonTag(true)->addExtraClass('ss-ui-action-constructive')->setAttribute('data-icon', 'accept')); } if ($canDelete) { $actions->push(FormAction::create('doDelete', _t('GridFieldDetailForm.Delete', 'Delete'))->setUseButtonTag(true)->addExtraClass('ss-ui-action-destructive action-delete')); } } else { // adding new record //Change the Save label to 'Create' $actions->push(FormAction::create('doSave', _t('GridFieldDetailForm.Create', 'Create'))->setUseButtonTag(true)->addExtraClass('ss-ui-action-constructive')->setAttribute('data-icon', 'add')); // Add a Cancel link which is a button-like link and link back to one level up. $curmbs = $this->Breadcrumbs(); if ($curmbs && $curmbs->count() >= 2) { $one_level_up = $curmbs->offsetGet($curmbs->count() - 2); $text = sprintf("<a class=\"%s\" href=\"%s\">%s</a>", "crumb ss-ui-button ss-ui-action-destructive cms-panel-link ui-corner-all", $one_level_up->Link, _t('GridFieldDetailForm.CancelBtn', 'Cancel')); $actions->push(new LiteralField('cancelbutton', $text)); } } $fields = $this->component->getFields(); if (!$fields) { $fields = $this->record->getCMSFields(); } // If we are creating a new record in a has-many list, then // pre-populate the record's foreign key. Also disable the form field as // it has no effect. if ($list instanceof HasManyList) { $key = $list->getForeignKey(); $id = $list->getForeignID(); if (!$this->record->isInDB()) { $this->record->{$key} = $id; } if ($field = $fields->dataFieldByName($key)) { $fields->makeFieldReadonly($field); } } // Caution: API violation. Form expects a Controller, but we are giving it a RequestHandler instead. // Thanks to this however, we are able to nest GridFields, and also access the initial Controller by // dereferencing GridFieldDetailForm_ItemRequest->getController() multiple times. See getToplevelController // below. $form = new Form($this, 'ItemEditForm', $fields, $actions, $this->component->getValidator()); $form->loadDataFrom($this->record, $this->record->ID == 0 ? Form::MERGE_IGNORE_FALSEISH : Form::MERGE_DEFAULT); if ($this->record->ID && !$canEdit) { // Restrict editing of existing records $form->makeReadonly(); // Hack to re-enable delete button if user can delete if ($canDelete) { $form->Actions()->fieldByName('action_doDelete')->setReadonly(false); } } elseif (!$this->record->ID && !$canCreate) { // Restrict creation of new records $form->makeReadonly(); } // Load many_many extraData for record. // Fields with the correct 'ManyMany' namespace need to be added manually through getCMSFields(). if ($list instanceof ManyManyList) { $extraData = $list->getExtraData('', $this->record->ID); $form->loadDataFrom(array('ManyMany' => $extraData)); } // TODO Coupling with CMS $toplevelController = $this->getToplevelController(); if ($toplevelController && $toplevelController instanceof LeftAndMain) { // Always show with base template (full width, no other panels), // regardless of overloaded CMS controller templates. // TODO Allow customization, e.g. to display an edit form alongside a search form from the CMS controller $form->setTemplate('LeftAndMain_EditForm'); $form->addExtraClass('cms-content cms-edit-form center'); $form->setAttribute('data-pjax-fragment', 'CurrentForm Content'); if ($form->Fields()->hasTabset()) { $form->Fields()->findOrMakeTab('Root')->setTemplate('CMSTabSet'); $form->addExtraClass('cms-tabset'); } $form->Backlink = $this->getBackLink(); } $cb = $this->component->getItemEditFormCallback(); if ($cb) { $cb($form, $this); } $this->extend("updateItemEditForm", $form); return $form; }
public function view($request) { if (!$this->record->canView()) { $this->httpError(403); } $controller = $this->getToplevelController(); $form = $this->ItemEditForm($this->gridField, $request); $form->makeReadonly(); $data = new ArrayData(array('Backlink' => $controller->Link(), 'ItemEditForm' => $form)); $return = $data->renderWith($this->template); if ($request->isAjax()) { return $return; } else { return $controller->customise(array('Content' => $return)); } }
/** * Is this product viewable in the frontend? * * @param Member $member the current member * * @return bool * * @author Roland Lehmann <*****@*****.**>, Sebastian Diel <*****@*****.**> * @since 20.02.2013 */ public function canView($member = null) { $canView = parent::canView($member); if (!$canView && $this->isActive) { $canView = true; } if (!SilvercartTools::isBackendEnvironment()) { if (!$this->isActive) { $canView = false; } } return $canView; }
public function canView($member = null) { $method = __FUNCTION__; $this->beforeExtending(__FUNCTION__, function ($member) use($method) { if (!$this->checkIfHasGlobalMenuPermission($member)) { return false; } if (singleton('SiteTree')->{$method}($member)) { return true; } }); return parent::canView($member); }
/** * Return true or false as to whether a given user can access an object * * @param DataObject $node * The object to check perms on * @param string $perm * The permission to check against * @param Member $member * The member to check - if not set, the current user is used * * @return type */ public function checkPerm(DataObject $node, $perm, $member = null) { // if the node doesn't use the extension, fall back to SS logic if (!$node->hasExtension('Restrictable')) { switch ($perm) { case 'View': return $node->canView($member); case 'Write': return $node->canEdit($member); default: return $node->can($perm, $member); } } if (!$node) { return false; } if (!$member) { $member = singleton('SecurityContext')->getMember(); } if (is_int($member)) { $member = DataObject::get_by_id('Member', $member); } if (Permission::check('ADMIN', 'any', $member)) { return true; } $permCache = $this->getCache(); /* @var $permCache Zend_Cache_Core */ $key = $this->permCacheKey($node, $perm); $userGrants = null; if ($key) { $userGrants = $permCache->load($key); if (count($userGrants)) { $userGrants = $this->sanitiseCacheData($userGrants); } } if ($member && $userGrants && isset($userGrants[$perm][$member->ID])) { return $userGrants[$perm][$member->ID]; } // okay, we need to build up all the info we have about the node for permissions $s = $this->realiseAllSources($node); if (!$userGrants) { $userGrants = array(); } if (!isset($userGrants[$perm])) { $userGrants[$perm] = array(); } $result = null; // if no member, just check public view $public = $this->checkPublicPerms($node, $perm); if ($public) { $result = true; } // can return immediately if (!$member) { return $result; } if (is_null($result)) { // see whether we're the owner, and if the perm we're checking is in that list if ($this->checkOwnerPerms($node, $perm, $member)) { $result = true; } } $accessAuthority = ''; $directGrant = null; $can = false; if (is_null($result)) { $filter = array('ItemID' => $node->ID, 'ItemType' => $node->class); $existing = DataList::create('AccessAuthority')->filter($filter); // get all access authorities for this object $gids = isset($this->groups[$member->ID]) ? $this->groups[$member->ID] : null; if (!$gids) { $groups = $member ? $member->Groups() : array(); $gids = array(); if ($groups && $groups->Count()) { $gids = $groups->map('ID', 'ID')->toArray(); } $this->groups[$member->ID] = $gids; } $can = false; $directGrant = 'NONE'; if ($existing && $existing->count()) { foreach ($existing as $access) { // check if this mentions the perm in question $perms = $access->Perms->getValues(); if ($perms) { if (!in_array($perm, $perms)) { continue; } } $grant = null; $authority = $access->getAuthority(); if ($authority instanceof Group) { if (isset($gids[$access->AuthorityID])) { $grant = $access->Grant; } } elseif ($authority instanceof Member) { if ($member->ID == $access->AuthorityID) { $grant = $access->Grant; } } else { // another mechanism that will require a lookup of members in a list // TODO cache this if ($authority instanceof ListOfMembers) { $listMembers = $authority->getAllMembers()->map('ID', 'Title'); if (isset($listMembers[$member->ID])) { $grant = $access->Grant; } } } if ($grant) { // if it's deny, we can just break away immediately, otherwise we need to evaluate all the // others in case there's another DENY in there somewhere if ($grant === 'DENY') { $directGrant = 'DENY'; // immediately break break; } else { // mark that it's been granted for now $directGrant = 'GRANT'; } } } } } // return immediately if we have something if ($directGrant === 'GRANT') { $result = true; } if ($directGrant === 'DENY') { $result = false; } // otherwise query our parents if (is_null($result) && $node->InheritPerms) { $permParents = $this->getEffectiveParents($node); if (count($permParents) || $permParents instanceof IteratorAggregate) { foreach ($permParents as $permParent) { if ($permParent && $this->checkPerm($permParent, $perm, $member)) { $result = true; } } } } if (is_null($result)) { $result = false; } $userGrants[$perm][$member->ID] = $result; if ($key) { $permCache->save($userGrants, $key); } return $result; }
public function canView($member = null) { $this->beforeExtending(__METHOD__, function ($member) { if (!$this->checkIfHasGlobalMenuPermission($member)) { return false; } }); return parent::canView($member); }
public function canView($member = null) { $first = $this->Pages()->first(); return $first ? $first->canView() : parent::canView($member); }
public function canView($member = null) { $can = parent::canView($member); return $can ? $can : Permission::check('CMS_ACCESS_FrontendAdmin'); }
/** * Builds an item edit form. The arguments to getCMSFields() are the popupController and * popupFormName, however this is an experimental API and may change. * * @todo In the future, we will probably need to come up with a tigher object representing a partially * complete controller with gaps for extra functionality. This, for example, would be a better way * of letting Security/login put its log-in form inside a UI specified elsewhere. * * @return Form */ public function ItemEditForm() { $list = $this->gridField->getList(); if (empty($this->record)) { $controller = $this->getToplevelController(); $url = $controller->getRequest()->getURL(); $noActionURL = $controller->removeAction($url); $controller->getResponse()->removeHeader('Location'); //clear the existing redirect return $controller->redirect($noActionURL, 302); } $canView = $this->record->canView(); $canEdit = $this->record->canEdit(); $canDelete = $this->record->canDelete(); $canCreate = $this->record->canCreate(); if (!$canView) { $controller = $this->getToplevelController(); // TODO More friendly error return $controller->httpError(403); } // Build actions $actions = $this->getFormActions(); // If we are creating a new record in a has-many list, then // pre-populate the record's foreign key. if ($list instanceof HasManyList && !$this->record->isInDB()) { $key = $list->getForeignKey(); $id = $list->getForeignID(); $this->record->{$key} = $id; } $fields = $this->component->getFields(); if (!$fields) { $fields = $this->record->getCMSFields(); } // If we are creating a new record in a has-many list, then // Disable the form field as it has no effect. if ($list instanceof HasManyList) { $key = $list->getForeignKey(); if ($field = $fields->dataFieldByName($key)) { $fields->makeFieldReadonly($field); } } // Caution: API violation. Form expects a Controller, but we are giving it a RequestHandler instead. // Thanks to this however, we are able to nest GridFields, and also access the initial Controller by // dereferencing GridFieldDetailForm_ItemRequest->getController() multiple times. See getToplevelController // below. $form = new Form($this, 'ItemEditForm', $fields, $actions, $this->component->getValidator()); $form->loadDataFrom($this->record, $this->record->ID == 0 ? Form::MERGE_IGNORE_FALSEISH : Form::MERGE_DEFAULT); if ($this->record->ID && !$canEdit) { // Restrict editing of existing records $form->makeReadonly(); // Hack to re-enable delete button if user can delete if ($canDelete) { $form->Actions()->fieldByName('action_doDelete')->setReadonly(false); } } elseif (!$this->record->ID && !$canCreate) { // Restrict creation of new records $form->makeReadonly(); } // Load many_many extraData for record. // Fields with the correct 'ManyMany' namespace need to be added manually through getCMSFields(). if ($list instanceof ManyManyList) { $extraData = $list->getExtraData('', $this->record->ID); $form->loadDataFrom(array('ManyMany' => $extraData)); } // TODO Coupling with CMS $toplevelController = $this->getToplevelController(); if ($toplevelController && $toplevelController instanceof LeftAndMain) { // Always show with base template (full width, no other panels), // regardless of overloaded CMS controller templates. // TODO Allow customization, e.g. to display an edit form alongside a search form from the CMS controller $form->setTemplate('LeftAndMain_EditForm'); $form->addExtraClass('cms-content cms-edit-form center'); $form->setAttribute('data-pjax-fragment', 'CurrentForm Content'); if ($form->Fields()->hasTabset()) { $form->Fields()->findOrMakeTab('Root')->setTemplate('CMSTabSet'); $form->addExtraClass('cms-tabset'); } $form->Backlink = $this->getBackLink(); } $cb = $this->component->getItemEditFormCallback(); if ($cb) { $cb($form, $this); } $this->extend("updateItemEditForm", $form); return $form; }