public function init() { parent::init(); if (!Director::is_cli() && !Permission::check("ADMIN") && $_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { return Security::permissionFailure(); } }
public function init() { parent::init(); if (!Director::is_cli() && !Permission::check('ADMIN')) { return Security::permissionFailure(); } }
function testModelAdminOpens() { $this->autoFollowRedirection = false; $this->logInAs('admin'); $this->assertTrue((bool) Permission::check("ADMIN")); $this->assertEquals(200, $this->get('ModelAdminTest_Admin')->getStatusCode()); }
public function updateCMSFields(FieldSet $fields) { $service = singleton('WorkflowService'); if ($effective = $service->getDefinitionFor($this->owner)) { $effectiveTitle = $effective->Title; } else { $effectiveTitle = _t('WorkflowApplicable.NONE', '(none)'); } $allDefinitions = array(_t('WorkflowApplicable.INHERIT', 'Inherit from parent')); if ($definitions = $service->getDefinitions()) { $allDefinitions += $definitions->map(); } $tab = $fields->fieldByName('Root') ? 'Root.Workflow' : 'BottomRoot.Workflow'; $applyWorkflowField = null; $fields->addFieldToTab($tab, new HeaderField('AppliedWorkflowHeader', _t('WorkflowApplicable.APPLIEDWORKFLOW', 'Applied Workflow'))); if (Permission::check('APPLY_WORKFLOW')) { $fields->addFieldToTab($tab, new DropdownField('WorkflowDefinitionID', _t('WorkflowApplicable.DEFINITION', 'Applied Workflow'), $allDefinitions)); } $fields->addFieldToTab($tab, new ReadonlyField('EffectiveWorkflow', _t('WorkflowApplicable.EFFECTIVE_WORKFLOW', 'Effective Workflow'), $effectiveTitle)); $fields->addFieldToTab($tab, new HeaderField('WorkflowLogHeader', _t('WorkflowApplicable.WORKFLOWLOG', 'Workflow Log'))); $fields->addFieldToTab($tab, $logTable = new ComplexTableField($this->owner, 'WorkflowLog', 'WorkflowInstance', null, 'getActionsSummaryFields', sprintf('"TargetClass" = \'%s\' AND "TargetID" = %d', $this->owner->class, $this->owner->ID))); $logTable->setRelationAutoSetting(false); $logTable->setPermissions(array('show')); $logTable->setPopupSize(760, 420); }
/** * Checks to see if the member can view or not * @param {int|Member} $member Member ID or instance to check * @return {bool} Returns boolean true if the member can view false otherwise */ public function canView($member = null) { if (Permission::check('CODE_BANK_ACCESS', 'any', $member)) { return true; } return false; }
public function onBeforeInit() { $host = GlobalNavSiteTreeExtension::get_toolbar_hostname(); if ((isset($_REQUEST['regenerate_nav']) || isset($_REQUEST['flush'])) && $host == Director::protocolAndHost() && (Permission::check('ADMIN') || Director::isDev())) { GlobalNavSiteTreeExtension::create_static_navs(); } }
function init() { parent::init(); // Special case for dev/build: Defer permission checks to DatabaseAdmin->init() (see #4957) $requestedDevBuild = stripos($this->request->getURL(), 'dev/build') === 0; // We allow access to this controller regardless of live-status or ADMIN permission only // if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN. $canAccess = $requestedDevBuild || Director::isDev() || Director::is_cli() || Permission::check("ADMIN"); if (!$canAccess) { return Security::permissionFailure($this); } // check for valid url mapping // lacking this information can cause really nasty bugs, // e.g. when running Director::test() from a FunctionalTest instance global $_FILE_TO_URL_MAPPING; if (Director::is_cli()) { if (isset($_FILE_TO_URL_MAPPING)) { $fullPath = $testPath = BASE_PATH; while ($testPath && $testPath != "/" && !preg_match('/^[A-Z]:\\\\$/', $testPath)) { $matched = false; if (isset($_FILE_TO_URL_MAPPING[$testPath])) { $matched = true; break; } $testPath = dirname($testPath); } if (!$matched) { echo 'Warning: You probably want to define ' . 'an entry in $_FILE_TO_URL_MAPPING that covers "' . Director::baseFolder() . '"' . "\n"; } } else { echo 'Warning: You probably want to define $_FILE_TO_URL_MAPPING in ' . 'your _ss_environment.php as instructed on the "sake" page of the doc.silverstripe.org wiki' . "\n"; } } }
/** * CMS Fields * @return FieldList */ public function updateCMSFields(FieldList $fields) { if (!Permission::check("VIEW_SECTIONS")) { return $fields; } $SectionGrid = GridFieldConfig_RelationEditor::create()->removeComponentsByType('GridFieldAddNewButton')->addComponent(new GridFieldAddNewMultiClass())->addComponent(new GridFieldOrderableRows()); $SectionGrid->getComponentByType('GridFieldAddExistingAutocompleter')->setSearchFields(array('AdminTitle', 'MenuTitle'))->setResultsFormat('$AdminTitle - $Type'); $AvailableTypes = $this->AvailableSectionTypes(); foreach ($AvailableTypes as $key => $value) { if ($value['selectable_option'] && !$value['limit_reached']) { $AvailableTypes[$key] = $value['type']; } } $SectionGrid->getComponentByType('GridFieldAddNewMultiClass')->setClasses($AvailableTypes); // Limit total sections $LimitSectionTotal = Config::inst()->get($this->owner->ClassName, 'LimitSectionTotal'); if (isset($LimitSectionTotal) && $this->owner->Sections()->Count() >= $LimitSectionTotal) { // remove the buttons if we don't want to allow more records to be added/created $SectionGrid->removeComponentsByType('GridFieldAddNewButton'); $SectionGrid->removeComponentsByType('GridFieldAddExistingAutocompleter'); $SectionGrid->removeComponentsByType('GridFieldAddNewMultiClass'); } if (!Permission::check("LINK_SECTIONS")) { $SectionGrid->removeComponentsByType('GridFieldAddExistingAutocompleter'); } if (!Permission::check("REORDER_SECTIONS")) { $SectionGrid->removeComponentsByType('GridFieldOrderableRows'); } if (!Permission::check("UNLINK_SECTIONS")) { $SectionGrid->removeComponentsByType('GridFieldDeleteAction'); } $fields->addFieldToTab('Root.Section', GridField::create('Sections', 'Current Section(s)', $this->owner->Sections(), $SectionGrid)); $fields->addFieldToTab('Root.Preview', UploadField::create('PreviewImage', 'Preview image')->setFolderName('Preview')); return $fields; }
/** * Loads the requirements, checks perms, etc. If an ID is in the URL, that becomes the * current folder. */ public function init() { parent::init(); if (!Permission::check("ADMIN") && !Permission::check("CMS_ACCESS_BrowseFiles")) { return Security::permissionFailure($this, _t('KickAssets.PERMISSIONFAIL', 'You do not have permission to access this section of the CMS.')); } Requirements::clear(); Requirements::css('kickassets/css/core.css'); Requirements::css('kickassets/css/kickassets.css'); Requirements::javascript('kickassets/javascript/jquery.js'); Requirements::javascript(THIRDPARTY_DIR . '/jquery-livequery/jquery.livequery.js'); Requirements::javascript('kickassets/javascript/apprise/apprise-1.5.full.js'); Requirements::javascript('kickassets/javascript/jquery.tooltip.js'); Requirements::css('kickassets/javascript/apprise/apprise.css'); Requirements::javascript('kickassets/javascript/kickassets_ui.js'); Requirements::javascript('kickassets/javascript/chosen/chosen.jquery.js'); Requirements::css('kickassets/javascript/chosen/chosen.css'); Requirements::javascript('kickassets/javascript/jquery.form.js'); Requirements::javascript('kickassets/javascript/kickassets.js'); Requirements::css('kickassets/css/kickassets_ui.css'); if ($this->getRequest()->param('ID')) { $this->currentFolder = DataObject::get_by_id("Folder", (int) $this->getRequest()->param('ID')); $this->currentPath = KickAssetUtil::relative_asset_dir($this->currentFolder->Filename); } else { $this->currentFolder = singleton('Folder'); $this->currentPath = false; } }
/** * @return bool */ protected function authorize() { if (!Permission::check('ADMIN_SUMMIT_APP_FRONTEND_ADMIN')) { return false; } return $this->checkOwnAjaxRequest(); }
/** * Initialises the controller and ensures that only * ADMIN level users can access this controller */ public function init() { parent::init(); if (!Permission::check('ADMIN')) { return $this->httpError(403); } }
public function init() { parent::init(); if (!Permission::check('CMS_ACCESS')) { Security::permissionFailure(); } }
public function index(SS_HTTPRequest $request) { if (!Director::isDev() && !Permission::check('CMS_ACCESS_CMSMain')) { return Security::permissionFailure($this); } if ($request->latestParam('ID')) { $templates = $this->templateArray(); if (isset($templates[$request->latestParam('ID')])) { $next = false; $previous = false; $useNext = false; foreach ($templates as $k => $v) { if ($useNext) { $next = new ArrayData(array('Name' => $v['Name'], 'Link' => 'patterns/index/' . $k)); break; } if ($k == $request->latestParam('ID')) { // mat $useNext = true; } else { $previous = new ArrayData(array('Name' => $v['Name'], 'Link' => 'patterns/index/' . $k)); } } return $this->customise(new ArrayData(array('ClassName' => 'Pattern', 'IsPatternLab' => true, 'PreviousPattern' => $previous, 'NextPattern' => $next, 'PatternName' => $templates[$request->latestParam('ID')]['Name'], 'Patterns' => $this->renderWith(array($templates[$request->latestParam('ID')]['Template'])))))->renderWith($templates[$request->latestParam('ID')]['Template']); } } return $this->renderWith(array(__CLASS__, 'Page')); }
/** * @param Member $member * @return boolean */ public function canCreate($member = null) { if (!$member) { $member = Member::currentUser(); } return false || Permission::check('ADMIN', 'any', $member) || Permission::check('CMS_ACCESS_AdvancedReportsAdmin', 'any', $member); }
public function init() { if (!Permission::check("ADMIN")) { Security::permissionFailure(); } parent::init(); }
function canDeleteFromLive($members = null) { if (Permission::check('ADMIN')) { return true; } return false; }
/** * SSCompactNavigator first checks if you are allowed to see the navigation bar, and if so, then checks * if third party templates have been specified. If so, it loads them, and provides them with the required * variables. If not, it loads the defaults instead. */ public function SSCompactNavigator() { if (Director::isDev() || Permission::check('CMS_ACCESS_CMSMain')) { $RenderTemplate = isset(CompactNavigator::$Template) ? CompactNavigator::$Template : $this->class; if (isset(CompactNavigator::$CssTheme)) { Requirements::css(CompactNavigator::$CssTheme); } else { Requirements::css('compactnavigator/css/CompactNavigator.css'); } if (isset(CompactNavigator::$JsTheme)) { Requirements::javascript(CompactNavigator::$JsTheme); } else { Requirements::javascript('compactnavigator/scripts/CompactNavigator.js'); } if (class_exists("CMSMain")) { $this->owner->cmsLink = Controller::join_links(singleton("CMSMain")->Link("edit"), "show"); } $this->owner->adminLink = self::$adminLink; if ($date = Versioned::current_archived_date()) { $this->owner->DisplayMode = 'Archived'; $this->owner->ArDate = Object::create('Datetime', $date, null); } else { $this->owner->DisplayMode = Versioned::current_stage(); } return $this->owner->renderWith(array($RenderTemplate, 'CompactNavigatior')); } }
/** */ public function getCMSFields() { $fields = new FieldSet(new TabSet('Root')); $cmsUsers = Member::mapInCMSGroups()->getItems(); if ($cmsUsers && $cmsUsers->count()) { $cmsUsers = $cmsUsers->map(); } else { $cmsUsers = array(); } $fields->addFieldToTab('Root.Main', new TextField('Title', _t('WorkflowDefinition.TITLE', 'Title'))); $fields->addFieldToTab('Root.Main', new TextareaField('Description', _t('WorkflowDefinition.DESCRIPTION', 'Description'))); $fields->addFieldToTab('Root.Main', new CheckboxSetField('Users', _t('WorkflowDefinition.USERS', 'Users'), $cmsUsers)); $fields->addFieldToTab('Root.Main', new TreeMultiselectField('Groups', _t('WorkflowDefinition.GROUPS', 'Groups'), 'Group')); if (class_exists('AbstractQueuedJob')) { $before = _t('WorkflowDefinition.SENDREMINDERDAYSBEFORE', 'Send reminder email after '); $after = _t('WorkflowDefinition.SENDREMINDERDAYSAFTER', ' days without action.'); $fields->addFieldToTab('Root.Main', new FieldGroup(_t('WorkflowDefinition.REMINDEREMAIL', 'Reminder Email'), new LabelField('ReminderEmailBefore', $before), new NumericField('RemindDays', ''), new LabelField('ReminderEmailAfter', $after))); } if ($this->ID && Permission::check('VIEW_ACTIVE_WORKFLOWS')) { $fields->addFieldToTab('Root.ActiveInstances', $active = new ComplexTableField($this, 'Instances', 'WorkflowInstance', array('Title' => 'Title', 'Target.Title' => 'Target Title', 'WorkflowStatus' => 'Status', 'CurrentAction.Title' => 'Current Action', 'LastEdited' => 'Last Actioned'), 'getInstanceManagementFields', '"WorkflowStatus" IN (\'Active\', \'Paused\')', '"LastEdited" DESC')); if (Permission::check('REASSIGN_ACTIVE_WORKFLOWS')) { $active->setPermissions(array('show', 'edit')); } else { $active->setPermissions(array('show')); } $fields->addFieldToTab('Root.Completed', $complete = new ComplexTableField($this, 'CompletedInstances', 'WorkflowInstance', array('Title' => 'Title', 'Target.Title' => 'Target Title', 'WorkflowStatus' => 'Status', 'CurrentAction.Title' => 'Current Action', 'LastEdited' => 'Last Actioned'), 'getActionsSummaryFields', '"WorkflowStatus" IN (\'Complete\', \'Cancelled\')', '"LastEdited" DESC')); $complete->setPermissions(array('show')); } return $fields; }
public function updateCMSFields(\FieldList $fields) { if (!Permission::check('ADMIN')) { Requirements::css(HIDE_HISTORY_BASE . '/css/hide-history.css'); } parent::updateCMSFields($fields); }
public function getList() { if (Permission::check('ADMIN')) { return parent::getList(); } return parent::getList()->filter(array('Approved' => false)); }
/** * Provides a GUI for the insert/edit shortcode popup * @return Form **/ public function ShortcodeForm() { if (!Permission::check('CMS_ACCESS_CMSMain')) { return; } Config::inst()->update('SSViewer', 'theme_enabled', false); // create a list of shortcodable classes for the ShortcodeType dropdown $classList = ClassInfo::implementorsOf('Shortcodable'); $classes = array(); foreach ($classList as $class) { $classes[$class] = singleton($class)->singular_name(); } // load from the currently selected ShortcodeType or Shortcode data $classname = false; $shortcodeData = false; if ($shortcode = $this->request->requestVar('Shortcode')) { $shortcode = str_replace("", '', $shortcode); //remove BOM inside string on cursor position... $shortcodeData = singleton('ShortcodableParser')->the_shortcodes(array(), $shortcode); if (isset($shortcodeData[0])) { $shortcodeData = $shortcodeData[0]; $classname = $shortcodeData['name']; } } else { $classname = $this->request->requestVar('ShortcodeType'); } if ($shortcodeData) { $headingText = _t('Shortcodable.EDITSHORTCODE', 'Edit Shortcode'); } else { $headingText = _t('Shortcodable.INSERTSHORTCODE', 'Insert Shortcode'); } // essential fields $fields = FieldList::create(array(CompositeField::create(LiteralField::create('Heading', sprintf('<h3 class="htmleditorfield-shortcodeform-heading insert">%s</h3>', $headingText)))->addExtraClass('CompositeField composite cms-content-header nolabel'), LiteralField::create('shortcodablefields', '<div class="ss-shortcodable content">'), DropdownField::create('ShortcodeType', 'ShortcodeType', $classes, $classname)->setHasEmptyDefault(true)->addExtraClass('shortcode-type'))); // attribute and object id fields if ($classname) { if (class_exists($classname)) { $class = singleton($classname); if (is_subclass_of($class, 'DataObject')) { if (singleton($classname)->hasMethod('get_shortcodable_records')) { $dataObjectSource = $classname::get_shortcodable_records(); } else { $dataObjectSource = $classname::get()->map()->toArray(); } $fields->push(DropdownField::create('id', $class->singular_name(), $dataObjectSource)->setHasEmptyDefault(true)); } if ($attrFields = $classname::shortcode_attribute_fields()) { $fields->push(CompositeField::create($attrFields)->addExtraClass('attributes-composite')); } } } // actions $actions = FieldList::create(array(FormAction::create('insert', _t('Shortcodable.BUTTONINSERTSHORTCODE', 'Insert shortcode'))->addExtraClass('ss-ui-action-constructive')->setAttribute('data-icon', 'accept')->setUseButtonTag(true))); // form $form = Form::create($this, "ShortcodeForm", $fields, $actions)->loadDataFrom($this)->addExtraClass('htmleditorfield-form htmleditorfield-shortcodable cms-dialog-content'); if ($shortcodeData) { $form->loadDataFrom($shortcodeData['atts']); } $this->extend('updateShortcodeForm', $form); return $form; }
public function getCMSFields() { $conf = SiteConfig::current_site_config(); $themes = $conf->getAvailableThemes(); $theme = new DropdownField('Theme', _t('Multisites.THEME', 'Theme'), $themes); $theme->setEmptyString(_t('Multisites.DEFAULTTHEME', '(Default theme)')); $fields = new FieldList(new TabSet('Root', new Tab('Main', new HeaderField('SiteConfHeader', _t('Multisites.SITECONF', 'Site Configuration')), new TextField('Title', _t('Multisites.TITLE', 'Title')), new TextField('Tagline', _t('Multisites.TAGLINE', 'Tagline/Slogan')), $theme, new HeaderField('SiteURLHeader', _t('Multisites.SITEURL', 'Site URL')), new OptionsetField('Scheme', _t('Multisites.SCHEME', 'Scheme'), array('any' => _t('Multisites.ANY', 'Any'), 'http' => _t('Multisites.HTTP', 'HTTP'), 'https' => _t('Multisites.HTTPS', 'HTTPS (HTTP Secure)'))), new TextField('Host', _t('Multisites.HOST', 'Host')), new MultiValueTextField('HostAliases', _t('Multisites.HOSTALIASES', 'Host Aliases')), new CheckboxField('IsDefault', _t('Multisites.ISDEFAULT', 'Is this the default site?')), new HeaderField('SiteAdvancedHeader', _t('Multisites.SiteAdvancedHeader', 'Advanced Settings')), TextareaField::create('RobotsTxt', _t('Multisites.ROBOTSTXT', 'Robots.txt'))->setDescription(_t('Multisites.ROBOTSTXTUSAGE', '<p>Please consult <a href="http://www.robotstxt.org/robotstxt.html" target="_blank">http://www.robotstxt.org/robotstxt.html</a> for usage of the robots.txt file.</p>'))))); $devIDs = Config::inst()->get('Multisites', 'developer_identifiers'); if (is_array($devIDs)) { if (!ArrayLib::is_associative($devIDs)) { $devIDs = ArrayLib::valuekey($devIDs); } $fields->addFieldToTab('Root.Main', DropdownField::create('DevID', _t('Multisites.DeveloperIdentifier', 'Developer Identifier'), $devIDs)); } if (Multisites::inst()->assetsSubfolderPerSite()) { $fields->addFieldToTab('Root.Main', new TreeDropdownField('FolderID', _t('Multisites.ASSETSFOLDER', 'Assets Folder'), 'Folder'), 'SiteURLHeader'); } if (!Permission::check('SITE_EDIT_CONFIGURATION')) { foreach ($fields->dataFields() as $field) { $fields->makeFieldReadonly($field); } } $this->extend('updateSiteCMSFields', $fields); return $fields; }
public function init() { parent::init(); if (!Permission::check('ADMIN')) { return Security::permissionFailure($this); } }
function init() { parent::init(); if (!Permission::check('ADMIN')) { Security::permissionFailure(); } }
/** * Provides a API for the preview embed content * @return HTML **/ public function PreviewEmbedContent() { if (!Permission::check('CMS_ACCESS_CMSMain')) { return; } $params = $this->request->requestVars(); $html = self::get_embed_content($params); /*if((isset($params['EmbedWidth']) && trim($params['EmbedWidth']) != '') ||(isset($params['EmbedHeight']) && trim($params['EmbedHeight']) != '') || (isset($params['EmbedFloat']) && trim($params['EmbedFloat']) != '') || (isset($params['EmbedCSSClass']) && trim($params['EmbedCSSClass']) != '')){ $style = array(); if(isset($params['EmbedWidth']) && trim($params['EmbedWidth']) != ''){ $style[] = 'width:'.$params['EmbedWidth'].$params['EmbedWidthUnit']; } if(isset($params['EmbedHeight']) && trim($params['EmbedHeight']) != ''){ $style[] = 'height:'.$params['EmbedHeight'].$params['EmbedHeightUnit']; } if(isset($params['EmbedFloat']) && trim($params['EmbedFloat']) != ''){ $style[] = 'float:'.$params['EmbedFloat']; } if(count($style)){ $style = "style='".implode(';', $style)."'"; } else{ $style = ''; } $class = ''; if(isset($params['EmbedCSSClass']) && trim($params['EmbedCSSClass']) != ''){ $class = trim($params['EmbedCSSClass']); } $html = "<div class='embedcontent-block $class' $style>".$html."</div>"; }*/ return $html; }
function init() { parent::init(); if (!(Director::isDev() || Director::is_cli() || Permission::check("ADMIN"))) { return Security::permissionFailure($this); } }
function init() { if (!Director::is_cli() && !Director::isDev() && !Permission::check("ADMIN")) { Security::permissionFailure(); } parent::init(); }
/** * Return the title, description, keywords and language metatags. * * @todo Move <title> tag in separate getter for easier customization and more obvious usage * * @param boolean|string $includeTitle Show default <title>-tag, set to false for custom templating * @return string The XHTML metatags */ public function MetaTags($includeTitle = true) { $tags = ""; if ($includeTitle === true || $includeTitle == 'true') { $tags .= "<title>" . Convert::raw2xml($this->Title) . "</title>\n"; } $generator = trim(Config::inst()->get('SiteTree', 'meta_generator')); if (!empty($generator)) { $tags .= "<meta name=\"generator\" content=\"" . Convert::raw2att($generator) . "\" />\n"; } $charset = Config::inst()->get('ContentNegotiator', 'encoding'); $tags .= "<meta http-equiv=\"Content-type\" content=\"text/html; charset={$charset}\" />\n"; if ($this->MetaDescription) { $tags .= "<meta name=\"description\" content=\"" . Convert::raw2att($this->MetaDescription) . "\" />\n"; } if ($this->ExtraMeta) { $tags .= $this->ExtraMeta . "\n"; } if (Permission::check('CMS_ACCESS_CMSMain') && in_array('CMSPreviewable', class_implements($this)) && !$this instanceof ErrorPage) { $tags .= "<meta name=\"x-page-id\" content=\"{$this->ID}\" />\n"; $tags .= "<meta name=\"x-cms-edit-link\" content=\"" . $this->CMSEditLink() . "\" />\n"; } $this->extend('MetaTags', $tags); return $tags; }
function init() { if (!Permission::check('ADMIN')) { Requirements::css('iq-security/css/iq-security.css'); } Requirements::javascript('iq-security/javascript/iq-security.js'); }
/** * @return bool */ protected function authorize() { if (!Permission::check('ADMIN_SUMMIT_APP_FRONTEND_ADMIN')) { return false; } return true; }