/**
* Relax the access permissions, so anyone who has access to any CMS subsite can access this controller.
*/
public function canView($member = null)
{
if (parent::canView()) {
return true;
}
if (Subsite::all_accessible_sites()->count() > 0) {
return true;
}
return false;
}
/**
* Does the parent permission checks, but also
* makes sure that instantiatable subclasses of
* {@link Report} exist. By default, the CMS doesn't
* include any Reports, so there's no point in showing
*
* @param Member $member
* @return boolean
*/
function canView($member = null) {
if(!$member && $member !== FALSE) $member = Member::currentUser();
if(!parent::canView($member)) return false;
$hasViewableSubclasses = false;
foreach($this->Reports() as $report) {
if($report->canView($member)) return true;
}
return false;
}
function canView()
{
if (self::$trusted_envs && !in_array(Director::get_environment_type(), self::$trusted_envs)) {
return false;
}
if (self::$trusted_ips && !in_array($_SERVER['REMOTE_ADDR'], self::$trusted_ips)) {
return false;
}
if (!self::$activated) {
return false;
}
return parent::canView();
}
/**
* Does the parent permission checks, but also
* makes sure that instantiatable subclasses of
* {@link Report} exist. By default, the CMS doesn't
* include any Reports, so there's no point in showing
*
* @param Member $member
* @return boolean
*/
public function canView($member = null)
{
if (!$member && $member !== FALSE) {
$member = Member::currentUser();
}
if (!parent::canView($member)) {
return false;
}
if ($this->reportObject) {
return $this->reportObject->canView($member);
}
foreach ($this->Reports() as $report) {
if ($report->canView($member)) {
return true;
}
}
return false;
}
/**
* Does the parent permission checks, but also
* makes sure that instantiatable subclasses of
* {@link Report} exist. By default, the CMS doesn't
* include any Reports, so there's no point in showing
*
* @param Member $member
* @return boolean
*/
function canView($member = null) {
if(!$member && $member !== FALSE) {
$member = Member::currentUser();
}
if(!parent::canView($member)) return false;
$hasViewableSubclasses = false;
$subClasses = array_values(ClassInfo::subclassesFor('SSReport'));
foreach($subClasses as $subclass) {
// Remove abstract classes and LeftAndMain
$classReflection = new ReflectionClass($subclass);
if($classReflection->isInstantiable() && $subclass != 'SSReport') {
if(singleton($subclass)->canView()) $hasViewableSubclasses = true;
}
}
return $hasViewableSubclasses;
}
function testAlternateAccessCheck()
{
$admin = $this->objFromFixture("Member", "admin");
$this->loginAs($admin);
$ids = array();
$subsite1 = $this->objFromFixture('Subsite', 'domaintest1');
$subsite2 = $this->objFromFixture('Subsite', 'domaintest2');
$subsite3 = $this->objFromFixture('Subsite', 'domaintest3');
$ids[] = $subsite1->ID;
$ids[] = $subsite2->ID;
$ids[] = $subsite3->ID;
$ids[] = 0;
foreach ($ids as $id) {
Subsite::changeSubsite($id);
//switch to main site (subsite ID zero)
$left = new LeftAndMain();
$this->assertTrue($left->canView(), "Admin user can view subsites LeftAndMain with id = '{$id}'");
$this->assertEquals($id, Subsite::currentSubsiteID(), "The current subsite has not been changed in the process of checking permissions for admin user.");
}
}
function testAccessChecksDontChangeCurrentSubsite()
{
$admin = $this->objFromFixture("Member", "admin");
$this->loginAs($admin);
$ids = array();
$subsite1 = $this->objFromFixture('Subsite', 'domaintest1');
$subsite2 = $this->objFromFixture('Subsite', 'domaintest2');
$subsite3 = $this->objFromFixture('Subsite', 'domaintest3');
$ids[] = $subsite1->ID;
$ids[] = $subsite2->ID;
$ids[] = $subsite3->ID;
$ids[] = 0;
// Enable session-based subsite tracking.
Subsite::$use_session_subsiteid = true;
foreach ($ids as $id) {
Subsite::changeSubsite($id);
$this->assertEquals($id, Subsite::currentSubsiteID());
$left = new LeftAndMain();
$this->assertTrue($left->canView(), "Admin user can view subsites LeftAndMain with id = '{$id}'");
$this->assertEquals($id, Subsite::currentSubsiteID(), "The current subsite has not been changed in the process of checking permissions for admin user.");
}
}
/**
* @param null $member
* @return bool|int
*/
public function canView($member = null)
{
if (!$member && $member !== false) {
$member = Member::currentUser();
}
$codes = array();
$extraCodes = $this->stat('required_permission_codes');
if ($extraCodes !== false) {
// allow explicit FALSE to disable subclass check
if ($extraCodes) {
$codes = array_merge($codes, (array) $extraCodes);
} else {
$codes[] = "CMS_ACCESS_{$this->class}";
}
}
foreach ($codes as $code) {
if (!Permission::checkMember($member, $code)) {
return false;
}
}
return parent::canView($member);
}
