public function testPermissionsForMember()
{
$member = $this->objFromFixture('Member', 'access');
$permissions = Permission::permissions_for_member($member->ID);
$this->assertEquals(4, count($permissions));
$this->assertTrue(in_array('CMS_ACCESS_MyAdmin', $permissions));
$this->assertTrue(in_array('CMS_ACCESS_AssetAdmin', $permissions));
$this->assertTrue(in_array('CMS_ACCESS_SecurityAdmin', $permissions));
$this->assertTrue(in_array('EDIT_PERMISSIONS', $permissions));
$group = $this->objFromFixture("Group", "access");
Permission::deny($group->ID, "CMS_ACCESS_MyAdmin");
$permissions = Permission::permissions_for_member($member->ID);
$this->assertEquals(3, count($permissions));
$this->assertFalse(in_array('CMS_ACCESS_MyAdmin', $permissions));
}
public function init()
{
if (!Controller::has_curr()) {
return;
}
/* @var $ctrl Controller */
$ctrl = Controller::curr();
/* @ var $req SS_HTTPRequest */
$req = $ctrl->getRequest();
// Otherwise it will get excluded if it does not have access to all subsites...
if (class_exists('Subsite')) {
Subsite::$disable_subsite_filter = true;
}
$base = AdminRootController::config()->url_base;
$defaultPanel = AdminRootController::config()->default_panel;
$currentSegment = $req->getURL();
// We will fail if we are redirected to a panel without the proper permission
if (($currentSegment == $base || $currentSegment == $base . '/pages') && $defaultPanel == 'CMSPagesController' && !Permission::check('CMS_ACCESS_CMSMain')) {
// Instead, let's redirect to something we can access
if (Permission::check('CMS_ACCESS')) {
$member = Member::currentUser();
$permissions = Permission::permissions_for_member($member->ID);
foreach ($permissions as $permission) {
if (strpos($permission, 'CMS_ACCESS_') === 0) {
$class = str_replace('CMS_ACCESS_', '', $permission);
$segment = Config::inst()->get($class, 'url_segment');
$url = Director::absoluteBaseURL() . $base . '/' . $segment;
header('Location:' . $url);
exit;
}
}
}
}
if (class_exists('Subsite')) {
Subsite::$disable_subsite_filter = false;
}
}
/**
* Builds a comma separated list of human-readbale permissions for a given Member.
*
* @return string
*/
public function getPermissionsDescription()
{
if (class_exists('Subsite')) {
Subsite::disable_subsite_filter(true);
}
$permissionsUsr = Permission::permissions_for_member($this->owner->ID);
$permissionsSrc = Permission::get_codes(true);
sort($permissionsUsr);
$permissionNames = array();
foreach ($permissionsUsr as $code) {
$code = strtoupper($code);
foreach ($permissionsSrc as $k => $v) {
if (isset($v[$code])) {
$name = empty($v[$code]['name']) ? _t('MemberReportExtension.UNKNOWN', 'Unknown') : $v[$code]['name'];
$permissionNames[] = $name;
}
}
}
$result = $permissionNames ? implode(', ', $permissionNames) : _t('MemberReportExtension.NOPERMISSIONS', 'No Permissions');
if (class_exists('Subsite')) {
Subsite::disable_subsite_filter(false);
}
return $result;
}
