/**
* @param array $properties
* @return string
*/
public function Field($properties = array())
{
$uninheritedCodes = array();
$inheritedCodes = array();
$records = $this->records ? $this->records : new ArrayList();
// Get existing values from the form record (assuming the formfield name is a join field on the record)
if (is_object($this->form)) {
$record = $this->form->getRecord();
if ($record && ($record instanceof Group || $record instanceof PermissionRole) && !$records->find('ID', $record->ID)) {
$records->push($record);
}
}
// Get all 'inherited' codes not directly assigned to the group (which is stored in $values)
foreach ($records as $record) {
// Get all uninherited permissions
$relationMethod = $this->name;
foreach ($record->{$relationMethod}() as $permission) {
if (!isset($uninheritedCodes[$permission->Code])) {
$uninheritedCodes[$permission->Code] = array();
}
$uninheritedCodes[$permission->Code][] = _t('PermissionCheckboxSetField.AssignedTo', 'assigned to "{title}"', array('title' => $record->dbObject('Title')->forTemplate()));
}
// Special case for Group records (not PermissionRole):
// Determine inherited assignments
if ($record instanceof Group) {
// Get all permissions from roles
if ($record->Roles()->count()) {
foreach ($record->Roles() as $role) {
/** @var PermissionRole $role */
foreach ($role->Codes() as $code) {
if (!isset($inheritedCodes[$code->Code])) {
$inheritedCodes[$code->Code] = array();
}
$inheritedCodes[$code->Code][] = _t('PermissionCheckboxSetField.FromRole', 'inherited from role "{title}"', 'A permission inherited from a certain permission role', array('title' => $role->dbObject('Title')->forTemplate()));
}
}
}
// Get from parent groups
$parentGroups = $record->getAncestors();
if ($parentGroups) {
foreach ($parentGroups as $parent) {
if (!$parent->Roles()->Count()) {
continue;
}
foreach ($parent->Roles() as $role) {
if ($role->Codes()) {
foreach ($role->Codes() as $code) {
if (!isset($inheritedCodes[$code->Code])) {
$inheritedCodes[$code->Code] = array();
}
$inheritedCodes[$code->Code][] = _t('PermissionCheckboxSetField.FromRoleOnGroup', 'inherited from role "%s" on group "%s"', 'A permission inherited from a role on a certain group', array('roletitle' => $role->dbObject('Title')->forTemplate(), 'grouptitle' => $parent->dbObject('Title')->forTemplate()));
}
}
}
if ($parent->Permissions()->Count()) {
foreach ($parent->Permissions() as $permission) {
if (!isset($inheritedCodes[$permission->Code])) {
$inheritedCodes[$permission->Code] = array();
}
$inheritedCodes[$permission->Code][] = _t('PermissionCheckboxSetField.FromGroup', 'inherited from group "{title}"', 'A permission inherited from a certain group', array('title' => $parent->dbObject('Title')->forTemplate()));
}
}
}
}
}
}
$odd = 0;
$options = '';
$globalHidden = (array) Config::inst()->get('SilverStripe\\Security\\Permission', 'hidden_permissions');
if ($this->source) {
$privilegedPermissions = Permission::config()->privileged_permissions;
// loop through all available categorized permissions and see if they're assigned for the given groups
foreach ($this->source as $categoryName => $permissions) {
$options .= "<li><h5>{$categoryName}</h5></li>";
foreach ($permissions as $code => $permission) {
if (in_array($code, $this->hiddenPermissions)) {
continue;
}
if (in_array($code, $globalHidden)) {
continue;
}
$value = $permission['name'];
$odd = ($odd + 1) % 2;
$extraClass = $odd ? 'odd' : 'even';
$extraClass .= ' val' . str_replace(' ', '', $code);
$itemID = $this->ID() . '_' . preg_replace('/[^a-zA-Z0-9]+/', '', $code);
$disabled = $inheritMessage = '';
$checked = isset($uninheritedCodes[$code]) || isset($inheritedCodes[$code]) ? ' checked="checked"' : '';
$title = $permission['help'] ? 'title="' . htmlentities($permission['help'], ENT_COMPAT, 'UTF-8') . '" ' : '';
if (isset($inheritedCodes[$code])) {
// disable inherited codes, as any saving logic would be too complicate to express in this
// interface
$disabled = ' disabled="true"';
$inheritMessage = ' (' . join(', ', $inheritedCodes[$code]) . ')';
} elseif ($this->records && $this->records->Count() > 1 && isset($uninheritedCodes[$code])) {
// If code assignments are collected from more than one "source group",
// show its origin automatically
$inheritMessage = ' (' . join(', ', $uninheritedCodes[$code]) . ')';
}
// Disallow modification of "privileged" permissions unless currently logged-in user is an admin
if (!Permission::check('ADMIN') && in_array($code, $privilegedPermissions)) {
$disabled = ' disabled="true"';
}
// If the field is readonly, always mark as "disabled"
if ($this->readonly) {
$disabled = ' disabled="true"';
}
$inheritMessage = '<small>' . $inheritMessage . '</small>';
$icon = $checked ? 'accept' : 'decline';
// If the field is readonly, add a span that will replace the disabled checkbox input
if ($this->readonly) {
$options .= "<li class=\"{$extraClass}\">" . "<input id=\"{$itemID}\"{$disabled} name=\"{$this->name}[{$code}]\" type=\"checkbox\"" . " value=\"{$code}\"{$checked} class=\"checkbox\" />" . "<label {$title}for=\"{$itemID}\">" . "<span class=\"ui-button-icon-primary ui-icon btn-icon-{$icon}\"></span>" . "{$value}{$inheritMessage}</label>" . "</li>\n";
} else {
$options .= "<li class=\"{$extraClass}\">" . "<input id=\"{$itemID}\"{$disabled} name=\"{$this->name}[{$code}]\" type=\"checkbox\"" . " value=\"{$code}\"{$checked} class=\"checkbox\" />" . "<label {$title}for=\"{$itemID}\">{$value}{$inheritMessage}</label>" . "</li>\n";
}
}
}
}
if ($this->readonly) {
return "<ul id=\"{$this->ID()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" . "<li class=\"help\">" . _t('Permissions.UserPermissionsIntro', 'Assigning groups to this user will adjust the permissions they have.' . ' See the groups section for details of permissions on individual groups.') . "</li>" . $options . "</ul>\n";
} else {
return "<ul id=\"{$this->ID()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" . $options . "</ul>\n";
}
}
public function Count()
{
return $this->list->Count();
}
