/**
* Get the default admin record if it exists, or creates it otherwise if enabled
*
* @return Member
*/
public static function default_admin()
{
// Check if set
if (!Security::has_default_admin()) {
return null;
}
// Find or create ADMIN group
Group::singleton()->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
// Find member
$admin = Member::get()->filter('Email', Security::default_admin_username())->first();
if (!$admin) {
// 'Password' is not set to avoid creating
// persistent logins in the database. See Security::setDefaultAdmin().
// Set 'Email' to identify this as the default admin
$admin = Member::create();
$admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
$admin->Email = Security::default_admin_username();
$admin->write();
}
// Ensure this user is in the admin group
if (!$admin->inGroup($adminGroup)) {
// Add member to group instead of adding group to member
// This bypasses the privilege escallation code in Member_GroupSet
$adminGroup->DirectMembers()->add($admin);
}
return $admin;
}
/**
* Return an existing member with administrator privileges, or create one of necessary.
*
* Will create a default 'Administrators' group if no group is found
* with an ADMIN permission. Will create a new 'Admin' member with administrative permissions
* if no existing Member with these permissions is found.
*
* Important: Any newly created administrator accounts will NOT have valid
* login credentials (Email/Password properties), which means they can't be used for login
* purposes outside of any default credentials set through {@link Security::setDefaultAdmin()}.
*
* @return Member
*/
public static function findAnAdministrator()
{
// coupling to subsites module
$origSubsite = null;
if (is_callable('Subsite::changeSubsite')) {
$origSubsite = \Subsite::currentSubsiteID();
\Subsite::changeSubsite(0);
}
$member = null;
// find a group with ADMIN permission
$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
if (is_callable('Subsite::changeSubsite')) {
\Subsite::changeSubsite($origSubsite);
}
if ($adminGroup) {
$member = $adminGroup->Members()->First();
}
if (!$adminGroup) {
Group::singleton()->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
}
if (!$member) {
Member::singleton()->requireDefaultRecords();
$member = Permission::get_members_by_permission('ADMIN')->first();
}
if (!$member) {
$member = Member::default_admin();
}
if (!$member) {
// Failover to a blank admin
$member = Member::create();
$member->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
$member->write();
// Add member to group instead of adding group to member
// This bypasses the privilege escallation code in Member_GroupSet
$adminGroup->DirectMembers()->add($member);
}
return $member;
}
public function Breadcrumbs($unlinked = false)
{
$crumbs = parent::Breadcrumbs($unlinked);
// Name root breadcrumb based on which record is edited,
// which can only be determined by looking for the fieldname of the GridField.
// Note: Titles should be same titles as tabs in RootForm().
$params = $this->getRequest()->allParams();
if (isset($params['FieldName'])) {
// TODO FieldName param gets overwritten by nested GridFields,
// so shows "Members" rather than "Groups" for the following URL:
// admin/security/EditForm/field/Groups/item/2/ItemEditForm/field/Members/item/1/edit
$firstCrumb = $crumbs->shift();
if ($params['FieldName'] == 'Groups') {
$crumbs->unshift(new ArrayData(array('Title' => Group::singleton()->i18n_plural_name(), 'Link' => $this->Link('groups'))));
} elseif ($params['FieldName'] == 'Users') {
$crumbs->unshift(new ArrayData(array('Title' => _t('SecurityAdmin.Users', 'Users'), 'Link' => $this->Link('users'))));
} elseif ($params['FieldName'] == 'Roles') {
$crumbs->unshift(new ArrayData(array('Title' => _t('SecurityAdmin.TABROLES', 'Roles'), 'Link' => $this->Link('roles'))));
}
$crumbs->unshift($firstCrumb);
}
return $crumbs;
}
