/** * standard SS method * @param Member $member * @return Boolean */ public function canDelete($member = null) { if (Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) { return true; } return parent::canEdit($member); }
/** * * @param GridField $gridField * @param DataObject $record * @param string $columnName * @return string - the HTML for the column */ public function getColumnContent($gridField, $record, $columnName) { if (!$record->canEdit()) { return; } $data = new ArrayData(array('Link' => Controller::join_links(Director::baseURL(), '/admin/pages/edit/show/', $record->ID))); return $data->renderWith('GridFieldEditButton'); }
/** * * @param GridField $gridField * @param DataObject $record * @param string $columnName * @return string - the HTML for the column */ public function getColumnContent($gridField, $record, $columnName) { if (!$record->canEdit()) { return; } $data = new ArrayData(array('Link' => Controller::join_links($gridField->Link('item'), $record->ID, 'edit'))); return $data->renderWith('GridFieldEditButton'); }
public function canEdit($member = null) { $this->beforeExtending(__FUNCTION__, function ($member = null) { if ($this->Parent && $this->Parent->canEdit($member)) { return true; } }); return parent::canEdit($member); }
/** * @param GridField $gridField * @param DataObject $record * @param string $columnName * @return string - the HTML for the column */ public function getColumnContent($gridField, $record, $columnName) { if (!$record->canEdit()) { return; } $history_controller = singleton('CMSPageHistoryController'); $data = new ArrayData(array('Link' => Controller::join_links($history_controller->Link('show'), $record->ID))); return $data->renderWith('GridFieldPageHistoryButton'); }
/** * Standard SS Method * @param Member $member * @var Boolean */ public function canEdit($member = null) { if (!$member) { $member == Member::currentUser(); } $shopAdminCode = EcommerceConfig::get("EcommerceRole", "admin_permission_code"); if ($member && Permission::checkMember($member, $shopAdminCode)) { return true; } return parent::canEdit($member); }
public function deleteinlinecomment(array $data, Form $form, $request) { if (!$this->context->canEdit()) { return; } if (!isset($data['ID'])) { throw new Exception("Invalid comment ID"); } $comment = DataObject::get_by_id('InlineComment', $data['ID']); $comment->delete(); return singleton('ICUtils')->ajaxResponse("Deleted", true); }
/** * Return true or false as to whether a given user can access an object * * @param DataObject $node * The object to check perms on * @param string $perm * The permission to check against * @param Member $member * The member to check - if not set, the current user is used * * @return type */ public function checkPerm(DataObject $node, $perm, $member = null) { // if the node doesn't use the extension, fall back to SS logic if (!$node->hasExtension('Restrictable')) { switch ($perm) { case 'View': return $node->canView($member); case 'Write': return $node->canEdit($member); default: return $node->can($perm, $member); } } if (!$node) { return false; } if (!$member) { $member = singleton('SecurityContext')->getMember(); } if (is_int($member)) { $member = DataObject::get_by_id('Member', $member); } if (Permission::check('ADMIN', 'any', $member)) { return true; } $permCache = $this->getCache(); /* @var $permCache Zend_Cache_Core */ $key = $this->permCacheKey($node, $perm); $userGrants = null; if ($key) { $userGrants = $permCache->load($key); if (count($userGrants)) { $userGrants = $this->sanitiseCacheData($userGrants); } } if ($member && $userGrants && isset($userGrants[$perm][$member->ID])) { return $userGrants[$perm][$member->ID]; } // okay, we need to build up all the info we have about the node for permissions $s = $this->realiseAllSources($node); if (!$userGrants) { $userGrants = array(); } if (!isset($userGrants[$perm])) { $userGrants[$perm] = array(); } $result = null; // if no member, just check public view $public = $this->checkPublicPerms($node, $perm); if ($public) { $result = true; } // can return immediately if (!$member) { return $result; } if (is_null($result)) { // see whether we're the owner, and if the perm we're checking is in that list if ($this->checkOwnerPerms($node, $perm, $member)) { $result = true; } } $accessAuthority = ''; $directGrant = null; $can = false; if (is_null($result)) { $filter = array('ItemID' => $node->ID, 'ItemType' => $node->class); $existing = DataList::create('AccessAuthority')->filter($filter); // get all access authorities for this object $gids = isset($this->groups[$member->ID]) ? $this->groups[$member->ID] : null; if (!$gids) { $groups = $member ? $member->Groups() : array(); $gids = array(); if ($groups && $groups->Count()) { $gids = $groups->map('ID', 'ID')->toArray(); } $this->groups[$member->ID] = $gids; } $can = false; $directGrant = 'NONE'; if ($existing && $existing->count()) { foreach ($existing as $access) { // check if this mentions the perm in question $perms = $access->Perms->getValues(); if ($perms) { if (!in_array($perm, $perms)) { continue; } } $grant = null; $authority = $access->getAuthority(); if ($authority instanceof Group) { if (isset($gids[$access->AuthorityID])) { $grant = $access->Grant; } } elseif ($authority instanceof Member) { if ($member->ID == $access->AuthorityID) { $grant = $access->Grant; } } else { // another mechanism that will require a lookup of members in a list // TODO cache this if ($authority instanceof ListOfMembers) { $listMembers = $authority->getAllMembers()->map('ID', 'Title'); if (isset($listMembers[$member->ID])) { $grant = $access->Grant; } } } if ($grant) { // if it's deny, we can just break away immediately, otherwise we need to evaluate all the // others in case there's another DENY in there somewhere if ($grant === 'DENY') { $directGrant = 'DENY'; // immediately break break; } else { // mark that it's been granted for now $directGrant = 'GRANT'; } } } } } // return immediately if we have something if ($directGrant === 'GRANT') { $result = true; } if ($directGrant === 'DENY') { $result = false; } // otherwise query our parents if (is_null($result) && $node->InheritPerms) { $permParents = $this->getEffectiveParents($node); if (count($permParents) || $permParents instanceof IteratorAggregate) { foreach ($permParents as $permParent) { if ($permParent && $this->checkPerm($permParent, $perm, $member)) { $result = true; } } } } if (is_null($result)) { $result = false; } $userGrants[$perm][$member->ID] = $result; if ($key) { $permCache->save($userGrants, $key); } return $result; }
/** * Shop Admins can edit * @return Boolean */ function canEdit($member = null) { return true; if (!$member) { $member = Member::currentUser(); } if ($member && $member->IsShopAdmin()) { return true; } return parent::canEdit($member); }
/** * Standard SS method * @param Member $member * @return Boolean */ public function canDelete($member = null) { //cant delete last status if there are orders with this status $nextOrderStepObject = $this->NextOrderStep(); if ($nextOrderStepObject) { //do nothing } else { $orderCount = Order::get()->filter(array("StatusID" => intval($this->ID) - 0))->count(); if ($orderCount) { return false; } } if ($this->isDefaultStatusOption()) { return false; } if (in_array($this->Code, self::get_codes_for_order_steps_to_include())) { return false; } if (Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) { return true; } return parent::canEdit($member); }
/** * Standard SS method * @param Member $member * @return Boolean */ function canDelete($member = null) { if (ShippingAddress::get()->filter(array("ShippingCountry" => $this->Code))->count()) { return false; } if (BillingAddress::get()->filter(array("Country" => $this->Code))->count()) { return false; } if (Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) { return true; } return parent::canEdit($member); }
public function canEdit($member = null) { $this->beforeExtending(__METHOD__, function ($member) { if (!$this->checkIfHasGlobalMenuPermission($member)) { return false; } }); return parent::canEdit($member); }
public function canEdit($member = null) { $first = $this->Pages()->first(); return $first ? $first->canEdit() : parent::canEdit($member); }
/** * Standard SS method * @param Member $member * @return Boolean */ function canDelete($member = null) { if (!$this->InUse && EcommerceCurrency::get()->Count() > 1) { if (Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) { return true; } return parent::canEdit($member); } return false; }
/** * * @param GridField $gridField * @param DataObject $record * @param string $columnName * @return string - the HTML for the column */ public function getColumnContent($gridField, $record, $columnName) { if ($this->removeRelation) { if (!$record->canEdit()) { return; } $field = GridField_FormAction::create($gridField, 'UnlinkRelation' . $record->ID, _t('GridAction.UnlinkRelation', "Unlink"), "unlinkrelation", array('RecordID' => $record->ID))->addExtraClass('gridfield-button-unlink')->setAttribute('title', _t('GridAction.UnlinkRelation', "Unlink"))->setAttribute('data-icon', 'chain--minus'); } else { if (!$record->canDelete()) { return; } $field = GridField_FormAction::create($gridField, 'DeleteRecord' . $record->ID, _t('GridAction.Delete', "Delete"), "deleterecord", array('RecordID' => $record->ID))->addExtraClass('gridfield-button-delete')->setAttribute('title', _t('GridAction.Delete', "Delete"))->setAttribute('data-icon', 'cross-circle')->setDescription(_t('GridAction.DELETE_DESCRIPTION', 'Delete')); } return $field->Field(); }
/** * standard SS method * @param Member $member * @return Boolean */ public function canDelete($member = null) { $array = EcommerceConfig::get("CheckoutPage_Controller", "checkout_steps"); if (in_array($this->getCode, $array)) { return false; } if (Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) { return true; } return parent::canEdit($member); }
public function canEdit($member = null) { return parent::canEdit($member); }
/** * * @param GridField $gridField * @param DataObject $record * @param string $columnName * @return string - the HTML for the column */ public function getColumnContent($gridField, $record, $columnName) { if ($this->removeRelation) { if (!$record->canEdit()) { return; } $field = GridField_FormAction::create($gridField, 'UnlinkRelation' . $record->ID, false, "unlinkrelation", array('RecordID' => $record->ID))->addExtraClass('btn btn--no-text btn--icon-md font-icon-link-broken grid-field__icon-action gridfield-button-unlink')->setAttribute('title', _t('GridAction.UnlinkRelation', "Unlink")); } else { if (!$record->canDelete()) { return; } $field = GridField_FormAction::create($gridField, 'DeleteRecord' . $record->ID, false, "deleterecord", array('RecordID' => $record->ID))->addExtraClass('gridfield-button-delete btn--icon-md font-icon-trash-bin btn--no-text grid-field__icon-action')->setAttribute('title', _t('GridAction.Delete', "Delete"))->setDescription(_t('GridAction.DELETE_DESCRIPTION', 'Delete')); } return $field->Field(); }
/** * standard SS method * @param Member $member * @return Boolean **/ function canEdit($member = null) { //if(Permission::checkMember($member, Config::inst()->get("EcommerceRole", "admin_permission_code"))) {return true;} //we can only edit Order Modifiers that have not been submitted yet... return parent::canEdit($member); }
public function canEdit($member = null) { $method = __FUNCTION__; $this->beforeExtending(__FUNCTION__, function ($member) use($method) { if (!$this->checkIfHasGlobalMenuPermission($member)) { return false; } if (singleton('SiteTree')->{$method}($member)) { return true; } }); return parent::canEdit($member); }
public function canEdit($member = null) { return !$this->Sent && parent::canEdit($member); }
public function doSave($data, $form) { $isNewRecord = $this->record->ID == 0; // Check permission if (!$this->record->canEdit()) { return $this->httpError(403); } // Save from form data try { $this->saveFormIntoRecord($data, $form); } catch (ValidationException $e) { return $this->generateValidationResponse($form, $e); } $link = '<a href="' . $this->Link('edit') . '">"' . htmlspecialchars($this->record->Title, ENT_QUOTES) . '"</a>'; $message = _t('GridFieldDetailForm.Saved', 'Saved {name} {link}', array('name' => $this->record->i18n_singular_name(), 'link' => $link)); $form->sessionMessage($message, 'good', false); // Redirect after save return $this->redirectAfterSave($isNewRecord); }
public function doSave($data, $form) { $new_record = $this->record->ID == 0; $controller = $this->getToplevelController(); $list = $this->gridField->getList(); if ($list instanceof ManyManyList) { // Data is escaped in ManyManyList->add() $extraData = isset($data['ManyMany']) ? $data['ManyMany'] : null; } else { $extraData = null; } if (!$this->record->canEdit()) { return $controller->httpError(403); } if (isset($data['ClassName']) && $data['ClassName'] != $this->record->ClassName) { $newClassName = $data['ClassName']; // The records originally saved attribute was overwritten by $form->saveInto($record) before. // This is necessary for newClassInstance() to work as expected, and trigger change detection // on the ClassName attribute $this->record->setClassName($this->record->ClassName); // Replace $record with a new instance $this->record = $this->record->newClassInstance($newClassName); } try { $form->saveInto($this->record); $this->record->write(); $list->add($this->record, $extraData); } catch (ValidationException $e) { $form->sessionMessage($e->getResult()->message(), 'bad', false); $responseNegotiator = new PjaxResponseNegotiator(array('CurrentForm' => function () use(&$form) { return $form->forTemplate(); }, 'default' => function () use(&$controller) { return $controller->redirectBack(); })); if ($controller->getRequest()->isAjax()) { $controller->getRequest()->addHeader('X-Pjax', 'CurrentForm'); } return $responseNegotiator->respond($controller->getRequest()); } // TODO Save this item into the given relationship $link = '<a href="' . $this->Link('edit') . '">"' . htmlspecialchars($this->record->Title, ENT_QUOTES) . '"</a>'; $message = _t('GridFieldDetailForm.Saved', 'Saved {name} {link}', array('name' => $this->record->i18n_singular_name(), 'link' => $link)); $form->sessionMessage($message, 'good', false); if ($new_record) { return $controller->redirect($this->Link()); } elseif ($this->gridField->getList()->byId($this->record->ID)) { // Return new view, as we can't do a "virtual redirect" via the CMS Ajax // to the same URL (it assumes that its content is already current, and doesn't reload) return $this->edit($controller->getRequest()); } else { // Changes to the record properties might've excluded the record from // a filtered list, so return back to the main view if it can't be found $noActionURL = $controller->removeAction($data['url']); $controller->getRequest()->addHeader('X-Pjax', 'Content'); return $controller->redirect($noActionURL, 302); } }
public function canEdit($member = null) { $can = parent::canEdit($member); return $can ? $can : Permission::check('CMS_ACCESS_FrontendAdmin'); }