/** * Returns a DataObjectSet of all the members that can publish pages * on this site by default */ public function PublisherMembers() { if ($this->owner->CanPublishType == 'OnlyTheseUsers') { $groups = $this->owner->PublisherGroups(); $members = new DataObjectSet(); if ($groups) { foreach ($groups as $group) { $members->merge($group->Members()); } } // Default to ADMINs, if something goes wrong if (!$members->Count()) { $group = Permission::get_groups_by_permission('ADMIN')->first(); $members = $group->Members(); } return $members; } else { if ($this->owner->CanPublishType == 'LoggedInUsers') { // We don't want to return every user in the CMS.... return Permission::get_members_by_permission('CMS_ACCESS_CMSMain'); } else { $group = Permission::get_groups_by_permission('ADMIN')->first(); return $group->Members(); } } }
/** * Returns a DataObjectSet of all the members that can publish this page */ public function PublisherMembers() { if ($this->owner->CanPublishType == 'OnlyTheseUsers') { $groups = $this->owner->PublisherGroups(); $members = new DataObjectSet(); if ($groups) { foreach ($groups as $group) { $members->merge($group->Members()); } } // Default to ADMINs, if something goes wrong if (!$members->Count()) { $group = Permission::get_groups_by_permission('ADMIN')->first(); $members = $group->Members(); } return $members; } elseif ($this->owner->CanPublishType == 'Inherit') { if ($this->owner->Parent()->Exists()) { return $this->owner->Parent()->PublisherMembers(); } else { return SiteConfig::current_site_config()->PublisherMembers(); } } elseif ($this->owner->CanPublishType == 'LoggedInUsers') { return Permission::get_members_by_permission('CMS_ACCESS_CMSMain'); } else { $group = Permission::get_groups_by_permission('ADMIN')->first(); return $group->Members(); } }
/** * Gets a list of users in the database * @return {array} Returns a standard response array */ public function getUsersList() { $response = CodeBank_ClientAPI::responseBase(); $members = Permission::get_members_by_permission(array('ADMIN', 'CODE_BANK_ACCESS')); foreach ($members as $member) { $response['data'][] = array('id' => $member->ID, 'username' => $member->Email, 'lastLogin' => $member->LastVisited); } return $response; }
/** * Ensure the the get_*_by_permission functions are permission role aware */ public function testGettingMembersByPermission() { $accessMember = $this->objFromFixture('Member', 'access'); $accessAuthor = $this->objFromFixture('Member', 'author'); $result = Permission::get_members_by_permission(array('CMS_ACCESS_SecurityAdmin')); $resultIDs = $result ? $result->column() : array(); $this->assertContains($accessMember->ID, $resultIDs, 'Member is found via a permission attached to a role'); $this->assertNotContains($accessAuthor->ID, $resultIDs); }
public function testDefaultAdmin() { $adminMembers = Permission::get_members_by_permission('ADMIN'); $this->assertEquals(0, $adminMembers->count()); $admin = Member::default_admin(); $this->assertInstanceOf('Member', $admin); $this->assertTrue(Permission::checkMember($admin, 'ADMIN')); $this->assertEquals($admin->Email, Security::default_admin_username()); $this->assertNull($admin->Password); }
public function runAsAdmin($closure) { // TODO This is so horribly ugly - is there no better way to know that we're in dev/build for the first time? $admins = Permission::get_members_by_permission('ADMIN')->First(); if (!$admins) { return; } $admin = Security::findAnAdministrator(); return $this->run($closure, $admin); }
function testFindAnAdministratorCreatesNewUser() { $adminMembers = Permission::get_members_by_permission('ADMIN'); $this->assertEquals(0, $adminMembers->count()); $admin = Security::findAnAdministrator(); $this->assertType('Member', $admin); $this->assertTrue(Permission::checkMember($admin, 'ADMIN')); $this->assertNull($admin->Email); $this->assertNull($admin->Password); }
/** * Get members who have BLOGMANAGEMENT and ADMIN permission */ function blogOwners($sort = 'Name', $direction = "ASC") { $adminMembers = Permission::get_members_by_permission('ADMIN'); $blogOwners = Permission::get_members_by_permission('BLOGMANAGEMENT'); if (!$adminMembers) { $adminMembers = new DataObjectSet(); } if (!$blogOwners) { $blogOwners = new DataObjectSet(); } $blogOwners->merge($adminMembers); $blogOwners->sort($sort, $direction); $this->extend('extendBlogOwners', $blogOwners); return $blogOwners; }
/** * * @param FieldList $fields */ public function updateCMSFields(FieldList $fields) { $helpText = LiteralField::create("ContentReviewHelp", _t("ContentReview.DEFAULTSETTINGSHELP", "These content review settings will apply to all pages that does not have specific Content Review schedule.")); $fields->addFieldToTab("Root.ContentReview", $helpText); $reviewFrequency = DropdownField::create("ReviewPeriodDays", _t("ContentReview.REVIEWFREQUENCY", "Review frequency"), SiteTreeContentReview::get_schedule())->setDescription(_t("ContentReview.REVIEWFREQUENCYDESCRIPTION", "The review date will be set to this far in the future whenever the page is published")); $fields->addFieldToTab("Root.ContentReview", $reviewFrequency); $users = Permission::get_members_by_permission(array("CMS_ACCESS_CMSMain", "ADMIN")); $usersMap = $users->map("ID", "Title")->toArray(); asort($usersMap); $userField = ListboxField::create("OwnerUsers", _t("ContentReview.PAGEOWNERUSERS", "Users"), $usersMap)->setMultiple(true)->setAttribute("data-placeholder", _t("ContentReview.ADDUSERS", "Add users"))->setDescription(_t("ContentReview.OWNERUSERSDESCRIPTION", "Page owners that are responsible for reviews")); $fields->addFieldToTab("Root.ContentReview", $userField); $groupsMap = array(); foreach (Group::get() as $group) { // Listboxfield values are escaped, use ASCII char instead of » $groupsMap[$group->ID] = $group->getBreadcrumbs(" > "); } asort($groupsMap); $groupField = ListboxField::create("OwnerGroups", _t("ContentReview.PAGEOWNERGROUPS", "Groups"), $groupsMap)->setMultiple(true)->setAttribute("data-placeholder", _t("ContentReview.ADDGROUP", "Add groups"))->setDescription(_t("ContentReview.OWNERGROUPSDESCRIPTION", "Page owners that are responsible for reviews")); $fields->addFieldToTab("Root.ContentReview", $groupField); }
function requireDefaultRecords() { // Default groups should've been built by Group->requireDefaultRecords() already // Find or create ADMIN group $adminGroups = Permission::get_groups_by_permission('ADMIN'); if (!$adminGroups) { singleton('Group')->requireDefaultRecords(); $adminGroups = Permission::get_groups_by_permission('ADMIN'); } $adminGroup = $adminGroups->First(); // Add a default administrator to the first ADMIN group found (most likely the default // group created through Group->requireDefaultRecords()). $admins = Permission::get_members_by_permission('ADMIN'); if (!$admins) { // Leave 'Email' and 'Password' are not set to avoid creating // persistent logins in the database. See Security::setDefaultAdmin(). $admin = Object::create('Member'); $admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin'); $admin->write(); $admin->Groups()->add($adminGroup); } }
/** * @param FieldList $fields */ public function updateCMSFields(FieldList $fields) { $helpText = LiteralField::create('ContentReviewHelp', _t('ContentReview.DEFAULTSETTINGSHELP', 'These content review settings will apply to all pages that does not have specific Content Review schedule.')); $fields->addFieldToTab('Root.ContentReview', $helpText); $reviewFrequency = DropdownField::create('ReviewPeriodDays', _t('ContentReview.REVIEWFREQUENCY', 'Review frequency'), SiteTreeContentReview::get_schedule())->setDescription(_t('ContentReview.REVIEWFREQUENCYDESCRIPTION', 'The review date will be set to this far in the future whenever the page is published')); $fields->addFieldToTab('Root.ContentReview', $reviewFrequency); $users = Permission::get_members_by_permission(array('CMS_ACCESS_CMSMain', 'ADMIN')); $usersMap = $users->map('ID', 'Title')->toArray(); asort($usersMap); $userField = ListboxField::create('OwnerUsers', _t('ContentReview.PAGEOWNERUSERS', 'Users'), $usersMap)->setMultiple(true)->setAttribute('data-placeholder', _t('ContentReview.ADDUSERS', 'Add users'))->setDescription(_t('ContentReview.OWNERUSERSDESCRIPTION', 'Page owners that are responsible for reviews')); $fields->addFieldToTab('Root.ContentReview', $userField); $groupsMap = array(); foreach (Group::get() as $group) { // Listboxfield values are escaped, use ASCII char instead of » $groupsMap[$group->ID] = $group->getBreadcrumbs(' > '); } asort($groupsMap); $groupField = ListboxField::create('OwnerGroups', _t('ContentReview.PAGEOWNERGROUPS', 'Groups'), $groupsMap)->setMultiple(true)->setAttribute('data-placeholder', _t('ContentReview.ADDGROUP', 'Add groups'))->setDescription(_t('ContentReview.OWNERGROUPSDESCRIPTION', 'Page owners that are responsible for reviews')); $fields->addFieldToTab('Root.ContentReview', $groupField); $FirstReviewDaysBefore = NumericField::create('FirstReviewDaysBefore', _t('ContentReview.FIRSTREVIEWDAYSBEFORE', 'First review reminder # days before final review')); $SecondReviewDaysBefore = NumericField::create('SecondReviewDaysBefore', _t('ContentReview.SECONDREVIEWDAYSBEFORE', 'Second review reminder # days before final review')); // Email content $fields->addFieldsToTab('Root.ContentReview', array(TextField::create('ReviewFrom', _t('ContentReview.EMAILFROM', 'From email address'))->setRightTitle(_t('Review.EMAILFROM_RIGHTTITLE', 'e.g: do-not-reply@site.com')), $FirstReviewDaysBefore, $SecondReviewDaysBefore, TextField::create('ReviewReminderEmail', 'Review reminder email address')->setRightTitle('e.g: review.reminders@site.com'), TextField::create('ReviewSubjectReminder', _t('ContentReview.EMAILSUBJECTREMINDER', 'Subject line - reminder')), TextField::create('ReviewSubject', _t('ContentReview.EMAILSUBJECT', 'Subject line - Review due')), TextAreaField::create('ReviewBodyFirstReminder', _t('ContentReview.EMAILTEMPLATEFIRSTREMINDER', 'Email body - First reminder')), TextAreaField::create('ReviewBodySecondReminder', _t('ContentReview.EMAILTEMPLATESECONDREMINDER', 'Email body - Second reminder')), TextAreaField::create('ReviewBody', _t('ContentReview.EMAILTEMPLATE', 'Email body - Review due')), LiteralField::create('TemplateHelp', $this->owner->renderWith('ContentReviewAdminHelp')))); }
/** * We create / get a valid session by a defined accesstoken */ static function find_admin_session_by_accesstoken($token) { $session = self::find_by_accesstoken($token); if (!$session) { if (!(strlen(trim($token)) > 6)) { return user_error('admin authtoken must be at least 6 chars long'); } $session = AuthSession::create(array("UID" => $token)); $session->write(); } if (!$session->Member() || !$session->Member()->inGroup('ADMIN')) { // we need to attach an admin user to session to fulfill a valid session datao object with admin privileges $admin = Permission::get_members_by_permission('ADMIN')->First(); $session->Member = $admin; $session->MemberID = $admin->ID; $session->write(); } if (!$session->isValid()) { // renew session $session->setValidInMinutesFromNow(302400); $session->write(); } return $session; }
/** * Gets the list of user candidates to be assigned to assist with this blog. * * @return SS_List */ protected function getCandidateUsers() { if ($this->config()->grant_user_access) { $list = Member::get(); $this->extend('updateCandidateUsers', $list); return $list; } else { return Permission::get_members_by_permission($this->config()->grant_user_permission); } }
/** * Return an existing member with administrator privileges, or create one of necessary. * * Will create a default 'Administrators' group if no group is found * with an ADMIN permission. Will create a new 'Admin' member with administrative permissions * if no existing Member with these permissions is found. * * Important: Any newly created administrator accounts will NOT have valid * login credentials (Email/Password properties), which means they can't be used for login * purposes outside of any default credentials set through {@link Security::setDefaultAdmin()}. * * @return Member */ public static function findAnAdministrator() { // coupling to subsites module $origSubsite = null; if (is_callable('Subsite::changeSubsite')) { $origSubsite = Subsite::currentSubsiteID(); Subsite::changeSubsite(0); } $member = null; // find a group with ADMIN permission $adminGroup = DataObject::get('Group')->where(array('"Permission"."Code"' => 'ADMIN'))->sort('"Group"."ID"')->innerJoin("Permission", '"Group"."ID" = "Permission"."GroupID"')->First(); if (is_callable('Subsite::changeSubsite')) { Subsite::changeSubsite($origSubsite); } if ($adminGroup) { $member = $adminGroup->Members()->First(); } if (!$adminGroup) { singleton('Group')->requireDefaultRecords(); } if (!$member) { singleton('Member')->requireDefaultRecords(); $member = Permission::get_members_by_permission('ADMIN')->First(); } return $member; }
/** * Return an existing member with administrator privileges, or create one of necessary. * * Will create a default 'Administrators' group if no group is found * with an ADMIN permission. Will create a new 'Admin' member with administrative permissions * if no existing Member with these permissions is found. * * Important: Any newly created administrator accounts will NOT have valid * login credentials (Email/Password properties), which means they can't be used for login * purposes outside of any default credentials set through {@link Security::setDefaultAdmin()}. * * @return Member */ public static function findAnAdministrator() { // coupling to subsites module $origSubsite = null; if (is_callable('Subsite::changeSubsite')) { $origSubsite = Subsite::currentSubsiteID(); Subsite::changeSubsite(0); } $member = null; // find a group with ADMIN permission $adminGroup = Permission::get_groups_by_permission('ADMIN')->First(); if (is_callable('Subsite::changeSubsite')) { Subsite::changeSubsite($origSubsite); } if ($adminGroup) { $member = $adminGroup->Members()->First(); } if (!$adminGroup) { singleton('Group')->requireDefaultRecords(); $adminGroup = Permission::get_groups_by_permission('ADMIN')->First(); } if (!$member) { singleton('Member')->requireDefaultRecords(); $member = Permission::get_members_by_permission('ADMIN')->First(); } if (!$member) { $member = Member::default_admin(); } if (!$member) { // Failover to a blank admin $member = Member::create(); $member->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin'); $member->write(); // Add member to group instead of adding group to member // This bypasses the privilege escallation code in Member_GroupSet $adminGroup->DirectMembers()->add($member); } return $member; }
/** * Return an existing member with administrator privileges, or create one of necessary. * * Will create a default 'Administrators' group if no group is found * with an ADMIN permission. Will create a new 'Admin' member with administrative permissions * if no existing Member with these permissions is found. * * Important: Any newly created administrator accounts will NOT have valid * login credentials (Email/Password properties), which means they can't be used for login * purposes outside of any default credentials set through {@link Security::setDefaultAdmin()}. * * @return Member */ static function findAnAdministrator() { // coupling to subsites module $origSubsite = null; if (is_callable('Subsite::changeSubsite')) { $origSubsite = Subsite::currentSubsiteID(); Subsite::changeSubsite(0); } $member = null; // find a group with ADMIN permission $adminGroup = DataObject::get('Group', "\"Permission\".\"Code\" = 'ADMIN'", "\"Group\".\"ID\"", "JOIN \"Permission\" ON \"Group\".\"ID\"=\"Permission\".\"GroupID\"", '1')->First(); if (is_callable('Subsite::changeSubsite')) { Subsite::changeSubsite($origSubsite); } if ($adminGroup) { $member = $adminGroup->Members()->First(); } if (!$adminGroup) { singleton('Group')->requireDefaultRecords(); } if (!$member) { singleton('Member')->requireDefaultRecords(); $member = Permission::get_members_by_permission('ADMIN')->First(); } return $member; }
/** * Gets the list of user candidates to be assigned to assist with this blog. * * @return SS_List */ protected function getCandidateUsers() { if ($this->config()->grant_user_access) { return Member::get(); } else { return Permission::get_members_by_permission($this->config()->grant_user_permission); } }
/** * @param FieldList $fields */ public function updateSettingsFields(FieldList $fields) { Requirements::javascript("contentreview/javascript/contentreview.js"); // Display read-only version only if (!Permission::check("EDIT_CONTENT_REVIEW_FIELDS")) { $schedule = self::get_schedule(); $contentOwners = ReadonlyField::create("ROContentOwners", _t("ContentReview.CONTENTOWNERS", "Content Owners"), $this->getOwnerNames()); $nextReviewAt = DateField::create('RONextReviewDate', _t("ContentReview.NEXTREVIEWDATE", "Next review date"), $this->owner->NextReviewDate); if (!isset($schedule[$this->owner->ReviewPeriodDays])) { $reviewFreq = ReadonlyField::create("ROReviewPeriodDays", _t("ContentReview.REVIEWFREQUENCY", "Review frequency"), $schedule[0]); } else { $reviewFreq = ReadonlyField::create("ROReviewPeriodDays", _t("ContentReview.REVIEWFREQUENCY", "Review frequency"), $schedule[$this->owner->ReviewPeriodDays]); } $logConfig = GridFieldConfig::create()->addComponent(new GridFieldSortableHeader())->addComponent($logColumns = new GridFieldDataColumns()); // Cast the value to the users preferred date format $logColumns->setFieldCasting(array("Created" => "DateTimeField->value")); $logs = GridField::create("ROReviewNotes", "Review Notes", $this->owner->ReviewLogs(), $logConfig); $optionsFrom = ReadonlyField::create("ROType", _t("ContentReview.SETTINGSFROM", "Options are"), $this->owner->ContentReviewType); $fields->addFieldsToTab("Root.ContentReview", array($contentOwners, $nextReviewAt->performReadonlyTransformation(), $reviewFreq, $optionsFrom, $logs)); return; } $options = array(); $options["Disabled"] = _t("ContentReview.DISABLE", "Disable content review"); $options["Inherit"] = _t("ContentReview.INHERIT", "Inherit from parent page"); $options["Custom"] = _t("ContentReview.CUSTOM", "Custom settings"); $viewersOptionsField = OptionsetField::create("ContentReviewType", _t("ContentReview.OPTIONS", "Options"), $options); $users = Permission::get_members_by_permission(array("CMS_ACCESS_CMSMain", "ADMIN")); $usersMap = $users->map("ID", "Title")->toArray(); asort($usersMap); $userField = ListboxField::create("OwnerUsers", _t("ContentReview.PAGEOWNERUSERS", "Users"), $usersMap)->setMultiple(true)->setAttribute("data-placeholder", _t("ContentReview.ADDUSERS", "Add users"))->setDescription(_t('ContentReview.OWNERUSERSDESCRIPTION', 'Page owners that are responsible for reviews')); $groupsMap = array(); foreach (Group::get() as $group) { $groupsMap[$group->ID] = $group->getBreadcrumbs(" > "); } asort($groupsMap); $groupField = ListboxField::create("OwnerGroups", _t("ContentReview.PAGEOWNERGROUPS", "Groups"), $groupsMap)->setMultiple(true)->setAttribute("data-placeholder", _t("ContentReview.ADDGROUP", "Add groups"))->setDescription(_t("ContentReview.OWNERGROUPSDESCRIPTION", "Page owners that are responsible for reviews")); $reviewDate = DateField::create("NextReviewDate", _t("ContentReview.NEXTREVIEWDATE", "Next review date"))->setConfig("showcalendar", true)->setConfig("dateformat", "yyyy-MM-dd")->setConfig("datavalueformat", "yyyy-MM-dd")->setDescription(_t("ContentReview.NEXTREVIEWDATADESCRIPTION", "Leave blank for no review")); $reviewFrequency = DropdownField::create("ReviewPeriodDays", _t("ContentReview.REVIEWFREQUENCY", "Review frequency"), self::get_schedule())->setDescription(_t("ContentReview.REVIEWFREQUENCYDESCRIPTION", "The review date will be set to this far in the future whenever the page is published")); $notesField = GridField::create("ReviewNotes", "Review Notes", $this->owner->ReviewLogs(), GridFieldConfig_RecordEditor::create()); $fields->addFieldsToTab("Root.ContentReview", array(new HeaderField(_t("ContentReview.REVIEWHEADER", "Content review"), 2), $viewersOptionsField, CompositeField::create($userField, $groupField, $reviewDate, $reviewFrequency)->addExtraClass("custom-settings"), ReadonlyField::create("ROContentOwners", _t("ContentReview.CONTENTOWNERS", "Content Owners"), $this->getOwnerNames()), ReadonlyField::create("RONextReviewDate", _t("ContentReview.NEXTREVIEWDATE", "Next review date"), $this->owner->NextReviewDate), $notesField)); }
/** * A controller action that handles the application of a dashboard configuration to all members * * @param SS_HTTPRequest The current request * @return SS_HTTPResponse */ public function applytoall(SS_HTTPRequest $r) { $members = Permission::get_members_by_permission("CMS_ACCESS_Dashboard"); foreach ($members as $member) { if ($member->ID == Member::currentUserID()) { continue; } $member->DashboardPanels()->removeAll(); foreach (Member::currentUser()->DashboardPanels() as $panel) { $clone = $panel->duplicate(); $clone->MemberID = $member->ID; $clone->write(); } } return new SS_HTTPResponse(_t('Dashboard.APPLYTOALLSUCCESS', 'Success! This dashboard configuration has been applied to all members who have dashboard access.')); }