public function requireDefaultRecords()
{
parent::requireDefaultRecords();
// Add default author group if no other group exists
$frontend_group = Group::get()->filter("Code", "users-frontend");
if (!$frontend_group->exists()) {
$frontend_group = new Group();
$frontend_group->Code = 'users-frontend';
$frontend_group->Title = "Frontend Users";
$frontend_group->Sort = 1;
$frontend_group->write();
Permission::grant($frontend_group->ID, 'USERS_MANAGE_ACCOUNT');
DB::alteration_message('Front end users group created', 'created');
}
// Add a verified users group (only used if we turn on
// verification)
$verify_group = Group::get()->filter("Code", "users-verified");
if (!$verify_group->exists()) {
$verify_group = new Group();
$verify_group->Code = 'users-verified';
$verify_group->Title = "Verified Users";
$verify_group->Sort = 1;
$verify_group->write();
Permission::grant($verify_group->ID, 'USERS_VERIFIED');
DB::alteration_message('Verified users group created', 'created');
}
}
/**
* @param IMarketPlaceType $marketplace_type
* @return int|bool
*/
public function store(IMarketPlaceType $marketplace_type)
{
$repository = $this->repository;
$group_repository = $this->group_repository;
$res = false;
$this->tx_manager->transaction(function () use(&$res, &$marketplace_type, $repository, $group_repository) {
$query = new QueryObject();
$query->addAndCondition(QueryCriteria::equal('Name', $marketplace_type->getName()));
$query->addAndCondition(QueryCriteria::equal('Slug', $marketplace_type->getSlug()));
$query->addAndCondition(QueryCriteria::notEqual('ID', $marketplace_type->getIdentifier()));
$old = $repository->getBy($query);
if ($old) {
throw new EntityAlreadyExistsException('MarketPlaceType', sprintf('Name %s', $marketplace_type->getName()));
}
$repository->add($marketplace_type);
});
//reload from db...
$id = $marketplace_type->getIdentifier();
$marketplace_type = $this->repository->getById($id);
$g = $marketplace_type->getAdminGroup();
$permission_code = sprintf('MANAGE_MARKETPLACE_%s', str_replace(' ', '_', strtoupper($marketplace_type->getName())));
$groups = Permission::get_groups_by_permission($permission_code);
if (count($groups) == 0) {
Permission::grant($g->getIdentifier(), $permission_code);
}
return $res;
}
/**
* @throws ValidationException
* @throws null
*/
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
/**
* Add default site admin group if none with
* permission code SITE_ADMIN exists
*
* @var Group $siteAdminGroup
*/
$siteAdminGroups = DataObject::get('Group')->filter(array('Code' => 'site-administrators'));
if (!$siteAdminGroups->count()) {
$siteAdminGroup = Group::create();
$siteAdminGroup->Code = 'site-administrators';
$siteAdminGroup->Title = _t('BoilerplateGroupExtension.SiteAdminGroupTitle', 'Site Administrators');
$siteAdminGroup->Sort = 0;
$siteAdminGroup->write();
/** Default CMS permissions */
Permission::grant($siteAdminGroup->ID, 'CMS_ACCESS_LeftAndMain');
Permission::grant($siteAdminGroup->ID, 'SITETREE_VIEW_ALL');
Permission::grant($siteAdminGroup->ID, 'SITETREE_EDIT_ALL');
Permission::grant($siteAdminGroup->ID, 'SITETREE_REORGANISE');
Permission::grant($siteAdminGroup->ID, 'VIEW_DRAFT_CONTENT');
Permission::grant($siteAdminGroup->ID, 'SITETREE_GRANT_ACCESS');
Permission::grant($siteAdminGroup->ID, 'EDIT_SITECONFIG');
}
}
/**
* Check for default group, and if it doesn't exist, create it
* Should be run under "requireDefaultRecords"
* @param string $code
* @param string $title
* @param string $parent
* @param array $permissions
*/
public static function default_group($code, $title, $parentCode = null, $permissions = array())
{
$group = null;
$action = null;
if (!DataObject::get_one('Group', "Code = '" . $code . "'")) {
$action = 'create';
$group = new Group();
} else {
$action = 'update';
$group = DataObject::get_one('Group', "Code = '" . $code . "'");
}
$group->Title = $title;
$group->Code = $code;
if ($parentCode) {
$parentObj = DataObject::get_one("Group", "Code = '" . $parentCode . "'");
$group->ParentID = $parentObj->ID;
}
$group->write();
if (!empty($permissions)) {
foreach ($permissions as $p) {
Permission::grant($group->ID, $p);
}
}
if ($action == 'create') {
DB::alteration_message('Group ' . $title . ' (' . $code . ') has been created.', "created");
}
if ($action == 'update') {
DB::alteration_message('Group ' . $title . ' (' . $code . ') has been updated.', "updated");
}
return $group;
}
/**
* Add a specific group in order to enable users/groups managemet
*/
public function requireDefaultRecords()
{
$group = DataObject::get('Group', "Code = 'users-manager'");
if (!$group->count()) {
$usersManagerGroup = new Group();
$usersManagerGroup->Code = 'users-manager';
$usersManagerGroup->Title = _t('Group.DefaultGroupTitleUsersManager', 'Users Manager');
$usersManagerGroup->Sort = 0;
$usersManagerGroup->write();
Permission::grant($usersManagerGroup->ID, 'CMS_ACCESS_SecurityAdmin');
}
}
function doUp()
{
global $database;
if (intval(Group::get()->filter('Code', 'SUMMIT_FRONT_END_ADMINISTRATORS')->count()) > 0) {
return;
}
$g = Group::create();
$g->setTitle('Summit Front End Administrators');
$g->setDescription('Allows to Access to summit-admin application');
$g->setSlug('SUMMIT_FRONT_END_ADMINISTRATORS');
$g->write();
Permission::grant($g->getIdentifier(), 'ADMIN_SUMMIT_APP_FRONTEND_ADMIN');
}
function requireDefaultRecords()
{
parent::requireDefaultRecords();
//Create a new group for customers
$allGroups = DataObject::get('Group');
$existingCustomerGroup = $allGroups->find('Title', 'Customers');
if (!$existingCustomerGroup) {
$customerGroup = new Group();
$customerGroup->Title = 'Customers';
$customerGroup->setCode($customerGroup->Title);
$customerGroup->write();
Permission::grant($customerGroup->ID, 'VIEW_ORDER');
}
}
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
$groups = Config::inst()->get('Group', 'default_groups');
foreach ($groups as $group) {
$groupObj = Group::singleton()->findOrCreate(array('Code' => $group['code']));
$groupObj->Title = $group['title'];
$groupObj->write();
if (!empty($group['permissions'])) {
foreach ($group['permissions'] as $permission) {
if (!in_array($permission, $groupObj->Permissions()->column('Code'))) {
Permission::grant($groupObj->ID, $permission);
DB::alteration_message('Permission ' . $permission . ' has been granted to group ' . $groupObj->Title, 'created');
}
}
}
}
}
function up()
{
echo "Starting Migration Proc ...<BR>";
//check if migration already had ran ...
$migration = Migration::get()->filter('Name', $this->title)->first();
if (!$migration) {
$g = new Group();
$g->setTitle('CCLA Admin');
$g->setDescription('Company CCLA Admin');
$g->setSlug(ICLAMemberDecorator::CCLAGroupSlug);
$g->write();
Permission::grant($g->getIdentifier(), ICLAMemberDecorator::CCLAPermissionSlug);
$migration = new Migration();
$migration->Name = $this->title;
$migration->Description = $this->description;
$migration->Write();
}
echo "Ending Migration Proc ...<BR>";
}
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
$intranetGroup = Group::get()->filter(array("Code" => $this->Config()->get("group_code")))->first();
if ($intranetGroup && $intranetGroup->exists()) {
//do nothing
} else {
$intranetGroup = new Group();
DB::alteration_message($this->Config()->get("group_name") . ' group created', "created");
}
if ($intranetGroup) {
$intranetGroup->Code = $this->Config()->get("group_code");
$intranetGroup->Title = $this->Config()->get("group_name");
$intranetGroup->write();
Permission::grant($intranetGroup->ID, $this->Config()->get("permission_code"));
if (DB::query("\r\n\t\t\t\tSELECT *\r\n\t\t\t\tFROM Permission\r\n\t\t\t\tWHERE \"GroupID\" = '" . $intranetGroup->ID . "'\r\n\t\t\t\t\tAND \"Code\" LIKE '" . $this->Config()->get("permission_code") . "'")->numRecords() == 0) {
Permission::grant($intranetGroup->ID, $this->Config()->get("permission_code"));
DB::alteration_message($this->Config()->get("group_name") . ' permissions granted', "created");
}
}
}
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
// Add default FrontendMember group if none with permission code ADMIN exists
if (!defined('CreateDefaultGroupsOnce')) {
define('CreateDefaultGroupsOnce', true);
$authorGroup = Group::get_one("Group", "Code='content-authors'");
if (!$authorGroup) {
$authorGroup = new Group();
$authorGroup->Code = 'content-authors';
$authorGroup->Title = _t('Group.DefaultGroupTitleContentAuthors', 'Content Authors');
$authorGroup->Sort = 1;
$authorGroup->write();
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CMSMain');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_AssetAdmin');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_ReportAdmin');
Permission::grant($authorGroup->ID, 'SITETREE_REORGANISE');
}
Permission::grant($authorGroup->ID, 'ACCESS_CONTENT');
DB::alteration_message('Content Authors Group Permissions added', "created");
}
}
/**
* Add default records to database.
*
* This function is called whenever the database is built, after the
* database tables have all been created.
*/
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
// Add default poster group if it doesn't exist
$poster = Group::get()->filter("Code", 'discussions-posters')->first();
if (!$poster) {
$poster = new Group();
$poster->Code = 'discussions-posters';
$poster->Title = _t('Discussions.DefaultGroupTitlePosters', 'Discussion Posters');
$poster->Sort = 1;
$poster->write();
Permission::grant($poster->ID, 'DISCUSSIONS_REPLY');
DB::alteration_message('Discussion Poster Group Created', 'created');
}
// Add default modrator group if none exists
$moderator = Permission::get_groups_by_permission('DISCUSSIONS_MODERATION')->first();
if (!$moderator) {
$moderator = new Group();
$moderator->Code = 'discussions-moderators';
$moderator->Title = _t('Discussions.DefaultGroupTitleModerators', 'Discussion Moderators');
$moderator->Sort = 0;
$moderator->write();
Permission::grant($moderator->ID, 'DISCUSSIONS_MODERATION');
DB::alteration_message('Discussion Moderator Group Created', 'created');
}
// Now add these groups to a discussion holder (if one exists)
foreach (DiscussionHolder::get() as $page) {
if (!$page->PosterGroups()->count()) {
$page->PosterGroups()->add($poster);
$page->write();
DB::alteration_message('Added Poster Group to Discussions Holder', 'created');
}
if (!$page->ModeratorGroups()->count()) {
$page->ModeratorGroups()->add($moderator);
$page->write();
DB::alteration_message('Added Moderator Group to Discussions Holder', 'created');
}
}
}
/**
* Create the default Groups
* and add default admin to admin group
*/
public function requireDefaultRecords()
{
// Readers
$readersGroup = DataObject::get('Group')->filter(array('Code' => 'restfulapi-readers'));
if (!$readersGroup->count()) {
$readerGroup = new Group();
$readerGroup->Code = 'restfulapi-readers';
$readerGroup->Title = 'RESTful API Readers';
$readerGroup->Sort = 0;
$readerGroup->write();
Permission::grant($readerGroup->ID, 'RESTfulAPI_VIEW');
}
// Editors
$editorsGroup = DataObject::get('Group')->filter(array('Code' => 'restfulapi-editors'));
if (!$editorsGroup->count()) {
$editorGroup = new Group();
$editorGroup->Code = 'restfulapi-editors';
$editorGroup->Title = 'RESTful API Editors';
$editorGroup->Sort = 0;
$editorGroup->write();
Permission::grant($editorGroup->ID, 'RESTfulAPI_VIEW');
Permission::grant($editorGroup->ID, 'RESTfulAPI_EDIT');
Permission::grant($editorGroup->ID, 'RESTfulAPI_CREATE');
}
// Admins
$adminsGroup = DataObject::get('Group')->filter(array('Code' => 'restfulapi-administrators'));
if (!$adminsGroup->count()) {
$adminGroup = new Group();
$adminGroup->Code = 'restfulapi-administrators';
$adminGroup->Title = 'RESTful API Administrators';
$adminGroup->Sort = 0;
$adminGroup->write();
Permission::grant($adminGroup->ID, 'RESTfulAPI_VIEW');
Permission::grant($adminGroup->ID, 'RESTfulAPI_EDIT');
Permission::grant($adminGroup->ID, 'RESTfulAPI_CREATE');
Permission::grant($adminGroup->ID, 'RESTfulAPI_DELETE');
}
}
/**
* run the task
*/
function run($request)
{
$approvedCustomerGroup = EcommerceCorporateGroupGroupDecorator::get_approved_customer_group();
$approveCustomerPermissionCode = EcommerceCorporateGroupGroupDecorator::get_permission_code();
if (!$approvedCustomerGroup) {
$approvedCustomerGroup = new Group();
$approvedCustomerGroup->Code = EcommerceCorporateGroupGroupDecorator::get_code();
$approvedCustomerGroup->Title = EcommerceCorporateGroupGroupDecorator::get_name();
//$approvedCustomerGroup->ParentID = $parentGroup->ID;
$approvedCustomerGroup->write();
Permission::grant($approvedCustomerGroup->ID, $approveCustomerPermissionCode);
DB::alteration_message(EcommerceCorporateGroupGroupDecorator::get_name() . ' Group created', "created");
} elseif (DB::query("SELECT * FROM \"Permission\" WHERE \"GroupID\" = '" . $approvedCustomerGroup->ID . "' AND \"Code\" LIKE '" . $approveCustomerPermissionCode . "'")->numRecords() == 0) {
Permission::grant($approvedCustomerGroup->ID, $approveCustomerPermissionCode);
DB::alteration_message(EcommerceCorporateGroupGroupDecorator::get_name() . ' permissions granted', "created");
}
$approvedCustomerGroup = EcommerceCorporateGroupGroupDecorator::get_approved_customer_group();
if (!$approvedCustomerGroup) {
user_error("could not create user group");
} else {
DB::alteration_message(EcommerceCorporateGroupGroupDecorator::get_name() . ' is ready for use', "created");
}
}
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
if ($this->config()->create_default_pages) {
$groupHolder = DataObject::get_one('ScoutGroupHolder');
if (!$groupHolder) {
$groupHolder = new ScoutGroupHolder();
$groupHolder->Title = "Groups";
$groupHolder->URLSegment = 'groups';
$groupHolder->Status = 'Published';
$groupHolder->write();
$groupHolder->publish('Stage', 'Live');
DB::alteration_message('Scout Group Holder page created', 'created');
}
}
$districtAdmin = DataObject::get_one('Group', "Code = 'scout-district-admin'");
if (!$districtAdmin) {
$districtAdmin = new Group();
$districtAdmin->Code = 'scout-district-admin';
$districtAdmin->Title = _t('ScoutDistrict.Groups.SCOUTDISTRICTADMIN', 'Scout District Admin');
$districtAdmin->write();
Permission::grant($districtAdmin->ID, ScoutDistrictPermissions::$district_admin);
DB::alteration_message('Scout District Admin group created', 'created');
}
$groupManager = DataObject::get_one('Group', "Code = 'scout-group-manager'");
if (!$groupManager) {
$groupManager = new Group();
$groupManager->Code = 'scout-group-manager';
$groupManager->Title = _t('ScoutDistrict.Groups.SCOUTGROUPMANAGER', 'Scout Group Manager');
$groupManager->write();
Permission::grant($groupManager->ID, ScoutDistrictPermissions::$group_manager);
Permission::grant($groupManager->ID, "CMS_ACCESS_CMSMain");
DB::alteration_message('Scout Group Manager group created', 'created');
}
}
/**
* Add default records to database.
*
* This function is called whenever the database is built, after the
* database tables have all been created.
*/
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
// Add default author group if no other group exists
$allGroups = DataObject::get('Group');
if (!$allGroups) {
$authorGroup = new Group();
$authorGroup->Code = 'content-authors';
$authorGroup->Title = _t('Group.DefaultGroupTitleContentAuthors', 'Content Authors');
$authorGroup->Sort = 1;
$authorGroup->write();
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CMSMain');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_AssetAdmin');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_CommentAdmin');
Permission::grant($authorGroup->ID, 'CMS_ACCESS_ReportAdmin');
Permission::grant($authorGroup->ID, 'SITETREE_REORGANISE');
}
// Add default admin group if none with permission code ADMIN exists
$adminGroups = Permission::get_groups_by_permission('ADMIN');
if (!$adminGroups) {
$adminGroup = new Group();
$adminGroup->Code = 'administrators';
$adminGroup->Title = _t('Group.DefaultGroupTitleAdministrators', 'Administrators');
$adminGroup->Sort = 0;
$adminGroup->write();
Permission::grant($adminGroup->ID, 'ADMIN');
}
// Members are populated through Member->requireDefaultRecords()
}
/**
* Add default records to database
*
* This function is called whenever the database is built, after the
* database tables have all been created.
*/
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
$code = "ACCESS_FORUM";
if (!($forumGroup = DataObject::get_one("Group", "\"Group\".\"Code\" = 'forum-members'"))) {
$group = new Group();
$group->Code = 'forum-members';
$group->Title = "Forum Members";
$group->write();
Permission::grant($group->ID, $code);
DB::alteration_message(_t('Forum.GROUPCREATED', 'Forum Members group created'), "created");
} else {
if (DB::query("SELECT * FROM \"Permission\" WHERE \"GroupID\" = '{$forumGroup->ID}' AND \"Code\" LIKE '{$code}'")->numRecords() == 0) {
Permission::grant($forumGroup->ID, $code);
}
}
if (!($category = DataObject::get_one("ForumCategory"))) {
$category = new ForumCategory();
$category->Title = _t('Forum.DEFAULTCATEGORY', 'General');
$category->write();
}
if (!DataObject::get_one("ForumHolder")) {
$forumholder = new ForumHolder();
$forumholder->Title = "Forums";
$forumholder->URLSegment = "forums";
$forumholder->Content = "<p>" . _t('Forum.WELCOMEFORUMHOLDER', 'Welcome to SilverStripe Forum Module! This is the default ForumHolder page. You can now add forums.') . "</p>";
$forumholder->Status = "Published";
$forumholder->write();
$forumholder->publish("Stage", "Live");
DB::alteration_message(_t('Forum.FORUMHOLDERCREATED', 'ForumHolder page created'), "created");
$forum = new Forum();
$forum->Title = _t('Forum.TITLE', 'General Discussion');
$forum->URLSegment = "general-discussion";
$forum->ParentID = $forumholder->ID;
$forum->Content = "<p>" . _t('Forum.WELCOMEFORUM', 'Welcome to SilverStripe Forum Module! This is the default Forum page. You can now add topics.') . "</p>";
$forum->Status = "Published";
$forum->CategoryID = $category->ID;
$forum->write();
$forum->publish("Stage", "Live");
DB::alteration_message(_t('Forum.FORUMCREATED', 'Forum page created'), "created");
}
}
/**
* Test Member_GroupSet::add
*/
public function testOnChangeGroupsBySetIDList()
{
$staffMember = $this->objFromFixture('Member', 'staffmember');
// Setup new admin group
$newAdminGroup = new Group(array('Title' => 'newadmin'));
$newAdminGroup->write();
Permission::grant($newAdminGroup->ID, 'ADMIN');
// Test staff member can't be added to admin groups
$this->assertFalse($staffMember->inGroup($newAdminGroup));
$staffMember->Groups()->setByIDList(array($newAdminGroup->ID));
$this->assertFalse($staffMember->inGroup($newAdminGroup), 'Adding new admin group relation is not allowed for non-admin members');
}
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
$bt = defined('DB::USE_ANSI_SQL') ? "\"" : "`";
$update = array();
$group = Group::get()->filter(array("Code" => self::$register_group_code))->first();
if (!$group) {
$group = new Group();
$group->Code = self::$register_group_code;
$group->Title = self::$register_group_title;
$group->write();
Permission::grant($group->ID, self::$register_group_access_key);
DB::alteration_message("GROUP: " . self::$register_group_code . ' (' . self::$register_group_title . ')', "created");
} elseif (DB::query("SELECT * FROM Permission WHERE {$bt}GroupID{$bt} = " . $group->ID . " AND {$bt}Code{$bt} = '" . self::$register_group_access_key . "'")->numRecords() == 0) {
Permission::grant($group->ID, self::$register_group_access_key);
}
$page = RegisterAndEditDetailsPage::get()->first();
if (!$page) {
$page = new RegisterAndEditDetailsPage();
$page->Title = "Register";
$page->URLSegment = "register";
$page->MenuTitle = "Register";
$update[] = "created RegisterAndEditDetailsPage";
}
if ($page) {
//REGISTER
if (strlen($page->Content) < 17) {
$page->Content = "<p>Please log in or register here.</p>";
$update[] = "updated Content";
}
//WELCOME !
if (!$page->WelcomeTitle) {
$page->WelcomeTitle = "Thank you for registering";
$update[] = "updated WelcomeTitle";
}
if (strlen($page->WelcomeContent) < 17) {
$page->WelcomeContent = "<p>Thank you for registration. Please make sure to remember your username and password.</p>";
$update[] = "updated WelcomeContent";
}
// WELCOME BACK
if (!$page->TitleLoggedIn) {
$page->TitleLoggedIn = "Welcome back";
$update[] = "updated TitleLoggedIn";
}
if (!$page->MenuTitleLoggedIn) {
$page->MenuTitleLoggedIn = "Welcome back";
$update[] = "updated MenuTitleLoggedIn";
}
if (strlen($page->ContentLoggedIn) < 17) {
$page->ContentLoggedIn = "<p>Welcome back - you can do the following ....</p>";
$update[] = "updated ContentLoggedIn";
}
//THANK YOU FOR UPDATING
if (!$page->ThankYouTitle) {
$page->ThankYouTitle = "Thank you for updating your details";
$update[] = "updated ThankYouTitle";
}
if (strlen($page->ThankYouContent) < 17) {
$page->ThankYouContent = "<p>Thank you for updating your details. </p>";
$update[] = "updated ThankYouContent";
}
//ERRORS!
if (!$page->ErrorEmailAddressAlreadyExists) {
$page->ErrorEmailAddressAlreadyExists = "Sorry, that email address is already in use by someone else. You may have setup an account in the past or mistyped your email address.";
$update[] = "updated ErrorEmailAddressAlreadyExists";
}
if (!$page->ErrorBadEmail) {
$page->ErrorBadEmail = "Sorry, that does not appear a valid email address.";
$update[] = "updated ErrorBadEmail";
}
if (!$page->ErrorPasswordDoNotMatch) {
$page->ErrorPasswordDoNotMatch = "Your passwords do not match. Please try again.";
$update[] = "updated ErrorPasswordDoNotMatch";
}
if (!$page->ErrorMustSupplyPassword) {
$page->ErrorMustSupplyPassword = "******";
$update[] = "updated ErrorMustSupplyPassword";
}
if (count($update)) {
$page->writeToStage('Stage');
$page->publish('Stage', 'Live');
DB::alteration_message($page->ClassName . " created/updated: <ul><li>" . implode("</li><li>", $update) . "</li></ul>", 'created');
}
}
}
/**
* Add default records to database.
*
* This function is called whenever the database is built, after the
* database tables have all been created.
*/
public function requireDefaultRecords() {
parent::requireDefaultRecords();
// Add default content if blank
if(!DB::query("SELECT ID FROM Permission")->value() && array_key_exists('CanCMSAdmin', DB::fieldList('Group'))) {
$admins = DB::query("SELECT ID FROM `Group` WHERE CanCMSAdmin = 1")
->column();
if(isset($admins)) {
foreach($admins as $admin)
Permission::grant($admin, "ADMIN");
}
$authors = DB::query("SELECT ID FROM `Group` WHERE CanCMS = 1")
->column();
if(isset($authors)) {
foreach($authors as $author) {
Permission::grant($author, "CMS_ACCESS_CMSMain");
Permission::grant($author, "CMS_ACCESS_AssetAdmin");
Permission::grant($author, "CMS_ACCESS_NewsletterAdmin");
Permission::grant($author, "CMS_ACCESS_ReportAdmin");
}
}
}
}
/**
* Add default records to database
*/
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
if (!($businessGroup = DataObject::get_one("Group", "Code = '" . self::get_member_group_code() . "'"))) {
$group = new Group();
$group->Code = self::get_member_group_code();
$group->Title = self::get_member_group_title();
$group->write();
Permission::grant($group->ID, self::$access_code);
DB::alteration_message(self::get_member_group_code() . ' group created', 'created');
} elseif (DB::query("SELECT COUNT(*) FROM Permission WHERE GroupID = " . $businessGroup->ID . " AND Code LIKE '" . self::$access_code . "'")->value() == 0) {
Permission::grant($businessGroup->ID, self::$access_code);
}
}
/**
* Creates default Staff Member group
*/
public function requireDefaultRecords()
{
$staffGroup = Group::get()->filter(array('Code' => 'staff-members'));
if (!$staffGroup->count()) {
/** @var Group $staffGroup */
$staffGroup = Group::create(array('Title' => _t('Roster.DefaultGroupTitleStaffMembers', 'Staff Members'), 'Code' => 'staff-members'));
$staffGroup->write();
Permission::grant($staffGroup->ID, 'VIEW_ROSTER');
DB::alteration_message(_t('Roster.GroupCreated', 'Staff Members group created'), 'created');
}
}
/**
* Example: Given a "group" "Admin" with permissions "Access to 'Pages' section" and "Access to 'Files' section"
*
* @Given /^(?:(an|a|the) )"group" "(?<id>[^"]+)" (?:(with|has)) permissions (?<permissionStr>.*)$/
*/
public function stepCreateGroupWithPermissions($id, $permissionStr)
{
// Convert natural language permissions to codes
preg_match_all('/"([^"]+)"/', $permissionStr, $matches);
$permissions = $matches[1];
$codes = \Permission::get_codes(false);
$group = $this->fixtureFactory->get('Group', $id);
if (!$group) {
$group = $this->fixtureFactory->createObject('Group', $id);
}
foreach ($permissions as $permission) {
$found = false;
foreach ($codes as $code => $details) {
if ($permission == $code || $permission == $details['name']) {
\Permission::grant($group->ID, $code);
$found = true;
}
}
if (!$found) {
throw new \InvalidArgumentException(sprintf('No permission found for "%s"', $permission));
}
}
}
/**
* @todo Find more appropriate place to hook into database building
*/
function requireDefaultRecords()
{
// @todo This relies on the Locale attribute being on the base data class, and not any subclasses
if ($this->owner->class != ClassInfo::baseDataClass($this->owner->class)) {
return false;
}
// Permissions: If a group doesn't have any specific TRANSLATE_<locale> edit rights,
// but has CMS_ACCESS_CMSMain (general CMS access), then assign TRANSLATE_ALL permissions as a default.
// Auto-setting permissions based on these intransparent criteria is a bit hacky,
// but unavoidable until we can determine when a certain permission code was made available first
// (see http://open.silverstripe.org/ticket/4940)
$groups = Permission::get_groups_by_permission(array('CMS_ACCESS_CMSMain', 'CMS_ACCESS_LeftAndMain', 'ADMIN'));
if ($groups) {
foreach ($groups as $group) {
$codes = $group->Permissions()->column('Code');
$hasTranslationCode = false;
foreach ($codes as $code) {
if (preg_match('/^TRANSLATE_/', $code)) {
$hasTranslationCode = true;
}
}
// Only add the code if no more restrictive code exists
if (!$hasTranslationCode) {
Permission::grant($group->ID, 'TRANSLATE_ALL');
}
}
}
// If the Translatable extension was added after the first records were already
// created in the database, make sure to update the Locale property if
// if wasn't set before
$idsWithoutLocale = DB::query(sprintf('SELECT "ID" FROM "%s" WHERE "Locale" IS NULL OR "Locale" = \'\'', ClassInfo::baseDataClass($this->owner->class)))->column();
if (!$idsWithoutLocale) {
return;
}
if ($this->owner->class == 'SiteTree') {
foreach (array('Stage', 'Live') as $stage) {
foreach ($idsWithoutLocale as $id) {
$obj = Versioned::get_one_by_stage($this->owner->class, $stage, sprintf('"SiteTree"."ID" = %d', $id));
if (!$obj) {
continue;
}
$obj->Locale = Translatable::default_locale();
$obj->writeToStage($stage);
$obj->addTranslationGroup($obj->ID);
$obj->destroy();
unset($obj);
}
}
} else {
foreach ($idsWithoutLocale as $id) {
$obj = DataObject::get_by_id($this->owner->class, $id);
if (!$obj) {
continue;
}
$obj->Locale = Translatable::default_locale();
$obj->write();
$obj->addTranslationGroup($obj->ID);
$obj->destroy();
unset($obj);
}
}
DB::alteration_message(sprintf("Added default locale '%s' to table %s", "changed", Translatable::default_locale(), $this->owner->class));
}
/**
* Setup the default groups
*
* @return void
*/
function augmentDefaultRecords()
{
// For 2.3 and 2.4 compatibility
$bt = defined('DB::USE_ANSI_SQL') ? "\"" : "`";
$query = "SELECT \"ID\" FROM {$bt}Group{$bt} WHERE {$bt}Group{$bt}.{$bt}Code{$bt} = 'site-content-authors'";
if (!DB::query($query)->value()) {
$authorGroup = Object::create('Group');
$authorGroup->Title = 'Site Content Authors';
$authorGroup->Code = "site-content-authors";
$authorGroup->write();
Permission::grant($authorGroup->ID, "CMS_ACCESS_CMSMain");
Permission::grant($authorGroup->ID, "CMS_ACCESS_AssetAdmin");
if (method_exists('DB', 'alteration_message')) {
DB::alteration_message("Added site content author group", "created");
}
}
$query = "SELECT \"ID\" FROM {$bt}Group{$bt} WHERE {$bt}Group{$bt}.{$bt}Code{$bt} = 'site-content-approvers'";
if (!DB::query($query)->value()) {
$approversGroup = Object::create('Group');
$approversGroup->Title = 'Site Content Approvers';
$approversGroup->Code = "site-content-approvers";
$approversGroup->write();
Permission::grant($approversGroup->ID, "CMS_ACCESS_CMSMain");
Permission::grant($approversGroup->ID, "CMS_ACCESS_AssetAdmin");
if (method_exists('DB', 'alteration_message')) {
DB::alteration_message("Added site content approver group", "created");
}
}
$query = "SELECT \"ID\" FROM {$bt}Group{$bt} WHERE {$bt}Group{$bt}.{$bt}Code{$bt} = 'site-content-publishers'";
if (!DB::query($query)->value()) {
$actionersGroup = Object::create('Group');
$actionersGroup->Title = 'Site Content Publishers';
$actionersGroup->Code = "site-content-publishers";
$actionersGroup->write();
Permission::grant($actionersGroup->ID, "CMS_ACCESS_CMSMain");
Permission::grant($actionersGroup->ID, "CMS_ACCESS_AssetAdmin");
if (method_exists('DB', 'alteration_message')) {
DB::alteration_message("Added site content publisher group", "created");
}
}
}
function run($request)
{
$customerGroup = EcommerceRole::get_customer_group();
$customerPermissionCode = EcommerceConfig::get("EcommerceRole", "customer_permission_code");
if (!$customerGroup) {
$customerGroup = new Group();
$customerGroup->Code = EcommerceConfig::get("EcommerceRole", "customer_group_code");
$customerGroup->Title = EcommerceConfig::get("EcommerceRole", "customer_group_name");
$customerGroup->write();
Permission::grant($customerGroup->ID, $customerPermissionCode);
DB::alteration_message(EcommerceConfig::get("EcommerceRole", "customer_group_name") . ' Group created', "created");
} elseif (DB::query("SELECT * FROM \"Permission\" WHERE \"GroupID\" = '" . $customerGroup->ID . "' AND \"Code\" LIKE '" . $customerPermissionCode . "'")->numRecords() == 0) {
Permission::grant($customerGroup->ID, $customerPermissionCode);
DB::alteration_message(EcommerceConfig::get("EcommerceRole", "customer_group_name") . ' permissions granted', "created");
}
$customerGroup = EcommerceRole::get_customer_group();
if (!$customerGroup) {
user_error("could not create user group");
} else {
DB::alteration_message(EcommerceConfig::get("EcommerceRole", "customer_group_name") . ' is ready for use', "created");
}
$adminGroup = EcommerceRole::get_admin_group();
$adminCode = EcommerceConfig::get("EcommerceRole", "admin_group_code");
$adminName = EcommerceConfig::get("EcommerceRole", "admin_group_name");
$adminPermissionCode = EcommerceConfig::get("EcommerceRole", "admin_permission_code");
$adminRoleTitle = EcommerceConfig::get("EcommerceRole", "admin_role_title");
if (!$adminGroup) {
$adminGroup = new Group();
$adminGroup->Code = $adminCode;
$adminGroup->Title = $adminName;
$adminGroup->write();
Permission::grant($adminGroup->ID, $adminPermissionCode);
DB::alteration_message($adminName . ' Group created', "created");
} elseif (DB::query("SELECT * FROM \"Permission\" WHERE \"GroupID\" = '" . $adminGroup->ID . "' AND \"Code\" LIKE '" . $adminPermissionCode . "'")->numRecords() == 0) {
Permission::grant($adminGroup->ID, $adminPermissionCode);
DB::alteration_message($adminName . ' permissions granted', "created");
}
$permissionRole = DataObject::get_one("PermissionRole", "\"Title\" = '" . $adminRoleTitle . "'");
if (!$permissionRole) {
$permissionRole = new PermissionRole();
$permissionRole->Title = $adminRoleTitle;
$permissionRole->OnlyAdminCanApply = true;
$permissionRole->write();
}
if ($permissionRole) {
$permissionArray = EcommerceConfig::get("EcommerceRole", "admin_role_permission_codes");
if (is_array($permissionArray) && count($permissionArray) && $permissionRole) {
foreach ($permissionArray as $permissionCode) {
$permissionRoleCode = DataObject::get_one("PermissionRoleCode", "\"Code\" = '{$permissionCode}'");
if (!$permissionRoleCode) {
$permissionRoleCode = new PermissionRoleCode();
$permissionRoleCode->Code = $permissionCode;
$permissionRoleCode->RoleID = $permissionRole->ID;
$permissionRoleCode->write();
}
}
}
if ($adminGroup) {
$existingGroups = $permissionRole->Groups();
$existingGroups->add($adminGroup);
}
}
}
/**
* Return a member with administrator privileges
*
* @return Member Returns a member object that has administrator
* privileges.
*/
static function findAnAdministrator($username = '******', $password = '******')
{
$permission = DataObject::get_one("Permission", "`Code` = 'ADMIN'", true, "ID");
$adminGroup = null;
if ($permission) {
$adminGroup = DataObject::get_one("Group", "`ID` = '{$permission->GroupID}'", true, "ID");
}
if ($adminGroup) {
if ($adminGroup->Members()->First()) {
$member = $adminGroup->Members()->First();
}
}
if (!$adminGroup) {
$adminGroup = Object::create('Group');
$adminGroup->Title = 'Administrators';
$adminGroup->Code = "administrators";
$adminGroup->write();
Permission::grant($adminGroup->ID, "ADMIN");
}
if (!isset($member)) {
$member = Object::create('Member');
$member->FirstName = $member->Surname = 'Admin';
$member->Email = $username;
$member->Password = $password;
$member->write();
$member->Groups()->add($adminGroup);
}
return $member;
}
/**
* set up a group with permissions, roles, etc...
* also @see EcommerceRole::providePermissions
* also note that this class implements PermissionProvider
* @param String $code code for the group - will always be converted to lowercase
* @param String $name title for the group
* @param Group | String $parentGroup group object that is the parent of the group. You can also provide a string (name / title of group)
* @param String $permissionCode Permission Code for the group (e.g. CMS_DO_THIS_OR_THAT)
* @param String $roleTitle Role Title - e.g. Store Manager
* @param Array $permissionArray Permission Array - list of permission codes applied to the group
* @param Member | String $member Default Member added to the group (e.g. sales@mysite.co.nz). You can also provide an email address
*
*/
public function CreateGroup($code, $name, $parentGroup = null, $permissionCode = "", $roleTitle = "", $permissionArray = array(), $member = null)
{
//changing to lower case seems to be very important
//unidentified bug so far
$code = strtolower($code);
if (!$code) {
user_error("Can't create a group without a {$code} ({$name})");
}
if (!$name) {
user_error("Can't create a group without a {$name} ({$code})");
}
$group = Group::get()->filter(array("Code" => $code))->first();
$groupCount = Group::get()->filter(array("Code" => $code))->count();
$groupStyle = "updated";
if ($groupCount > 1) {
user_error("There is more than one group with the {$name} ({$code}) Code");
}
if (!$group) {
$group = Group::create();
$group->Code = $code;
$groupStyle = "created";
}
$group->Locked = 1;
$group->Title = $name;
$parentGroupStyle = "updated";
if ($parentGroup) {
DB::alteration_message("adding parent group");
if (is_string($parentGroup)) {
$parentGroupName = $parentGroup;
$parentGroup = Group::get()->filter(array("Title" => $parentGroupName))->first();
if (!$parentGroup) {
$parentGroup = Group::create();
$parentGroupStyle = "created";
$parentGroup->Title = $parentGroupName;
$parentGroup->write();
DB::alteration_message("{$parentGroupStyle} {$parentGroupName}", $parentGroupStyle);
}
}
if ($parentGroup) {
$group->ParentID = $parentGroup->ID;
}
}
$group->write();
DB::alteration_message("{$groupStyle} {$name} ({$code}) group", $groupStyle);
$doubleGroups = Group::get()->filter(array("Code" => $code))->exclude(array("ID" => $group->ID));
if ($doubleGroups->count()) {
DB::alteration_message($doubleGroups->count() . " groups with the same name", "deleted");
$realMembers = $group->Members();
foreach ($doubleGroups as $doubleGroup) {
$fakeMembers = $doubleGroup->Members();
foreach ($fakeMembers as $fakeMember) {
DB::alteration_message("adding customers: " . $fakeMember->Email, "created");
$realMembers->add($fakeMember);
}
DB::alteration_message("deleting double group ", "deleted");
$doubleGroup->delete();
}
}
if ($permissionCode) {
$permissionCodeCount = DB::query("SELECT * FROM \"Permission\" WHERE \"GroupID\" = '" . $group->ID . "' AND \"Code\" LIKE '" . $permissionCode . "'")->numRecords();
if ($permissionCodeCount == 0) {
DB::alteration_message("granting " . $name . " permission code {$permissionCode} ", "created");
Permission::grant($group->ID, $permissionCode);
} else {
DB::alteration_message($name . " permission code {$permissionCode} already granted");
}
}
//we unset it here to avoid confusion with the
//other codes we use later on
unset($permissionCode);
if ($roleTitle) {
$permissionRole = PermissionRole::get()->Filter(array("Title" => $roleTitle))->First();
$permissionRoleCount = PermissionRole::get()->Filter(array("Title" => $roleTitle))->Count();
if ($permissionRoleCount > 1) {
db::alteration_message("There is more than one Permission Role with title {$roleTitle} ({$permissionCodeObjectCount})", "deleted");
$permissionRolesToDelete = PermissionRole::get()->Filter(array("Title" => $roleTitle))->Exclude(array("ID" => $permissionRole->ID));
foreach ($permissionRolesToDelete as $permissionRoleToDelete) {
db::alternation_message("DELETING double permission role {$roleTitle}", "deleted");
$permissionRoleToDelete->delete();
}
}
if ($permissionRole) {
//do nothing
DB::alteration_message("{$roleTitle} role in place");
} else {
DB::alteration_message("adding {$roleTitle} role", "created");
$permissionRole = PermissionRole::create();
$permissionRole->Title = $roleTitle;
$permissionRole->OnlyAdminCanApply = true;
$permissionRole->write();
}
if ($permissionRole) {
if (is_array($permissionArray) && count($permissionArray)) {
DB::alteration_message("working with " . implode(", ", $permissionArray));
foreach ($permissionArray as $permissionRoleCode) {
$permissionRoleCodeObject = PermissionRoleCode::get()->Filter(array("Code" => $permissionRoleCode, "RoleID" => $permissionRole->ID))->First();
$permissionRoleCodeObjectCount = PermissionRoleCode::get()->Filter(array("Code" => $permissionRoleCode, "RoleID" => $permissionRole->ID))->Count();
if ($permissionRoleCodeObjectCount > 1) {
$permissionRoleCodeObjectsToDelete = PermissionRoleCode::get()->Filter(array("Code" => $permissionRoleCode, "RoleID" => $permissionRole->ID))->Exclude(array("ID" => $permissionRoleCodeObject->ID));
foreach ($permissionRoleCodeObjectsToDelete as $permissionRoleCodeObjectToDelete) {
db::alteration_message("DELETING double permission code {$permissionRoleCode} for " . $permissionRole->Title, "deleted");
$permissionRoleCodeObjectToDelete->delete();
}
db::alteration_message("There is more than one Permission Role Code in " . $permissionRole->Title . " with Code = {$permissionRoleCode} ({$permissionRoleCodeObjectCount})", "deleted");
}
if ($permissionRoleCodeObject) {
//do nothing
} else {
$permissionRoleCodeObject = PermissionRoleCode::create();
$permissionRoleCodeObject->Code = $permissionRoleCode;
$permissionRoleCodeObject->RoleID = $permissionRole->ID;
}
DB::alteration_message("adding " . $permissionRoleCodeObject->Code . " to " . $permissionRole->Title);
$permissionRoleCodeObject->write();
}
}
if ($group && $permissionRole) {
if (DB::query("SELECT COUNT(*) FROM Group_Roles WHERE GroupID = " . $group->ID . " AND PermissionRoleID = " . $permissionRole->ID)->value() == 0) {
db::alteration_message("ADDING " . $permissionRole->Title . " permission role to " . $group->Title . " group", "created");
$existingGroups = $permissionRole->Groups();
$existingGroups->add($group);
} else {
db::alteration_message("CHECKED " . $permissionRole->Title . " permission role to " . $group->Title . " group");
}
} else {
db::alteration_message("ERROR: missing group or permissionRole", "deleted");
}
}
}
if ($member) {
if (is_string($member)) {
$email = $member;
$member = Member::get()->filter(array("Email" => $email))->first();
if (!$member) {
DB::alteration_message("Creating default user", "created");
$member = Member::create();
$member->FirstName = $code;
$member->Surname = $name;
$member->Email = $email;
$member->write();
}
}
if ($member) {
DB::alteration_message(" adding member " . $member->Email . " to group " . $group->Title, "created");
$member->Groups()->add($group);
}
} else {
DB::alteration_message("No need to add user");
}
}
public function testOnChangeGroups()
{
$staffGroup = $this->objFromFixture('Group', 'staffgroup');
$adminGroup = $this->objFromFixture('Group', 'admingroup');
$staffMember = $this->objFromFixture('Member', 'staffmember');
$adminMember = $this->objFromFixture('Member', 'admin');
$newAdminGroup = new Group(array('Title' => 'newadmin'));
$newAdminGroup->write();
Permission::grant($newAdminGroup->ID, 'ADMIN');
$newOtherGroup = new Group(array('Title' => 'othergroup'));
$newOtherGroup->write();
$this->assertTrue($staffMember->onChangeGroups(array($staffGroup->ID)), 'Adding existing non-admin group relation is allowed for non-admin members');
$this->assertTrue($staffMember->onChangeGroups(array($newOtherGroup->ID)), 'Adding new non-admin group relation is allowed for non-admin members');
$this->assertFalse($staffMember->onChangeGroups(array($newAdminGroup->ID)), 'Adding new admin group relation is not allowed for non-admin members');
$this->session()->inst_set('loggedInAs', $adminMember->ID);
$this->assertTrue($staffMember->onChangeGroups(array($newAdminGroup->ID)), 'Adding new admin group relation is allowed for normal users, when granter is logged in as admin');
$this->session()->inst_set('loggedInAs', null);
$this->assertTrue($adminMember->onChangeGroups(array($newAdminGroup->ID)), 'Adding new admin group relation is allowed for admin members');
}
/**
* Add default records to database
*
* This function is called whenever the database is built, after the
* database tables have all been created.
*/
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
$code = "ACCESS_FORUM";
if (!($forumGroup = Group::get()->filter('Code', 'forum-members')->first())) {
$group = new Group();
$group->Code = 'forum-members';
$group->Title = "Forum Members";
$group->write();
Permission::grant($group->ID, $code);
DB::alteration_message(_t('Forum.GROUPCREATED', 'Forum Members group created'), 'created');
} else {
if (!Permission::get()->filter(array('GroupID' => $forumGroup->ID, 'Code' => $code))->exists()) {
Permission::grant($forumGroup->ID, $code);
}
}
if (!($category = ForumCategory::get()->first())) {
$category = new ForumCategory();
$category->Title = _t('Forum.DEFAULTCATEGORY', 'General');
$category->write();
}
if (!ForumHolder::get()->exists()) {
$forumholder = new ForumHolder();
$forumholder->Title = "Forums";
$forumholder->URLSegment = "forums";
$forumholder->Content = "<p>" . _t('Forum.WELCOMEFORUMHOLDER', 'Welcome to SilverStripe Forum Module! This is the default ForumHolder page. You can now add forums.') . "</p>";
$forumholder->Status = "Published";
$forumholder->write();
$forumholder->publish("Stage", "Live");
DB::alteration_message(_t('Forum.FORUMHOLDERCREATED', 'ForumHolder page created'), "created");
$forum = new Forum();
$forum->Title = _t('Forum.TITLE', 'General Discussion');
$forum->URLSegment = "general-discussion";
$forum->ParentID = $forumholder->ID;
$forum->Content = "<p>" . _t('Forum.WELCOMEFORUM', 'Welcome to SilverStripe Forum Module! This is the default Forum page. You can now add topics.') . "</p>";
$forum->Status = "Published";
$forum->CategoryID = $category->ID;
$forum->write();
$forum->publish("Stage", "Live");
DB::alteration_message(_t('Forum.FORUMCREATED', 'Forum page created'), "created");
}
}