public function getEditForm($id = null, $fields = null) { // TODO Duplicate record fetching (see parent implementation) if (!$id) { $id = $this->currentPageID(); } $form = parent::getEditForm($id); // TODO Duplicate record fetching (see parent implementation) $record = $this->getRecord($id); if ($record && !$record->canView()) { return Security::permissionFailure($this); } $memberList = GridField::create('Members', false, Member::get(), $memberListConfig = GridFieldConfig_RecordEditor::create()->addComponent(new GridFieldButtonRow('after'))->addComponent(new GridFieldExportButton('buttons-after-left')))->addExtraClass("members_grid"); if ($record && method_exists($record, 'getValidator')) { $validator = $record->getValidator(); } else { $validator = Injector::inst()->get('Member')->getValidator(); } $memberListConfig->getComponentByType('GridFieldDetailForm')->setValidator($validator); $groupList = GridField::create('Groups', false, Group::get(), GridFieldConfig_RecordEditor::create()); $columns = $groupList->getConfig()->getComponentByType('GridFieldDataColumns'); $columns->setDisplayFields(array('Breadcrumbs' => singleton('Group')->fieldLabel('Title'))); $columns->setFieldFormatting(array('Breadcrumbs' => function ($val, $item) { return Convert::raw2xml($item->getBreadcrumbs(' > ')); })); $fields = new FieldList($root = new TabSet('Root', $usersTab = new Tab('Users', _t('SecurityAdmin.Users', 'Users'), $memberList, new LiteralField('MembersCautionText', sprintf('<p class="caution-remove"><strong>%s</strong></p>', _t('SecurityAdmin.MemberListCaution', 'Caution: Removing members from this list will remove them from all groups and the' . ' database')))), $groupsTab = new Tab('Groups', singleton('Group')->i18n_plural_name(), $groupList)), new HiddenField('ID', false, 0)); // Add import capabilities. Limit to admin since the import logic can affect assigned permissions if (Permission::check('ADMIN')) { $fields->addFieldsToTab('Root.Users', array(new HeaderField(_t('SecurityAdmin.IMPORTUSERS', 'Import users'), 3), new LiteralField('MemberImportFormIframe', sprintf('<iframe src="%s" id="MemberImportFormIframe" width="100%%" height="250px" frameBorder="0">' . '</iframe>', $this->Link('memberimport'))))); $fields->addFieldsToTab('Root.Groups', array(new HeaderField(_t('SecurityAdmin.IMPORTGROUPS', 'Import groups'), 3), new LiteralField('GroupImportFormIframe', sprintf('<iframe src="%s" id="GroupImportFormIframe" width="100%%" height="250px" frameBorder="0">' . '</iframe>', $this->Link('groupimport'))))); } // Tab nav in CMS is rendered through separate template $root->setTemplate('CMSTabSet'); // Add roles editing interface if (Permission::check('APPLY_ROLES')) { $rolesField = GridField::create('Roles', false, PermissionRole::get(), GridFieldConfig_RecordEditor::create()); $rolesTab = $fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.TABROLES', 'Roles')); $rolesTab->push($rolesField); } $actionParam = $this->getRequest()->param('Action'); if ($actionParam == 'groups') { $groupsTab->addExtraClass('ui-state-active'); } elseif ($actionParam == 'users') { $usersTab->addExtraClass('ui-state-active'); } elseif ($actionParam == 'roles') { $rolesTab->addExtraClass('ui-state-active'); } $actions = new FieldList(); $form = Form::create($this, 'EditForm', $fields, $actions)->setHTMLID('Form_EditForm'); $form->addExtraClass('cms-edit-form'); $form->setTemplate($this->getTemplatesWithSuffix('_EditForm')); // Tab nav in CMS is rendered through separate template if ($form->Fields()->hasTabset()) { $form->Fields()->findOrMakeTab('Root')->setTemplate('CMSTabSet'); } $form->addExtraClass('center ss-tabset cms-tabset ' . $this->BaseCSSClasses()); $form->setAttribute('data-pjax-fragment', 'CurrentForm'); $this->extend('updateEditForm', $form); return $form; }
public function vistaPermisos() { $roles = Role::select("id", "name")->orderBy("id")->get(); $permisos = PermissionRole::where("role_id", "=", "2")->select("id", "estado")->orderBy("id")->get(); $user_id = Auth::user()->id; $breadcrumbs = Neighbors::select('neighbors.name as name_ne', 'neighbors.last_name', 'urbanisms.name as name_ur ')->join('neighbors_properties', 'neighbors.id', '=', 'neighbors_properties.neighbors_id')->join('urbanisms', 'neighbors_properties.urbanism_id', '=', 'urbanisms.id')->where('neighbors.user_id', '=', $user_id)->first(); $breadcrumbs_data = $breadcrumbs->name_ne . " " . $breadcrumbs->last_name . " [" . $breadcrumbs->name_ur . "]"; return View::make("dashboard.roles.rolPermisos")->with(array("roles" => $roles, "permisos" => $permisos, 'breadcrumbs_data' => $breadcrumbs_data)); }
public function setPermissionRecipient($recipient) { if ($recipient instanceof User) { $this->permissionRecipient = $recipient instanceof PermissionUser ? $recipient : PermissionUser::createFromUser($recipient); } elseif ($recipient instanceof Role) { $this->permissionRecipient = $recipient instanceof PermissionRole ? $recipient : PermissionRole::createFromRole($recipient); } else { throw new \Exception('Must provide User or Role object to setPermissionRecipient'); } }
public static function handle_manipulation($manipulation) { $auditLogger = \Injector::inst()->get('AuditLogger'); $currentMember = \Member::currentUser(); if (!($currentMember && $currentMember->exists())) { return false; } foreach ($manipulation as $table => $details) { if (!in_array($details['command'], array('update', 'insert'))) { continue; } // logging writes to specific tables (just not when logging in, as it's noise) if (in_array($table, array('Member', 'Group', 'PermissionRole')) && !preg_match('/Security/', @$_SERVER['REQUEST_URI'])) { $data = $table::get()->byId($details['id']); if (!$data) { continue; } $actionText = 'modified ' . $table; $extendedText = ''; if ($table == 'Group') { $extendedText = sprintf('Effective permissions: %s', implode(array_values($data->Permissions()->map('ID', 'Code')->toArray()), ', ')); } if ($table == 'PermissionRole') { $extendedText = sprintf('Effective groups: %s, Effective permissions: %s', implode(array_values($data->Groups()->map('ID', 'Title')->toArray()), ', '), implode(array_values($data->Codes()->map('ID', 'Code')->toArray()), ', ')); } if ($table == 'Member') { $extendedText = sprintf('Effective groups: %s', implode(array_values($data->Groups()->map('ID', 'Title')->toArray()), ', ')); } $auditLogger->info(sprintf('"%s" (ID: %s) %s (ID: %s, ClassName: %s, Title: "%s", %s)', $currentMember->Email ?: $currentMember->Title, $currentMember->ID, $actionText, $details['id'], $data->ClassName, $data->Title, $extendedText)); } // log PermissionRole being added to a Group if ($table == 'Group_Roles') { $role = \PermissionRole::get()->byId($details['fields']['PermissionRoleID']); $group = \Group::get()->byId($details['fields']['GroupID']); // if the permission role isn't already applied to the group if (!\DB::query(sprintf('SELECT "ID" FROM "Group_Roles" WHERE "GroupID" = %s AND "PermissionRoleID" = %s', $details['fields']['GroupID'], $details['fields']['PermissionRoleID']))->value()) { $auditLogger->info(sprintf('"%s" (ID: %s) added PermissionRole "%s" (ID: %s) to Group "%s" (ID: %s)', $currentMember->Email ?: $currentMember->Title, $currentMember->ID, $role->Title, $role->ID, $group->Title, $group->ID)); } } // log Member added to a Group if ($table == 'Group_Members') { $member = \Member::get()->byId($details['fields']['MemberID']); $group = \Group::get()->byId($details['fields']['GroupID']); // if the user isn't already in the group, log they've been added if (!\DB::query(sprintf('SELECT "ID" FROM "Group_Members" WHERE "GroupID" = %s AND "MemberID" = %s', $details['fields']['GroupID'], $details['fields']['MemberID']))->value()) { $auditLogger->info(sprintf('"%s" (ID: %s) added Member "%s" (ID: %s) to Group "%s" (ID: %s)', $currentMember->Email ?: $currentMember->Title, $currentMember->ID, $member->Email ?: $member->Title, $member->ID, $group->Title, $group->ID)); } } } }
public function crearRol() { $rol = Input::all(); $reglas = array("rol" => "required|alpha"); $mensajes = array("rol.required" => "Ingrese un Rol", "rol.alpha" => "Solo se permiten letras"); $validar = Validator::make($rol, $reglas, $mensajes); if ($validar->passes()) { $role = new Role(); $role->name = Input::get("rol"); $role->save(); $permisos = Permission::get(); foreach ($permisos as $permiso) { $rol = new PermissionRole(); $rol->role_id = $role->id; $rol->state = 0; $rol->permission_id = $permiso['id']; $rol->save(); } $html = (string) View::make("dashboard.roles.rolesTablaRoles")->with(array("roles" => Role::all())); return Response::json(array("estado" => 1, "html" => $html)); } else { return Response::json(array("estado" => 2, "error" => $validar->getMessageBag()->toArray())); } }
public function getEditForm($id = null, $fields = null) { // TODO Duplicate record fetching (see parent implementation) if (!$id) { $id = $this->currentPageID(); } $form = parent::getEditForm($id); // TODO Duplicate record fetching (see parent implementation) $record = $this->getRecord($id); if ($record && !$record->canView()) { return Security::permissionFailure($this); } $memberList = GridField::create('Members', false, Member::get(), $memberListConfig = GridFieldConfig_RecordEditor::create()->addComponent(new GridFieldExportButton()))->addExtraClass("members_grid"); $memberListConfig->getComponentByType('GridFieldDetailForm')->setValidator(new Member_Validator()); $groupList = GridField::create('Groups', false, Group::get(), GridFieldConfig_RecordEditor::create()); $columns = $groupList->getConfig()->getComponentByType('GridFieldDataColumns'); $columns->setDisplayFields(array('Breadcrumbs' => singleton('Group')->fieldLabel('Title'))); $fields = new FieldList($root = new TabSet('Root', $usersTab = new Tab('Users', _t('SecurityAdmin.Users', 'Users'), $memberList, new LiteralField('MembersCautionText', sprintf('<p class="caution-remove"><strong>%s</strong></p>', _t('SecurityAdmin.MemberListCaution', 'Caution: Removing members from this list will remove them from all groups and the database'))), new HeaderField(_t('SecurityAdmin.IMPORTUSERS', 'Import users'), 3), new LiteralField('MemberImportFormIframe', sprintf('<iframe src="%s" id="MemberImportFormIframe" width="100%%" height="250px" border="0"></iframe>', $this->Link('memberimport')))), $groupsTab = new Tab('Groups', singleton('Group')->plural_name(), $groupList, new HeaderField(_t('SecurityAdmin.IMPORTGROUPS', 'Import groups'), 3), new LiteralField('GroupImportFormIframe', sprintf('<iframe src="%s" id="GroupImportFormIframe" width="100%%" height="250px" border="0"></iframe>', $this->Link('groupimport'))))), new HiddenField('ID', false, 0)); $root->setTemplate('CMSTabSet'); // Add roles editing interface if (Permission::check('APPLY_ROLES')) { $rolesField = GridField::create('Roles', false, PermissionRole::get(), GridFieldConfig_RecordEditor::create()); $rolesTab = $fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.TABROLES', 'Roles')); $rolesTab->push($rolesField); } $actionParam = $this->request->param('Action'); if ($actionParam == 'groups') { $groupsTab->addExtraClass('ui-state-selected'); } elseif ($actionParam == 'users') { $usersTab->addExtraClass('ui-state-selected'); } elseif ($actionParam == 'roles') { $rolesTab->addExtraClass('ui-state-selected'); } $actions = new FieldList(); $form = new Form($this, 'EditForm', $fields, $actions); $form->addExtraClass('cms-edit-form'); $form->setTemplate($this->getTemplatesWithSuffix('_EditForm')); if ($form->Fields()->hasTabset()) { $form->Fields()->findOrMakeTab('Root')->setTemplate('CMSTabSet'); } $form->addExtraClass('center ss-tabset cms-tabset ' . $this->BaseCSSClasses()); $form->setAttribute('data-pjax-fragment', 'CurrentForm'); $this->extend('updateEditForm', $form); return $form; }
/** * Caution: Only call on instances, not through a singleton. * The "root group" fields will be created through {@link SecurityAdmin->EditForm()}. * * @return FieldList */ public function getCMSFields() { Requirements::javascript(FRAMEWORK_DIR . '/javascript/PermissionCheckboxSetField.js'); $fields = new FieldList(new TabSet("Root", new Tab('Members', _t('SecurityAdmin.MEMBERS', 'Members'), new TextField("Title", $this->fieldLabel('Title')), $parentidfield = DropdownField::create('ParentID', $this->fieldLabel('Parent'), Group::get()->exclude('ID', $this->ID)->map('ID', 'Breadcrumbs'))->setEmptyString(' '), new TextareaField('Description', $this->fieldLabel('Description'))), $permissionsTab = new Tab('Permissions', _t('SecurityAdmin.PERMISSIONS', 'Permissions'), $permissionsField = new PermissionCheckboxSetField('Permissions', false, 'Permission', 'GroupID', $this)))); $parentidfield->setDescription(_t('Group.GroupReminder', 'If you choose a parent group, this group will take all it\'s roles')); // Filter permissions // TODO SecurityAdmin coupling, not easy to get to the form fields through GridFieldDetailForm $permissionsField->setHiddenPermissions((array) Config::inst()->get('SecurityAdmin', 'hidden_permissions')); if ($this->ID) { $group = $this; $config = GridFieldConfig_RelationEditor::create(); $config->addComponent(new GridFieldButtonRow('after')); $config->addComponents(new GridFieldExportButton('buttons-after-left')); $config->addComponents(new GridFieldPrintButton('buttons-after-left')); $config->getComponentByType('GridFieldAddExistingAutocompleter')->setResultsFormat('$Title ($Email)')->setSearchFields(array('FirstName', 'Surname', 'Email')); $config->getComponentByType('GridFieldDetailForm')->setValidator(new Member_Validator())->setItemEditFormCallback(function ($form, $component) use($group) { $record = $form->getRecord(); $groupsField = $form->Fields()->dataFieldByName('DirectGroups'); if ($groupsField) { // If new records are created in a group context, // set this group by default. if ($record && !$record->ID) { $groupsField->setValue($group->ID); } elseif ($record && $record->ID) { // TODO Mark disabled once chosen.js supports it // $groupsField->setDisabledItems(array($group->ID)); $form->Fields()->replaceField('DirectGroups', $groupsField->performReadonlyTransformation()); } } }); $memberList = GridField::create('Members', false, $this->DirectMembers(), $config)->addExtraClass('members_grid'); // @todo Implement permission checking on GridField //$memberList->setPermissions(array('edit', 'delete', 'export', 'add', 'inlineadd')); $fields->addFieldToTab('Root.Members', $memberList); } // Only add a dropdown for HTML editor configurations if more than one is available. // Otherwise Member->getHtmlEditorConfigForCMS() will default to the 'cms' configuration. $editorConfigMap = HtmlEditorConfig::get_available_configs_map(); if (count($editorConfigMap) > 1) { $fields->addFieldToTab('Root.Permissions', new DropdownField('HtmlEditorConfig', 'HTML Editor Configuration', $editorConfigMap), 'Permissions'); } if (!Permission::check('EDIT_PERMISSIONS')) { $fields->removeFieldFromTab('Root', 'Permissions'); } // Only show the "Roles" tab if permissions are granted to edit them, // and at least one role exists if (Permission::check('APPLY_ROLES') && DataObject::get('PermissionRole')) { $fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.ROLES', 'Roles')); $fields->addFieldToTab('Root.Roles', new LiteralField("", "<p>" . _t('SecurityAdmin.ROLESDESCRIPTION', "Roles are predefined sets of permissions, and can be assigned to groups.<br />" . "They are inherited from parent groups if required.") . '<br />' . sprintf('<a href="%s" class="add-role">%s</a>', singleton('SecurityAdmin')->Link('show/root#Root_Roles'), _t('Group.RolesAddEditLink', 'Manage roles')) . "</p>")); // Add roles (and disable all checkboxes for inherited roles) $allRoles = PermissionRole::get(); if (!Permission::check('ADMIN')) { $allRoles = $allRoles->filter("OnlyAdminCanApply", 0); } if ($this->ID) { $groupRoles = $this->Roles(); $inheritedRoles = new ArrayList(); $ancestors = $this->getAncestors(); foreach ($ancestors as $ancestor) { $ancestorRoles = $ancestor->Roles(); if ($ancestorRoles) { $inheritedRoles->merge($ancestorRoles); } } $groupRoleIDs = $groupRoles->column('ID') + $inheritedRoles->column('ID'); $inheritedRoleIDs = $inheritedRoles->column('ID'); } else { $groupRoleIDs = array(); $inheritedRoleIDs = array(); } $rolesField = ListboxField::create('Roles', false, $allRoles->map()->toArray())->setDefaultItems($groupRoleIDs)->setAttribute('data-placeholder', _t('Group.AddRole', 'Add a role for this group'))->setDisabledItems($inheritedRoleIDs); if (!$allRoles->Count()) { $rolesField->setAttribute('data-placeholder', _t('Group.NoRoles', 'No roles found')); } $fields->addFieldToTab('Root.Roles', $rolesField); } $fields->push($idField = new HiddenField("ID")); $this->extend('updateCMSFields', $fields); return $fields; }
/** * set up a group with permissions, roles, etc... * also @see EcommerceRole::providePermissions * also note that this class implements PermissionProvider * @param String $code code for the group - will always be converted to lowercase * @param String $name title for the group * @param Group | String $parentGroup group object that is the parent of the group. You can also provide a string (name / title of group) * @param String $permissionCode Permission Code for the group (e.g. CMS_DO_THIS_OR_THAT) * @param String $roleTitle Role Title - e.g. Store Manager * @param Array $permissionArray Permission Array - list of permission codes applied to the group * @param Member | String $member Default Member added to the group (e.g. sales@mysite.co.nz). You can also provide an email address * */ public function CreateGroup($code, $name, $parentGroup = null, $permissionCode = "", $roleTitle = "", $permissionArray = array(), $member = null) { //changing to lower case seems to be very important //unidentified bug so far $code = strtolower($code); if (!$code) { user_error("Can't create a group without a {$code} ({$name})"); } if (!$name) { user_error("Can't create a group without a {$name} ({$code})"); } $group = Group::get()->filter(array("Code" => $code))->first(); $groupCount = Group::get()->filter(array("Code" => $code))->count(); $groupStyle = "updated"; if ($groupCount > 1) { user_error("There is more than one group with the {$name} ({$code}) Code"); } if (!$group) { $group = Group::create(); $group->Code = $code; $groupStyle = "created"; } $group->Locked = 1; $group->Title = $name; $parentGroupStyle = "updated"; if ($parentGroup) { DB::alteration_message("adding parent group"); if (is_string($parentGroup)) { $parentGroupName = $parentGroup; $parentGroup = Group::get()->filter(array("Title" => $parentGroupName))->first(); if (!$parentGroup) { $parentGroup = Group::create(); $parentGroupStyle = "created"; $parentGroup->Title = $parentGroupName; $parentGroup->write(); DB::alteration_message("{$parentGroupStyle} {$parentGroupName}", $parentGroupStyle); } } if ($parentGroup) { $group->ParentID = $parentGroup->ID; } } $group->write(); DB::alteration_message("{$groupStyle} {$name} ({$code}) group", $groupStyle); $doubleGroups = Group::get()->filter(array("Code" => $code))->exclude(array("ID" => $group->ID)); if ($doubleGroups->count()) { DB::alteration_message($doubleGroups->count() . " groups with the same name", "deleted"); $realMembers = $group->Members(); foreach ($doubleGroups as $doubleGroup) { $fakeMembers = $doubleGroup->Members(); foreach ($fakeMembers as $fakeMember) { DB::alteration_message("adding customers: " . $fakeMember->Email, "created"); $realMembers->add($fakeMember); } DB::alteration_message("deleting double group ", "deleted"); $doubleGroup->delete(); } } if ($permissionCode) { $permissionCodeCount = DB::query("SELECT * FROM \"Permission\" WHERE \"GroupID\" = '" . $group->ID . "' AND \"Code\" LIKE '" . $permissionCode . "'")->numRecords(); if ($permissionCodeCount == 0) { DB::alteration_message("granting " . $name . " permission code {$permissionCode} ", "created"); Permission::grant($group->ID, $permissionCode); } else { DB::alteration_message($name . " permission code {$permissionCode} already granted"); } } //we unset it here to avoid confusion with the //other codes we use later on unset($permissionCode); if ($roleTitle) { $permissionRole = PermissionRole::get()->Filter(array("Title" => $roleTitle))->First(); $permissionRoleCount = PermissionRole::get()->Filter(array("Title" => $roleTitle))->Count(); if ($permissionRoleCount > 1) { db::alteration_message("There is more than one Permission Role with title {$roleTitle} ({$permissionCodeObjectCount})", "deleted"); $permissionRolesToDelete = PermissionRole::get()->Filter(array("Title" => $roleTitle))->Exclude(array("ID" => $permissionRole->ID)); foreach ($permissionRolesToDelete as $permissionRoleToDelete) { db::alternation_message("DELETING double permission role {$roleTitle}", "deleted"); $permissionRoleToDelete->delete(); } } if ($permissionRole) { //do nothing DB::alteration_message("{$roleTitle} role in place"); } else { DB::alteration_message("adding {$roleTitle} role", "created"); $permissionRole = PermissionRole::create(); $permissionRole->Title = $roleTitle; $permissionRole->OnlyAdminCanApply = true; $permissionRole->write(); } if ($permissionRole) { if (is_array($permissionArray) && count($permissionArray)) { DB::alteration_message("working with " . implode(", ", $permissionArray)); foreach ($permissionArray as $permissionRoleCode) { $permissionRoleCodeObject = PermissionRoleCode::get()->Filter(array("Code" => $permissionRoleCode, "RoleID" => $permissionRole->ID))->First(); $permissionRoleCodeObjectCount = PermissionRoleCode::get()->Filter(array("Code" => $permissionRoleCode, "RoleID" => $permissionRole->ID))->Count(); if ($permissionRoleCodeObjectCount > 1) { $permissionRoleCodeObjectsToDelete = PermissionRoleCode::get()->Filter(array("Code" => $permissionRoleCode, "RoleID" => $permissionRole->ID))->Exclude(array("ID" => $permissionRoleCodeObject->ID)); foreach ($permissionRoleCodeObjectsToDelete as $permissionRoleCodeObjectToDelete) { db::alteration_message("DELETING double permission code {$permissionRoleCode} for " . $permissionRole->Title, "deleted"); $permissionRoleCodeObjectToDelete->delete(); } db::alteration_message("There is more than one Permission Role Code in " . $permissionRole->Title . " with Code = {$permissionRoleCode} ({$permissionRoleCodeObjectCount})", "deleted"); } if ($permissionRoleCodeObject) { //do nothing } else { $permissionRoleCodeObject = PermissionRoleCode::create(); $permissionRoleCodeObject->Code = $permissionRoleCode; $permissionRoleCodeObject->RoleID = $permissionRole->ID; } DB::alteration_message("adding " . $permissionRoleCodeObject->Code . " to " . $permissionRole->Title); $permissionRoleCodeObject->write(); } } if ($group && $permissionRole) { if (DB::query("SELECT COUNT(*) FROM Group_Roles WHERE GroupID = " . $group->ID . " AND PermissionRoleID = " . $permissionRole->ID)->value() == 0) { db::alteration_message("ADDING " . $permissionRole->Title . " permission role to " . $group->Title . " group", "created"); $existingGroups = $permissionRole->Groups(); $existingGroups->add($group); } else { db::alteration_message("CHECKED " . $permissionRole->Title . " permission role to " . $group->Title . " group"); } } else { db::alteration_message("ERROR: missing group or permissionRole", "deleted"); } } } if ($member) { if (is_string($member)) { $email = $member; $member = Member::get()->filter(array("Email" => $email))->first(); if (!$member) { DB::alteration_message("Creating default user", "created"); $member = Member::create(); $member->FirstName = $code; $member->Surname = $name; $member->Email = $email; $member->write(); } } if ($member) { DB::alteration_message(" adding member " . $member->Email . " to group " . $group->Title, "created"); $member->Groups()->add($group); } } else { DB::alteration_message("No need to add user"); } }
function run($request) { $customerGroup = EcommerceRole::get_customer_group(); $customerPermissionCode = EcommerceConfig::get("EcommerceRole", "customer_permission_code"); if (!$customerGroup) { $customerGroup = new Group(); $customerGroup->Code = EcommerceConfig::get("EcommerceRole", "customer_group_code"); $customerGroup->Title = EcommerceConfig::get("EcommerceRole", "customer_group_name"); $customerGroup->write(); Permission::grant($customerGroup->ID, $customerPermissionCode); DB::alteration_message(EcommerceConfig::get("EcommerceRole", "customer_group_name") . ' Group created', "created"); } elseif (DB::query("SELECT * FROM \"Permission\" WHERE \"GroupID\" = '" . $customerGroup->ID . "' AND \"Code\" LIKE '" . $customerPermissionCode . "'")->numRecords() == 0) { Permission::grant($customerGroup->ID, $customerPermissionCode); DB::alteration_message(EcommerceConfig::get("EcommerceRole", "customer_group_name") . ' permissions granted', "created"); } $customerGroup = EcommerceRole::get_customer_group(); if (!$customerGroup) { user_error("could not create user group"); } else { DB::alteration_message(EcommerceConfig::get("EcommerceRole", "customer_group_name") . ' is ready for use', "created"); } $adminGroup = EcommerceRole::get_admin_group(); $adminCode = EcommerceConfig::get("EcommerceRole", "admin_group_code"); $adminName = EcommerceConfig::get("EcommerceRole", "admin_group_name"); $adminPermissionCode = EcommerceConfig::get("EcommerceRole", "admin_permission_code"); $adminRoleTitle = EcommerceConfig::get("EcommerceRole", "admin_role_title"); if (!$adminGroup) { $adminGroup = new Group(); $adminGroup->Code = $adminCode; $adminGroup->Title = $adminName; $adminGroup->write(); Permission::grant($adminGroup->ID, $adminPermissionCode); DB::alteration_message($adminName . ' Group created', "created"); } elseif (DB::query("SELECT * FROM \"Permission\" WHERE \"GroupID\" = '" . $adminGroup->ID . "' AND \"Code\" LIKE '" . $adminPermissionCode . "'")->numRecords() == 0) { Permission::grant($adminGroup->ID, $adminPermissionCode); DB::alteration_message($adminName . ' permissions granted', "created"); } $permissionRole = DataObject::get_one("PermissionRole", "\"Title\" = '" . $adminRoleTitle . "'"); if (!$permissionRole) { $permissionRole = new PermissionRole(); $permissionRole->Title = $adminRoleTitle; $permissionRole->OnlyAdminCanApply = true; $permissionRole->write(); } if ($permissionRole) { $permissionArray = EcommerceConfig::get("EcommerceRole", "admin_role_permission_codes"); if (is_array($permissionArray) && count($permissionArray) && $permissionRole) { foreach ($permissionArray as $permissionCode) { $permissionRoleCode = DataObject::get_one("PermissionRoleCode", "\"Code\" = '{$permissionCode}'"); if (!$permissionRoleCode) { $permissionRoleCode = new PermissionRoleCode(); $permissionRoleCode->Code = $permissionCode; $permissionRoleCode->RoleID = $permissionRole->ID; $permissionRoleCode->write(); } } } if ($adminGroup) { $existingGroups = $permissionRole->Groups(); $existingGroups->add($adminGroup); } } }