public function getEditForm($id = null, $fields = null)
 {
     // TODO Duplicate record fetching (see parent implementation)
     if (!$id) {
         $id = $this->currentPageID();
     }
     $form = parent::getEditForm($id);
     // TODO Duplicate record fetching (see parent implementation)
     $record = $this->getRecord($id);
     if ($record && !$record->canView()) {
         return Security::permissionFailure($this);
     }
     $memberList = GridField::create('Members', false, Member::get(), $memberListConfig = GridFieldConfig_RecordEditor::create()->addComponent(new GridFieldButtonRow('after'))->addComponent(new GridFieldExportButton('buttons-after-left')))->addExtraClass("members_grid");
     if ($record && method_exists($record, 'getValidator')) {
         $validator = $record->getValidator();
     } else {
         $validator = Injector::inst()->get('Member')->getValidator();
     }
     $memberListConfig->getComponentByType('GridFieldDetailForm')->setValidator($validator);
     $groupList = GridField::create('Groups', false, Group::get(), GridFieldConfig_RecordEditor::create());
     $columns = $groupList->getConfig()->getComponentByType('GridFieldDataColumns');
     $columns->setDisplayFields(array('Breadcrumbs' => singleton('Group')->fieldLabel('Title')));
     $columns->setFieldFormatting(array('Breadcrumbs' => function ($val, $item) {
         return Convert::raw2xml($item->getBreadcrumbs(' > '));
     }));
     $fields = new FieldList($root = new TabSet('Root', $usersTab = new Tab('Users', _t('SecurityAdmin.Users', 'Users'), $memberList, new LiteralField('MembersCautionText', sprintf('<p class="caution-remove"><strong>%s</strong></p>', _t('SecurityAdmin.MemberListCaution', 'Caution: Removing members from this list will remove them from all groups and the' . ' database')))), $groupsTab = new Tab('Groups', singleton('Group')->i18n_plural_name(), $groupList)), new HiddenField('ID', false, 0));
     // Add import capabilities. Limit to admin since the import logic can affect assigned permissions
     if (Permission::check('ADMIN')) {
         $fields->addFieldsToTab('Root.Users', array(new HeaderField(_t('SecurityAdmin.IMPORTUSERS', 'Import users'), 3), new LiteralField('MemberImportFormIframe', sprintf('<iframe src="%s" id="MemberImportFormIframe" width="100%%" height="250px" frameBorder="0">' . '</iframe>', $this->Link('memberimport')))));
         $fields->addFieldsToTab('Root.Groups', array(new HeaderField(_t('SecurityAdmin.IMPORTGROUPS', 'Import groups'), 3), new LiteralField('GroupImportFormIframe', sprintf('<iframe src="%s" id="GroupImportFormIframe" width="100%%" height="250px" frameBorder="0">' . '</iframe>', $this->Link('groupimport')))));
     }
     // Tab nav in CMS is rendered through separate template
     $root->setTemplate('CMSTabSet');
     // Add roles editing interface
     if (Permission::check('APPLY_ROLES')) {
         $rolesField = GridField::create('Roles', false, PermissionRole::get(), GridFieldConfig_RecordEditor::create());
         $rolesTab = $fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.TABROLES', 'Roles'));
         $rolesTab->push($rolesField);
     }
     $actionParam = $this->getRequest()->param('Action');
     if ($actionParam == 'groups') {
         $groupsTab->addExtraClass('ui-state-active');
     } elseif ($actionParam == 'users') {
         $usersTab->addExtraClass('ui-state-active');
     } elseif ($actionParam == 'roles') {
         $rolesTab->addExtraClass('ui-state-active');
     }
     $actions = new FieldList();
     $form = Form::create($this, 'EditForm', $fields, $actions)->setHTMLID('Form_EditForm');
     $form->addExtraClass('cms-edit-form');
     $form->setTemplate($this->getTemplatesWithSuffix('_EditForm'));
     // Tab nav in CMS is rendered through separate template
     if ($form->Fields()->hasTabset()) {
         $form->Fields()->findOrMakeTab('Root')->setTemplate('CMSTabSet');
     }
     $form->addExtraClass('center ss-tabset cms-tabset ' . $this->BaseCSSClasses());
     $form->setAttribute('data-pjax-fragment', 'CurrentForm');
     $this->extend('updateEditForm', $form);
     return $form;
 }
 public static function handle_manipulation($manipulation)
 {
     $auditLogger = \Injector::inst()->get('AuditLogger');
     $currentMember = \Member::currentUser();
     if (!($currentMember && $currentMember->exists())) {
         return false;
     }
     foreach ($manipulation as $table => $details) {
         if (!in_array($details['command'], array('update', 'insert'))) {
             continue;
         }
         // logging writes to specific tables (just not when logging in, as it's noise)
         if (in_array($table, array('Member', 'Group', 'PermissionRole')) && !preg_match('/Security/', @$_SERVER['REQUEST_URI'])) {
             $data = $table::get()->byId($details['id']);
             if (!$data) {
                 continue;
             }
             $actionText = 'modified ' . $table;
             $extendedText = '';
             if ($table == 'Group') {
                 $extendedText = sprintf('Effective permissions: %s', implode(array_values($data->Permissions()->map('ID', 'Code')->toArray()), ', '));
             }
             if ($table == 'PermissionRole') {
                 $extendedText = sprintf('Effective groups: %s, Effective permissions: %s', implode(array_values($data->Groups()->map('ID', 'Title')->toArray()), ', '), implode(array_values($data->Codes()->map('ID', 'Code')->toArray()), ', '));
             }
             if ($table == 'Member') {
                 $extendedText = sprintf('Effective groups: %s', implode(array_values($data->Groups()->map('ID', 'Title')->toArray()), ', '));
             }
             $auditLogger->info(sprintf('"%s" (ID: %s) %s (ID: %s, ClassName: %s, Title: "%s", %s)', $currentMember->Email ?: $currentMember->Title, $currentMember->ID, $actionText, $details['id'], $data->ClassName, $data->Title, $extendedText));
         }
         // log PermissionRole being added to a Group
         if ($table == 'Group_Roles') {
             $role = \PermissionRole::get()->byId($details['fields']['PermissionRoleID']);
             $group = \Group::get()->byId($details['fields']['GroupID']);
             // if the permission role isn't already applied to the group
             if (!\DB::query(sprintf('SELECT "ID" FROM "Group_Roles" WHERE "GroupID" = %s AND "PermissionRoleID" = %s', $details['fields']['GroupID'], $details['fields']['PermissionRoleID']))->value()) {
                 $auditLogger->info(sprintf('"%s" (ID: %s) added PermissionRole "%s" (ID: %s) to Group "%s" (ID: %s)', $currentMember->Email ?: $currentMember->Title, $currentMember->ID, $role->Title, $role->ID, $group->Title, $group->ID));
             }
         }
         // log Member added to a Group
         if ($table == 'Group_Members') {
             $member = \Member::get()->byId($details['fields']['MemberID']);
             $group = \Group::get()->byId($details['fields']['GroupID']);
             // if the user isn't already in the group, log they've been added
             if (!\DB::query(sprintf('SELECT "ID" FROM "Group_Members" WHERE "GroupID" = %s AND "MemberID" = %s', $details['fields']['GroupID'], $details['fields']['MemberID']))->value()) {
                 $auditLogger->info(sprintf('"%s" (ID: %s) added Member "%s" (ID: %s) to Group "%s" (ID: %s)', $currentMember->Email ?: $currentMember->Title, $currentMember->ID, $member->Email ?: $member->Title, $member->ID, $group->Title, $group->ID));
             }
         }
     }
 }
예제 #3
0
 public function getEditForm($id = null, $fields = null)
 {
     // TODO Duplicate record fetching (see parent implementation)
     if (!$id) {
         $id = $this->currentPageID();
     }
     $form = parent::getEditForm($id);
     // TODO Duplicate record fetching (see parent implementation)
     $record = $this->getRecord($id);
     if ($record && !$record->canView()) {
         return Security::permissionFailure($this);
     }
     $memberList = GridField::create('Members', false, Member::get(), $memberListConfig = GridFieldConfig_RecordEditor::create()->addComponent(new GridFieldExportButton()))->addExtraClass("members_grid");
     $memberListConfig->getComponentByType('GridFieldDetailForm')->setValidator(new Member_Validator());
     $groupList = GridField::create('Groups', false, Group::get(), GridFieldConfig_RecordEditor::create());
     $columns = $groupList->getConfig()->getComponentByType('GridFieldDataColumns');
     $columns->setDisplayFields(array('Breadcrumbs' => singleton('Group')->fieldLabel('Title')));
     $fields = new FieldList($root = new TabSet('Root', $usersTab = new Tab('Users', _t('SecurityAdmin.Users', 'Users'), $memberList, new LiteralField('MembersCautionText', sprintf('<p class="caution-remove"><strong>%s</strong></p>', _t('SecurityAdmin.MemberListCaution', 'Caution: Removing members from this list will remove them from all groups and the database'))), new HeaderField(_t('SecurityAdmin.IMPORTUSERS', 'Import users'), 3), new LiteralField('MemberImportFormIframe', sprintf('<iframe src="%s" id="MemberImportFormIframe" width="100%%" height="250px" border="0"></iframe>', $this->Link('memberimport')))), $groupsTab = new Tab('Groups', singleton('Group')->plural_name(), $groupList, new HeaderField(_t('SecurityAdmin.IMPORTGROUPS', 'Import groups'), 3), new LiteralField('GroupImportFormIframe', sprintf('<iframe src="%s" id="GroupImportFormIframe" width="100%%" height="250px" border="0"></iframe>', $this->Link('groupimport'))))), new HiddenField('ID', false, 0));
     $root->setTemplate('CMSTabSet');
     // Add roles editing interface
     if (Permission::check('APPLY_ROLES')) {
         $rolesField = GridField::create('Roles', false, PermissionRole::get(), GridFieldConfig_RecordEditor::create());
         $rolesTab = $fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.TABROLES', 'Roles'));
         $rolesTab->push($rolesField);
     }
     $actionParam = $this->request->param('Action');
     if ($actionParam == 'groups') {
         $groupsTab->addExtraClass('ui-state-selected');
     } elseif ($actionParam == 'users') {
         $usersTab->addExtraClass('ui-state-selected');
     } elseif ($actionParam == 'roles') {
         $rolesTab->addExtraClass('ui-state-selected');
     }
     $actions = new FieldList();
     $form = new Form($this, 'EditForm', $fields, $actions);
     $form->addExtraClass('cms-edit-form');
     $form->setTemplate($this->getTemplatesWithSuffix('_EditForm'));
     if ($form->Fields()->hasTabset()) {
         $form->Fields()->findOrMakeTab('Root')->setTemplate('CMSTabSet');
     }
     $form->addExtraClass('center ss-tabset cms-tabset ' . $this->BaseCSSClasses());
     $form->setAttribute('data-pjax-fragment', 'CurrentForm');
     $this->extend('updateEditForm', $form);
     return $form;
 }
예제 #4
0
 /**
  * Caution: Only call on instances, not through a singleton.
  * The "root group" fields will be created through {@link SecurityAdmin->EditForm()}.
  *
  * @return FieldList
  */
 public function getCMSFields()
 {
     Requirements::javascript(FRAMEWORK_DIR . '/javascript/PermissionCheckboxSetField.js');
     $fields = new FieldList(new TabSet("Root", new Tab('Members', _t('SecurityAdmin.MEMBERS', 'Members'), new TextField("Title", $this->fieldLabel('Title')), $parentidfield = DropdownField::create('ParentID', $this->fieldLabel('Parent'), Group::get()->exclude('ID', $this->ID)->map('ID', 'Breadcrumbs'))->setEmptyString(' '), new TextareaField('Description', $this->fieldLabel('Description'))), $permissionsTab = new Tab('Permissions', _t('SecurityAdmin.PERMISSIONS', 'Permissions'), $permissionsField = new PermissionCheckboxSetField('Permissions', false, 'Permission', 'GroupID', $this))));
     $parentidfield->setDescription(_t('Group.GroupReminder', 'If you choose a parent group, this group will take all it\'s roles'));
     // Filter permissions
     // TODO SecurityAdmin coupling, not easy to get to the form fields through GridFieldDetailForm
     $permissionsField->setHiddenPermissions((array) Config::inst()->get('SecurityAdmin', 'hidden_permissions'));
     if ($this->ID) {
         $group = $this;
         $config = GridFieldConfig_RelationEditor::create();
         $config->addComponent(new GridFieldButtonRow('after'));
         $config->addComponents(new GridFieldExportButton('buttons-after-left'));
         $config->addComponents(new GridFieldPrintButton('buttons-after-left'));
         $config->getComponentByType('GridFieldAddExistingAutocompleter')->setResultsFormat('$Title ($Email)')->setSearchFields(array('FirstName', 'Surname', 'Email'));
         $config->getComponentByType('GridFieldDetailForm')->setValidator(new Member_Validator())->setItemEditFormCallback(function ($form, $component) use($group) {
             $record = $form->getRecord();
             $groupsField = $form->Fields()->dataFieldByName('DirectGroups');
             if ($groupsField) {
                 // If new records are created in a group context,
                 // set this group by default.
                 if ($record && !$record->ID) {
                     $groupsField->setValue($group->ID);
                 } elseif ($record && $record->ID) {
                     // TODO Mark disabled once chosen.js supports it
                     // $groupsField->setDisabledItems(array($group->ID));
                     $form->Fields()->replaceField('DirectGroups', $groupsField->performReadonlyTransformation());
                 }
             }
         });
         $memberList = GridField::create('Members', false, $this->DirectMembers(), $config)->addExtraClass('members_grid');
         // @todo Implement permission checking on GridField
         //$memberList->setPermissions(array('edit', 'delete', 'export', 'add', 'inlineadd'));
         $fields->addFieldToTab('Root.Members', $memberList);
     }
     // Only add a dropdown for HTML editor configurations if more than one is available.
     // Otherwise Member->getHtmlEditorConfigForCMS() will default to the 'cms' configuration.
     $editorConfigMap = HtmlEditorConfig::get_available_configs_map();
     if (count($editorConfigMap) > 1) {
         $fields->addFieldToTab('Root.Permissions', new DropdownField('HtmlEditorConfig', 'HTML Editor Configuration', $editorConfigMap), 'Permissions');
     }
     if (!Permission::check('EDIT_PERMISSIONS')) {
         $fields->removeFieldFromTab('Root', 'Permissions');
     }
     // Only show the "Roles" tab if permissions are granted to edit them,
     // and at least one role exists
     if (Permission::check('APPLY_ROLES') && DataObject::get('PermissionRole')) {
         $fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.ROLES', 'Roles'));
         $fields->addFieldToTab('Root.Roles', new LiteralField("", "<p>" . _t('SecurityAdmin.ROLESDESCRIPTION', "Roles are predefined sets of permissions, and can be assigned to groups.<br />" . "They are inherited from parent groups if required.") . '<br />' . sprintf('<a href="%s" class="add-role">%s</a>', singleton('SecurityAdmin')->Link('show/root#Root_Roles'), _t('Group.RolesAddEditLink', 'Manage roles')) . "</p>"));
         // Add roles (and disable all checkboxes for inherited roles)
         $allRoles = PermissionRole::get();
         if (!Permission::check('ADMIN')) {
             $allRoles = $allRoles->filter("OnlyAdminCanApply", 0);
         }
         if ($this->ID) {
             $groupRoles = $this->Roles();
             $inheritedRoles = new ArrayList();
             $ancestors = $this->getAncestors();
             foreach ($ancestors as $ancestor) {
                 $ancestorRoles = $ancestor->Roles();
                 if ($ancestorRoles) {
                     $inheritedRoles->merge($ancestorRoles);
                 }
             }
             $groupRoleIDs = $groupRoles->column('ID') + $inheritedRoles->column('ID');
             $inheritedRoleIDs = $inheritedRoles->column('ID');
         } else {
             $groupRoleIDs = array();
             $inheritedRoleIDs = array();
         }
         $rolesField = ListboxField::create('Roles', false, $allRoles->map()->toArray())->setDefaultItems($groupRoleIDs)->setAttribute('data-placeholder', _t('Group.AddRole', 'Add a role for this group'))->setDisabledItems($inheritedRoleIDs);
         if (!$allRoles->Count()) {
             $rolesField->setAttribute('data-placeholder', _t('Group.NoRoles', 'No roles found'));
         }
         $fields->addFieldToTab('Root.Roles', $rolesField);
     }
     $fields->push($idField = new HiddenField("ID"));
     $this->extend('updateCMSFields', $fields);
     return $fields;
 }
 /**
  * set up a group with permissions, roles, etc...
  * also @see EcommerceRole::providePermissions
  * also note that this class implements PermissionProvider
  * @param String $code code for the group - will always be converted to lowercase
  * @param String $name title for the group
  * @param Group | String $parentGroup group object that is the parent of the group. You can also provide a string (name / title of group)
  * @param String $permissionCode Permission Code for the group (e.g. CMS_DO_THIS_OR_THAT)
  * @param String $roleTitle Role Title - e.g. Store Manager
  * @param Array $permissionArray Permission Array - list of permission codes applied to the group
  * @param Member | String $member Default Member added to the group (e.g. sales@mysite.co.nz). You can also provide an email address
  *
  */
 public function CreateGroup($code, $name, $parentGroup = null, $permissionCode = "", $roleTitle = "", $permissionArray = array(), $member = null)
 {
     //changing to lower case seems to be very important
     //unidentified bug so far
     $code = strtolower($code);
     if (!$code) {
         user_error("Can't create a group without a {$code} ({$name})");
     }
     if (!$name) {
         user_error("Can't create a group without a {$name} ({$code})");
     }
     $group = Group::get()->filter(array("Code" => $code))->first();
     $groupCount = Group::get()->filter(array("Code" => $code))->count();
     $groupStyle = "updated";
     if ($groupCount > 1) {
         user_error("There is more than one group with the {$name} ({$code}) Code");
     }
     if (!$group) {
         $group = Group::create();
         $group->Code = $code;
         $groupStyle = "created";
     }
     $group->Locked = 1;
     $group->Title = $name;
     $parentGroupStyle = "updated";
     if ($parentGroup) {
         DB::alteration_message("adding parent group");
         if (is_string($parentGroup)) {
             $parentGroupName = $parentGroup;
             $parentGroup = Group::get()->filter(array("Title" => $parentGroupName))->first();
             if (!$parentGroup) {
                 $parentGroup = Group::create();
                 $parentGroupStyle = "created";
                 $parentGroup->Title = $parentGroupName;
                 $parentGroup->write();
                 DB::alteration_message("{$parentGroupStyle} {$parentGroupName}", $parentGroupStyle);
             }
         }
         if ($parentGroup) {
             $group->ParentID = $parentGroup->ID;
         }
     }
     $group->write();
     DB::alteration_message("{$groupStyle} {$name} ({$code}) group", $groupStyle);
     $doubleGroups = Group::get()->filter(array("Code" => $code))->exclude(array("ID" => $group->ID));
     if ($doubleGroups->count()) {
         DB::alteration_message($doubleGroups->count() . " groups with the same name", "deleted");
         $realMembers = $group->Members();
         foreach ($doubleGroups as $doubleGroup) {
             $fakeMembers = $doubleGroup->Members();
             foreach ($fakeMembers as $fakeMember) {
                 DB::alteration_message("adding customers: " . $fakeMember->Email, "created");
                 $realMembers->add($fakeMember);
             }
             DB::alteration_message("deleting double group ", "deleted");
             $doubleGroup->delete();
         }
     }
     if ($permissionCode) {
         $permissionCodeCount = DB::query("SELECT * FROM \"Permission\" WHERE \"GroupID\" = '" . $group->ID . "' AND \"Code\" LIKE '" . $permissionCode . "'")->numRecords();
         if ($permissionCodeCount == 0) {
             DB::alteration_message("granting " . $name . " permission code {$permissionCode} ", "created");
             Permission::grant($group->ID, $permissionCode);
         } else {
             DB::alteration_message($name . " permission code {$permissionCode} already granted");
         }
     }
     //we unset it here to avoid confusion with the
     //other codes we use later on
     unset($permissionCode);
     if ($roleTitle) {
         $permissionRole = PermissionRole::get()->Filter(array("Title" => $roleTitle))->First();
         $permissionRoleCount = PermissionRole::get()->Filter(array("Title" => $roleTitle))->Count();
         if ($permissionRoleCount > 1) {
             db::alteration_message("There is more than one Permission Role with title {$roleTitle} ({$permissionCodeObjectCount})", "deleted");
             $permissionRolesToDelete = PermissionRole::get()->Filter(array("Title" => $roleTitle))->Exclude(array("ID" => $permissionRole->ID));
             foreach ($permissionRolesToDelete as $permissionRoleToDelete) {
                 db::alternation_message("DELETING double permission role {$roleTitle}", "deleted");
                 $permissionRoleToDelete->delete();
             }
         }
         if ($permissionRole) {
             //do nothing
             DB::alteration_message("{$roleTitle} role in place");
         } else {
             DB::alteration_message("adding {$roleTitle} role", "created");
             $permissionRole = PermissionRole::create();
             $permissionRole->Title = $roleTitle;
             $permissionRole->OnlyAdminCanApply = true;
             $permissionRole->write();
         }
         if ($permissionRole) {
             if (is_array($permissionArray) && count($permissionArray)) {
                 DB::alteration_message("working with " . implode(", ", $permissionArray));
                 foreach ($permissionArray as $permissionRoleCode) {
                     $permissionRoleCodeObject = PermissionRoleCode::get()->Filter(array("Code" => $permissionRoleCode, "RoleID" => $permissionRole->ID))->First();
                     $permissionRoleCodeObjectCount = PermissionRoleCode::get()->Filter(array("Code" => $permissionRoleCode, "RoleID" => $permissionRole->ID))->Count();
                     if ($permissionRoleCodeObjectCount > 1) {
                         $permissionRoleCodeObjectsToDelete = PermissionRoleCode::get()->Filter(array("Code" => $permissionRoleCode, "RoleID" => $permissionRole->ID))->Exclude(array("ID" => $permissionRoleCodeObject->ID));
                         foreach ($permissionRoleCodeObjectsToDelete as $permissionRoleCodeObjectToDelete) {
                             db::alteration_message("DELETING double permission code {$permissionRoleCode} for " . $permissionRole->Title, "deleted");
                             $permissionRoleCodeObjectToDelete->delete();
                         }
                         db::alteration_message("There is more than one Permission Role Code in " . $permissionRole->Title . " with Code = {$permissionRoleCode} ({$permissionRoleCodeObjectCount})", "deleted");
                     }
                     if ($permissionRoleCodeObject) {
                         //do nothing
                     } else {
                         $permissionRoleCodeObject = PermissionRoleCode::create();
                         $permissionRoleCodeObject->Code = $permissionRoleCode;
                         $permissionRoleCodeObject->RoleID = $permissionRole->ID;
                     }
                     DB::alteration_message("adding " . $permissionRoleCodeObject->Code . " to " . $permissionRole->Title);
                     $permissionRoleCodeObject->write();
                 }
             }
             if ($group && $permissionRole) {
                 if (DB::query("SELECT COUNT(*) FROM Group_Roles WHERE GroupID = " . $group->ID . " AND PermissionRoleID = " . $permissionRole->ID)->value() == 0) {
                     db::alteration_message("ADDING " . $permissionRole->Title . " permission role  to " . $group->Title . " group", "created");
                     $existingGroups = $permissionRole->Groups();
                     $existingGroups->add($group);
                 } else {
                     db::alteration_message("CHECKED " . $permissionRole->Title . " permission role  to " . $group->Title . " group");
                 }
             } else {
                 db::alteration_message("ERROR: missing group or permissionRole", "deleted");
             }
         }
     }
     if ($member) {
         if (is_string($member)) {
             $email = $member;
             $member = Member::get()->filter(array("Email" => $email))->first();
             if (!$member) {
                 DB::alteration_message("Creating default user", "created");
                 $member = Member::create();
                 $member->FirstName = $code;
                 $member->Surname = $name;
                 $member->Email = $email;
                 $member->write();
             }
         }
         if ($member) {
             DB::alteration_message(" adding member " . $member->Email . " to group " . $group->Title, "created");
             $member->Groups()->add($group);
         }
     } else {
         DB::alteration_message("No need to add user");
     }
 }