public function providePermissions() { $perms = array("CMS_ACCESS_LeftAndMain" => array('name' => _t('CMSMain.ACCESSALLINTERFACES', 'Access to all CMS sections'), 'category' => _t('Permission.CMS_ACCESS_CATEGORY', 'CMS Access'), 'help' => _t('CMSMain.ACCESSALLINTERFACESHELP', 'Overrules more specific access settings.'), 'sort' => -100)); // Add any custom ModelAdmin subclasses. Can't put this on ModelAdmin itself // since its marked abstract, and needs to be singleton instanciated. foreach (ClassInfo::subclassesFor('SilverStripe\\Admin\\ModelAdmin') as $i => $class) { if ($class == 'SilverStripe\\Admin\\ModelAdmin') { continue; } if (ClassInfo::classImplements($class, 'SilverStripe\\Dev\\TestOnly')) { continue; } // Check if modeladmin has explicit required_permission_codes option. // If a modeladmin is namespaced you can apply this config to override // the default permission generation based on fully qualified class name. $code = $this->getRequiredPermissions(); if (!$code) { continue; } // Get first permission if multiple specified if (is_array($code)) { $code = reset($code); } $title = LeftAndMain::menu_title($class); $perms[$code] = array('name' => _t('CMSMain.ACCESS', "Access to '{title}' section", "Item in permission selection identifying the admin section. Example: Access to 'Files & Images'", array('title' => $title)), 'category' => _t('Permission.CMS_ACCESS_CATEGORY', 'CMS Access')); } return $perms; }
public function testCanView() { $adminuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin'); $securityonlyuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'securityonlyuser'); $allcmssectionsuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'allcmssectionsuser'); // anonymous user $this->session()->inst_set('loggedInAs', null); $this->resetMenu(); $menuItems = LeftAndMain::singleton()->MainMenu(false); $this->assertEquals($menuItems->column('Code'), array(), 'Without valid login, members cant access any menu entries'); // restricted cms user $this->logInAs($securityonlyuser); $this->resetMenu(); $menuItems = LeftAndMain::singleton()->MainMenu(false); $menuItems = $menuItems->column('Code'); sort($menuItems); $this->assertEquals(array('Help', 'SilverStripe-Admin-CMSProfileController', 'SilverStripe-Admin-SecurityAdmin'), $menuItems, 'Groups with limited access can only access the interfaces they have permissions for'); // all cms sections user $this->logInAs($allcmssectionsuser); $this->resetMenu(); $menuItems = LeftAndMain::singleton()->MainMenu(false); $this->assertContains('SilverStripe-Admin-CMSProfileController', $menuItems->column('Code'), 'Group with CMS_ACCESS_SilverStripe\\Admin\\LeftAndMain permission can edit own profile'); $this->assertContains('SilverStripe-Admin-SecurityAdmin', $menuItems->column('Code'), 'Group with CMS_ACCESS_SilverStripe\\Admin\\LeftAndMain permission can access all sections'); $this->assertContains('Help', $menuItems->column('Code'), 'Group with CMS_ACCESS_SilverStripe\\Admin\\LeftAndMain permission can access all sections'); // admin $this->logInAs($adminuser); $this->resetMenu(); $menuItems = LeftAndMain::singleton()->MainMenu(false); $this->assertContains('SilverStripe-Admin-SecurityAdmin', $menuItems->column('Code'), 'Administrators can access Security Admin'); $this->session()->inst_set('loggedInAs', null); }
/** * Only show first element, as the profile form is limited to editing * the current member it doesn't make much sense to show the member name * in the breadcrumbs. * * @param bool $unlinked * @return ArrayList */ public function Breadcrumbs($unlinked = false) { $items = parent::Breadcrumbs($unlinked); return new ArrayList(array($items[0])); }
/** * @param bool $unlinked * @return ArrayList */ public function Breadcrumbs($unlinked = false) { $items = parent::Breadcrumbs($unlinked); // Show the class name rather than ModelAdmin title as root node $models = $this->getManagedModels(); $params = $this->getRequest()->getVars(); if (isset($params['url'])) { unset($params['url']); } $items[0]->Title = $models[$this->modelClass]['title']; $items[0]->Link = Controller::join_links($this->Link($this->sanitiseClassName($this->modelClass)), '?' . http_build_query($params)); return $items; }
public function schema($request) { // TODO Hardcoding schema until we can get GridField to generate a schema dynamically $treeClassJS = Convert::raw2js($this->config()->tree_class); $adminURL = Convert::raw2js(AdminRootController::admin_url()); $json = <<<JSON { \t"id": "{$adminURL}campaigns\\/schema\\/EditForm", \t"schema": { \t\t"name": "EditForm", \t\t"id": "Form_EditForm", \t\t"action": "schema", \t\t"method": "GET", \t\t"attributes": { \t\t\t"id": "Form_EditForm", \t\t\t"action": "{$adminURL}campaigns\\/EditForm", \t\t\t"method": "POST", \t\t\t"enctype": "multipart\\/form-data", \t\t\t"target": null \t\t}, \t\t"data": [], \t\t"fields": [{ \t\t\t"name": "ID", \t\t\t"id": "Form_EditForm_ID", \t\t\t"type": "Hidden", \t\t\t"component": null, \t\t\t"holderId": null, \t\t\t"title": false, \t\t\t"source": null, \t\t\t"extraClass": "hidden form-group--no-label", \t\t\t"description": null, \t\t\t"rightTitle": null, \t\t\t"leftTitle": null, \t\t\t"readOnly": false, \t\t\t"disabled": false, \t\t\t"customValidationMessage": "", \t\t\t"attributes": [], \t\t\t"data": [] \t\t}, { \t\t\t"name": "ChangeSets", \t\t\t"id": "Form_EditForm_ChangeSets", \t\t\t"type": "Custom", \t\t\t"component": "GridField", \t\t\t"holderId": null, \t\t\t"title": "Campaigns", \t\t\t"source": null, \t\t\t"extraClass": null, \t\t\t"description": null, \t\t\t"rightTitle": null, \t\t\t"leftTitle": null, \t\t\t"readOnly": false, \t\t\t"disabled": false, \t\t\t"customValidationMessage": "", \t\t\t"attributes": [], \t\t\t"data": { \t\t\t\t"recordType": "{$treeClassJS}", \t\t\t\t"collectionReadEndpoint": { \t\t\t\t\t"url": "{$adminURL}campaigns\\/sets", \t\t\t\t\t"method": "GET" \t\t\t\t}, \t\t\t\t"itemReadEndpoint": { \t\t\t\t\t"url": "{$adminURL}campaigns\\/set\\/:id", \t\t\t\t\t"method": "GET" \t\t\t\t}, \t\t\t\t"itemUpdateEndpoint": { \t\t\t\t\t"url": "{$adminURL}campaigns\\/set\\/:id", \t\t\t\t\t"method": "PUT" \t\t\t\t}, \t\t\t\t"itemCreateEndpoint": { \t\t\t\t\t"url": "{$adminURL}campaigns\\/set\\/:id", \t\t\t\t\t"method": "POST" \t\t\t\t}, \t\t\t\t"itemDeleteEndpoint": { \t\t\t\t\t"url": "{$adminURL}campaigns\\/set\\/:id", \t\t\t\t\t"method": "DELETE" \t\t\t\t}, \t\t\t\t"editFormSchemaEndpoint": "{$adminURL}campaigns\\/schema\\/DetailEditForm", \t\t\t\t"columns": [ \t\t\t\t\t{"name": "Title", "field": "Name"}, \t\t\t\t\t{"name": "Changes", "field": "ChangesCount"}, \t\t\t\t\t{"name": "Description", "field": "Description"} \t\t\t\t] \t\t\t} \t\t}, { \t\t\t"name": "SecurityID", \t\t\t"id": "Form_EditForm_SecurityID", \t\t\t"type": "Hidden", \t\t\t"component": null, \t\t\t"holderId": null, \t\t\t"title": "Security ID", \t\t\t"source": null, \t\t\t"extraClass": "hidden", \t\t\t"description": null, \t\t\t"rightTitle": null, \t\t\t"leftTitle": null, \t\t\t"readOnly": false, \t\t\t"disabled": false, \t\t\t"customValidationMessage": "", \t\t\t"attributes": [], \t\t\t"data": [] \t\t}], \t\t"actions": [] \t} } JSON; $formName = $request->param('ID'); if ($formName == 'EditForm') { $response = $this->getResponse(); $response->addHeader('Content-Type', 'application/json'); $response->setBody($json); return $response; } else { return parent::schema($request); } }
public function Breadcrumbs($unlinked = false) { $crumbs = parent::Breadcrumbs($unlinked); // Name root breadcrumb based on which record is edited, // which can only be determined by looking for the fieldname of the GridField. // Note: Titles should be same titles as tabs in RootForm(). $params = $this->getRequest()->allParams(); if (isset($params['FieldName'])) { // TODO FieldName param gets overwritten by nested GridFields, // so shows "Members" rather than "Groups" for the following URL: // admin/security/EditForm/field/Groups/item/2/ItemEditForm/field/Members/item/1/edit $firstCrumb = $crumbs->shift(); if ($params['FieldName'] == 'Groups') { $crumbs->unshift(new ArrayData(array('Title' => Group::singleton()->i18n_plural_name(), 'Link' => $this->Link('groups')))); } elseif ($params['FieldName'] == 'Users') { $crumbs->unshift(new ArrayData(array('Title' => _t('SecurityAdmin.Users', 'Users'), 'Link' => $this->Link('users')))); } elseif ($params['FieldName'] == 'Roles') { $crumbs->unshift(new ArrayData(array('Title' => _t('SecurityAdmin.TABROLES', 'Roles'), 'Link' => $this->Link('roles')))); } $crumbs->unshift($firstCrumb); } return $crumbs; }
/** * Get a map of all members in the groups given that have CMS permissions * * If no groups are passed, all groups with CMS permissions will be used. * * @param array $groups Groups to consider or NULL to use all groups with * CMS permissions. * @return Map Returns a map of all members in the groups given that * have CMS permissions. */ public static function mapInCMSGroups($groups = null) { if (!$groups || $groups->Count() == 0) { $perms = array('ADMIN', 'CMS_ACCESS_AssetAdmin'); if (class_exists('SilverStripe\\CMS\\Controllers\\CMSMain')) { $cmsPerms = CMSMain::singleton()->providePermissions(); } else { $cmsPerms = LeftAndMain::singleton()->providePermissions(); } if (!empty($cmsPerms)) { $perms = array_unique(array_merge($perms, array_keys($cmsPerms))); } $permsClause = DB::placeholders($perms); /** @skipUpgrade */ $groups = Group::get()->innerJoin("Permission", '"Permission"."GroupID" = "Group"."ID"')->where(array("\"Permission\".\"Code\" IN ({$permsClause})" => $perms)); } $groupIDList = array(); if ($groups instanceof SS_List) { foreach ($groups as $group) { $groupIDList[] = $group->ID; } } elseif (is_array($groups)) { $groupIDList = $groups; } /** @skipUpgrade */ $members = Member::get()->innerJoin("Group_Members", '"Group_Members"."MemberID" = "Member"."ID"')->innerJoin("Group", '"Group"."ID" = "Group_Members"."GroupID"'); if ($groupIDList) { $groupClause = DB::placeholders($groupIDList); $members = $members->where(array("\"Group\".\"ID\" IN ({$groupClause})" => $groupIDList)); } return $members->sort('"Member"."Surname", "Member"."FirstName"')->map(); }
/** * Provide menu titles to the i18n entity provider */ public function provideI18nEntities() { $cmsClasses = self::get_cms_classes(); $entities = array(); foreach ($cmsClasses as $cmsClass) { $defaultTitle = LeftAndMain::menu_title($cmsClass, false); $ownerModule = i18n::get_owner_module($cmsClass); $entities["{$cmsClass}.MENUTITLE"] = array($defaultTitle, 'Menu title', $ownerModule); } return $entities; }
/** * Gets a JSON schema representing the current edit form. * * WARNING: Experimental API. * * @param HTTPRequest $request * @return HTTPResponse */ public function schema($request) { $formName = $request->param('FormName'); if ($formName !== 'fileHistoryForm') { return parent::schema($request); } // Get schema for history form // @todo Eventually all form scaffolding will be based on context rather than record ID // See https://github.com/silverstripe/silverstripe-framework/issues/6362 $itemID = $request->param('ItemID'); $version = $request->param('OtherItemID'); $form = $this->getFileHistoryForm(['RecordID' => $itemID, 'RecordVersion' => $version]); // Respond with this schema $response = $this->getResponse(); $response->addHeader('Content-Type', 'application/json'); $schemaID = $this->getRequest()->getURL(); return $this->getSchemaResponse($schemaID, $form); }