public function validate()
{
$result = parent::validate();
// Check that new code doesn't increase privileges, unless an admin is editing.
$privilegedCodes = Permission::config()->privileged_permissions;
if ($this->Code && in_array($this->Code, $privilegedCodes) && !Permission::check('ADMIN')) {
$result->error(sprintf(_t('PermissionRoleCode.PermsError', 'Can\'t assign code "%s" with privileged permissions (requires ADMIN access)'), $this->Code));
}
return $result;
}
/**
* Validate this member object.
*/
public function validate()
{
$valid = parent::validate();
if (!$this->ID || $this->isChanged('Password')) {
if ($this->Password && self::$password_validator) {
$valid->combineAnd(self::$password_validator->validate($this->Password, $this));
}
}
if (!$this->ID && $this->SetPassword || $this->isChanged('SetPassword')) {
if ($this->SetPassword && self::$password_validator) {
$valid->combineAnd(self::$password_validator->validate($this->SetPassword, $this));
}
}
return $valid;
}
public function validate()
{
$result = parent::validate();
// Check if the new group hierarchy would add certain "privileged permissions",
// and require an admin to perform this change in case it does.
// This prevents "sub-admin" users with group editing permissions to increase their privileges.
if ($this->Parent()->exists() && !Permission::check('ADMIN')) {
$inheritedCodes = Permission::get()->filter('GroupID', $this->Parent()->collateAncestorIDs())->column('Code');
$privilegedCodes = Config::inst()->get('SilverStripe\\Security\\Permission', 'privileged_permissions');
if (array_intersect($inheritedCodes, $privilegedCodes)) {
$result->error(sprintf(_t('Group.HierarchyPermsError', 'Can\'t assign parent group "%s" with privileged permissions (requires ADMIN access)'), $this->Parent()->Title));
}
}
return $result;
}
