public function validate() { $result = parent::validate(); // Check that new code doesn't increase privileges, unless an admin is editing. $privilegedCodes = Permission::config()->privileged_permissions; if ($this->Code && in_array($this->Code, $privilegedCodes) && !Permission::check('ADMIN')) { $result->error(sprintf(_t('PermissionRoleCode.PermsError', 'Can\'t assign code "%s" with privileged permissions (requires ADMIN access)'), $this->Code)); } return $result; }
/** * Validate this member object. */ public function validate() { $valid = parent::validate(); if (!$this->ID || $this->isChanged('Password')) { if ($this->Password && self::$password_validator) { $valid->combineAnd(self::$password_validator->validate($this->Password, $this)); } } if (!$this->ID && $this->SetPassword || $this->isChanged('SetPassword')) { if ($this->SetPassword && self::$password_validator) { $valid->combineAnd(self::$password_validator->validate($this->SetPassword, $this)); } } return $valid; }
public function validate() { $result = parent::validate(); // Check if the new group hierarchy would add certain "privileged permissions", // and require an admin to perform this change in case it does. // This prevents "sub-admin" users with group editing permissions to increase their privileges. if ($this->Parent()->exists() && !Permission::check('ADMIN')) { $inheritedCodes = Permission::get()->filter('GroupID', $this->Parent()->collateAncestorIDs())->column('Code'); $privilegedCodes = Config::inst()->get('SilverStripe\\Security\\Permission', 'privileged_permissions'); if (array_intersect($inheritedCodes, $privilegedCodes)) { $result->error(sprintf(_t('Group.HierarchyPermsError', 'Can\'t assign parent group "%s" with privileged permissions (requires ADMIN access)'), $this->Parent()->Title)); } } return $result; }