/** * Check default state of this record * * @param DataObject $record * @return string One of AssetManipulationList::STATE_* constants */ protected function getRecordState($record) { if ($this->isVersioned()) { // Check stage this record belongs to $stage = $record->getSourceQueryParam('Versioned.stage') ?: Versioned::get_stage(); // Non-live stages are automatically non-public if ($stage !== Versioned::LIVE) { return AssetManipulationList::STATE_PROTECTED; } } // Check if canView permits anonymous viewers return $record->canView(Member::create()) ? AssetManipulationList::STATE_PUBLIC : AssetManipulationList::STATE_PROTECTED; }
/** * Return an existing member with administrator privileges, or create one of necessary. * * Will create a default 'Administrators' group if no group is found * with an ADMIN permission. Will create a new 'Admin' member with administrative permissions * if no existing Member with these permissions is found. * * Important: Any newly created administrator accounts will NOT have valid * login credentials (Email/Password properties), which means they can't be used for login * purposes outside of any default credentials set through {@link Security::setDefaultAdmin()}. * * @return Member */ public static function findAnAdministrator() { // coupling to subsites module $origSubsite = null; if (is_callable('Subsite::changeSubsite')) { $origSubsite = \Subsite::currentSubsiteID(); \Subsite::changeSubsite(0); } $member = null; // find a group with ADMIN permission $adminGroup = Permission::get_groups_by_permission('ADMIN')->first(); if (is_callable('Subsite::changeSubsite')) { \Subsite::changeSubsite($origSubsite); } if ($adminGroup) { $member = $adminGroup->Members()->First(); } if (!$adminGroup) { Group::singleton()->requireDefaultRecords(); $adminGroup = Permission::get_groups_by_permission('ADMIN')->first(); } if (!$member) { Member::singleton()->requireDefaultRecords(); $member = Permission::get_members_by_permission('ADMIN')->first(); } if (!$member) { $member = Member::default_admin(); } if (!$member) { // Failover to a blank admin $member = Member::create(); $member->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin'); $member->write(); // Add member to group instead of adding group to member // This bypasses the privilege escallation code in Member_GroupSet $adminGroup->DirectMembers()->add($member); } return $member; }
/** * Create a member and group with the given permission code, and log in with it. * Returns the member ID. * * @param string|array $permCode Either a permission, or list of permissions * @return int Member ID */ public function logInWithPermission($permCode = "ADMIN") { if (is_array($permCode)) { $permArray = $permCode; $permCode = implode('.', $permCode); } else { $permArray = array($permCode); } // Check cached member if (isset($this->cache_generatedMembers[$permCode])) { $member = $this->cache_generatedMembers[$permCode]; } else { // Generate group with these permissions $group = Group::create(); $group->Title = "{$permCode} group"; $group->write(); // Create each individual permission foreach ($permArray as $permArrayItem) { $permission = Permission::create(); $permission->Code = $permArrayItem; $permission->write(); $group->Permissions()->add($permission); } $member = DataObject::get_one('SilverStripe\\Security\\Member', array('"Member"."Email"' => "{$permCode}@example.org")); if (!$member) { $member = Member::create(); } $member->FirstName = $permCode; $member->Surname = "User"; $member->Email = "{$permCode}@example.org"; $member->write(); $group->Members()->add($member); $this->cache_generatedMembers[$permCode] = $member; } $member->logIn(); return $member->ID; }
/** * Get the default admin record if it exists, or creates it otherwise if enabled * * @return Member */ public static function default_admin() { // Check if set if (!Security::has_default_admin()) { return null; } // Find or create ADMIN group Group::singleton()->requireDefaultRecords(); $adminGroup = Permission::get_groups_by_permission('ADMIN')->first(); // Find member $admin = Member::get()->filter('Email', Security::default_admin_username())->first(); if (!$admin) { // 'Password' is not set to avoid creating // persistent logins in the database. See Security::setDefaultAdmin(). // Set 'Email' to identify this as the default admin $admin = Member::create(); $admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin'); $admin->Email = Security::default_admin_username(); $admin->write(); } // Ensure this user is in the admin group if (!$admin->inGroup($adminGroup)) { // Add member to group instead of adding group to member // This bypasses the privilege escallation code in Member_GroupSet $adminGroup->DirectMembers()->add($admin); } return $admin; }