public function canView($member = null)
{
if (!$member && $member !== false) {
$member = Member::currentUser();
}
// cms menus only for logged-in members
if (!$member) {
return false;
}
// Check they can access the CMS and that they are trying to edit themselves
if (Permission::checkMember($member, "CMS_ACCESS") && $member->ID === Member::currentUserID()) {
return true;
}
return false;
}
/**
* Return a date formatted as per a CMS user's settings.
*
* @param Member $member
* @return boolean | string A date formatted as per user-defined settings.
*/
public function FormatFromSettings($member = null)
{
require_once 'Zend/Date.php';
if (!$member) {
if (!Member::currentUserID()) {
return false;
}
$member = Member::currentUser();
}
$formatD = $member->getDateFormat();
$zendDate = new Zend_Date($this->getValue(), 'y-MM-dd');
return $zendDate->toString($formatD);
}
/**
* Check that the given member has the given permission.
*
* @param int|Member memberID The ID of the member to check. Leave blank for the current member.
* Alternatively you can use a member object.
* @param string|array $code Code of the permission to check (case-sensitive)
* @param string $arg Optional argument (e.g. a permissions for a specific page)
* @param bool $strict Use "strict" checking (which means a permission
* will be granted if the key does not exist at all)?
* @return int|bool The ID of the permission record if the permission
* exists; FALSE otherwise. If "strict" checking is
* disabled, TRUE will be returned if the permission does not exist at all.
*/
public static function checkMember($member, $code, $arg = "any", $strict = true)
{
if (!$member) {
$memberID = $member = Member::currentUserID();
} else {
$memberID = is_object($member) ? $member->ID : $member;
}
if (!$memberID) {
return false;
}
// Turn the code into an array as we may need to add other permsissions to the set we check
if (!is_array($code)) {
$code = array($code);
}
// Check if admin should be treated as holding all permissions
$adminImpliesAll = (bool) static::config()->admin_implies_all;
if ($arg == 'any') {
// Cache the permissions in memory
if (!isset(self::$cache_permissions[$memberID])) {
self::$cache_permissions[$memberID] = self::permissions_for_member($memberID);
}
foreach ($code as $permCode) {
if ($permCode === 'CMS_ACCESS') {
foreach (self::$cache_permissions[$memberID] as $perm) {
//if they have admin rights OR they have an explicit access to the CMS then give permission
if ($adminImpliesAll && $perm == 'ADMIN' || substr($perm, 0, 11) === 'CMS_ACCESS_') {
return true;
}
}
} elseif (substr($permCode, 0, 11) === 'CMS_ACCESS_' && !in_array('CMS_ACCESS_LeftAndMain', $code)) {
//cms_access_leftandmain means access to all CMS areas
$code[] = 'CMS_ACCESS_LeftAndMain';
}
}
// if ADMIN has all privileges, then we need to push that code in
if ($adminImpliesAll) {
$code[] = "ADMIN";
}
// Multiple $code values - return true if at least one matches, ie, intersection exists
return (bool) array_intersect($code, self::$cache_permissions[$memberID]);
}
// Code filters
$codeParams = is_array($code) ? $code : array($code);
$codeClause = DB::placeholders($codeParams);
$adminParams = $adminImpliesAll ? array('ADMIN') : array();
$adminClause = $adminImpliesAll ? ", ?" : '';
// The following code should only be used if you're not using the "any" arg. This is kind
// of obselete functionality and could possibly be deprecated.
$groupParams = self::groupList($memberID);
if (empty($groupParams)) {
return false;
}
$groupClause = DB::placeholders($groupParams);
// Arg component
$argClause = "";
$argParams = array();
switch ($arg) {
case "any":
break;
case "all":
$argClause = " AND \"Arg\" = ?";
$argParams = array(-1);
break;
default:
if (is_numeric($arg)) {
$argClause = "AND \"Arg\" IN (?, ?) ";
$argParams = array(-1, $arg);
} else {
user_error("Permission::checkMember: bad arg '{$arg}'", E_USER_ERROR);
}
}
// Raw SQL for efficiency
$permission = DB::prepared_query("SELECT \"ID\"\n\t\t\tFROM \"Permission\"\n\t\t\tWHERE (\n\t\t\t\t\"Code\" IN ({$codeClause} {$adminClause})\n\t\t\t\tAND \"Type\" = ?\n\t\t\t\tAND \"GroupID\" IN ({$groupClause})\n\t\t\t\t{$argClause}\n\t\t\t)", array_merge($codeParams, $adminParams, array(self::GRANT_PERMISSION), $groupParams, $argParams))->value();
if ($permission) {
return $permission;
}
// Strict checking disabled?
if (!static::config()->strict_checking || !$strict) {
$hasPermission = DB::prepared_query("SELECT COUNT(*)\n\t\t\t\tFROM \"Permission\"\n\t\t\t\tWHERE (\n\t\t\t\t\t\"Code\" IN ({$codeClause}) AND\n\t\t\t\t\t\"Type\" = ?\n\t\t\t\t)", array_merge($codeParams, array(self::GRANT_PERMISSION)))->value();
if (!$hasPermission) {
return false;
}
}
return false;
}
/**
* Make sure the file has a name
*/
protected function onBeforeWrite()
{
// Set default owner
if (!$this->isInDB() && !$this->OwnerID) {
$this->OwnerID = Member::currentUserID();
}
// Set default name
if (!$this->getField('Name')) {
$this->Name = "new-" . strtolower($this->class);
}
// Propegate changes to the AssetStore and update the DBFile field
$this->updateFilesystem();
parent::onBeforeWrite();
}
/**
* Given a successful login, tell the parent frame to close the dialog
*
* @return SS_HTTPResponse
*/
public function success()
{
// Ensure member is properly logged in
if (!Member::currentUserID()) {
return $this->redirectToExternalLogin();
}
// Get redirect url
$controller = $this->getResponseController(_t('CMSSecurity.SUCCESS', 'Success'));
$backURLs = array($this->getRequest()->requestVar('BackURL'), Session::get('BackURL'), Director::absoluteURL(AdminRootController::config()->url_base, true));
foreach ($backURLs as $backURL) {
if ($backURL && Director::is_site_url($backURL)) {
break;
}
}
// Show login
$controller = $controller->customise(array('Content' => _t('CMSSecurity.SUCCESSCONTENT', '<p>Login success. If you are not automatically redirected ' . '<a target="_top" href="{link}">click here</a></p>', 'Login message displayed in the cms popup once a user has re-authenticated themselves', array('link' => $backURL))));
return $controller->renderWith($this->getTemplatesFor('success'));
}
/**
* Returns the current logged in user
*
* @return Member
*/
public static function currentUser()
{
$id = Member::currentUserID();
if ($id) {
return Member::get()->byID($id);
}
}
/**
* Given a file and filename, ensure that file renaming / replacing rules are satisfied
*
* If replacing, this method may replace $this->file with an existing record to overwrite.
* If renaming, a new value for $filename may be returned
*
* @param string $filename
* @return string $filename A filename safe to write to
* @throws Exception
*/
protected function resolveExistingFile($filename)
{
// Create a new file record (or try to retrieve an existing one)
if (!$this->file) {
$fileClass = File::get_class_for_file_extension(File::get_file_extension($filename));
$this->file = Object::create($fileClass);
}
// Skip this step if not writing File dataobjects
if (!$this->file instanceof File) {
return $filename;
}
// Check there is if existing file
$existing = File::find($filename);
// If replacing (or no file exists) confirm this filename is safe
if ($this->replaceFile || !$existing) {
// If replacing files, make sure to update the OwnerID
if (!$this->file->ID && $this->replaceFile && $existing) {
$this->file = $existing;
$this->file->OwnerID = Member::currentUserID();
}
// Filename won't change if replacing
return $filename;
}
// if filename already exists, version the filename (e.g. test.gif to test-v2.gif, test-v2.gif to test-v3.gif)
$renamer = $this->getNameGenerator($filename);
foreach ($renamer as $newName) {
if (!File::find($newName)) {
return $newName;
}
}
// Fail
$tries = $renamer->getMaxTries();
throw new Exception("Could not rename {$filename} with {$tries} tries");
}
/**
* Returns the current logged in user
*
* @return Member
*/
public static function currentUser()
{
$id = Member::currentUserID();
if ($id) {
return DataObject::get_by_id('SilverStripe\\Security\\Member', $id);
}
return null;
}
