public function processRecord($record, $columnMap, &$results, $preview = false) { // We match by 'Code', the ID property is confusing the importer if (isset($record['ID'])) { unset($record['ID']); } $objID = parent::processRecord($record, $columnMap, $results, $preview); $group = DataObject::get_by_id($this->objectClass, $objID); // set group hierarchies - we need to do this after all records // are imported to avoid missing "early" references to parents // which are imported later on in the CSV file. if (isset($record['ParentCode']) && $record['ParentCode']) { $parentGroup = DataObject::get_one('SilverStripe\\Security\\Group', array('"Group"."Code"' => $record['ParentCode'])); if ($parentGroup) { $group->ParentID = $parentGroup->ID; $group->write(); } } // set permission codes - these are all additive, meaning // existing permissions arent cleared. if (isset($record['PermissionCodes']) && $record['PermissionCodes']) { foreach (explode(',', $record['PermissionCodes']) as $code) { $p = DataObject::get_one('SilverStripe\\Security\\Permission', array('"Permission"."Code"' => $code, '"Permission"."GroupID"' => $group->ID)); if (!$p) { $p = new Permission(array('Code' => $code)); $p->write(); } $group->Permissions()->add($p); } } return $objID; }
/** * Deny the given permission code/arg to the given group * * @param int $groupID The ID of the group * @param string $code The permission code * @param string $arg Optional: The permission argument (e.g. a page ID). * @returns Permission Returns the new permission object. */ public static function deny($groupID, $code, $arg = "any") { $perm = new Permission(); $perm->GroupID = $groupID; $perm->Code = $code; $perm->Type = self::DENY_PERMISSION; // Arg component switch ($arg) { case "any": break; case "all": $perm->Arg = -1; break; default: if (is_numeric($arg)) { $perm->Arg = $arg; } else { user_error("Permission::checkMember: bad arg '{$arg}'", E_USER_ERROR); } } $perm->write(); return $perm; }