public function init()
 {
     if (!$this->currentDashboard) {
         Restrictable::set_enabled(false);
         if (Member::currentUserID()) {
             Restrictable::set_enabled(true);
             $this->currentDashboard = $this->getDashboard();
         }
         Restrictable::set_enabled(true);
     }
     parent::init();
     if ($this->currentDashboard && !$this->currentDashboard->checkPerm('View')) {
         if (!Member::currentUserID() && !$this->redirectedTo()) {
             Security::permissionFailure($this, "You must be logged in");
             return;
         }
     }
     Requirements::block(THIRDPARTY_DIR . '/jquery/jquery.js');
     Requirements::javascript('frontend-dashboards/javascript/jquery-1.10.2.min.js');
     Requirements::javascript(THIRDPARTY_DIR . '/jquery-ui/jquery-ui.js');
     Requirements::javascript(THIRDPARTY_DIR . '/jquery-form/jquery.form.js');
     Requirements::javascript(THIRDPARTY_DIR . '/jquery-entwine/dist/jquery.entwine-dist.js');
     Requirements::javascript('frontend-dashboards/thirdparty/jquery-cookie/jquery.cookie.js');
     Requirements::javascript(FRAMEWORK_DIR . '/javascript/jquery-ondemand/jquery.ondemand.js');
     Requirements::javascript('frontend-dashboards/javascript/dashboards.js');
     Requirements::javascript('frontend-dashboards/javascript/dashboard-dialogs.js');
     Requirements::css('frontend-dashboards/css/dashboards.css');
     Requirements::javascript('frontend-dashboards/javascript/jquery.gridster.js');
     Requirements::css('frontend-dashboards/css/jquery.gridster.css');
     //		Requirements::javascript('frontend-dashboards/javascript/jquery.gridly.js');
     //		Requirements::css('frontend-dashboards/css/jquery.gridly.css');
 }
 public function index($redirect = true)
 {
     Restrictable::set_enabled(false);
     $member = Member::currentUser();
     Restrictable::set_enabled(true);
     if ($member) {
         // run the logout as an admin so we can update the user object
         singleton('TransactionManager')->run(array($member, 'logOut'), Security::findAnAdministrator());
     }
     if ($redirect) {
         $this->redirectBack();
     }
     return '';
 }
 public function getMember()
 {
     if (!$this->currentMember) {
         // need to allow member to write itself before it's fully loaded...
         $curr = Restrictable::set_enabled(false);
         if (Member::currentUserID()) {
             $this->currentMember = Member::currentUser();
         } else {
             // ignore this for now!
             //				$this->currentMember = singleton('PublicMember');
         }
         Restrictable::set_enabled($curr);
     }
     return $this->currentMember;
 }
 public function testCreatePost()
 {
     Restrictable::set_enabled(true);
     $this->logInWithPermission();
     MicroPost::get()->removeAll();
     $group = $this->objFromFixture('Group', 'posters');
     $member = $this->objFromFixture('Member', 'user1');
     $user2 = $this->objFromFixture('Member', 'user2');
     $groups = $member->Groups()->toArray();
     $svc = singleton('MicroBlogService');
     /* @var $svc MicroBlogService */
     $post = $svc->createPost($member, "My post content");
     // , null, 0, null, array('groups' => $group->ID));
     $this->assertTrue($post->checkPerm('View', $member));
     $this->assertFalse($post->checkPerm('View', $user2));
     $post->giveAccessTo(array('groups' => $group->ID));
     $this->assertTrue($post->checkPerm('View', $user2));
 }
 public function testRunAs()
 {
     Restrictable::set_enabled(false);
     $this->logInWithPermission('FIRST');
     Restrictable::set_enabled(true);
     $first = $this->cache_generatedMembers['FIRST'];
     // cerate an object, it should be by the second user
     $item = new TransTestObj();
     $item->Title = 'By first';
     $item->write();
     $this->assertTrue($item->OwnerID == $first->ID);
     Restrictable::set_enabled(false);
     $this->loginWithPermission('SECOND');
     Restrictable::set_enabled(true);
     $second = $this->cache_generatedMembers['SECOND'];
     $other = new TransTestObj();
     $other->Title = 'By second';
     $other->write();
     $this->assertTrue($other->OwnerID == $second->ID);
     // k, so now, if we try writing to the first there should be an exception
     $item->Title = 'changed by second';
     try {
         $item->write();
         $this->assertFalse(true);
     } catch (PermissionDeniedException $pde) {
         $this->assertTrue(true);
     }
     $tm = singleton('TransactionManager');
     // currently logged in as $second, want to do something as $first without
     // touching the Session settings
     $this->assertTrue(singleton('SecurityContext')->getMember()->ID == $second->ID);
     $tm->run(array($this, 'updateAsOther'), $first, $item);
     $item = DataObject::get_by_id('TransTestObj', $item->ID);
     $this->assertEquals($item->Title, 'changed by second in subfunc');
     $tm->run(function () use($item) {
         $item->Title = 'changed by second again';
         $item->write();
     }, $first);
     $item = DataObject::get_by_id('TransTestObj', $item->ID);
     $this->assertEquals($item->Title, 'changed by second again');
 }
<?php

if (($RESTRICTED_OBJECTS_DIR = basename(dirname(__FILE__))) != 'restrictedobjects') {
    die("The restricted objects module must be installed in /restrictedobjects, not {$RESTRICTED_OBJECTS_DIR}");
}
if (!class_exists('MultiValueField')) {
    die('The restricted objects module requires the multivaluefield module from http://github.com/nyeholt/silverstripe-multivaluefield');
}
Director::addRules(100, array('Security/logout' => 'RestrictedSecurityController'));
Object::add_extension('Member', 'RestrictedMember');
// if we're in Dev, and have set "no initial checks", which is common during testing, disable perms
if ((Director::isDev() || Director::is_cli()) && isset($_GET['disable_perms'])) {
    Restrictable::set_enabled(false);
}
SS_Cache::set_cache_lifetime('restricted_perms', 3600);
 /**
  * Check if we're in a login request. If so, we're going to explicitly disable
  * restrictedobjects permission checks. This is poor, but dictated by the core
  * member login code performing writes prior to having a user context.
  * 
  * @param \SS_HTTPRequest $request
  * @param \Session $session
  * @param \DataModel $model
  */
 public function preRequest(\SS_HTTPRequest $request, \Session $session, \DataModel $model)
 {
     if (strtolower($request->httpMethod()) === 'post' && ($request->getURL() === 'Security/LoginForm' || $request->getURL() === 'Security/LostPasswordForm' || $request->getURL() === 'Security/ChangePasswordForm')) {
         Restrictable::set_enabled(false);
     }
 }
 public function testGroupInheritedPermission()
 {
     Restrictable::set_enabled(false);
     $this->logInWithPermission('ADMIN');
     Restrictable::set_enabled(true);
     $user = $this->cache_generatedMembers['ADMIN'];
     $item = new PrivateObject();
     $item->Title = 'testagain item';
     $item->write();
     Restrictable::set_enabled(false);
     $this->logInWithPermission('OTHERUSER');
     Restrictable::set_enabled(true);
     $otherUser = $this->cache_generatedMembers['OTHERUSER'];
     $can = $item->checkPerm('View');
     $this->assertFalse($can);
     Restrictable::set_enabled(false);
     $this->logInWithPermission('ADMIN');
     Restrictable::set_enabled(true);
     $group1 = Group::create(array('Title' => 'Group1'));
     $group1->write();
     $group2 = Group::create(array('Title' => 'Group2', 'ParentID' => $group1->ID));
     $group2->write();
     // grant to group 1
     $item->grant('View', $group1);
     $otherUser->Groups()->add($group1);
     $otherUser->write();
     singleton('PermissionService')->flushCache();
     $can = $item->checkPerm('View', $otherUser);
     $this->assertTrue($can);
     // remove the user
     $otherUser->Groups()->remove($group1);
     $otherUser->write();
     singleton('PermissionService')->flushCache();
     $can = $item->checkPerm('View', $otherUser);
     $this->assertFalse($can);
     $otherUser->Groups()->add($group2);
     $otherUser->write();
     singleton('PermissionService')->flushCache();
     $can = $item->checkPerm('View', $otherUser);
     $this->assertTrue($can);
     $group2->ParentID = 0;
     $group2->write();
     singleton('PermissionService')->flushCache();
     $can = $item->checkPerm('View', $otherUser);
     $this->assertFalse($can);
 }
 public function onAfterInit()
 {
     if (self::$do_reenable) {
         Restrictable::set_enabled(true);
     }
 }
    public function run($request)
    {
        Restrictable::set_enabled(false);
        Versioned::reading_stage('Stage');
        $admin = Security::findAnAdministrator();
        Session::set("loggedInAs", $admin->ID);
        $toPublish = array();
        $home = SiteTree::get()->filter('URLSegment', 'home')->first();
        if ($home) {
            $this->o("Home page already exists, _not_ bootstrapping");
            return;
        }
        $site = Multisites::inst()->getCurrentSite();
        $toPublish[] = $site;
        $dashboard = SiteDashboardPage::create(array('Title' => 'Dashboard', 'URLSegment' => 'dashboard', 'ParentID' => $site->ID));
        $dashboard->write();
        $this->o("Created Dashboard");
        $toPublish[] = $dashboard;
        $home = RedirectorPage::create(array('Title' => 'Home', 'URLSegment' => 'home', 'ParentID' => $site->ID));
        $home->LinkToID = $dashboard->ID;
        $home->write();
        $toPublish[] = $home;
        $this->o("Created homepage");
        $group = Group::create(array('Title' => 'All members'));
        $events = Calendar::create(array('Title' => 'Events', 'URLSegment' => 'events', 'ParentID' => $site->ID));
        $events->write();
        $toPublish[] = $events;
        $dummyEvent = CalendarEvent::create(array('Title' => 'Sample event', 'ParentID' => $events->ID));
        $dummyEvent->write();
        $toPublish[] = $dummyEvent;
        $dateTime = CalendarDateTime::create(array('StartDate' => strtotime('+1 week'), 'AllDay' => 1, 'EventID' => $dummyEvent->ID));
        $dateTime->write();
        $files = FileListingPage::create(array('Title' => 'File Listing', 'ParentID' => $site->ID));
        $files->write();
        $toPublish[] = $files;
        $news = MediaHolder::create(array('Title' => 'News', 'MediaTypeID' => 3, 'ParentID' => $site->ID));
        $news->write();
        $toPublish[] = $news;
        $text = <<<WORDS
\t\t\t<p>Oh no! Pull a sickie, this epic cuzzie is as rip-off as a snarky morepork. Mean while, in behind the 
\t\t\t\tbicycle shed, Lomu and The Hungery Caterpilar were up to no good with a bunch of cool jelly tip icecreams. 
\t\t\t\t\tThe flat stick force of his chundering was on par with Rangi's solid rimu chilly bin. Put the jug on 
\t\t\twill you bro, all these hard yakka utes can wait till later. The first prize for frying up goes to... 
\t\t\t\t\t\t\tsome uni student and his wicked wet blanket, what a egg. Bro, giant wekas are really tip-top good
\t\twith dodgy fellas, aye. You have no idea how nuclear-free our bung kiwis were aye. Every time</p><p>
\t\t\t\t\t\tI see those carked it wifebeater singlets it's like Castle Hill all over again aye, pissed 
\t\t\t\t\t\t\t\t\t\tas a rat. Anyway, Uncle Bully is just Mr Whippy in disguise, to find the true meaning of 
\t\t\t\t\t\t\t\t\t\t\tlife, one must start whale watching with the box of fluffies, mate. After the trotie
\t\t\t\t\t\t\t\t\t\t\t\tis jumped the ditch, you add all the heaps good whitebait fritters to 
\t\t\t\t\t\t\t\t\t\t\t\t\tthe paua you've got yourself a meal.</p><p>Technology has allowed
\t\t\t\t\t\t\t\t\t\t\t\t\t\tmint pukekos to participate in the global conversation of
\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tchoice keas. The next Generation of pearler dole bludgers have already packed a sad over at the beach. What's the hurry The Topp Twins? There's plenty of twink sticks in that one episode of Tux Wonder Dogs, you know the one bro. The sausage sizzle holds the most sweet as community in the country.. A Taniwha was playing rugby when the random reffing the game event occured. Those bloody Jaffa's, this outrageously awesome seabed is as tapu as a naff bloke. Pavalova is definitely not Australian, you don't know his story, bro. Mean while, in the sleepout, Jim Hickey and Sir Edmond Hillary were up to no good with a bunch of beautiful whanaus. The stuffed force of his cruising for a brusing was on par with James Cook's pretty suss pikelet. Put the jug on will you bro, all these buzzy stubbiess can wait till later.</p><p>The first prize for preparing the hungi goes to... Bazza and his rough as guts pohutukawa, what a sad guy. Bro, Monopoly money, from the New Zealand version with Queen Street and stuff are really hard case good with stink girl guide biscuits, aye. You have no idea how thermo-nuclear our sweet as mates were aye. Every time I see those fully sick packets of Wheetbix it's like Mt Cook all over again aye, see you right. Anyway, Mrs Falani is just Jonah Lomu in disguise, to find the true meaning of life, one must start rooting with the milk, mate. After the native vegetable is munted, you add all the beached as pieces of pounamu to the cheese on toast you've got yourself a meal. Technology has allowed primo kumaras to participate in the global conversation of sweet  gumboots. The next Generation of beaut manuses have already cooked over at Pack n' Save. What's the hurry Manus Morissette? There's plenty of onion dips in West Auckland. The tinny house holds the most same same but different community in the country.. Helen Clarke was packing a sad when the pretty suss whinging event occured. Eh, this stoked hongi is as cracker as a kiwi as chick.</p><p>Mean while, in the pub, Hercules Morse, as big as a horse and James and the Giant Peach were up to no good with a bunch of paru pinapple lumps. The bloody force of his wobbling was on par with Dr Ropata's crook lamington. Put the jug on will you bro, all these mean as foreshore and seabed issues can wait till later. The first prize for rooting goes to... Maui and his good as L&amp;P, what a hottie. Bro, marmite shortages are really shithouse good with hammered toasted sandwiches, aye. You have no idea how chocka full our chronic Bell Birds were aye. Every time I see those rip-off rugby balls it's like smoko time all over again aye, cook your own eggs Jake. Anyway, Cardigan Bay is just Spot, the Telecom dog in disguise, to find the true meaning of life, one must start pashing with the mince pie, mate.</p>
\t\t\t
WORDS;
        $story = MediaPage::create(array('Title' => 'Sample news item', 'Content' => $text, 'ParentID' => $news->ID));
        $story->write();
        $toPublish[] = $story;
        $group->write();
        $this->o("Created All Members group");
        $member = Member::create(array('FirstName' => 'Anon', 'Surname' => 'Ymous', 'Email' => '*****@*****.**'));
        $member->write();
        $member->Groups()->add($group);
        $site->Theme = 'ssau-minimalist';
        $site->LoggedInGroups()->add($group);
        $site->write();
        $this->o("Configured Site object");
        foreach ($toPublish as $item) {
            if (!is_object($item)) {
                print_r($item);
                continue;
            }
            $item->doPublish();
        }
        $this->o("Published everything");
        $message = <<<MSG
Your community system has been succesfully installed! Some things you might be interested in doing from this point are...

* Replying to this post! 
* Customising your dashboard
* Uploading some files and images to browse in the [file listing](file-listing)
* Create some events
* Add some RSS feeds to your Announcements dashlet (use the wrench to configure it!)
MSG;
        singleton('MicroBlogService')->createPost(null, $message, 'Installed!', 0, null, array('logged_in' => 1));
        Restrictable::set_enabled(true);
    }