/**
* Add subsites-specific fields to the folder editor.
*/
public function updateCMSFields(FieldList $fields)
{
$ctrl = null;
if (Controller::has_curr()) {
$ctrl = Controller::curr();
}
if (!$ctrl) {
return;
}
// This fixes fields showing up for no reason in the list view (not moved to Details tab)
if ($ctrl->getAction() !== 'EditForm') {
return;
}
if ($this->owner instanceof Folder) {
// Allow to move folders from one site to another
$sites = Subsite::accessible_sites('CMS_ACCESS_AssetAdmin');
$values = array();
$values[0] = _t('FileSubsites.AllSitesDropdownOpt', 'All sites');
foreach ($sites as $site) {
$values[$site->ID] = $site->Title;
}
ksort($values);
if ($sites) {
//Dropdown needed to move folders between subsites
$dropdown = new DropdownField('SubsiteID', _t('FileSubsites.SubsiteFieldLabel', 'Subsite'), $values);
$dropdown->addExtraClass('subsites-move-dropdown');
$fields->push($dropdown);
}
// On main site, allow showing this folder in subsite
if ($this->owner->SubsiteID == 0 && !Subsite::currentSubsiteID()) {
$fields->push(new CheckboxField('ShowInSubsites', _t('SubsiteFileExtension.ShowInSubsites', 'Show in subsites')));
}
}
}
function getCMSFields()
{
$subsites = Subsite::accessible_sites("CMS_ACCESS_CMSMain");
if (!$subsites) {
$subsites = new DataObjectSet();
}
if (Subsite::hasMainSitePermission(null, array("CMS_ACCESS_CMSMain"))) {
$subsites->push(new ArrayData(array('Title' => 'Main site', "\"ID\"" => 0)));
}
if ($subsites->Count()) {
$subsiteSelectionField = new DropdownField("CopyContentFromID_SubsiteID", "Subsite", $subsites->toDropdownMap('ID', 'Title'), $this->CopyContentFromID ? $this->CopyContentFrom()->SubsiteID : Session::get('SubsiteID'));
}
// Setup the linking to the original page.
$pageSelectionField = new SubsitesTreeDropdownField("RelatedPageID", _t('VirtualPage.CHOOSE', "Choose a page to link to"), "SiteTree", "ID", "MenuTitle");
if (isset($_GET['RelatedPageID_SubsiteID'])) {
$pageSelectionField->setSubsiteID($_GET['RelatedPageID_SubsiteID']);
}
$pageSelectionField->setFilterFunction(create_function('$item', 'return $item->ClassName != "VirtualPage";'));
if ($subsites->Count()) {
$fields = new FieldSet($subsiteSelectionField, $pageSelectionField);
} else {
$fields = new FieldSet($pageSelectionField);
}
return $fields;
}
/**
* Test Subsite::accessible_sites()
*/
function testAccessibleSites()
{
$member1Sites = Subsite::accessible_sites("CMS_ACCESS_CMSMain", false, null, $this->objFromFixture('Member', 'subsite1member'));
$member1SiteTitles = $member1Sites->column("Title");
sort($member1SiteTitles);
$this->assertEquals(array('Subsite1 Template'), $member1SiteTitles);
$adminSites = Subsite::accessible_sites("CMS_ACCESS_CMSMain", false, null, $this->objFromFixture('Member', 'admin'));
$adminSiteTitles = $adminSites->column("Title");
sort($adminSiteTitles);
$this->assertEquals(array('Subsite1 Template', 'Subsite2 Template', 'Template', 'Test 1', 'Test 2', 'Test 3'), $adminSiteTitles);
}
function beforeQuery($params)
{
// The user has select a few specific sites
if (!empty($params['Subsites'])) {
Subsite::$force_subsite = $params['Subsites'];
// Default: restrict to all accessible sites
} else {
$subsites = Subsite::accessible_sites('CMS_ACCESS_CMSMain');
$options = $subsites->toDropdownMap('ID', 'Title');
Subsite::$force_subsite = join(',', array_keys($options));
}
}
/**
* Add subsites-specific fields to the folder editor.
*/
function updateCMSFields(FieldSet &$fields)
{
if ($this->owner instanceof Folder) {
$sites = Subsite::accessible_sites('CMS_ACCESS_AssetAdmin');
$dropdownValues = $sites ? $sites->toDropdownMap() : array();
$dropdownValues[0] = 'All sites';
ksort($dropdownValues);
if ($sites) {
$fields->addFieldToTab('Root.Details', new DropdownField("SubsiteID", "Subsite", $dropdownValues));
}
}
}
/**
* Find all subsites accessible for current user on this controller.
*
* @return ArrayList of {@link Subsite} instances.
*/
function sectionSites($includeMainSite = true, $mainSiteTitle = "Main site", $member = null)
{
if ($mainSiteTitle == 'Main site') {
$mainSiteTitle = _t('Subsites.MainSiteTitle', 'Main site');
}
// Rationalise member arguments
if (!$member) {
$member = Member::currentUser();
}
if (!$member) {
return new ArrayList();
}
if (!is_object($member)) {
$member = DataObject::get_by_id('Member', $member);
}
// Collect permissions - honour the LeftAndMain::required_permission_codes, current model requires
// us to check if the user satisfies ALL permissions. Code partly copied from LeftAndMain::canView.
$codes = array();
$extraCodes = Config::inst()->get($this->owner->class, 'required_permission_codes');
if ($extraCodes !== false) {
if ($extraCodes) {
$codes = array_merge($codes, (array) $extraCodes);
} else {
$codes[] = "CMS_ACCESS_{$this->owner->class}";
}
} else {
// Check overriden - all subsites accessible.
return Subsite::all_sites();
}
// Find subsites satisfying all permissions for the Member.
$codesPerSite = array();
$sitesArray = array();
foreach ($codes as $code) {
$sites = Subsite::accessible_sites($code, $includeMainSite, $mainSiteTitle, $member);
foreach ($sites as $site) {
// Build the structure for checking how many codes match.
$codesPerSite[$site->ID][$code] = true;
// Retain Subsite objects for later.
$sitesArray[$site->ID] = $site;
}
}
// Find sites that satisfy all codes conjuncitvely.
$accessibleSites = new ArrayList();
foreach ($codesPerSite as $siteID => $siteCodes) {
if (count($siteCodes) == count($codes)) {
$accessibleSites->push($sitesArray[$siteID]);
}
}
return $accessibleSites;
}
/**
* Add subsites-specific fields to the folder editor.
*/
function updateCMSFields(FieldList $fields)
{
if ($this->owner instanceof Folder) {
$sites = Subsite::accessible_sites('CMS_ACCESS_AssetAdmin');
$values = array();
$values[0] = _t('FileSubsites.AllSitesDropdownOpt', 'All sites');
foreach ($sites as $site) {
$values[$site->ID] = $site->Title;
}
ksort($values);
if ($sites) {
//Dropdown needed to move folders between subsites
$dropdown = new DropdownField('SubsiteID', _t('FileSubsites.SubsiteFieldLabel', 'Subsite'), $values);
$dropdown->addExtraClass('subsites-move-dropdown');
$fields->push($dropdown);
$fields->push(new LiteralField('Message', '<p class="message notice">' . _t('ASSETADMIN.SUBSITENOTICE', 'Folders and files created in the main site are accessible by all subsites.') . '</p>'));
}
}
}
/**
* Only allow editing of a page if the member satisfies one of the following conditions:
* - Is in a group which has access to the subsite this page belongs to
* - Is in a group with edit permissions on the "main site"
*
* @return boolean
*/
public function canEdit($member = null)
{
if (Subsite::$disable_subsite_filter) {
return;
}
if (!$member) {
$member = Member::currentUser();
}
// Find the sites that this user has access to
$goodSites = Subsite::accessible_sites('CMS_ACCESS_CMSMain', $member)->column('ID');
if (!is_null($this->owner->SubsiteID)) {
$subsiteID = $this->owner->SubsiteID;
} else {
// The relationships might not be available during the record creation when using a GridField.
// In this case the related objects will have empty fields, and SubsiteID will not be available.
//
// We do the second best: fetch the likely SubsiteID from the session. The drawback is this might
// make it possible to force relations to point to other (forbidden) subsites.
$subsiteID = Subsite::currentSubsiteID();
}
// Return true if they have access to this object's site
if (!(in_array(0, $goodSites) || in_array($subsiteID, $goodSites))) {
return false;
}
}
function alternateCanEdit()
{
// Find the sites that this group belongs to and the sites where we have appropriate perm.
$accessibleSites = Subsite::accessible_sites('CMS_ACCESS_SecurityAdmin')->column('ID');
$linkedSites = $this->owner->Subsites()->column('ID');
// We are allowed to access this site if at we have CMS_ACCESS_SecurityAdmin permission on
// at least one of the sites
return (bool) array_intersect($accessibleSites, $linkedSites);
}
/**
* Alternative security checker for LeftAndMain.
* If security isn't found, then it will switch to a subsite where we do have access.
*/
public function alternateAccessCheck()
{
$className = $this->owner->class;
// Switch to the subsite of the current page
if ($this->owner->class == 'CMSMain' && ($currentPage = $this->owner->currentPage())) {
if (Subsite::currentSubsiteID() != $currentPage->SubsiteID) {
Subsite::changeSubsite($currentPage->SubsiteID);
}
}
// Switch to a subsite that this user can actually access.
$member = Member::currentUser();
if ($member && $member->isAdmin()) {
return true;
}
//admin can access all subsites
$sites = Subsite::accessible_sites("CMS_ACCESS_{$this->owner->class}")->toDropdownMap();
if ($sites && !isset($sites[Subsite::currentSubsiteID()])) {
$siteIDs = array_keys($sites);
Subsite::changeSubsite($siteIDs[0]);
return true;
}
// Switch to a different top-level menu item
$menu = CMSMenu::get_menu_items();
foreach ($menu as $candidate) {
if ($candidate->controller != $this->owner->class) {
$sites = Subsite::accessible_sites("CMS_ACCESS_{$candidate->controller}")->toDropdownMap();
if ($sites && !isset($sites[Subsite::currentSubsiteID()])) {
$siteIDs = array_keys($sites);
Subsite::changeSubsite($siteIDs[0]);
$cClass = $candidate->controller;
$cObj = new $cClass();
Director::redirect($cObj->Link());
return null;
}
}
}
// If all of those fail, you really don't have access to the CMS
return null;
}
/**
* Only allow editing of a page if the member satisfies one of the following conditions:
* - Is in a group which has access to the subsite this page belongs to
* - Is in a group with edit permissions on the "main site"
*
* @return boolean
*/
function canEdit($member = null)
{
if (!$member) {
$member = Member::currentUser();
}
// Find the sites that this user has access to
$goodSites = Subsite::accessible_sites('CMS_ACCESS_CMSMain', true, 'all', $member)->column('ID');
// Return true if they have access to this object's site
if (!(in_array(0, $goodSites) || in_array($this->owner->SubsiteID, $goodSites))) {
return false;
}
}
/**
* Only allow editing of a page if the member satisfies one of the following conditions:
* - Is in a group which has access to the subsite this page belongs to
* - Is in a group with edit permissions on the "main site"
*
* @return boolean
*/
public function canEdit($member = null)
{
// If no subsite ID is defined, let dataobject determine the permission
if (!$this->owner->SubsiteID || !Subsite::currentSubsiteID()) {
return null;
}
if (!is_null($this->owner->SubsiteID)) {
$subsiteID = $this->owner->SubsiteID;
} else {
// The relationships might not be available during the record creation when using a GridField.
// In this case the related objects will have empty fields, and SubsiteID will not be available.
//
// We do the second best: fetch the likely SubsiteID from the session. The drawback is this might
// make it possible to force relations to point to other (forbidden) subsites.
$subsiteID = Subsite::currentSubsiteID();
}
// If no subsite ID is defined, let dataobject determine the permission
if (!$subsiteID) {
return null;
}
if (!$member) {
$member = Member::currentUser();
}
// Find the sites that this user has access to
if ($member->ID == Member::currentUserID()) {
$goodSites = self::accessible_sites_ids();
} else {
$goodSites = Subsite::accessible_sites(self::accessiblePermissions(), true, 'all', $member)->column('ID');
}
// Return true if they have access to this object's site
if (!(in_array(0, $goodSites) || in_array($subsiteID, $goodSites))) {
return false;
}
return true;
}
/**
* Only allow editing of a page if the member satisfies one of the following conditions:
* - Is in a group which has access to the subsite this page belongs to
* - Is in a group with edit permissions on the "main site"
*
* @return boolean
*/
public function canEdit($member = null)
{
// If no subsite ID is defined, let dataobject determine the permission
if (!$this->owner->SubsiteList || !Subsite::currentSubsiteID()) {
return null;
}
if ($this->owner->SubsiteList) {
$subsiteIDs = $this->listSubsiteIDs();
} else {
// The relationships might not be available during the record creation when using a GridField.
// In this case the related objects will have empty fields, and SubsiteID will not be available.
//
// We do the second best: fetch the likely SubsiteID from the session. The drawback is this might
// make it possible to force relations to point to other (forbidden) subsites.
$subsiteIDs = array(Subsite::currentSubsiteID());
}
if (!$member) {
$member = Member::currentUser();
}
// Find the sites that this user has access to
if ($member->ID == Member::currentUserID()) {
$goodSites = SubsiteDataObject::accessible_sites_ids();
} else {
$goodSites = Subsite::accessible_sites('CMS_ACCESS_CMSMain', true, 'all', $member)->column('ID');
}
// Return true if they have access to this object's site
if (in_array(0, $goodSites)) {
return true;
//if you can edit main site, you can edit subsite
}
foreach ($subsiteIDs as $id) {
if (in_array($id, $goodSites)) {
return true;
}
}
return false;
}
/**
* Describes the subsites this user has SITETREE_EDIT_ALL access to
*
* @return string
*/
public function getSubsiteDescription()
{
$subsites = Subsite::accessible_sites($this->owner->config()->subsite_description_permission, true, "Main site", $this->owner);
return implode(', ', $subsites->column('Title'));
}
