/** * Relax the access permissions, so anyone who has access to any CMS subsite can access this controller. */ public function canView($member = null) { if (parent::canView()) { return true; } if (Subsite::all_accessible_sites()->count() > 0) { return true; } return false; }
/** * Does the parent permission checks, but also * makes sure that instantiatable subclasses of * {@link Report} exist. By default, the CMS doesn't * include any Reports, so there's no point in showing * * @param Member $member * @return boolean */ function canView($member = null) { if(!$member && $member !== FALSE) $member = Member::currentUser(); if(!parent::canView($member)) return false; $hasViewableSubclasses = false; foreach($this->Reports() as $report) { if($report->canView($member)) return true; } return false; }
function canView() { if (self::$trusted_envs && !in_array(Director::get_environment_type(), self::$trusted_envs)) { return false; } if (self::$trusted_ips && !in_array($_SERVER['REMOTE_ADDR'], self::$trusted_ips)) { return false; } if (!self::$activated) { return false; } return parent::canView(); }
/** * Does the parent permission checks, but also * makes sure that instantiatable subclasses of * {@link Report} exist. By default, the CMS doesn't * include any Reports, so there's no point in showing * * @param Member $member * @return boolean */ public function canView($member = null) { if (!$member && $member !== FALSE) { $member = Member::currentUser(); } if (!parent::canView($member)) { return false; } if ($this->reportObject) { return $this->reportObject->canView($member); } foreach ($this->Reports() as $report) { if ($report->canView($member)) { return true; } } return false; }
/** * Does the parent permission checks, but also * makes sure that instantiatable subclasses of * {@link Report} exist. By default, the CMS doesn't * include any Reports, so there's no point in showing * * @param Member $member * @return boolean */ function canView($member = null) { if(!$member && $member !== FALSE) { $member = Member::currentUser(); } if(!parent::canView($member)) return false; $hasViewableSubclasses = false; $subClasses = array_values(ClassInfo::subclassesFor('SSReport')); foreach($subClasses as $subclass) { // Remove abstract classes and LeftAndMain $classReflection = new ReflectionClass($subclass); if($classReflection->isInstantiable() && $subclass != 'SSReport') { if(singleton($subclass)->canView()) $hasViewableSubclasses = true; } } return $hasViewableSubclasses; }
function testAlternateAccessCheck() { $admin = $this->objFromFixture("Member", "admin"); $this->loginAs($admin); $ids = array(); $subsite1 = $this->objFromFixture('Subsite', 'domaintest1'); $subsite2 = $this->objFromFixture('Subsite', 'domaintest2'); $subsite3 = $this->objFromFixture('Subsite', 'domaintest3'); $ids[] = $subsite1->ID; $ids[] = $subsite2->ID; $ids[] = $subsite3->ID; $ids[] = 0; foreach ($ids as $id) { Subsite::changeSubsite($id); //switch to main site (subsite ID zero) $left = new LeftAndMain(); $this->assertTrue($left->canView(), "Admin user can view subsites LeftAndMain with id = '{$id}'"); $this->assertEquals($id, Subsite::currentSubsiteID(), "The current subsite has not been changed in the process of checking permissions for admin user."); } }
function testAccessChecksDontChangeCurrentSubsite() { $admin = $this->objFromFixture("Member", "admin"); $this->loginAs($admin); $ids = array(); $subsite1 = $this->objFromFixture('Subsite', 'domaintest1'); $subsite2 = $this->objFromFixture('Subsite', 'domaintest2'); $subsite3 = $this->objFromFixture('Subsite', 'domaintest3'); $ids[] = $subsite1->ID; $ids[] = $subsite2->ID; $ids[] = $subsite3->ID; $ids[] = 0; // Enable session-based subsite tracking. Subsite::$use_session_subsiteid = true; foreach ($ids as $id) { Subsite::changeSubsite($id); $this->assertEquals($id, Subsite::currentSubsiteID()); $left = new LeftAndMain(); $this->assertTrue($left->canView(), "Admin user can view subsites LeftAndMain with id = '{$id}'"); $this->assertEquals($id, Subsite::currentSubsiteID(), "The current subsite has not been changed in the process of checking permissions for admin user."); } }
/** * @param null $member * @return bool|int */ public function canView($member = null) { if (!$member && $member !== false) { $member = Member::currentUser(); } $codes = array(); $extraCodes = $this->stat('required_permission_codes'); if ($extraCodes !== false) { // allow explicit FALSE to disable subclass check if ($extraCodes) { $codes = array_merge($codes, (array) $extraCodes); } else { $codes[] = "CMS_ACCESS_{$this->class}"; } } foreach ($codes as $code) { if (!Permission::checkMember($member, $code)) { return false; } } return parent::canView($member); }