/**
* Returns a DataObjectSet of all the members that can publish pages
* on this site by default
*/
public function PublisherMembers()
{
if ($this->owner->CanPublishType == 'OnlyTheseUsers') {
$groups = $this->owner->PublisherGroups();
$members = new DataObjectSet();
if ($groups) {
foreach ($groups as $group) {
$members->merge($group->Members());
}
}
// Default to ADMINs, if something goes wrong
if (!$members->Count()) {
$group = Permission::get_groups_by_permission('ADMIN')->first();
$members = $group->Members();
}
return $members;
} else {
if ($this->owner->CanPublishType == 'LoggedInUsers') {
// We don't want to return every user in the CMS....
return Permission::get_members_by_permission('CMS_ACCESS_CMSMain');
} else {
$group = Permission::get_groups_by_permission('ADMIN')->first();
return $group->Members();
}
}
}
/**
* Returns a DataObjectSet of all the members that can publish this page
*/
public function PublisherMembers()
{
if ($this->owner->CanPublishType == 'OnlyTheseUsers') {
$groups = $this->owner->PublisherGroups();
$members = new DataObjectSet();
if ($groups) {
foreach ($groups as $group) {
$members->merge($group->Members());
}
}
// Default to ADMINs, if something goes wrong
if (!$members->Count()) {
$group = Permission::get_groups_by_permission('ADMIN')->first();
$members = $group->Members();
}
return $members;
} elseif ($this->owner->CanPublishType == 'Inherit') {
if ($this->owner->Parent()->Exists()) {
return $this->owner->Parent()->PublisherMembers();
} else {
return SiteConfig::current_site_config()->PublisherMembers();
}
} elseif ($this->owner->CanPublishType == 'LoggedInUsers') {
return Permission::get_members_by_permission('CMS_ACCESS_CMSMain');
} else {
$group = Permission::get_groups_by_permission('ADMIN')->first();
return $group->Members();
}
}
/**
* Gets a list of users in the database
* @return {array} Returns a standard response array
*/
public function getUsersList()
{
$response = CodeBank_ClientAPI::responseBase();
$members = Permission::get_members_by_permission(array('ADMIN', 'CODE_BANK_ACCESS'));
foreach ($members as $member) {
$response['data'][] = array('id' => $member->ID, 'username' => $member->Email, 'lastLogin' => $member->LastVisited);
}
return $response;
}
/**
* Ensure the the get_*_by_permission functions are permission role aware
*/
public function testGettingMembersByPermission()
{
$accessMember = $this->objFromFixture('Member', 'access');
$accessAuthor = $this->objFromFixture('Member', 'author');
$result = Permission::get_members_by_permission(array('CMS_ACCESS_SecurityAdmin'));
$resultIDs = $result ? $result->column() : array();
$this->assertContains($accessMember->ID, $resultIDs, 'Member is found via a permission attached to a role');
$this->assertNotContains($accessAuthor->ID, $resultIDs);
}
public function testDefaultAdmin()
{
$adminMembers = Permission::get_members_by_permission('ADMIN');
$this->assertEquals(0, $adminMembers->count());
$admin = Member::default_admin();
$this->assertInstanceOf('Member', $admin);
$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
$this->assertEquals($admin->Email, Security::default_admin_username());
$this->assertNull($admin->Password);
}
public function runAsAdmin($closure)
{
// TODO This is so horribly ugly - is there no better way to know that we're in dev/build for the first time?
$admins = Permission::get_members_by_permission('ADMIN')->First();
if (!$admins) {
return;
}
$admin = Security::findAnAdministrator();
return $this->run($closure, $admin);
}
function testFindAnAdministratorCreatesNewUser()
{
$adminMembers = Permission::get_members_by_permission('ADMIN');
$this->assertEquals(0, $adminMembers->count());
$admin = Security::findAnAdministrator();
$this->assertType('Member', $admin);
$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
$this->assertNull($admin->Email);
$this->assertNull($admin->Password);
}
/**
* Get members who have BLOGMANAGEMENT and ADMIN permission
*/
function blogOwners($sort = 'Name', $direction = "ASC")
{
$adminMembers = Permission::get_members_by_permission('ADMIN');
$blogOwners = Permission::get_members_by_permission('BLOGMANAGEMENT');
if (!$adminMembers) {
$adminMembers = new DataObjectSet();
}
if (!$blogOwners) {
$blogOwners = new DataObjectSet();
}
$blogOwners->merge($adminMembers);
$blogOwners->sort($sort, $direction);
$this->extend('extendBlogOwners', $blogOwners);
return $blogOwners;
}
/**
*
* @param FieldList $fields
*/
public function updateCMSFields(FieldList $fields)
{
$helpText = LiteralField::create("ContentReviewHelp", _t("ContentReview.DEFAULTSETTINGSHELP", "These content review settings will apply to all pages that does not have specific Content Review schedule."));
$fields->addFieldToTab("Root.ContentReview", $helpText);
$reviewFrequency = DropdownField::create("ReviewPeriodDays", _t("ContentReview.REVIEWFREQUENCY", "Review frequency"), SiteTreeContentReview::get_schedule())->setDescription(_t("ContentReview.REVIEWFREQUENCYDESCRIPTION", "The review date will be set to this far in the future whenever the page is published"));
$fields->addFieldToTab("Root.ContentReview", $reviewFrequency);
$users = Permission::get_members_by_permission(array("CMS_ACCESS_CMSMain", "ADMIN"));
$usersMap = $users->map("ID", "Title")->toArray();
asort($usersMap);
$userField = ListboxField::create("OwnerUsers", _t("ContentReview.PAGEOWNERUSERS", "Users"), $usersMap)->setMultiple(true)->setAttribute("data-placeholder", _t("ContentReview.ADDUSERS", "Add users"))->setDescription(_t("ContentReview.OWNERUSERSDESCRIPTION", "Page owners that are responsible for reviews"));
$fields->addFieldToTab("Root.ContentReview", $userField);
$groupsMap = array();
foreach (Group::get() as $group) {
// Listboxfield values are escaped, use ASCII char instead of »
$groupsMap[$group->ID] = $group->getBreadcrumbs(" > ");
}
asort($groupsMap);
$groupField = ListboxField::create("OwnerGroups", _t("ContentReview.PAGEOWNERGROUPS", "Groups"), $groupsMap)->setMultiple(true)->setAttribute("data-placeholder", _t("ContentReview.ADDGROUP", "Add groups"))->setDescription(_t("ContentReview.OWNERGROUPSDESCRIPTION", "Page owners that are responsible for reviews"));
$fields->addFieldToTab("Root.ContentReview", $groupField);
}
function requireDefaultRecords()
{
// Default groups should've been built by Group->requireDefaultRecords() already
// Find or create ADMIN group
$adminGroups = Permission::get_groups_by_permission('ADMIN');
if (!$adminGroups) {
singleton('Group')->requireDefaultRecords();
$adminGroups = Permission::get_groups_by_permission('ADMIN');
}
$adminGroup = $adminGroups->First();
// Add a default administrator to the first ADMIN group found (most likely the default
// group created through Group->requireDefaultRecords()).
$admins = Permission::get_members_by_permission('ADMIN');
if (!$admins) {
// Leave 'Email' and 'Password' are not set to avoid creating
// persistent logins in the database. See Security::setDefaultAdmin().
$admin = Object::create('Member');
$admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
$admin->write();
$admin->Groups()->add($adminGroup);
}
}
/**
* @param FieldList $fields
*/
public function updateCMSFields(FieldList $fields)
{
$helpText = LiteralField::create('ContentReviewHelp', _t('ContentReview.DEFAULTSETTINGSHELP', 'These content review settings will apply to all pages that does not have specific Content Review schedule.'));
$fields->addFieldToTab('Root.ContentReview', $helpText);
$reviewFrequency = DropdownField::create('ReviewPeriodDays', _t('ContentReview.REVIEWFREQUENCY', 'Review frequency'), SiteTreeContentReview::get_schedule())->setDescription(_t('ContentReview.REVIEWFREQUENCYDESCRIPTION', 'The review date will be set to this far in the future whenever the page is published'));
$fields->addFieldToTab('Root.ContentReview', $reviewFrequency);
$users = Permission::get_members_by_permission(array('CMS_ACCESS_CMSMain', 'ADMIN'));
$usersMap = $users->map('ID', 'Title')->toArray();
asort($usersMap);
$userField = ListboxField::create('OwnerUsers', _t('ContentReview.PAGEOWNERUSERS', 'Users'), $usersMap)->setMultiple(true)->setAttribute('data-placeholder', _t('ContentReview.ADDUSERS', 'Add users'))->setDescription(_t('ContentReview.OWNERUSERSDESCRIPTION', 'Page owners that are responsible for reviews'));
$fields->addFieldToTab('Root.ContentReview', $userField);
$groupsMap = array();
foreach (Group::get() as $group) {
// Listboxfield values are escaped, use ASCII char instead of »
$groupsMap[$group->ID] = $group->getBreadcrumbs(' > ');
}
asort($groupsMap);
$groupField = ListboxField::create('OwnerGroups', _t('ContentReview.PAGEOWNERGROUPS', 'Groups'), $groupsMap)->setMultiple(true)->setAttribute('data-placeholder', _t('ContentReview.ADDGROUP', 'Add groups'))->setDescription(_t('ContentReview.OWNERGROUPSDESCRIPTION', 'Page owners that are responsible for reviews'));
$fields->addFieldToTab('Root.ContentReview', $groupField);
$FirstReviewDaysBefore = NumericField::create('FirstReviewDaysBefore', _t('ContentReview.FIRSTREVIEWDAYSBEFORE', 'First review reminder # days before final review'));
$SecondReviewDaysBefore = NumericField::create('SecondReviewDaysBefore', _t('ContentReview.SECONDREVIEWDAYSBEFORE', 'Second review reminder # days before final review'));
// Email content
$fields->addFieldsToTab('Root.ContentReview', array(TextField::create('ReviewFrom', _t('ContentReview.EMAILFROM', 'From email address'))->setRightTitle(_t('Review.EMAILFROM_RIGHTTITLE', 'e.g: do-not-reply@site.com')), $FirstReviewDaysBefore, $SecondReviewDaysBefore, TextField::create('ReviewReminderEmail', 'Review reminder email address')->setRightTitle('e.g: review.reminders@site.com'), TextField::create('ReviewSubjectReminder', _t('ContentReview.EMAILSUBJECTREMINDER', 'Subject line - reminder')), TextField::create('ReviewSubject', _t('ContentReview.EMAILSUBJECT', 'Subject line - Review due')), TextAreaField::create('ReviewBodyFirstReminder', _t('ContentReview.EMAILTEMPLATEFIRSTREMINDER', 'Email body - First reminder')), TextAreaField::create('ReviewBodySecondReminder', _t('ContentReview.EMAILTEMPLATESECONDREMINDER', 'Email body - Second reminder')), TextAreaField::create('ReviewBody', _t('ContentReview.EMAILTEMPLATE', 'Email body - Review due')), LiteralField::create('TemplateHelp', $this->owner->renderWith('ContentReviewAdminHelp'))));
}
/**
* We create / get a valid session by a defined accesstoken
*/
static function find_admin_session_by_accesstoken($token)
{
$session = self::find_by_accesstoken($token);
if (!$session) {
if (!(strlen(trim($token)) > 6)) {
return user_error('admin authtoken must be at least 6 chars long');
}
$session = AuthSession::create(array("UID" => $token));
$session->write();
}
if (!$session->Member() || !$session->Member()->inGroup('ADMIN')) {
// we need to attach an admin user to session to fulfill a valid session datao object with admin privileges
$admin = Permission::get_members_by_permission('ADMIN')->First();
$session->Member = $admin;
$session->MemberID = $admin->ID;
$session->write();
}
if (!$session->isValid()) {
// renew session
$session->setValidInMinutesFromNow(302400);
$session->write();
}
return $session;
}
/**
* Gets the list of user candidates to be assigned to assist with this blog.
*
* @return SS_List
*/
protected function getCandidateUsers()
{
if ($this->config()->grant_user_access) {
$list = Member::get();
$this->extend('updateCandidateUsers', $list);
return $list;
} else {
return Permission::get_members_by_permission($this->config()->grant_user_permission);
}
}
/**
* Return an existing member with administrator privileges, or create one of necessary.
*
* Will create a default 'Administrators' group if no group is found
* with an ADMIN permission. Will create a new 'Admin' member with administrative permissions
* if no existing Member with these permissions is found.
*
* Important: Any newly created administrator accounts will NOT have valid
* login credentials (Email/Password properties), which means they can't be used for login
* purposes outside of any default credentials set through {@link Security::setDefaultAdmin()}.
*
* @return Member
*/
public static function findAnAdministrator()
{
// coupling to subsites module
$origSubsite = null;
if (is_callable('Subsite::changeSubsite')) {
$origSubsite = Subsite::currentSubsiteID();
Subsite::changeSubsite(0);
}
$member = null;
// find a group with ADMIN permission
$adminGroup = DataObject::get('Group')->where(array('"Permission"."Code"' => 'ADMIN'))->sort('"Group"."ID"')->innerJoin("Permission", '"Group"."ID" = "Permission"."GroupID"')->First();
if (is_callable('Subsite::changeSubsite')) {
Subsite::changeSubsite($origSubsite);
}
if ($adminGroup) {
$member = $adminGroup->Members()->First();
}
if (!$adminGroup) {
singleton('Group')->requireDefaultRecords();
}
if (!$member) {
singleton('Member')->requireDefaultRecords();
$member = Permission::get_members_by_permission('ADMIN')->First();
}
return $member;
}
/**
* Return an existing member with administrator privileges, or create one of necessary.
*
* Will create a default 'Administrators' group if no group is found
* with an ADMIN permission. Will create a new 'Admin' member with administrative permissions
* if no existing Member with these permissions is found.
*
* Important: Any newly created administrator accounts will NOT have valid
* login credentials (Email/Password properties), which means they can't be used for login
* purposes outside of any default credentials set through {@link Security::setDefaultAdmin()}.
*
* @return Member
*/
public static function findAnAdministrator()
{
// coupling to subsites module
$origSubsite = null;
if (is_callable('Subsite::changeSubsite')) {
$origSubsite = Subsite::currentSubsiteID();
Subsite::changeSubsite(0);
}
$member = null;
// find a group with ADMIN permission
$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
if (is_callable('Subsite::changeSubsite')) {
Subsite::changeSubsite($origSubsite);
}
if ($adminGroup) {
$member = $adminGroup->Members()->First();
}
if (!$adminGroup) {
singleton('Group')->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
}
if (!$member) {
singleton('Member')->requireDefaultRecords();
$member = Permission::get_members_by_permission('ADMIN')->First();
}
if (!$member) {
$member = Member::default_admin();
}
if (!$member) {
// Failover to a blank admin
$member = Member::create();
$member->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
$member->write();
// Add member to group instead of adding group to member
// This bypasses the privilege escallation code in Member_GroupSet
$adminGroup->DirectMembers()->add($member);
}
return $member;
}
/**
* Return an existing member with administrator privileges, or create one of necessary.
*
* Will create a default 'Administrators' group if no group is found
* with an ADMIN permission. Will create a new 'Admin' member with administrative permissions
* if no existing Member with these permissions is found.
*
* Important: Any newly created administrator accounts will NOT have valid
* login credentials (Email/Password properties), which means they can't be used for login
* purposes outside of any default credentials set through {@link Security::setDefaultAdmin()}.
*
* @return Member
*/
static function findAnAdministrator()
{
// coupling to subsites module
$origSubsite = null;
if (is_callable('Subsite::changeSubsite')) {
$origSubsite = Subsite::currentSubsiteID();
Subsite::changeSubsite(0);
}
$member = null;
// find a group with ADMIN permission
$adminGroup = DataObject::get('Group', "\"Permission\".\"Code\" = 'ADMIN'", "\"Group\".\"ID\"", "JOIN \"Permission\" ON \"Group\".\"ID\"=\"Permission\".\"GroupID\"", '1')->First();
if (is_callable('Subsite::changeSubsite')) {
Subsite::changeSubsite($origSubsite);
}
if ($adminGroup) {
$member = $adminGroup->Members()->First();
}
if (!$adminGroup) {
singleton('Group')->requireDefaultRecords();
}
if (!$member) {
singleton('Member')->requireDefaultRecords();
$member = Permission::get_members_by_permission('ADMIN')->First();
}
return $member;
}
/**
* Gets the list of user candidates to be assigned to assist with this blog.
*
* @return SS_List
*/
protected function getCandidateUsers()
{
if ($this->config()->grant_user_access) {
return Member::get();
} else {
return Permission::get_members_by_permission($this->config()->grant_user_permission);
}
}
/**
* @param FieldList $fields
*/
public function updateSettingsFields(FieldList $fields)
{
Requirements::javascript("contentreview/javascript/contentreview.js");
// Display read-only version only
if (!Permission::check("EDIT_CONTENT_REVIEW_FIELDS")) {
$schedule = self::get_schedule();
$contentOwners = ReadonlyField::create("ROContentOwners", _t("ContentReview.CONTENTOWNERS", "Content Owners"), $this->getOwnerNames());
$nextReviewAt = DateField::create('RONextReviewDate', _t("ContentReview.NEXTREVIEWDATE", "Next review date"), $this->owner->NextReviewDate);
if (!isset($schedule[$this->owner->ReviewPeriodDays])) {
$reviewFreq = ReadonlyField::create("ROReviewPeriodDays", _t("ContentReview.REVIEWFREQUENCY", "Review frequency"), $schedule[0]);
} else {
$reviewFreq = ReadonlyField::create("ROReviewPeriodDays", _t("ContentReview.REVIEWFREQUENCY", "Review frequency"), $schedule[$this->owner->ReviewPeriodDays]);
}
$logConfig = GridFieldConfig::create()->addComponent(new GridFieldSortableHeader())->addComponent($logColumns = new GridFieldDataColumns());
// Cast the value to the users preferred date format
$logColumns->setFieldCasting(array("Created" => "DateTimeField->value"));
$logs = GridField::create("ROReviewNotes", "Review Notes", $this->owner->ReviewLogs(), $logConfig);
$optionsFrom = ReadonlyField::create("ROType", _t("ContentReview.SETTINGSFROM", "Options are"), $this->owner->ContentReviewType);
$fields->addFieldsToTab("Root.ContentReview", array($contentOwners, $nextReviewAt->performReadonlyTransformation(), $reviewFreq, $optionsFrom, $logs));
return;
}
$options = array();
$options["Disabled"] = _t("ContentReview.DISABLE", "Disable content review");
$options["Inherit"] = _t("ContentReview.INHERIT", "Inherit from parent page");
$options["Custom"] = _t("ContentReview.CUSTOM", "Custom settings");
$viewersOptionsField = OptionsetField::create("ContentReviewType", _t("ContentReview.OPTIONS", "Options"), $options);
$users = Permission::get_members_by_permission(array("CMS_ACCESS_CMSMain", "ADMIN"));
$usersMap = $users->map("ID", "Title")->toArray();
asort($usersMap);
$userField = ListboxField::create("OwnerUsers", _t("ContentReview.PAGEOWNERUSERS", "Users"), $usersMap)->setMultiple(true)->setAttribute("data-placeholder", _t("ContentReview.ADDUSERS", "Add users"))->setDescription(_t('ContentReview.OWNERUSERSDESCRIPTION', 'Page owners that are responsible for reviews'));
$groupsMap = array();
foreach (Group::get() as $group) {
$groupsMap[$group->ID] = $group->getBreadcrumbs(" > ");
}
asort($groupsMap);
$groupField = ListboxField::create("OwnerGroups", _t("ContentReview.PAGEOWNERGROUPS", "Groups"), $groupsMap)->setMultiple(true)->setAttribute("data-placeholder", _t("ContentReview.ADDGROUP", "Add groups"))->setDescription(_t("ContentReview.OWNERGROUPSDESCRIPTION", "Page owners that are responsible for reviews"));
$reviewDate = DateField::create("NextReviewDate", _t("ContentReview.NEXTREVIEWDATE", "Next review date"))->setConfig("showcalendar", true)->setConfig("dateformat", "yyyy-MM-dd")->setConfig("datavalueformat", "yyyy-MM-dd")->setDescription(_t("ContentReview.NEXTREVIEWDATADESCRIPTION", "Leave blank for no review"));
$reviewFrequency = DropdownField::create("ReviewPeriodDays", _t("ContentReview.REVIEWFREQUENCY", "Review frequency"), self::get_schedule())->setDescription(_t("ContentReview.REVIEWFREQUENCYDESCRIPTION", "The review date will be set to this far in the future whenever the page is published"));
$notesField = GridField::create("ReviewNotes", "Review Notes", $this->owner->ReviewLogs(), GridFieldConfig_RecordEditor::create());
$fields->addFieldsToTab("Root.ContentReview", array(new HeaderField(_t("ContentReview.REVIEWHEADER", "Content review"), 2), $viewersOptionsField, CompositeField::create($userField, $groupField, $reviewDate, $reviewFrequency)->addExtraClass("custom-settings"), ReadonlyField::create("ROContentOwners", _t("ContentReview.CONTENTOWNERS", "Content Owners"), $this->getOwnerNames()), ReadonlyField::create("RONextReviewDate", _t("ContentReview.NEXTREVIEWDATE", "Next review date"), $this->owner->NextReviewDate), $notesField));
}
/**
* A controller action that handles the application of a dashboard configuration to all members
*
* @param SS_HTTPRequest The current request
* @return SS_HTTPResponse
*/
public function applytoall(SS_HTTPRequest $r)
{
$members = Permission::get_members_by_permission("CMS_ACCESS_Dashboard");
foreach ($members as $member) {
if ($member->ID == Member::currentUserID()) {
continue;
}
$member->DashboardPanels()->removeAll();
foreach (Member::currentUser()->DashboardPanels() as $panel) {
$clone = $panel->duplicate();
$clone->MemberID = $member->ID;
$clone->write();
}
}
return new SS_HTTPResponse(_t('Dashboard.APPLYTOALLSUCCESS', 'Success! This dashboard configuration has been applied to all members who have dashboard access.'));
}
