public function getCMSFields() { $fields = parent::getCMSFields(); $fields->removeFieldFromTab('Root', 'Codes'); $fields->removeFieldFromTab('Root', 'Groups'); $fields->addFieldToTab('Root.Main', $permissionField = new PermissionCheckboxSetField('Codes', Permission::singleton()->i18n_plural_name(), 'SilverStripe\\Security\\PermissionRoleCode', 'RoleID')); $permissionField->setHiddenPermissions(Permission::config()->hidden_permissions); return $fields; }
public function validate() { $result = parent::validate(); // Check that new code doesn't increase privileges, unless an admin is editing. $privilegedCodes = Permission::config()->privileged_permissions; if ($this->Code && in_array($this->Code, $privilegedCodes) && !Permission::check('ADMIN')) { $result->error(sprintf(_t('PermissionRoleCode.PermsError', 'Can\'t assign code "%s" with privileged permissions (requires ADMIN access)'), $this->Code)); } return $result; }
/** * Update the permission set associated with $record DataObject * * @param DataObjectInterface $record */ public function saveInto(DataObjectInterface $record) { $fieldname = $this->name; $managedClass = $this->managedClass; // Remove all "privileged" permissions if the currently logged-in user is not an admin $privilegedPermissions = Permission::config()->privileged_permissions; if (!Permission::check('ADMIN')) { foreach ($this->value as $id => $bool) { if (in_array($id, $privilegedPermissions)) { unset($this->value[$id]); } } } // remove all permissions and re-add them afterwards $permissions = $record->{$fieldname}(); foreach ($permissions as $permission) { $permission->delete(); } $schema = DataObject::getSchema(); if ($fieldname && $record && ($schema->hasManyComponent(get_class($record), $fieldname) || $schema->manyManyComponent(get_class($record), $fieldname))) { if (!$record->ID) { $record->write(); } // We need a record ID to write permissions if ($this->value) { foreach ($this->value as $id => $bool) { if ($bool) { $perm = new $managedClass(); $perm->{$this->filterField} = $record->ID; $perm->Code = $id; $perm->write(); } } } } }