public function testPermissionsForMember() { $member = $this->objFromFixture('Member', 'access'); $permissions = Permission::permissions_for_member($member->ID); $this->assertEquals(4, count($permissions)); $this->assertTrue(in_array('CMS_ACCESS_MyAdmin', $permissions)); $this->assertTrue(in_array('CMS_ACCESS_AssetAdmin', $permissions)); $this->assertTrue(in_array('CMS_ACCESS_SecurityAdmin', $permissions)); $this->assertTrue(in_array('EDIT_PERMISSIONS', $permissions)); $group = $this->objFromFixture("Group", "access"); Permission::deny($group->ID, "CMS_ACCESS_MyAdmin"); $permissions = Permission::permissions_for_member($member->ID); $this->assertEquals(3, count($permissions)); $this->assertFalse(in_array('CMS_ACCESS_MyAdmin', $permissions)); }
public function init() { if (!Controller::has_curr()) { return; } /* @var $ctrl Controller */ $ctrl = Controller::curr(); /* @ var $req SS_HTTPRequest */ $req = $ctrl->getRequest(); // Otherwise it will get excluded if it does not have access to all subsites... if (class_exists('Subsite')) { Subsite::$disable_subsite_filter = true; } $base = AdminRootController::config()->url_base; $defaultPanel = AdminRootController::config()->default_panel; $currentSegment = $req->getURL(); // We will fail if we are redirected to a panel without the proper permission if (($currentSegment == $base || $currentSegment == $base . '/pages') && $defaultPanel == 'CMSPagesController' && !Permission::check('CMS_ACCESS_CMSMain')) { // Instead, let's redirect to something we can access if (Permission::check('CMS_ACCESS')) { $member = Member::currentUser(); $permissions = Permission::permissions_for_member($member->ID); foreach ($permissions as $permission) { if (strpos($permission, 'CMS_ACCESS_') === 0) { $class = str_replace('CMS_ACCESS_', '', $permission); $segment = Config::inst()->get($class, 'url_segment'); $url = Director::absoluteBaseURL() . $base . '/' . $segment; header('Location:' . $url); exit; } } } } if (class_exists('Subsite')) { Subsite::$disable_subsite_filter = false; } }
/** * Builds a comma separated list of human-readbale permissions for a given Member. * * @return string */ public function getPermissionsDescription() { if (class_exists('Subsite')) { Subsite::disable_subsite_filter(true); } $permissionsUsr = Permission::permissions_for_member($this->owner->ID); $permissionsSrc = Permission::get_codes(true); sort($permissionsUsr); $permissionNames = array(); foreach ($permissionsUsr as $code) { $code = strtoupper($code); foreach ($permissionsSrc as $k => $v) { if (isset($v[$code])) { $name = empty($v[$code]['name']) ? _t('MemberReportExtension.UNKNOWN', 'Unknown') : $v[$code]['name']; $permissionNames[] = $name; } } } $result = $permissionNames ? implode(', ', $permissionNames) : _t('MemberReportExtension.NOPERMISSIONS', 'No Permissions'); if (class_exists('Subsite')) { Subsite::disable_subsite_filter(false); } return $result; }