/** * Update the permission set associated with $record DataObject * * @param DataObjectInterface $record */ public function saveInto(DataObjectInterface $record) { $fieldname = $this->name; $managedClass = $this->managedClass; // Remove all "privileged" permissions if the currently logged-in user is not an admin $privilegedPermissions = Permission::config()->privileged_permissions; if (!Permission::check('ADMIN')) { foreach ($this->value as $id => $bool) { if (in_array($id, $privilegedPermissions)) { unset($this->value[$id]); } } } // remove all permissions and re-add them afterwards $permissions = $record->{$fieldname}(); foreach ($permissions as $permission) { $permission->delete(); } if ($fieldname && $record && ($record->hasManyComponent($fieldname) || $record->manyManyComponent($fieldname))) { if (!$record->ID) { $record->write(); } // We need a record ID to write permissions $idList = array(); if ($this->value) { foreach ($this->value as $id => $bool) { if ($bool) { $perm = new $managedClass(); $perm->{$this->filterField} = $record->ID; $perm->Code = $id; $perm->write(); } } } } }