silverstripe /
silverstripe-framework
| Total Complexity | 86 |
| Total Lines | 624 |
| Duplicated Lines | 0 % |
| Changes | 4 | ||
| Bugs | 0 | Features | 1 |
Complex classes like Group often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Group, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 54 | class Group extends DataObject |
||
| 55 | { |
||
| 56 | |||
| 57 | private static $db = array( |
||
| 58 | "Title" => "Varchar(255)", |
||
| 59 | "Description" => "Text", |
||
| 60 | "Code" => "Varchar(255)", |
||
| 61 | "Locked" => "Boolean", |
||
| 62 | "Sort" => "Int", |
||
| 63 | "HtmlEditorConfig" => "Text" |
||
| 64 | ); |
||
| 65 | |||
| 66 | private static $has_one = array( |
||
| 67 | "Parent" => Group::class, |
||
| 68 | ); |
||
| 69 | |||
| 70 | private static $has_many = array( |
||
| 71 | "Permissions" => Permission::class, |
||
| 72 | "Groups" => Group::class, |
||
| 73 | ); |
||
| 74 | |||
| 75 | private static $many_many = array( |
||
| 76 | "Members" => Member::class, |
||
| 77 | "Roles" => PermissionRole::class, |
||
| 78 | ); |
||
| 79 | |||
| 80 | private static $extensions = array( |
||
| 81 | Hierarchy::class, |
||
| 82 | ); |
||
| 83 | |||
| 84 | private static $table_name = "Group"; |
||
| 85 | |||
| 86 | public function getAllChildren() |
||
| 98 | } |
||
| 99 | |||
| 100 | private function getDecodedBreadcrumbs() |
||
| 101 | { |
||
| 102 | $list = Group::get()->exclude('ID', $this->ID); |
||
| 103 | $groups = ArrayList::create(); |
||
| 104 | foreach ($list as $group) { |
||
| 105 | $groups->push(['ID' => $group->ID, 'Title' => $group->getBreadcrumbs(' » ')]); |
||
| 106 | } |
||
| 107 | return $groups; |
||
| 108 | } |
||
| 109 | |||
| 110 | /** |
||
| 111 | * Caution: Only call on instances, not through a singleton. |
||
| 112 | * The "root group" fields will be created through {@link SecurityAdmin->EditForm()}. |
||
| 113 | * |
||
| 114 | * @skipUpgrade |
||
| 115 | * @return FieldList |
||
| 116 | */ |
||
| 117 | public function getCMSFields() |
||
| 280 | } |
||
| 281 | |||
| 282 | /** |
||
| 283 | * @param bool $includerelations Indicate if the labels returned include relation fields |
||
| 284 | * @return array |
||
| 285 | * @skipUpgrade |
||
| 286 | */ |
||
| 287 | public function fieldLabels($includerelations = true) |
||
| 288 | { |
||
| 289 | $labels = parent::fieldLabels($includerelations); |
||
| 290 | $labels['Title'] = _t(__CLASS__ . '.GROUPNAME', 'Group name'); |
||
| 291 | $labels['Description'] = _t('SilverStripe\\Security\\Group.Description', 'Description'); |
||
| 292 | $labels['Code'] = _t('SilverStripe\\Security\\Group.Code', 'Group Code', 'Programmatical code identifying a group'); |
||
| 293 | $labels['Locked'] = _t('SilverStripe\\Security\\Group.Locked', 'Locked?', 'Group is locked in the security administration area'); |
||
| 294 | $labels['Sort'] = _t('SilverStripe\\Security\\Group.Sort', 'Sort Order'); |
||
| 295 | if ($includerelations) { |
||
| 296 | $labels['Parent'] = _t('SilverStripe\\Security\\Group.Parent', 'Parent Group', 'One group has one parent group'); |
||
| 297 | $labels['Permissions'] = _t('SilverStripe\\Security\\Group.has_many_Permissions', 'Permissions', 'One group has many permissions'); |
||
| 298 | $labels['Members'] = _t('SilverStripe\\Security\\Group.many_many_Members', 'Members', 'One group has many members'); |
||
| 299 | } |
||
| 300 | |||
| 301 | return $labels; |
||
| 302 | } |
||
| 303 | |||
| 304 | /** |
||
| 305 | * Get many-many relation to {@link Member}, |
||
| 306 | * including all members which are "inherited" from children groups of this record. |
||
| 307 | * See {@link DirectMembers()} for retrieving members without any inheritance. |
||
| 308 | * |
||
| 309 | * @param string $filter |
||
| 310 | * @return ManyManyList |
||
| 311 | */ |
||
| 312 | public function Members($filter = '') |
||
| 313 | { |
||
| 314 | // First get direct members as a base result |
||
| 315 | $result = $this->DirectMembers(); |
||
| 316 | |||
| 317 | // Unsaved group cannot have child groups because its ID is still 0. |
||
| 318 | if (!$this->exists()) { |
||
| 319 | return $result; |
||
| 320 | } |
||
| 321 | |||
| 322 | // Remove the default foreign key filter in prep for re-applying a filter containing all children groups. |
||
| 323 | // Filters are conjunctive in DataQuery by default, so this filter would otherwise overrule any less specific |
||
| 324 | // ones. |
||
| 325 | if (!($result instanceof UnsavedRelationList)) { |
||
| 326 | $result = $result->alterDataQuery(function ($query) { |
||
| 327 | /** @var DataQuery $query */ |
||
| 328 | $query->removeFilterOn('Group_Members'); |
||
| 329 | }); |
||
| 330 | } |
||
| 331 | |||
| 332 | // Now set all children groups as a new foreign key |
||
| 333 | $familyIDs = $this->collateFamilyIDs(); |
||
| 334 | $result = $result->forForeignID($familyIDs); |
||
| 335 | |||
| 336 | return $result->where($filter); |
||
| 337 | } |
||
| 338 | |||
| 339 | /** |
||
| 340 | * Return only the members directly added to this group |
||
| 341 | */ |
||
| 342 | public function DirectMembers() |
||
| 343 | { |
||
| 344 | return $this->getManyManyComponents('Members'); |
||
| 345 | } |
||
| 346 | |||
| 347 | /** |
||
| 348 | * Return a set of this record's "family" of IDs - the IDs of |
||
| 349 | * this record and all its descendants. |
||
| 350 | * |
||
| 351 | * @return array |
||
| 352 | */ |
||
| 353 | public function collateFamilyIDs() |
||
| 354 | { |
||
| 355 | if (!$this->exists()) { |
||
| 356 | throw new \InvalidArgumentException("Cannot call collateFamilyIDs on unsaved Group."); |
||
| 357 | } |
||
| 358 | |||
| 359 | $familyIDs = array(); |
||
| 360 | $chunkToAdd = array($this->ID); |
||
| 361 | |||
| 362 | while ($chunkToAdd) { |
||
| 363 | $familyIDs = array_merge($familyIDs, $chunkToAdd); |
||
| 364 | |||
| 365 | // Get the children of *all* the groups identified in the previous chunk. |
||
| 366 | // This minimises the number of SQL queries necessary |
||
| 367 | $chunkToAdd = Group::get()->filter("ParentID", $chunkToAdd)->column('ID'); |
||
| 368 | } |
||
| 369 | |||
| 370 | return $familyIDs; |
||
| 371 | } |
||
| 372 | |||
| 373 | /** |
||
| 374 | * Returns an array of the IDs of this group and all its parents |
||
| 375 | * |
||
| 376 | * @return array |
||
| 377 | */ |
||
| 378 | public function collateAncestorIDs() |
||
| 379 | { |
||
| 380 | $parent = $this; |
||
| 381 | $items = []; |
||
| 382 | while ($parent instanceof Group) { |
||
| 383 | $items[] = $parent->ID; |
||
| 384 | $parent = $parent->getParent(); |
||
| 385 | } |
||
| 386 | return $items; |
||
| 387 | } |
||
| 388 | |||
| 389 | /** |
||
| 390 | * Check if the group is a child of the given group or any parent groups |
||
| 391 | * |
||
| 392 | * @param string|int|Group $group Group instance, Group Code or ID |
||
| 393 | * @return bool Returns TRUE if the Group is a child of the given group, otherwise FALSE |
||
| 394 | */ |
||
| 395 | public function inGroup($group) |
||
| 396 | { |
||
| 397 | return in_array($this->identifierToGroupID($group), $this->collateAncestorIDs()); |
||
| 398 | } |
||
| 399 | |||
| 400 | /** |
||
| 401 | * Check if the group is a child of the given groups or any parent groups |
||
| 402 | * |
||
| 403 | * @param (string|int|Group)[] $groups |
||
| 404 | * @param bool $requireAll set to TRUE if must be in ALL groups, or FALSE if must be in ANY |
||
| 405 | * @return bool Returns TRUE if the Group is a child of any of the given groups, otherwise FALSE |
||
| 406 | */ |
||
| 407 | public function inGroups($groups, $requireAll = false) |
||
| 408 | { |
||
| 409 | $ancestorIDs = $this->collateAncestorIDs(); |
||
| 410 | $candidateIDs = []; |
||
| 411 | foreach ($groups as $group) { |
||
| 412 | $groupID = $this->identifierToGroupID($group); |
||
| 413 | if ($groupID) { |
||
| 414 | $candidateIDs[] = $groupID; |
||
| 415 | } elseif ($requireAll) { |
||
| 416 | return false; |
||
| 417 | } |
||
| 418 | } |
||
| 419 | if (empty($candidateIDs)) { |
||
| 420 | return false; |
||
| 421 | } |
||
| 422 | $matches = array_intersect($candidateIDs, $ancestorIDs); |
||
| 423 | if ($requireAll) { |
||
| 424 | return count($candidateIDs) === count($matches); |
||
| 425 | } |
||
| 426 | return !empty($matches); |
||
| 427 | } |
||
| 428 | |||
| 429 | /** |
||
| 430 | * Turn a string|int|Group into a GroupID |
||
| 431 | * |
||
| 432 | * @param string|int|Group $groupID Group instance, Group Code or ID |
||
| 433 | * @return int|null the Group ID or NULL if not found |
||
| 434 | */ |
||
| 435 | protected function identifierToGroupID($groupID) |
||
| 436 | { |
||
| 437 | if (is_numeric($groupID) && Group::get()->byID($groupID)) { |
||
| 438 | return $groupID; |
||
| 439 | } elseif (is_string($groupID) && $groupByCode = Group::get()->filter(['Code' => $groupID])->first()) { |
||
| 440 | return $groupByCode->ID; |
||
| 441 | } elseif ($groupID instanceof Group && $groupID->exists()) { |
||
| 442 | return $groupID->ID; |
||
| 443 | } |
||
| 444 | return null; |
||
| 445 | } |
||
| 446 | |||
| 447 | /** |
||
| 448 | * This isn't a descendant of SiteTree, but needs this in case |
||
| 449 | * the group is "reorganised"; |
||
| 450 | */ |
||
| 451 | public function cmsCleanup_parentChanged() |
||
| 452 | { |
||
| 453 | } |
||
| 454 | |||
| 455 | /** |
||
| 456 | * Override this so groups are ordered in the CMS |
||
| 457 | */ |
||
| 458 | public function stageChildren() |
||
| 459 | { |
||
| 460 | return Group::get() |
||
| 461 | ->filter("ParentID", $this->ID) |
||
| 462 | ->exclude("ID", $this->ID) |
||
| 463 | ->sort('"Sort"'); |
||
| 464 | } |
||
| 465 | |||
| 466 | /** |
||
| 467 | * @return string |
||
| 468 | */ |
||
| 469 | public function getTreeTitle() |
||
| 470 | { |
||
| 471 | $title = htmlspecialchars($this->Title, ENT_QUOTES); |
||
| 472 | $this->extend('updateTreeTitle', $title); |
||
| 473 | return $title; |
||
| 474 | } |
||
| 475 | |||
| 476 | /** |
||
| 477 | * Overloaded to ensure the code is always descent. |
||
| 478 | * |
||
| 479 | * @param string |
||
| 480 | */ |
||
| 481 | public function setCode($val) |
||
| 482 | { |
||
| 483 | $this->setField("Code", Convert::raw2url($val)); |
||
| 484 | } |
||
| 485 | |||
| 486 | public function validate() |
||
| 487 | { |
||
| 488 | $result = parent::validate(); |
||
| 489 | |||
| 490 | // Check if the new group hierarchy would add certain "privileged permissions", |
||
| 491 | // and require an admin to perform this change in case it does. |
||
| 492 | // This prevents "sub-admin" users with group editing permissions to increase their privileges. |
||
| 493 | if ($this->Parent()->exists() && !Permission::check('ADMIN')) { |
||
| 494 | $inheritedCodes = Permission::get() |
||
| 495 | ->filter('GroupID', $this->Parent()->collateAncestorIDs()) |
||
| 496 | ->column('Code'); |
||
| 497 | $privilegedCodes = Permission::config()->get('privileged_permissions'); |
||
| 498 | if (array_intersect($inheritedCodes, $privilegedCodes)) { |
||
| 499 | $result->addError( |
||
| 500 | _t( |
||
| 501 | 'SilverStripe\\Security\\Group.HierarchyPermsError', |
||
| 502 | 'Can\'t assign parent group "{group}" with privileged permissions (requires ADMIN access)', |
||
| 503 | ['group' => $this->Parent()->Title] |
||
| 504 | ) |
||
| 505 | ); |
||
| 506 | } |
||
| 507 | } |
||
| 508 | |||
| 509 | return $result; |
||
| 510 | } |
||
| 511 | |||
| 512 | public function onBeforeWrite() |
||
| 513 | { |
||
| 514 | parent::onBeforeWrite(); |
||
| 515 | |||
| 516 | // Only set code property when the group has a custom title, and no code exists. |
||
| 517 | // The "Code" attribute is usually treated as a more permanent identifier than database IDs |
||
| 518 | // in custom application logic, so can't be changed after its first set. |
||
| 519 | if (!$this->Code && $this->Title != _t(__CLASS__ . '.NEWGROUP', "New Group")) { |
||
| 520 | $this->setCode($this->Title); |
||
| 521 | } |
||
| 522 | } |
||
| 523 | |||
| 524 | public function onBeforeDelete() |
||
| 536 | } |
||
| 537 | } |
||
| 538 | |||
| 539 | /** |
||
| 540 | * Checks for permission-code CMS_ACCESS_SecurityAdmin. |
||
| 541 | * If the group has ADMIN permissions, it requires the user to have ADMIN permissions as well. |
||
| 542 | * |
||
| 543 | * @param Member $member Member |
||
| 544 | * @return boolean |
||
| 545 | */ |
||
| 546 | public function canEdit($member = null) |
||
| 547 | { |
||
| 548 | if (!$member) { |
||
| 549 | $member = Security::getCurrentUser(); |
||
| 550 | } |
||
| 551 | |||
| 552 | // extended access checks |
||
| 553 | $results = $this->extend('canEdit', $member); |
||
| 554 | if ($results && is_array($results)) { |
||
| 555 | if (!min($results)) { |
||
| 556 | return false; |
||
| 557 | } |
||
| 558 | } |
||
| 559 | |||
| 560 | if (// either we have an ADMIN |
||
| 561 | (bool)Permission::checkMember($member, "ADMIN") |
||
| 562 | || ( |
||
| 563 | // or a privileged CMS user and a group without ADMIN permissions. |
||
| 564 | // without this check, a user would be able to add himself to an administrators group |
||
| 565 | // with just access to the "Security" admin interface |
||
| 566 | Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin") && |
||
| 567 | !Permission::get()->filter(array('GroupID' => $this->ID, 'Code' => 'ADMIN'))->exists() |
||
| 568 | ) |
||
| 569 | ) { |
||
| 570 | return true; |
||
| 571 | } |
||
| 572 | |||
| 573 | return false; |
||
| 574 | } |
||
| 575 | |||
| 576 | /** |
||
| 577 | * Checks for permission-code CMS_ACCESS_SecurityAdmin. |
||
| 578 | * |
||
| 579 | * @param Member $member |
||
| 580 | * @return boolean |
||
| 581 | */ |
||
| 582 | public function canView($member = null) |
||
| 583 | { |
||
| 584 | if (!$member) { |
||
| 585 | $member = Security::getCurrentUser(); |
||
| 586 | } |
||
| 587 | |||
| 588 | // extended access checks |
||
| 589 | $results = $this->extend('canView', $member); |
||
| 590 | if ($results && is_array($results)) { |
||
| 591 | if (!min($results)) { |
||
| 592 | return false; |
||
| 593 | } |
||
| 594 | } |
||
| 595 | |||
| 596 | // user needs access to CMS_ACCESS_SecurityAdmin |
||
| 597 | if (Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin")) { |
||
| 598 | return true; |
||
| 599 | } |
||
| 600 | |||
| 601 | return false; |
||
| 602 | } |
||
| 603 | |||
| 604 | public function canDelete($member = null) |
||
| 605 | { |
||
| 606 | if (!$member) { |
||
| 607 | $member = Security::getCurrentUser(); |
||
| 608 | } |
||
| 609 | |||
| 610 | // extended access checks |
||
| 611 | $results = $this->extend('canDelete', $member); |
||
| 612 | if ($results && is_array($results)) { |
||
| 613 | if (!min($results)) { |
||
| 614 | return false; |
||
| 615 | } |
||
| 616 | } |
||
| 617 | |||
| 618 | return $this->canEdit($member); |
||
| 619 | } |
||
| 620 | |||
| 621 | /** |
||
| 622 | * Returns all of the children for the CMS Tree. |
||
| 623 | * Filters to only those groups that the current user can edit |
||
| 624 | * |
||
| 625 | * @return ArrayList |
||
| 626 | */ |
||
| 627 | public function AllChildrenIncludingDeleted() |
||
| 628 | { |
||
| 629 | $children = parent::AllChildrenIncludingDeleted(); |
||
| 630 | |||
| 631 | $filteredChildren = new ArrayList(); |
||
| 632 | |||
| 633 | if ($children) { |
||
| 634 | foreach ($children as $child) { |
||
| 635 | /** @var DataObject $child */ |
||
| 636 | if ($child->canView()) { |
||
| 637 | $filteredChildren->push($child); |
||
| 638 | } |
||
| 639 | } |
||
| 640 | } |
||
| 641 | |||
| 642 | return $filteredChildren; |
||
| 643 | } |
||
| 644 | |||
| 645 | /** |
||
| 646 | * Add default records to database. |
||
| 647 | * |
||
| 648 | * This function is called whenever the database is built, after the |
||
| 649 | * database tables have all been created. |
||
| 650 | */ |
||
| 651 | public function requireDefaultRecords() |
||
| 678 | } |
||
| 679 | |||
| 680 | // Members are populated through Member->requireDefaultRecords() |
||
| 681 | } |
||
| 682 | } |
||
| 683 |
Loading history...
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"], you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths