silverstripe /
silverstripe-framework
| Total Complexity | 84 |
| Total Lines | 614 |
| Duplicated Lines | 0 % |
| Changes | 1 | ||
| Bugs | 0 | Features | 0 |
Complex classes like Group often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Group, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 54 | class Group extends DataObject |
||
| 55 | { |
||
| 56 | |||
| 57 | private static $db = array( |
||
| 58 | "Title" => "Varchar(255)", |
||
| 59 | "Description" => "Text", |
||
| 60 | "Code" => "Varchar(255)", |
||
| 61 | "Locked" => "Boolean", |
||
| 62 | "Sort" => "Int", |
||
| 63 | "HtmlEditorConfig" => "Text" |
||
| 64 | ); |
||
| 65 | |||
| 66 | private static $has_one = array( |
||
| 67 | "Parent" => Group::class, |
||
| 68 | ); |
||
| 69 | |||
| 70 | private static $has_many = array( |
||
| 71 | "Permissions" => Permission::class, |
||
| 72 | "Groups" => Group::class, |
||
| 73 | ); |
||
| 74 | |||
| 75 | private static $many_many = array( |
||
| 76 | "Members" => Member::class, |
||
| 77 | "Roles" => PermissionRole::class, |
||
| 78 | ); |
||
| 79 | |||
| 80 | private static $extensions = array( |
||
| 81 | Hierarchy::class, |
||
| 82 | ); |
||
| 83 | |||
| 84 | private static $table_name = "Group"; |
||
| 85 | |||
| 86 | public function getAllChildren() |
||
| 87 | { |
||
| 88 | $doSet = new ArrayList(); |
||
| 89 | |||
| 90 | $children = Group::get()->filter("ParentID", $this->ID); |
||
| 91 | /** @var Group $child */ |
||
| 92 | foreach ($children as $child) { |
||
| 93 | $doSet->push($child); |
||
| 94 | $doSet->merge($child->getAllChildren()); |
||
| 95 | } |
||
| 96 | |||
| 97 | return $doSet; |
||
| 98 | } |
||
| 99 | |||
| 100 | /** |
||
| 101 | * Caution: Only call on instances, not through a singleton. |
||
| 102 | * The "root group" fields will be created through {@link SecurityAdmin->EditForm()}. |
||
| 103 | * |
||
| 104 | * @skipUpgrade |
||
| 105 | * @return FieldList |
||
| 106 | */ |
||
| 107 | public function getCMSFields() |
||
| 270 | } |
||
| 271 | |||
| 272 | /** |
||
| 273 | * @param bool $includerelations Indicate if the labels returned include relation fields |
||
| 274 | * @return array |
||
| 275 | * @skipUpgrade |
||
| 276 | */ |
||
| 277 | public function fieldLabels($includerelations = true) |
||
| 278 | { |
||
| 279 | $labels = parent::fieldLabels($includerelations); |
||
| 280 | $labels['Title'] = _t(__CLASS__ . '.GROUPNAME', 'Group name'); |
||
| 281 | $labels['Description'] = _t('SilverStripe\\Security\\Group.Description', 'Description'); |
||
| 282 | $labels['Code'] = _t('SilverStripe\\Security\\Group.Code', 'Group Code', 'Programmatical code identifying a group'); |
||
| 283 | $labels['Locked'] = _t('SilverStripe\\Security\\Group.Locked', 'Locked?', 'Group is locked in the security administration area'); |
||
| 284 | $labels['Sort'] = _t('SilverStripe\\Security\\Group.Sort', 'Sort Order'); |
||
| 285 | if ($includerelations) { |
||
| 286 | $labels['Parent'] = _t('SilverStripe\\Security\\Group.Parent', 'Parent Group', 'One group has one parent group'); |
||
| 287 | $labels['Permissions'] = _t('SilverStripe\\Security\\Group.has_many_Permissions', 'Permissions', 'One group has many permissions'); |
||
| 288 | $labels['Members'] = _t('SilverStripe\\Security\\Group.many_many_Members', 'Members', 'One group has many members'); |
||
| 289 | } |
||
| 290 | |||
| 291 | return $labels; |
||
| 292 | } |
||
| 293 | |||
| 294 | /** |
||
| 295 | * Get many-many relation to {@link Member}, |
||
| 296 | * including all members which are "inherited" from children groups of this record. |
||
| 297 | * See {@link DirectMembers()} for retrieving members without any inheritance. |
||
| 298 | * |
||
| 299 | * @param string $filter |
||
| 300 | * @return ManyManyList |
||
| 301 | */ |
||
| 302 | public function Members($filter = '') |
||
| 303 | { |
||
| 304 | // First get direct members as a base result |
||
| 305 | $result = $this->DirectMembers(); |
||
| 306 | |||
| 307 | // Unsaved group cannot have child groups because its ID is still 0. |
||
| 308 | if (!$this->exists()) { |
||
| 309 | return $result; |
||
| 310 | } |
||
| 311 | |||
| 312 | // Remove the default foreign key filter in prep for re-applying a filter containing all children groups. |
||
| 313 | // Filters are conjunctive in DataQuery by default, so this filter would otherwise overrule any less specific |
||
| 314 | // ones. |
||
| 315 | if (!($result instanceof UnsavedRelationList)) { |
||
| 316 | $result = $result->alterDataQuery(function ($query) { |
||
| 317 | /** @var DataQuery $query */ |
||
| 318 | $query->removeFilterOn('Group_Members'); |
||
| 319 | }); |
||
| 320 | } |
||
| 321 | |||
| 322 | // Now set all children groups as a new foreign key |
||
| 323 | $familyIDs = $this->collateFamilyIDs(); |
||
| 324 | $result = $result->forForeignID($familyIDs); |
||
| 325 | |||
| 326 | return $result->where($filter); |
||
| 327 | } |
||
| 328 | |||
| 329 | /** |
||
| 330 | * Return only the members directly added to this group |
||
| 331 | */ |
||
| 332 | public function DirectMembers() |
||
| 333 | { |
||
| 334 | return $this->getManyManyComponents('Members'); |
||
| 335 | } |
||
| 336 | |||
| 337 | /** |
||
| 338 | * Return a set of this record's "family" of IDs - the IDs of |
||
| 339 | * this record and all its descendants. |
||
| 340 | * |
||
| 341 | * @return array |
||
| 342 | */ |
||
| 343 | public function collateFamilyIDs() |
||
| 344 | { |
||
| 345 | if (!$this->exists()) { |
||
| 346 | throw new \InvalidArgumentException("Cannot call collateFamilyIDs on unsaved Group."); |
||
| 347 | } |
||
| 348 | |||
| 349 | $familyIDs = array(); |
||
| 350 | $chunkToAdd = array($this->ID); |
||
| 351 | |||
| 352 | while ($chunkToAdd) { |
||
| 353 | $familyIDs = array_merge($familyIDs, $chunkToAdd); |
||
| 354 | |||
| 355 | // Get the children of *all* the groups identified in the previous chunk. |
||
| 356 | // This minimises the number of SQL queries necessary |
||
| 357 | $chunkToAdd = Group::get()->filter("ParentID", $chunkToAdd)->column('ID'); |
||
| 358 | } |
||
| 359 | |||
| 360 | return $familyIDs; |
||
| 361 | } |
||
| 362 | |||
| 363 | /** |
||
| 364 | * Returns an array of the IDs of this group and all its parents |
||
| 365 | * |
||
| 366 | * @return array |
||
| 367 | */ |
||
| 368 | public function collateAncestorIDs() |
||
| 369 | { |
||
| 370 | $parent = $this; |
||
| 371 | $items = []; |
||
| 372 | while ($parent instanceof Group) { |
||
| 373 | $items[] = $parent->ID; |
||
| 374 | $parent = $parent->getParent(); |
||
| 375 | } |
||
| 376 | return $items; |
||
| 377 | } |
||
| 378 | |||
| 379 | /** |
||
| 380 | * Check if the group is a child of the given group or any parent groups |
||
| 381 | * |
||
| 382 | * @param string|int|Group $group Group instance, Group Code or ID |
||
| 383 | * @return bool Returns TRUE if the Group is a child of the given group, otherwise FALSE |
||
| 384 | */ |
||
| 385 | public function inGroup($group) |
||
| 386 | { |
||
| 387 | return in_array($this->identifierToGroupID($group), $this->collateAncestorIDs()); |
||
| 388 | } |
||
| 389 | |||
| 390 | /** |
||
| 391 | * Check if the group is a child of the given groups or any parent groups |
||
| 392 | * |
||
| 393 | * @param (string|int|Group)[] $groups |
||
| 394 | * @param bool $requireAll set to TRUE if must be in ALL groups, or FALSE if must be in ANY |
||
| 395 | * @return bool Returns TRUE if the Group is a child of any of the given groups, otherwise FALSE |
||
| 396 | */ |
||
| 397 | public function inGroups($groups, $requireAll = false) |
||
| 398 | { |
||
| 399 | $ancestorIDs = $this->collateAncestorIDs(); |
||
| 400 | $candidateIDs = []; |
||
| 401 | foreach ($groups as $group) { |
||
| 402 | $groupID = $this->identifierToGroupID($group); |
||
| 403 | if ($groupID) { |
||
| 404 | $candidateIDs[] = $groupID; |
||
| 405 | } elseif ($requireAll) { |
||
| 406 | return false; |
||
| 407 | } |
||
| 408 | } |
||
| 409 | if (empty($candidateIDs)) { |
||
| 410 | return false; |
||
| 411 | } |
||
| 412 | $matches = array_intersect($candidateIDs, $ancestorIDs); |
||
| 413 | if ($requireAll) { |
||
| 414 | return count($candidateIDs) === count($matches); |
||
| 415 | } |
||
| 416 | return !empty($matches); |
||
| 417 | } |
||
| 418 | |||
| 419 | /** |
||
| 420 | * Turn a string|int|Group into a GroupID |
||
| 421 | * |
||
| 422 | * @param string|int|Group $groupID Group instance, Group Code or ID |
||
| 423 | * @return int|null the Group ID or NULL if not found |
||
| 424 | */ |
||
| 425 | protected function identifierToGroupID($groupID) |
||
| 426 | { |
||
| 427 | if (is_numeric($groupID) && Group::get()->byID($groupID)) { |
||
| 428 | return $groupID; |
||
| 429 | } elseif (is_string($groupID) && $groupByCode = Group::get()->filter(['Code' => $groupID])->first()) { |
||
| 430 | return $groupByCode->ID; |
||
| 431 | } elseif ($groupID instanceof Group && $groupID->exists()) { |
||
| 432 | return $groupID->ID; |
||
| 433 | } |
||
| 434 | return null; |
||
| 435 | } |
||
| 436 | |||
| 437 | /** |
||
| 438 | * This isn't a descendant of SiteTree, but needs this in case |
||
| 439 | * the group is "reorganised"; |
||
| 440 | */ |
||
| 441 | public function cmsCleanup_parentChanged() |
||
| 442 | { |
||
| 443 | } |
||
| 444 | |||
| 445 | /** |
||
| 446 | * Override this so groups are ordered in the CMS |
||
| 447 | */ |
||
| 448 | public function stageChildren() |
||
| 449 | { |
||
| 450 | return Group::get() |
||
| 451 | ->filter("ParentID", $this->ID) |
||
| 452 | ->exclude("ID", $this->ID) |
||
| 453 | ->sort('"Sort"'); |
||
| 454 | } |
||
| 455 | |||
| 456 | /** |
||
| 457 | * @return string |
||
| 458 | */ |
||
| 459 | public function getTreeTitle() |
||
| 460 | { |
||
| 461 | $title = htmlspecialchars($this->Title, ENT_QUOTES); |
||
| 462 | $this->extend('updateTreeTitle', $title); |
||
| 463 | return $title; |
||
| 464 | } |
||
| 465 | |||
| 466 | /** |
||
| 467 | * Overloaded to ensure the code is always descent. |
||
| 468 | * |
||
| 469 | * @param string |
||
| 470 | */ |
||
| 471 | public function setCode($val) |
||
| 472 | { |
||
| 473 | $this->setField("Code", Convert::raw2url($val)); |
||
| 474 | } |
||
| 475 | |||
| 476 | public function validate() |
||
| 477 | { |
||
| 478 | $result = parent::validate(); |
||
| 479 | |||
| 480 | // Check if the new group hierarchy would add certain "privileged permissions", |
||
| 481 | // and require an admin to perform this change in case it does. |
||
| 482 | // This prevents "sub-admin" users with group editing permissions to increase their privileges. |
||
| 483 | if ($this->Parent()->exists() && !Permission::check('ADMIN')) { |
||
| 484 | $inheritedCodes = Permission::get() |
||
| 485 | ->filter('GroupID', $this->Parent()->collateAncestorIDs()) |
||
| 486 | ->column('Code'); |
||
| 487 | $privilegedCodes = Permission::config()->get('privileged_permissions'); |
||
| 488 | if (array_intersect($inheritedCodes, $privilegedCodes)) { |
||
| 489 | $result->addError( |
||
| 490 | _t( |
||
| 491 | 'SilverStripe\\Security\\Group.HierarchyPermsError', |
||
| 492 | 'Can\'t assign parent group "{group}" with privileged permissions (requires ADMIN access)', |
||
| 493 | ['group' => $this->Parent()->Title] |
||
| 494 | ) |
||
| 495 | ); |
||
| 496 | } |
||
| 497 | } |
||
| 498 | |||
| 499 | return $result; |
||
| 500 | } |
||
| 501 | |||
| 502 | public function onBeforeWrite() |
||
| 503 | { |
||
| 504 | parent::onBeforeWrite(); |
||
| 505 | |||
| 506 | // Only set code property when the group has a custom title, and no code exists. |
||
| 507 | // The "Code" attribute is usually treated as a more permanent identifier than database IDs |
||
| 508 | // in custom application logic, so can't be changed after its first set. |
||
| 509 | if (!$this->Code && $this->Title != _t(__CLASS__ . '.NEWGROUP', "New Group")) { |
||
| 510 | $this->setCode($this->Title); |
||
| 511 | } |
||
| 512 | } |
||
| 513 | |||
| 514 | public function onBeforeDelete() |
||
| 526 | } |
||
| 527 | } |
||
| 528 | |||
| 529 | /** |
||
| 530 | * Checks for permission-code CMS_ACCESS_SecurityAdmin. |
||
| 531 | * If the group has ADMIN permissions, it requires the user to have ADMIN permissions as well. |
||
| 532 | * |
||
| 533 | * @param Member $member Member |
||
| 534 | * @return boolean |
||
| 535 | */ |
||
| 536 | public function canEdit($member = null) |
||
| 537 | { |
||
| 538 | if (!$member) { |
||
| 539 | $member = Security::getCurrentUser(); |
||
| 540 | } |
||
| 541 | |||
| 542 | // extended access checks |
||
| 543 | $results = $this->extend('canEdit', $member); |
||
| 544 | if ($results && is_array($results)) { |
||
| 545 | if (!min($results)) { |
||
| 546 | return false; |
||
| 547 | } |
||
| 548 | } |
||
| 549 | |||
| 550 | if (// either we have an ADMIN |
||
| 551 | (bool)Permission::checkMember($member, "ADMIN") |
||
| 552 | || ( |
||
| 553 | // or a privileged CMS user and a group without ADMIN permissions. |
||
| 554 | // without this check, a user would be able to add himself to an administrators group |
||
| 555 | // with just access to the "Security" admin interface |
||
| 556 | Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin") && |
||
| 557 | !Permission::get()->filter(array('GroupID' => $this->ID, 'Code' => 'ADMIN'))->exists() |
||
| 558 | ) |
||
| 559 | ) { |
||
| 560 | return true; |
||
| 561 | } |
||
| 562 | |||
| 563 | return false; |
||
| 564 | } |
||
| 565 | |||
| 566 | /** |
||
| 567 | * Checks for permission-code CMS_ACCESS_SecurityAdmin. |
||
| 568 | * |
||
| 569 | * @param Member $member |
||
| 570 | * @return boolean |
||
| 571 | */ |
||
| 572 | public function canView($member = null) |
||
| 573 | { |
||
| 574 | if (!$member) { |
||
| 575 | $member = Security::getCurrentUser(); |
||
| 576 | } |
||
| 577 | |||
| 578 | // extended access checks |
||
| 579 | $results = $this->extend('canView', $member); |
||
| 580 | if ($results && is_array($results)) { |
||
| 581 | if (!min($results)) { |
||
| 582 | return false; |
||
| 583 | } |
||
| 584 | } |
||
| 585 | |||
| 586 | // user needs access to CMS_ACCESS_SecurityAdmin |
||
| 587 | if (Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin")) { |
||
| 588 | return true; |
||
| 589 | } |
||
| 590 | |||
| 591 | return false; |
||
| 592 | } |
||
| 593 | |||
| 594 | public function canDelete($member = null) |
||
| 595 | { |
||
| 596 | if (!$member) { |
||
| 597 | $member = Security::getCurrentUser(); |
||
| 598 | } |
||
| 599 | |||
| 600 | // extended access checks |
||
| 601 | $results = $this->extend('canDelete', $member); |
||
| 602 | if ($results && is_array($results)) { |
||
| 603 | if (!min($results)) { |
||
| 604 | return false; |
||
| 605 | } |
||
| 606 | } |
||
| 607 | |||
| 608 | return $this->canEdit($member); |
||
| 609 | } |
||
| 610 | |||
| 611 | /** |
||
| 612 | * Returns all of the children for the CMS Tree. |
||
| 613 | * Filters to only those groups that the current user can edit |
||
| 614 | * |
||
| 615 | * @return ArrayList |
||
| 616 | */ |
||
| 617 | public function AllChildrenIncludingDeleted() |
||
| 618 | { |
||
| 619 | $children = parent::AllChildrenIncludingDeleted(); |
||
| 620 | |||
| 621 | $filteredChildren = new ArrayList(); |
||
| 622 | |||
| 623 | if ($children) { |
||
| 624 | foreach ($children as $child) { |
||
| 625 | /** @var DataObject $child */ |
||
| 626 | if ($child->canView()) { |
||
| 627 | $filteredChildren->push($child); |
||
| 628 | } |
||
| 629 | } |
||
| 630 | } |
||
| 631 | |||
| 632 | return $filteredChildren; |
||
| 633 | } |
||
| 634 | |||
| 635 | /** |
||
| 636 | * Add default records to database. |
||
| 637 | * |
||
| 638 | * This function is called whenever the database is built, after the |
||
| 639 | * database tables have all been created. |
||
| 640 | */ |
||
| 641 | public function requireDefaultRecords() |
||
| 668 | } |
||
| 669 | |||
| 670 | // Members are populated through Member->requireDefaultRecords() |
||
| 671 | } |
||
| 672 | } |
||
| 673 |
Loading history...
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"], you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths