silverstripe /
silverstripe-framework
| Total Complexity | 90 |
| Total Lines | 669 |
| Duplicated Lines | 0 % |
| Changes | 0 | ||
Complex classes like Group often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Group, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 56 | class Group extends DataObject |
||
| 57 | { |
||
| 58 | |||
| 59 | private static $db = [ |
||
| 60 | "Title" => "Varchar(255)", |
||
| 61 | "Description" => "Text", |
||
| 62 | "Code" => "Varchar(255)", |
||
| 63 | "Locked" => "Boolean", |
||
| 64 | "Sort" => "Int", |
||
| 65 | "HtmlEditorConfig" => "Text" |
||
| 66 | ]; |
||
| 67 | |||
| 68 | private static $has_one = [ |
||
| 69 | "Parent" => Group::class, |
||
| 70 | ]; |
||
| 71 | |||
| 72 | private static $has_many = [ |
||
| 73 | "Permissions" => Permission::class, |
||
| 74 | "Groups" => Group::class, |
||
| 75 | ]; |
||
| 76 | |||
| 77 | private static $many_many = [ |
||
| 78 | "Members" => Member::class, |
||
| 79 | "Roles" => PermissionRole::class, |
||
| 80 | ]; |
||
| 81 | |||
| 82 | private static $extensions = [ |
||
| 83 | Hierarchy::class, |
||
| 84 | ]; |
||
| 85 | |||
| 86 | private static $table_name = "Group"; |
||
| 87 | |||
| 88 | public function getAllChildren() |
||
| 89 | { |
||
| 90 | $doSet = new ArrayList(); |
||
| 91 | |||
| 92 | $children = Group::get()->filter("ParentID", $this->ID); |
||
| 93 | /** @var Group $child */ |
||
| 94 | foreach ($children as $child) { |
||
| 95 | $doSet->push($child); |
||
| 96 | $doSet->merge($child->getAllChildren()); |
||
| 97 | } |
||
| 98 | |||
| 99 | return $doSet; |
||
| 100 | } |
||
| 101 | |||
| 102 | private function getDecodedBreadcrumbs() |
||
| 103 | { |
||
| 104 | $list = Group::get()->exclude('ID', $this->ID); |
||
| 105 | $groups = ArrayList::create(); |
||
| 106 | foreach ($list as $group) { |
||
| 107 | $groups->push(['ID' => $group->ID, 'Title' => $group->getBreadcrumbs(' » ')]); |
||
| 108 | } |
||
| 109 | return $groups; |
||
| 110 | } |
||
| 111 | |||
| 112 | /** |
||
| 113 | * Caution: Only call on instances, not through a singleton. |
||
| 114 | * The "root group" fields will be created through {@link SecurityAdmin->EditForm()}. |
||
| 115 | * |
||
| 116 | * @skipUpgrade |
||
| 117 | * @return FieldList |
||
| 118 | */ |
||
| 119 | public function getCMSFields() |
||
| 282 | } |
||
| 283 | |||
| 284 | /** |
||
| 285 | * @param bool $includerelations Indicate if the labels returned include relation fields |
||
| 286 | * @return array |
||
| 287 | * @skipUpgrade |
||
| 288 | */ |
||
| 289 | public function fieldLabels($includerelations = true) |
||
| 290 | { |
||
| 291 | $labels = parent::fieldLabels($includerelations); |
||
| 292 | $labels['Title'] = _t(__CLASS__ . '.GROUPNAME', 'Group name'); |
||
| 293 | $labels['Description'] = _t('SilverStripe\\Security\\Group.Description', 'Description'); |
||
| 294 | $labels['Code'] = _t('SilverStripe\\Security\\Group.Code', 'Group Code', 'Programmatical code identifying a group'); |
||
| 295 | $labels['Locked'] = _t('SilverStripe\\Security\\Group.Locked', 'Locked?', 'Group is locked in the security administration area'); |
||
| 296 | $labels['Sort'] = _t('SilverStripe\\Security\\Group.Sort', 'Sort Order'); |
||
| 297 | if ($includerelations) { |
||
| 298 | $labels['Parent'] = _t('SilverStripe\\Security\\Group.Parent', 'Parent Group', 'One group has one parent group'); |
||
| 299 | $labels['Permissions'] = _t('SilverStripe\\Security\\Group.has_many_Permissions', 'Permissions', 'One group has many permissions'); |
||
| 300 | $labels['Members'] = _t('SilverStripe\\Security\\Group.many_many_Members', 'Members', 'One group has many members'); |
||
| 301 | } |
||
| 302 | |||
| 303 | return $labels; |
||
| 304 | } |
||
| 305 | |||
| 306 | /** |
||
| 307 | * Get many-many relation to {@link Member}, |
||
| 308 | * including all members which are "inherited" from children groups of this record. |
||
| 309 | * See {@link DirectMembers()} for retrieving members without any inheritance. |
||
| 310 | * |
||
| 311 | * @param string $filter |
||
| 312 | * @return ManyManyList |
||
| 313 | */ |
||
| 314 | public function Members($filter = '') |
||
| 315 | { |
||
| 316 | // First get direct members as a base result |
||
| 317 | $result = $this->DirectMembers(); |
||
| 318 | |||
| 319 | // Unsaved group cannot have child groups because its ID is still 0. |
||
| 320 | if (!$this->exists()) { |
||
| 321 | return $result; |
||
| 322 | } |
||
| 323 | |||
| 324 | // Remove the default foreign key filter in prep for re-applying a filter containing all children groups. |
||
| 325 | // Filters are conjunctive in DataQuery by default, so this filter would otherwise overrule any less specific |
||
| 326 | // ones. |
||
| 327 | if (!($result instanceof UnsavedRelationList)) { |
||
| 328 | $result = $result->alterDataQuery(function ($query) { |
||
| 329 | /** @var DataQuery $query */ |
||
| 330 | $query->removeFilterOn('Group_Members'); |
||
| 331 | }); |
||
| 332 | } |
||
| 333 | |||
| 334 | // Now set all children groups as a new foreign key |
||
| 335 | $familyIDs = $this->collateFamilyIDs(); |
||
| 336 | $result = $result->forForeignID($familyIDs); |
||
| 337 | |||
| 338 | return $result->where($filter); |
||
| 339 | } |
||
| 340 | |||
| 341 | /** |
||
| 342 | * Return only the members directly added to this group |
||
| 343 | */ |
||
| 344 | public function DirectMembers() |
||
| 345 | { |
||
| 346 | return $this->getManyManyComponents('Members'); |
||
| 347 | } |
||
| 348 | |||
| 349 | /** |
||
| 350 | * Return a set of this record's "family" of IDs - the IDs of |
||
| 351 | * this record and all its descendants. |
||
| 352 | * |
||
| 353 | * @return array |
||
| 354 | */ |
||
| 355 | public function collateFamilyIDs() |
||
| 356 | { |
||
| 357 | if (!$this->exists()) { |
||
| 358 | throw new \InvalidArgumentException("Cannot call collateFamilyIDs on unsaved Group."); |
||
| 359 | } |
||
| 360 | |||
| 361 | $familyIDs = []; |
||
| 362 | $chunkToAdd = [$this->ID]; |
||
| 363 | |||
| 364 | while ($chunkToAdd) { |
||
| 365 | $familyIDs = array_merge($familyIDs, $chunkToAdd); |
||
| 366 | |||
| 367 | // Get the children of *all* the groups identified in the previous chunk. |
||
| 368 | // This minimises the number of SQL queries necessary |
||
| 369 | $chunkToAdd = Group::get()->filter("ParentID", $chunkToAdd)->column('ID'); |
||
| 370 | } |
||
| 371 | |||
| 372 | return $familyIDs; |
||
| 373 | } |
||
| 374 | |||
| 375 | /** |
||
| 376 | * Returns an array of the IDs of this group and all its parents |
||
| 377 | * |
||
| 378 | * @return array |
||
| 379 | */ |
||
| 380 | public function collateAncestorIDs() |
||
| 381 | { |
||
| 382 | $parent = $this; |
||
| 383 | $items = []; |
||
| 384 | while ($parent instanceof Group) { |
||
| 385 | $items[] = $parent->ID; |
||
| 386 | $parent = $parent->getParent(); |
||
| 387 | } |
||
| 388 | return $items; |
||
| 389 | } |
||
| 390 | |||
| 391 | /** |
||
| 392 | * Check if the group is a child of the given group or any parent groups |
||
| 393 | * |
||
| 394 | * @param string|int|Group $group Group instance, Group Code or ID |
||
| 395 | * @return bool Returns TRUE if the Group is a child of the given group, otherwise FALSE |
||
| 396 | */ |
||
| 397 | public function inGroup($group) |
||
| 398 | { |
||
| 399 | return in_array($this->identifierToGroupID($group), $this->collateAncestorIDs()); |
||
| 400 | } |
||
| 401 | |||
| 402 | /** |
||
| 403 | * Check if the group is a child of the given groups or any parent groups |
||
| 404 | * |
||
| 405 | * @param (string|int|Group)[] $groups |
||
| 406 | * @param bool $requireAll set to TRUE if must be in ALL groups, or FALSE if must be in ANY |
||
| 407 | * @return bool Returns TRUE if the Group is a child of any of the given groups, otherwise FALSE |
||
| 408 | */ |
||
| 409 | public function inGroups($groups, $requireAll = false) |
||
| 429 | } |
||
| 430 | |||
| 431 | /** |
||
| 432 | * Turn a string|int|Group into a GroupID |
||
| 433 | * |
||
| 434 | * @param string|int|Group $groupID Group instance, Group Code or ID |
||
| 435 | * @return int|null the Group ID or NULL if not found |
||
| 436 | */ |
||
| 437 | protected function identifierToGroupID($groupID) |
||
| 438 | { |
||
| 439 | if (is_numeric($groupID) && Group::get()->byID($groupID)) { |
||
| 440 | return $groupID; |
||
| 441 | } elseif (is_string($groupID) && $groupByCode = Group::get()->filter(['Code' => $groupID])->first()) { |
||
| 442 | return $groupByCode->ID; |
||
| 443 | } elseif ($groupID instanceof Group && $groupID->exists()) { |
||
| 444 | return $groupID->ID; |
||
| 445 | } |
||
| 446 | return null; |
||
| 447 | } |
||
| 448 | |||
| 449 | /** |
||
| 450 | * This isn't a descendant of SiteTree, but needs this in case |
||
| 451 | * the group is "reorganised"; |
||
| 452 | */ |
||
| 453 | public function cmsCleanup_parentChanged() |
||
| 454 | { |
||
| 455 | } |
||
| 456 | |||
| 457 | /** |
||
| 458 | * Override this so groups are ordered in the CMS |
||
| 459 | */ |
||
| 460 | public function stageChildren() |
||
| 466 | } |
||
| 467 | |||
| 468 | /** |
||
| 469 | * @return string |
||
| 470 | */ |
||
| 471 | public function getTreeTitle() |
||
| 476 | } |
||
| 477 | |||
| 478 | /** |
||
| 479 | * Overloaded to ensure the code is always descent. |
||
| 480 | * |
||
| 481 | * @param string $val |
||
| 482 | */ |
||
| 483 | public function setCode($val) |
||
| 484 | { |
||
| 485 | $currentGroups = Group::get() |
||
| 486 | ->map('Code', 'Title') |
||
| 487 | ->toArray(); |
||
| 488 | $code = Convert::raw2url($val); |
||
| 489 | $count = 2; |
||
| 490 | while (isset($currentGroups[$code])) { |
||
| 491 | $code = Convert::raw2url($val . '-' . $count); |
||
| 492 | $count++; |
||
| 493 | } |
||
| 494 | $this->setField("Code", $code); |
||
| 495 | } |
||
| 496 | |||
| 497 | public function validate() |
||
| 498 | { |
||
| 499 | $result = parent::validate(); |
||
| 500 | |||
| 501 | // Check if the new group hierarchy would add certain "privileged permissions", |
||
| 502 | // and require an admin to perform this change in case it does. |
||
| 503 | // This prevents "sub-admin" users with group editing permissions to increase their privileges. |
||
| 504 | if ($this->Parent()->exists() && !Permission::check('ADMIN')) { |
||
| 505 | $inheritedCodes = Permission::get() |
||
| 506 | ->filter('GroupID', $this->Parent()->collateAncestorIDs()) |
||
| 507 | ->column('Code'); |
||
| 508 | $privilegedCodes = Permission::config()->get('privileged_permissions'); |
||
| 509 | if (array_intersect($inheritedCodes, $privilegedCodes)) { |
||
| 510 | $result->addError( |
||
| 511 | _t( |
||
| 512 | 'SilverStripe\\Security\\Group.HierarchyPermsError', |
||
| 513 | 'Can\'t assign parent group "{group}" with privileged permissions (requires ADMIN access)', |
||
| 514 | ['group' => $this->Parent()->Title] |
||
| 515 | ) |
||
| 516 | ); |
||
| 517 | } |
||
| 518 | } |
||
| 519 | |||
| 520 | $currentGroups = Group::get() |
||
| 521 | ->filter('ID:not', $this->ID) |
||
| 522 | ->map('Code', 'Title') |
||
| 523 | ->toArray(); |
||
| 524 | |||
| 525 | if (isset($currentGroups[$this->Code])) { |
||
| 526 | $result->addError( |
||
| 527 | _t( |
||
| 528 | 'SilverStripe\\Security\\Group.ValidationIdentifierAlreadyExists', |
||
| 529 | 'A Group ({group}) already exists with the same {identifier}', |
||
| 530 | ['group' => $this->Code, 'identifier' => 'Code'] |
||
| 531 | ) |
||
| 532 | ); |
||
| 533 | } |
||
| 534 | |||
| 535 | if (in_array($this->Title, $currentGroups)) { |
||
| 536 | $result->addError( |
||
| 537 | _t( |
||
| 538 | 'SilverStripe\\Security\\Group.ValidationIdentifierAlreadyExists', |
||
| 539 | 'A Group ({group}) already exists with the same {identifier}', |
||
| 540 | ['group' => $this->Title, 'identifier' => 'Title'] |
||
| 541 | ) |
||
| 542 | ); |
||
| 543 | } |
||
| 544 | |||
| 545 | return $result; |
||
| 546 | } |
||
| 547 | |||
| 548 | public function getCMSCompositeValidator(): CompositeValidator |
||
| 549 | { |
||
| 550 | $validator = parent::getCMSCompositeValidator(); |
||
| 551 | |||
| 552 | $validator->addValidator(RequiredFields::create([ |
||
| 553 | 'Title' |
||
| 554 | ])); |
||
| 555 | |||
| 556 | return $validator; |
||
| 557 | } |
||
| 558 | |||
| 559 | public function onBeforeWrite() |
||
| 560 | { |
||
| 561 | parent::onBeforeWrite(); |
||
| 562 | |||
| 563 | // Only set code property when the group has a custom title, and no code exists. |
||
| 564 | // The "Code" attribute is usually treated as a more permanent identifier than database IDs |
||
| 565 | // in custom application logic, so can't be changed after its first set. |
||
| 566 | if (!$this->Code && $this->Title != _t(__CLASS__ . '.NEWGROUP', "New Group")) { |
||
| 567 | $this->setCode($this->Title); |
||
| 568 | } |
||
| 569 | } |
||
| 570 | |||
| 571 | public function onBeforeDelete() |
||
| 583 | } |
||
| 584 | } |
||
| 585 | |||
| 586 | /** |
||
| 587 | * Checks for permission-code CMS_ACCESS_SecurityAdmin. |
||
| 588 | * If the group has ADMIN permissions, it requires the user to have ADMIN permissions as well. |
||
| 589 | * |
||
| 590 | * @param Member $member Member |
||
| 591 | * @return boolean |
||
| 592 | */ |
||
| 593 | public function canEdit($member = null) |
||
| 594 | { |
||
| 595 | if (!$member) { |
||
| 596 | $member = Security::getCurrentUser(); |
||
| 597 | } |
||
| 598 | |||
| 599 | // extended access checks |
||
| 600 | $results = $this->extend('canEdit', $member); |
||
| 601 | if ($results && is_array($results)) { |
||
| 602 | if (!min($results)) { |
||
| 603 | return false; |
||
| 604 | } |
||
| 605 | } |
||
| 606 | |||
| 607 | if (// either we have an ADMIN |
||
| 608 | (bool)Permission::checkMember($member, "ADMIN") |
||
| 609 | || ( |
||
| 610 | // or a privileged CMS user and a group without ADMIN permissions. |
||
| 611 | // without this check, a user would be able to add himself to an administrators group |
||
| 612 | // with just access to the "Security" admin interface |
||
| 613 | Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin") && |
||
| 614 | !Permission::get()->filter(['GroupID' => $this->ID, 'Code' => 'ADMIN'])->exists() |
||
| 615 | ) |
||
| 616 | ) { |
||
| 617 | return true; |
||
| 618 | } |
||
| 619 | |||
| 620 | return false; |
||
| 621 | } |
||
| 622 | |||
| 623 | /** |
||
| 624 | * Checks for permission-code CMS_ACCESS_SecurityAdmin. |
||
| 625 | * |
||
| 626 | * @param Member $member |
||
| 627 | * @return boolean |
||
| 628 | */ |
||
| 629 | public function canView($member = null) |
||
| 630 | { |
||
| 631 | if (!$member) { |
||
| 632 | $member = Security::getCurrentUser(); |
||
| 633 | } |
||
| 634 | |||
| 635 | // extended access checks |
||
| 636 | $results = $this->extend('canView', $member); |
||
| 637 | if ($results && is_array($results)) { |
||
| 638 | if (!min($results)) { |
||
| 639 | return false; |
||
| 640 | } |
||
| 641 | } |
||
| 642 | |||
| 643 | // user needs access to CMS_ACCESS_SecurityAdmin |
||
| 644 | if (Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin")) { |
||
| 645 | return true; |
||
| 646 | } |
||
| 647 | |||
| 648 | return false; |
||
| 649 | } |
||
| 650 | |||
| 651 | public function canDelete($member = null) |
||
| 652 | { |
||
| 653 | if (!$member) { |
||
| 654 | $member = Security::getCurrentUser(); |
||
| 655 | } |
||
| 656 | |||
| 657 | // extended access checks |
||
| 658 | $results = $this->extend('canDelete', $member); |
||
| 659 | if ($results && is_array($results)) { |
||
| 660 | if (!min($results)) { |
||
| 661 | return false; |
||
| 662 | } |
||
| 663 | } |
||
| 664 | |||
| 665 | return $this->canEdit($member); |
||
| 666 | } |
||
| 667 | |||
| 668 | /** |
||
| 669 | * Returns all of the children for the CMS Tree. |
||
| 670 | * Filters to only those groups that the current user can edit |
||
| 671 | * |
||
| 672 | * @return ArrayList |
||
| 673 | */ |
||
| 674 | public function AllChildrenIncludingDeleted() |
||
| 675 | { |
||
| 676 | $children = parent::AllChildrenIncludingDeleted(); |
||
| 677 | |||
| 678 | $filteredChildren = new ArrayList(); |
||
| 679 | |||
| 680 | if ($children) { |
||
| 681 | foreach ($children as $child) { |
||
| 682 | /** @var DataObject $child */ |
||
| 683 | if ($child->canView()) { |
||
| 684 | $filteredChildren->push($child); |
||
| 685 | } |
||
| 686 | } |
||
| 687 | } |
||
| 688 | |||
| 689 | return $filteredChildren; |
||
| 690 | } |
||
| 691 | |||
| 692 | /** |
||
| 693 | * Add default records to database. |
||
| 694 | * |
||
| 695 | * This function is called whenever the database is built, after the |
||
| 696 | * database tables have all been created. |
||
| 697 | */ |
||
| 698 | public function requireDefaultRecords() |
||
| 725 | } |
||
| 726 | |||
| 727 | // Members are populated through Member->requireDefaultRecords() |
||
| 728 | } |
||
| 729 | } |
||
| 730 |
Loading history...
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"], you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths