silverstripe /
silverstripe-framework
| Total Complexity | 90 |
| Total Lines | 683 |
| Duplicated Lines | 0 % |
| Changes | 2 | ||
| Bugs | 0 | Features | 1 |
Complex classes like Group often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Group, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 56 | class Group extends DataObject |
||
| 57 | { |
||
| 58 | |||
| 59 | private static $db = [ |
||
| 60 | "Title" => "Varchar(255)", |
||
| 61 | "Description" => "Text", |
||
| 62 | "Code" => "Varchar(255)", |
||
| 63 | "Locked" => "Boolean", |
||
| 64 | "Sort" => "Int", |
||
| 65 | "HtmlEditorConfig" => "Text" |
||
| 66 | ]; |
||
| 67 | |||
| 68 | private static $has_one = [ |
||
| 69 | "Parent" => Group::class, |
||
| 70 | ]; |
||
| 71 | |||
| 72 | private static $has_many = [ |
||
| 73 | "Permissions" => Permission::class, |
||
| 74 | "Groups" => Group::class, |
||
| 75 | ]; |
||
| 76 | |||
| 77 | private static $many_many = [ |
||
| 78 | "Members" => Member::class, |
||
| 79 | "Roles" => PermissionRole::class, |
||
| 80 | ]; |
||
| 81 | |||
| 82 | private static $extensions = [ |
||
| 83 | Hierarchy::class, |
||
| 84 | ]; |
||
| 85 | |||
| 86 | private static $table_name = "Group"; |
||
| 87 | |||
| 88 | private static $indexes = [ |
||
| 89 | 'Title' => true, |
||
| 90 | 'Code' => true, |
||
| 91 | 'Sort' => true, |
||
| 92 | ]; |
||
| 93 | |||
| 94 | public function getAllChildren() |
||
| 95 | { |
||
| 96 | $doSet = new ArrayList(); |
||
| 97 | |||
| 98 | $children = Group::get()->filter("ParentID", $this->ID); |
||
| 99 | /** @var Group $child */ |
||
| 100 | foreach ($children as $child) { |
||
| 101 | $doSet->push($child); |
||
| 102 | $doSet->merge($child->getAllChildren()); |
||
| 103 | } |
||
| 104 | |||
| 105 | return $doSet; |
||
| 106 | } |
||
| 107 | |||
| 108 | private function getDecodedBreadcrumbs() |
||
| 116 | } |
||
| 117 | |||
| 118 | /** |
||
| 119 | * Caution: Only call on instances, not through a singleton. |
||
| 120 | * The "root group" fields will be created through {@link SecurityAdmin->EditForm()}. |
||
| 121 | * |
||
| 122 | * @skipUpgrade |
||
| 123 | * @return FieldList |
||
| 124 | */ |
||
| 125 | public function getCMSFields() |
||
| 126 | { |
||
| 127 | $fields = new FieldList( |
||
| 128 | new TabSet( |
||
| 129 | "Root", |
||
| 130 | new Tab( |
||
| 131 | 'Members', |
||
| 132 | _t(__CLASS__ . '.MEMBERS', 'Members'), |
||
| 133 | new TextField("Title", $this->fieldLabel('Title')), |
||
| 134 | $parentidfield = DropdownField::create( |
||
| 135 | 'ParentID', |
||
| 136 | $this->fieldLabel('Parent'), |
||
| 137 | $this->getDecodedBreadcrumbs() |
||
| 138 | )->setEmptyString(' '), |
||
| 139 | new TextareaField('Description', $this->fieldLabel('Description')) |
||
| 140 | ), |
||
| 141 | $permissionsTab = new Tab( |
||
| 142 | 'Permissions', |
||
| 143 | _t(__CLASS__ . '.PERMISSIONS', 'Permissions'), |
||
| 144 | $permissionsField = new PermissionCheckboxSetField( |
||
| 145 | 'Permissions', |
||
| 146 | false, |
||
| 147 | Permission::class, |
||
| 148 | 'GroupID', |
||
| 149 | $this |
||
| 150 | ) |
||
| 151 | ) |
||
| 152 | ) |
||
| 153 | ); |
||
| 154 | |||
| 155 | $parentidfield->setDescription( |
||
| 156 | _t('SilverStripe\\Security\\Group.GroupReminder', 'If you choose a parent group, this group will take all it\'s roles') |
||
| 157 | ); |
||
| 158 | |||
| 159 | if ($this->ID) { |
||
| 160 | $group = $this; |
||
| 161 | $config = GridFieldConfig_RelationEditor::create(); |
||
| 162 | $config->addComponent(GridFieldButtonRow::create('after')); |
||
| 163 | $config->addComponents(GridFieldExportButton::create('buttons-after-left')); |
||
| 164 | $config->addComponents(GridFieldPrintButton::create('buttons-after-left')); |
||
| 165 | $config->removeComponentsByType(GridFieldDeleteAction::class); |
||
| 166 | $config->addComponent(GridFieldGroupDeleteAction::create($this->ID), GridFieldPageCount::class); |
||
| 167 | |||
| 168 | /** @var GridFieldAddExistingAutocompleter $autocompleter */ |
||
| 169 | $autocompleter = $config->getComponentByType(GridFieldAddExistingAutocompleter::class); |
||
| 170 | /** @skipUpgrade */ |
||
| 171 | $autocompleter |
||
| 172 | ->setResultsFormat('$Title ($Email)') |
||
| 173 | ->setSearchFields(['FirstName', 'Surname', 'Email']); |
||
| 174 | /** @var GridFieldDetailForm $detailForm */ |
||
| 175 | $detailForm = $config->getComponentByType(GridFieldDetailForm::class); |
||
| 176 | $detailForm |
||
| 177 | ->setItemEditFormCallback(function ($form) use ($group) { |
||
| 178 | /** @var Form $form */ |
||
| 179 | $record = $form->getRecord(); |
||
| 180 | $form->setValidator($record->getValidator()); |
||
| 181 | $groupsField = $form->Fields()->dataFieldByName('DirectGroups'); |
||
| 182 | if ($groupsField) { |
||
| 183 | // If new records are created in a group context, |
||
| 184 | // set this group by default. |
||
| 185 | if ($record && !$record->ID) { |
||
| 186 | $groupsField->setValue($group->ID); |
||
| 187 | } elseif ($record && $record->ID) { |
||
| 188 | // TODO Mark disabled once chosen.js supports it |
||
| 189 | // $groupsField->setDisabledItems(array($group->ID)); |
||
| 190 | $form->Fields()->replaceField( |
||
| 191 | 'DirectGroups', |
||
| 192 | $groupsField->performReadonlyTransformation() |
||
| 193 | ); |
||
| 194 | } |
||
| 195 | } |
||
| 196 | }); |
||
| 197 | $memberList = GridField::create('Members', false, $this->DirectMembers(), $config) |
||
| 198 | ->addExtraClass('members_grid'); |
||
| 199 | // @todo Implement permission checking on GridField |
||
| 200 | //$memberList->setPermissions(array('edit', 'delete', 'export', 'add', 'inlineadd')); |
||
| 201 | $fields->addFieldToTab('Root.Members', $memberList); |
||
| 202 | } |
||
| 203 | |||
| 204 | // Only add a dropdown for HTML editor configurations if more than one is available. |
||
| 205 | // Otherwise Member->getHtmlEditorConfigForCMS() will default to the 'cms' configuration. |
||
| 206 | $editorConfigMap = HTMLEditorConfig::get_available_configs_map(); |
||
| 207 | if (count($editorConfigMap ?? []) > 1) { |
||
| 208 | $fields->addFieldToTab( |
||
| 209 | 'Root.Permissions', |
||
| 210 | new DropdownField( |
||
| 211 | 'HtmlEditorConfig', |
||
| 212 | 'HTML Editor Configuration', |
||
| 213 | $editorConfigMap |
||
| 214 | ), |
||
| 215 | 'Permissions' |
||
| 216 | ); |
||
| 217 | } |
||
| 218 | |||
| 219 | if (!Permission::check('EDIT_PERMISSIONS')) { |
||
| 220 | $fields->removeFieldFromTab('Root', 'Permissions'); |
||
| 221 | } |
||
| 222 | |||
| 223 | // Only show the "Roles" tab if permissions are granted to edit them, |
||
| 224 | // and at least one role exists |
||
| 225 | if (Permission::check('APPLY_ROLES') && |
||
| 226 | PermissionRole::get()->count() && |
||
| 227 | class_exists(SecurityAdmin::class) |
||
| 228 | ) { |
||
| 229 | $fields->findOrMakeTab('Root.Roles', _t(__CLASS__ . '.ROLES', 'Roles')); |
||
| 230 | $fields->addFieldToTab( |
||
| 231 | 'Root.Roles', |
||
| 232 | new LiteralField( |
||
| 233 | "", |
||
| 234 | "<p>" . |
||
| 235 | _t( |
||
| 236 | __CLASS__ . '.ROLESDESCRIPTION', |
||
| 237 | "Roles are predefined sets of permissions, and can be assigned to groups.<br />" |
||
| 238 | . "They are inherited from parent groups if required." |
||
| 239 | ) . '<br />' . |
||
| 240 | sprintf( |
||
| 241 | '<a href="%s" class="add-role">%s</a>', |
||
| 242 | SecurityAdmin::singleton()->Link('show/root#Root_Roles'), |
||
| 243 | // TODO This should include #Root_Roles to switch directly to the tab, |
||
| 244 | // but tabstrip.js doesn't display tabs when directly addressed through a URL pragma |
||
| 245 | _t('SilverStripe\\Security\\Group.RolesAddEditLink', 'Manage roles') |
||
| 246 | ) . |
||
| 247 | "</p>" |
||
| 248 | ) |
||
| 249 | ); |
||
| 250 | |||
| 251 | // Add roles (and disable all checkboxes for inherited roles) |
||
| 252 | $allRoles = PermissionRole::get(); |
||
| 253 | if (!Permission::check('ADMIN')) { |
||
| 254 | $allRoles = $allRoles->filter("OnlyAdminCanApply", 0); |
||
| 255 | } |
||
| 256 | if ($this->ID) { |
||
| 257 | $groupRoles = $this->Roles(); |
||
| 258 | $inheritedRoles = new ArrayList(); |
||
| 259 | $ancestors = $this->getAncestors(); |
||
| 260 | foreach ($ancestors as $ancestor) { |
||
| 261 | $ancestorRoles = $ancestor->Roles(); |
||
| 262 | if ($ancestorRoles) { |
||
| 263 | $inheritedRoles->merge($ancestorRoles); |
||
| 264 | } |
||
| 265 | } |
||
| 266 | $groupRoleIDs = $groupRoles->column('ID') + $inheritedRoles->column('ID'); |
||
| 267 | $inheritedRoleIDs = $inheritedRoles->column('ID'); |
||
| 268 | } else { |
||
| 269 | $groupRoleIDs = []; |
||
| 270 | $inheritedRoleIDs = []; |
||
| 271 | } |
||
| 272 | |||
| 273 | $rolesField = ListboxField::create('Roles', false, $allRoles->map()->toArray()) |
||
| 274 | ->setDefaultItems($groupRoleIDs) |
||
| 275 | ->setAttribute('data-placeholder', _t('SilverStripe\\Security\\Group.AddRole', 'Add a role for this group')) |
||
| 276 | ->setDisabledItems($inheritedRoleIDs); |
||
| 277 | if (!$allRoles->count()) { |
||
| 278 | $rolesField->setAttribute('data-placeholder', _t('SilverStripe\\Security\\Group.NoRoles', 'No roles found')); |
||
| 279 | } |
||
| 280 | $fields->addFieldToTab('Root.Roles', $rolesField); |
||
| 281 | } |
||
| 282 | |||
| 283 | $fields->push($idField = new HiddenField("ID")); |
||
| 284 | |||
| 285 | $this->extend('updateCMSFields', $fields); |
||
| 286 | |||
| 287 | return $fields; |
||
| 288 | } |
||
| 289 | |||
| 290 | /** |
||
| 291 | * @param bool $includerelations Indicate if the labels returned include relation fields |
||
| 292 | * @return array |
||
| 293 | * @skipUpgrade |
||
| 294 | */ |
||
| 295 | public function fieldLabels($includerelations = true) |
||
| 296 | { |
||
| 297 | $labels = parent::fieldLabels($includerelations); |
||
| 298 | $labels['Title'] = _t(__CLASS__ . '.GROUPNAME', 'Group name'); |
||
| 299 | $labels['Description'] = _t('SilverStripe\\Security\\Group.Description', 'Description'); |
||
| 300 | $labels['Code'] = _t('SilverStripe\\Security\\Group.Code', 'Group Code', 'Programmatical code identifying a group'); |
||
| 301 | $labels['Locked'] = _t('SilverStripe\\Security\\Group.Locked', 'Locked?', 'Group is locked in the security administration area'); |
||
| 302 | $labels['Sort'] = _t('SilverStripe\\Security\\Group.Sort', 'Sort Order'); |
||
| 303 | if ($includerelations) { |
||
| 304 | $labels['Parent'] = _t('SilverStripe\\Security\\Group.Parent', 'Parent Group', 'One group has one parent group'); |
||
| 305 | $labels['Permissions'] = _t('SilverStripe\\Security\\Group.has_many_Permissions', 'Permissions', 'One group has many permissions'); |
||
| 306 | $labels['Members'] = _t('SilverStripe\\Security\\Group.many_many_Members', 'Members', 'One group has many members'); |
||
| 307 | } |
||
| 308 | |||
| 309 | return $labels; |
||
| 310 | } |
||
| 311 | |||
| 312 | /** |
||
| 313 | * Get many-many relation to {@link Member}, |
||
| 314 | * including all members which are "inherited" from children groups of this record. |
||
| 315 | * See {@link DirectMembers()} for retrieving members without any inheritance. |
||
| 316 | * |
||
| 317 | * @param string $filter |
||
| 318 | * @return ManyManyList |
||
| 319 | */ |
||
| 320 | public function Members($filter = '') |
||
| 321 | { |
||
| 322 | // First get direct members as a base result |
||
| 323 | $result = $this->DirectMembers(); |
||
| 324 | |||
| 325 | // Unsaved group cannot have child groups because its ID is still 0. |
||
| 326 | if (!$this->exists()) { |
||
| 327 | return $result; |
||
| 328 | } |
||
| 329 | |||
| 330 | // Remove the default foreign key filter in prep for re-applying a filter containing all children groups. |
||
| 331 | // Filters are conjunctive in DataQuery by default, so this filter would otherwise overrule any less specific |
||
| 332 | // ones. |
||
| 333 | if (!($result instanceof UnsavedRelationList)) { |
||
| 334 | $result = $result->alterDataQuery(function ($query) { |
||
| 335 | /** @var DataQuery $query */ |
||
| 336 | $query->removeFilterOn('Group_Members'); |
||
| 337 | }); |
||
| 338 | } |
||
| 339 | |||
| 340 | // Now set all children groups as a new foreign key |
||
| 341 | $familyIDs = $this->collateFamilyIDs(); |
||
| 342 | $result = $result->forForeignID($familyIDs); |
||
| 343 | |||
| 344 | return $result->where($filter); |
||
| 345 | } |
||
| 346 | |||
| 347 | /** |
||
| 348 | * Return only the members directly added to this group |
||
| 349 | */ |
||
| 350 | public function DirectMembers() |
||
| 351 | { |
||
| 352 | return $this->getManyManyComponents('Members'); |
||
| 353 | } |
||
| 354 | |||
| 355 | /** |
||
| 356 | * Return a set of this record's "family" of IDs - the IDs of |
||
| 357 | * this record and all its descendants. |
||
| 358 | * |
||
| 359 | * @return array |
||
| 360 | */ |
||
| 361 | public function collateFamilyIDs() |
||
| 362 | { |
||
| 363 | if (!$this->exists()) { |
||
| 364 | throw new \InvalidArgumentException("Cannot call collateFamilyIDs on unsaved Group."); |
||
| 365 | } |
||
| 366 | |||
| 367 | $familyIDs = []; |
||
| 368 | $chunkToAdd = [$this->ID]; |
||
| 369 | |||
| 370 | while ($chunkToAdd) { |
||
| 371 | $familyIDs = array_merge($familyIDs, $chunkToAdd); |
||
| 372 | |||
| 373 | // Get the children of *all* the groups identified in the previous chunk. |
||
| 374 | // This minimises the number of SQL queries necessary |
||
| 375 | $chunkToAdd = Group::get()->filter("ParentID", $chunkToAdd)->column('ID'); |
||
| 376 | } |
||
| 377 | |||
| 378 | return $familyIDs; |
||
| 379 | } |
||
| 380 | |||
| 381 | /** |
||
| 382 | * Returns an array of the IDs of this group and all its parents |
||
| 383 | * |
||
| 384 | * @return array |
||
| 385 | */ |
||
| 386 | public function collateAncestorIDs() |
||
| 387 | { |
||
| 388 | $parent = $this; |
||
| 389 | $items = []; |
||
| 390 | while ($parent instanceof Group) { |
||
| 391 | $items[] = $parent->ID; |
||
| 392 | $parent = $parent->getParent(); |
||
| 393 | } |
||
| 394 | return $items; |
||
| 395 | } |
||
| 396 | |||
| 397 | /** |
||
| 398 | * Check if the group is a child of the given group or any parent groups |
||
| 399 | * |
||
| 400 | * @param string|int|Group $group Group instance, Group Code or ID |
||
| 401 | * @return bool Returns TRUE if the Group is a child of the given group, otherwise FALSE |
||
| 402 | */ |
||
| 403 | public function inGroup($group) |
||
| 404 | { |
||
| 405 | return in_array($this->identifierToGroupID($group), $this->collateAncestorIDs() ?? []); |
||
| 406 | } |
||
| 407 | |||
| 408 | /** |
||
| 409 | * Check if the group is a child of the given groups or any parent groups |
||
| 410 | * |
||
| 411 | * @param (string|int|Group)[] $groups |
||
| 412 | * @param bool $requireAll set to TRUE if must be in ALL groups, or FALSE if must be in ANY |
||
| 413 | * @return bool Returns TRUE if the Group is a child of any of the given groups, otherwise FALSE |
||
| 414 | */ |
||
| 415 | public function inGroups($groups, $requireAll = false) |
||
| 435 | } |
||
| 436 | |||
| 437 | /** |
||
| 438 | * Turn a string|int|Group into a GroupID |
||
| 439 | * |
||
| 440 | * @param string|int|Group $groupID Group instance, Group Code or ID |
||
| 441 | * @return int|null the Group ID or NULL if not found |
||
| 442 | */ |
||
| 443 | protected function identifierToGroupID($groupID) |
||
| 444 | { |
||
| 445 | if (is_numeric($groupID) && Group::get()->byID($groupID)) { |
||
| 446 | return $groupID; |
||
| 447 | } elseif (is_string($groupID) && $groupByCode = Group::get()->filter(['Code' => $groupID])->first()) { |
||
| 448 | return $groupByCode->ID; |
||
| 449 | } elseif ($groupID instanceof Group && $groupID->exists()) { |
||
| 450 | return $groupID->ID; |
||
| 451 | } |
||
| 452 | return null; |
||
| 453 | } |
||
| 454 | |||
| 455 | /** |
||
| 456 | * This isn't a descendant of SiteTree, but needs this in case |
||
| 457 | * the group is "reorganised"; |
||
| 458 | */ |
||
| 459 | public function cmsCleanup_parentChanged() |
||
| 460 | { |
||
| 461 | } |
||
| 462 | |||
| 463 | /** |
||
| 464 | * Override this so groups are ordered in the CMS |
||
| 465 | */ |
||
| 466 | public function stageChildren() |
||
| 472 | } |
||
| 473 | |||
| 474 | /** |
||
| 475 | * @return string |
||
| 476 | */ |
||
| 477 | public function getTreeTitle() |
||
| 482 | } |
||
| 483 | |||
| 484 | /** |
||
| 485 | * Overloaded to ensure the code is always descent. |
||
| 486 | * |
||
| 487 | * @param string $val |
||
| 488 | */ |
||
| 489 | public function setCode($val) |
||
| 490 | { |
||
| 491 | $this->setField('Code', Convert::raw2url($val)); |
||
| 492 | } |
||
| 493 | |||
| 494 | public function validate() |
||
| 495 | { |
||
| 496 | $result = parent::validate(); |
||
| 497 | |||
| 498 | // Check if the new group hierarchy would add certain "privileged permissions", |
||
| 499 | // and require an admin to perform this change in case it does. |
||
| 500 | // This prevents "sub-admin" users with group editing permissions to increase their privileges. |
||
| 501 | if ($this->Parent()->exists() && !Permission::check('ADMIN')) { |
||
| 502 | $inheritedCodes = Permission::get() |
||
| 503 | ->filter('GroupID', $this->Parent()->collateAncestorIDs()) |
||
| 504 | ->column('Code'); |
||
| 505 | $privilegedCodes = Permission::config()->get('privileged_permissions'); |
||
| 506 | if (array_intersect($inheritedCodes ?? [], $privilegedCodes)) { |
||
| 507 | $result->addError( |
||
| 508 | _t( |
||
| 509 | 'SilverStripe\\Security\\Group.HierarchyPermsError', |
||
| 510 | 'Can\'t assign parent group "{group}" with privileged permissions (requires ADMIN access)', |
||
| 511 | ['group' => $this->Parent()->Title] |
||
| 512 | ) |
||
| 513 | ); |
||
| 514 | } |
||
| 515 | } |
||
| 516 | |||
| 517 | $currentGroups = Group::get() |
||
| 518 | ->filter('ID:not', $this->ID) |
||
| 519 | ->map('Code', 'Title') |
||
| 520 | ->toArray(); |
||
| 521 | |||
| 522 | if (in_array($this->Title, $currentGroups)) { |
||
| 523 | $result->addError( |
||
| 524 | _t( |
||
| 525 | 'SilverStripe\\Security\\Group.ValidationIdentifierAlreadyExists', |
||
| 526 | 'A Group ({group}) already exists with the same {identifier}', |
||
| 527 | ['group' => $this->Title, 'identifier' => 'Title'] |
||
| 528 | ) |
||
| 529 | ); |
||
| 530 | } |
||
| 531 | |||
| 532 | return $result; |
||
| 533 | } |
||
| 534 | |||
| 535 | public function getCMSCompositeValidator(): CompositeValidator |
||
| 536 | { |
||
| 537 | $validator = parent::getCMSCompositeValidator(); |
||
| 538 | |||
| 539 | $validator->addValidator(RequiredFields::create([ |
||
| 540 | 'Title' |
||
| 541 | ])); |
||
| 542 | |||
| 543 | return $validator; |
||
| 544 | } |
||
| 545 | |||
| 546 | public function onBeforeWrite() |
||
| 547 | { |
||
| 548 | parent::onBeforeWrite(); |
||
| 549 | |||
| 550 | // Only set code property when the group has a custom title, and no code exists. |
||
| 551 | // The "Code" attribute is usually treated as a more permanent identifier than database IDs |
||
| 552 | // in custom application logic, so can't be changed after its first set. |
||
| 553 | if (!$this->Code && $this->Title != _t(__CLASS__ . '.NEWGROUP', "New Group")) { |
||
| 554 | $this->setCode($this->Title); |
||
| 555 | } |
||
| 556 | |||
| 557 | // Make sure the code for this group is unique. |
||
| 558 | $this->dedupeCode(); |
||
| 559 | } |
||
| 560 | |||
| 561 | public function onBeforeDelete() |
||
| 573 | } |
||
| 574 | } |
||
| 575 | |||
| 576 | /** |
||
| 577 | * Checks for permission-code CMS_ACCESS_SecurityAdmin. |
||
| 578 | * If the group has ADMIN permissions, it requires the user to have ADMIN permissions as well. |
||
| 579 | * |
||
| 580 | * @param Member $member Member |
||
| 581 | * @return boolean |
||
| 582 | */ |
||
| 583 | public function canEdit($member = null) |
||
| 584 | { |
||
| 585 | if (!$member) { |
||
| 586 | $member = Security::getCurrentUser(); |
||
| 587 | } |
||
| 588 | |||
| 589 | // extended access checks |
||
| 590 | $results = $this->extend('canEdit', $member); |
||
| 591 | if ($results && is_array($results)) { |
||
| 592 | if (!min($results)) { |
||
| 593 | return false; |
||
| 594 | } |
||
| 595 | } |
||
| 596 | |||
| 597 | if (// either we have an ADMIN |
||
| 598 | (bool)Permission::checkMember($member, "ADMIN") |
||
| 599 | || ( |
||
| 600 | // or a privileged CMS user and a group without ADMIN permissions. |
||
| 601 | // without this check, a user would be able to add himself to an administrators group |
||
| 602 | // with just access to the "Security" admin interface |
||
| 603 | Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin") && |
||
| 604 | !Permission::get()->filter(['GroupID' => $this->ID, 'Code' => 'ADMIN'])->exists() |
||
| 605 | ) |
||
| 606 | ) { |
||
| 607 | return true; |
||
| 608 | } |
||
| 609 | |||
| 610 | return false; |
||
| 611 | } |
||
| 612 | |||
| 613 | /** |
||
| 614 | * Checks for permission-code CMS_ACCESS_SecurityAdmin. |
||
| 615 | * |
||
| 616 | * @param Member $member |
||
| 617 | * @return boolean |
||
| 618 | */ |
||
| 619 | public function canView($member = null) |
||
| 620 | { |
||
| 621 | if (!$member) { |
||
| 622 | $member = Security::getCurrentUser(); |
||
| 623 | } |
||
| 624 | |||
| 625 | // extended access checks |
||
| 626 | $results = $this->extend('canView', $member); |
||
| 627 | if ($results && is_array($results)) { |
||
| 628 | if (!min($results)) { |
||
| 629 | return false; |
||
| 630 | } |
||
| 631 | } |
||
| 632 | |||
| 633 | // user needs access to CMS_ACCESS_SecurityAdmin |
||
| 634 | if (Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin")) { |
||
| 635 | return true; |
||
| 636 | } |
||
| 637 | |||
| 638 | return false; |
||
| 639 | } |
||
| 640 | |||
| 641 | public function canDelete($member = null) |
||
| 642 | { |
||
| 643 | if (!$member) { |
||
| 644 | $member = Security::getCurrentUser(); |
||
| 645 | } |
||
| 646 | |||
| 647 | // extended access checks |
||
| 648 | $results = $this->extend('canDelete', $member); |
||
| 649 | if ($results && is_array($results)) { |
||
| 650 | if (!min($results)) { |
||
| 651 | return false; |
||
| 652 | } |
||
| 653 | } |
||
| 654 | |||
| 655 | return $this->canEdit($member); |
||
| 656 | } |
||
| 657 | |||
| 658 | /** |
||
| 659 | * Returns all of the children for the CMS Tree. |
||
| 660 | * Filters to only those groups that the current user can edit |
||
| 661 | * |
||
| 662 | * @return ArrayList |
||
| 663 | */ |
||
| 664 | public function AllChildrenIncludingDeleted() |
||
| 665 | { |
||
| 666 | $children = parent::AllChildrenIncludingDeleted(); |
||
| 667 | |||
| 668 | $filteredChildren = new ArrayList(); |
||
| 669 | |||
| 670 | if ($children) { |
||
| 671 | foreach ($children as $child) { |
||
| 672 | /** @var DataObject $child */ |
||
| 673 | if ($child->canView()) { |
||
| 674 | $filteredChildren->push($child); |
||
| 675 | } |
||
| 676 | } |
||
| 677 | } |
||
| 678 | |||
| 679 | return $filteredChildren; |
||
| 680 | } |
||
| 681 | |||
| 682 | /** |
||
| 683 | * Add default records to database. |
||
| 684 | * |
||
| 685 | * This function is called whenever the database is built, after the |
||
| 686 | * database tables have all been created. |
||
| 687 | */ |
||
| 688 | public function requireDefaultRecords() |
||
| 715 | } |
||
| 716 | |||
| 717 | // Members are populated through Member->requireDefaultRecords() |
||
| 718 | } |
||
| 719 | |||
| 720 | /** |
||
| 721 | * Code needs to be unique as it is used to identify a specific group. Ensure no duplicate |
||
| 722 | * codes are created. |
||
| 723 | * |
||
| 724 | * @deprecated 5.0 Remove deduping in favour of throwing a validation error for duplicates. |
||
| 725 | */ |
||
| 726 | private function dedupeCode(): void |
||
| 739 | } |
||
| 740 | } |
||
| 741 |
Loading history...
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"], you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths