These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace SilverStripe\Subsites\Extensions; |
||
4 | |||
5 | use SilverStripe\Control\Cookie; |
||
6 | use SilverStripe\Core\Convert; |
||
7 | use SilverStripe\Forms\CheckboxSetField; |
||
8 | use SilverStripe\Forms\FieldList; |
||
9 | use SilverStripe\Forms\OptionsetField; |
||
10 | use SilverStripe\Forms\ReadonlyField; |
||
11 | use SilverStripe\ORM\DataExtension; |
||
12 | use SilverStripe\ORM\DataQuery; |
||
13 | use SilverStripe\ORM\DB; |
||
14 | use SilverStripe\ORM\Queries\SQLSelect; |
||
15 | use SilverStripe\Security\Group; |
||
16 | use SilverStripe\Security\PermissionProvider; |
||
17 | use SilverStripe\Subsites\Model\Subsite; |
||
18 | use SilverStripe\Subsites\State\SubsiteState; |
||
19 | |||
20 | /** |
||
21 | * Extension for the Group object to add subsites support |
||
22 | * |
||
23 | * @package subsites |
||
24 | */ |
||
25 | class GroupSubsites extends DataExtension implements PermissionProvider |
||
26 | { |
||
27 | private static $db = [ |
||
0 ignored issues
–
show
|
|||
28 | 'AccessAllSubsites' => 'Boolean' |
||
29 | ]; |
||
30 | |||
31 | private static $many_many = [ |
||
0 ignored issues
–
show
|
|||
32 | 'Subsites' => Subsite::class |
||
33 | ]; |
||
34 | |||
35 | private static $defaults = [ |
||
0 ignored issues
–
show
|
|||
36 | 'AccessAllSubsites' => true |
||
37 | ]; |
||
38 | |||
39 | /** |
||
40 | * Migrations for GroupSubsites data. |
||
41 | */ |
||
42 | public function requireDefaultRecords() |
||
43 | { |
||
44 | if (!$this->owner) { |
||
45 | return; |
||
46 | } |
||
47 | // Migration for Group.SubsiteID data from when Groups only had a single subsite |
||
48 | $ownerClass = get_class($this->owner); |
||
49 | $schema = $ownerClass::getSchema(); |
||
50 | $groupFields = DB::field_list($schema->tableName(Group::class)); |
||
51 | |||
52 | // Detection of SubsiteID field is the trigger for old-style-subsiteID migration |
||
53 | if (isset($groupFields['SubsiteID'])) { |
||
54 | // Migrate subsite-specific data |
||
55 | DB::query('INSERT INTO "Group_Subsites" ("GroupID", "SubsiteID") |
||
56 | SELECT "ID", "SubsiteID" FROM "Group" WHERE "SubsiteID" > 0'); |
||
57 | |||
58 | // Migrate global-access data |
||
59 | DB::query('UPDATE "Group" SET "AccessAllSubsites" = 1 WHERE "SubsiteID" = 0'); |
||
60 | |||
61 | // Move the field out of the way so that this migration doesn't get executed again |
||
62 | DB::get_schema()->renameField(Group::class, 'SubsiteID', '_obsolete_SubsiteID'); |
||
63 | |||
64 | // No subsite access on anything means that we've just installed the subsites module. |
||
65 | // Make all previous groups global-access groups |
||
66 | } else { |
||
67 | if (!DB::query('SELECT "Group"."ID" FROM "Group" |
||
68 | LEFT JOIN "Group_Subsites" ON "Group_Subsites"."GroupID" = "Group"."ID" AND "Group_Subsites"."SubsiteID" > 0 |
||
69 | WHERE "AccessAllSubsites" = 1 |
||
70 | OR "Group_Subsites"."GroupID" IS NOT NULL ')->value() |
||
71 | ) { |
||
72 | DB::query('UPDATE "Group" SET "AccessAllSubsites" = 1'); |
||
73 | } |
||
74 | } |
||
75 | } |
||
76 | |||
77 | public function updateCMSFields(FieldList $fields) |
||
78 | { |
||
79 | if ($this->owner->canEdit()) { |
||
80 | // i18n tab |
||
81 | $fields->findOrMakeTab('Root.Subsites', _t('GroupSubsites.SECURITYTABTITLE', 'Subsites')); |
||
82 | |||
83 | $subsites = Subsite::accessible_sites(['ADMIN', 'SECURITY_SUBSITE_GROUP'], true); |
||
84 | $subsiteMap = $subsites->map(); |
||
85 | |||
86 | // Prevent XSS injection |
||
87 | $subsiteMap = Convert::raw2xml($subsiteMap->toArray()); |
||
88 | |||
89 | // Interface is different if you have the rights to modify subsite group values on |
||
90 | // all subsites |
||
91 | if (isset($subsiteMap[0])) { |
||
92 | $fields->addFieldToTab('Root.Subsites', new OptionsetField( |
||
93 | 'AccessAllSubsites', |
||
94 | _t('GroupSubsites.ACCESSRADIOTITLE', 'Give this group access to'), |
||
95 | [ |
||
96 | 1 => _t('GroupSubsites.ACCESSALL', 'All subsites'), |
||
97 | 0 => _t('GroupSubsites.ACCESSONLY', 'Only these subsites'), |
||
98 | ] |
||
99 | )); |
||
100 | |||
101 | unset($subsiteMap[0]); |
||
102 | $fields->addFieldToTab('Root.Subsites', new CheckboxSetField( |
||
103 | 'Subsites', |
||
104 | '', |
||
105 | $subsiteMap |
||
0 ignored issues
–
show
It seems like
$subsiteMap defined by \SilverStripe\Core\Conve...$subsiteMap->toArray()) on line 87 can also be of type string ; however, SilverStripe\Forms\SelectField::__construct() does only seem to accept array|object<ArrayAccess> , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
|
|||
106 | )); |
||
107 | } else { |
||
108 | if (sizeof($subsiteMap) <= 1) { |
||
109 | $fields->addFieldToTab('Root.Subsites', new ReadonlyField( |
||
110 | 'SubsitesHuman', |
||
111 | _t('GroupSubsites.ACCESSRADIOTITLE', 'Give this group access to'), |
||
112 | reset($subsiteMap) |
||
113 | )); |
||
114 | } else { |
||
115 | $fields->addFieldToTab('Root.Subsites', new CheckboxSetField( |
||
116 | 'Subsites', |
||
117 | _t('GroupSubsites.ACCESSRADIOTITLE', 'Give this group access to'), |
||
118 | $subsiteMap |
||
0 ignored issues
–
show
It seems like
$subsiteMap defined by \SilverStripe\Core\Conve...$subsiteMap->toArray()) on line 87 can also be of type string ; however, SilverStripe\Forms\SelectField::__construct() does only seem to accept array|object<ArrayAccess> , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
|
|||
119 | )); |
||
120 | } |
||
121 | } |
||
122 | } |
||
123 | } |
||
124 | |||
125 | /** |
||
126 | * If this group belongs to a subsite, append the subsites title to the group title to make it easy to |
||
127 | * distinguish in the tree-view of the security admin interface. |
||
128 | * |
||
129 | * @param string $title |
||
130 | */ |
||
131 | public function updateTreeTitle(&$title) |
||
132 | { |
||
133 | if ($this->owner->AccessAllSubsites) { |
||
134 | $title = _t('GroupSubsites.GlobalGroup', 'global group'); |
||
135 | $title = htmlspecialchars($this->owner->Title, ENT_QUOTES) . ' <i>(' . $title . ')</i>'; |
||
136 | } else { |
||
137 | $subsites = Convert::raw2xml(implode(', ', $this->owner->Subsites()->column('Title'))); |
||
138 | $title = htmlspecialchars($this->owner->Title) . " <i>($subsites)</i>"; |
||
139 | } |
||
140 | } |
||
141 | |||
142 | /** |
||
143 | * Update any requests to limit the results to the current site |
||
144 | * @param SQLSelect $query |
||
145 | * @param DataQuery|null $dataQuery |
||
146 | */ |
||
147 | public function augmentSQL(SQLSelect $query, DataQuery $dataQuery = null) |
||
148 | { |
||
149 | if (Subsite::$disable_subsite_filter) { |
||
150 | return; |
||
151 | } |
||
152 | if (Cookie::get('noSubsiteFilter') == 'true') { |
||
153 | return; |
||
154 | } |
||
155 | |||
156 | // If you're querying by ID, ignore the sub-site - this is a bit ugly... |
||
157 | if (!$query->filtersOnID()) { |
||
158 | $subsiteID = SubsiteState::singleton()->getSubsiteId(); |
||
159 | if ($subsiteID === null) { |
||
160 | return; |
||
161 | } |
||
162 | |||
163 | // Don't filter by Group_Subsites if we've already done that |
||
164 | $hasGroupSubsites = false; |
||
165 | foreach ($query->getFrom() as $item) { |
||
166 | if ((is_array($item) && strpos( |
||
167 | $item['table'], |
||
168 | 'Group_Subsites' |
||
169 | ) !== false) || (!is_array($item) && strpos( |
||
170 | $item, |
||
171 | 'Group_Subsites' |
||
172 | ) !== false) |
||
173 | ) { |
||
174 | $hasGroupSubsites = true; |
||
175 | break; |
||
176 | } |
||
177 | } |
||
178 | |||
179 | if (!$hasGroupSubsites) { |
||
180 | if ($subsiteID) { |
||
181 | $query->addLeftJoin('Group_Subsites', "\"Group_Subsites\".\"GroupID\" |
||
182 | = \"Group\".\"ID\" AND \"Group_Subsites\".\"SubsiteID\" = $subsiteID"); |
||
183 | $query->addWhere('("Group_Subsites"."SubsiteID" IS NOT NULL OR |
||
184 | "Group"."AccessAllSubsites" = 1)'); |
||
185 | } else { |
||
186 | $query->addWhere('"Group"."AccessAllSubsites" = 1'); |
||
187 | } |
||
188 | } |
||
189 | |||
190 | // WORKAROUND for databases that complain about an ORDER BY when the column wasn't selected (e.g. SQL Server) |
||
191 | $select = $query->getSelect(); |
||
192 | if (isset($select[0]) && !$select[0] == 'COUNT(*)') { |
||
193 | $query->addOrderBy('AccessAllSubsites', 'DESC'); |
||
194 | } |
||
195 | } |
||
196 | } |
||
197 | |||
198 | public function onBeforeWrite() |
||
199 | { |
||
200 | // New record test approximated by checking whether the ID has changed. |
||
201 | // Note also that the after write test is only used when we're *not* on a subsite |
||
202 | if ($this->owner->isChanged('ID') && !SubsiteState::singleton()->getSubsiteId()) { |
||
0 ignored issues
–
show
The expression
\SilverStripe\Subsites\S...leton()->getSubsiteId() of type integer|null is loosely compared to false ; this is ambiguous if the integer can be zero. You might want to explicitly use === null instead.
In PHP, under loose comparison (like For 0 == false // true
0 == null // true
123 == false // false
123 == null // false
// It is often better to use strict comparison
0 === false // false
0 === null // false
Loading history...
|
|||
203 | $this->owner->AccessAllSubsites = 1; |
||
204 | } |
||
205 | } |
||
206 | |||
207 | public function onAfterWrite() |
||
208 | { |
||
209 | // New record test approximated by checking whether the ID has changed. |
||
210 | // Note also that the after write test is only used when we're on a subsite |
||
211 | if ($this->owner->isChanged('ID') && $currentSubsiteID = SubsiteState::singleton()->getSubsiteId()) { |
||
212 | $subsites = $this->owner->Subsites(); |
||
213 | $subsites->add($currentSubsiteID); |
||
214 | } |
||
215 | } |
||
216 | |||
217 | public function alternateCanEdit() |
||
218 | { |
||
219 | // Find the sites that this group belongs to and the sites where we have appropriate perm. |
||
220 | $accessibleSites = Subsite::accessible_sites('CMS_ACCESS_SecurityAdmin')->column('ID'); |
||
221 | $linkedSites = $this->owner->Subsites()->column('ID'); |
||
222 | |||
223 | // We are allowed to access this site if at we have CMS_ACCESS_SecurityAdmin permission on |
||
224 | // at least one of the sites |
||
225 | return (bool)array_intersect($accessibleSites, $linkedSites); |
||
226 | } |
||
227 | |||
228 | public function providePermissions() |
||
229 | { |
||
230 | return [ |
||
231 | 'SECURITY_SUBSITE_GROUP' => [ |
||
232 | 'name' => _t('GroupSubsites.MANAGE_SUBSITES', 'Manage subsites for groups'), |
||
233 | 'category' => _t('Permissions.PERMISSIONS_CATEGORY', 'Roles and access permissions'), |
||
234 | 'help' => _t( |
||
235 | 'GroupSubsites.MANAGE_SUBSITES_HELP', |
||
236 | 'Ability to limit the permissions for a group to one or more subsites.' |
||
237 | ), |
||
238 | 'sort' => 200 |
||
239 | ] |
||
240 | ]; |
||
241 | } |
||
242 | } |
||
243 |
This check marks private properties in classes that are never used. Those properties can be removed.