|
@@ 1505-1531 (lines=27) @@
|
| 1502 |
|
* Users can edit their own record. |
| 1503 |
|
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions |
| 1504 |
|
*/ |
| 1505 |
|
public function canEdit($member = null) { |
| 1506 |
|
//get member |
| 1507 |
|
if(!($member instanceof Member)) { |
| 1508 |
|
$member = Member::currentUser(); |
| 1509 |
|
} |
| 1510 |
|
//check for extensions, we do this first as they can overrule everything |
| 1511 |
|
$extended = $this->extendedCan(__FUNCTION__, $member); |
| 1512 |
|
if($extended !== null) { |
| 1513 |
|
return $extended; |
| 1514 |
|
} |
| 1515 |
|
|
| 1516 |
|
//need to be logged in and/or most checks below rely on $member being a Member |
| 1517 |
|
if(!$member) { |
| 1518 |
|
return false; |
| 1519 |
|
} |
| 1520 |
|
|
| 1521 |
|
// HACK: we should not allow for an non-Admin to edit an Admin |
| 1522 |
|
if(!Permission::checkMember($member, 'ADMIN') && Permission::checkMember($this, 'ADMIN')) { |
| 1523 |
|
return false; |
| 1524 |
|
} |
| 1525 |
|
// members can usually edit their own record |
| 1526 |
|
if($this->ID == $member->ID) { |
| 1527 |
|
return true; |
| 1528 |
|
} |
| 1529 |
|
//standard check |
| 1530 |
|
return Permission::checkMember($member, 'CMS_ACCESS_SecurityAdmin'); |
| 1531 |
|
} |
| 1532 |
|
/** |
| 1533 |
|
* Users can edit their own record. |
| 1534 |
|
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions |
|
@@ 1536-1566 (lines=31) @@
|
| 1533 |
|
* Users can edit their own record. |
| 1534 |
|
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions |
| 1535 |
|
*/ |
| 1536 |
|
public function canDelete($member = null) { |
| 1537 |
|
if(!($member instanceof Member)) { |
| 1538 |
|
$member = Member::currentUser(); |
| 1539 |
|
} |
| 1540 |
|
//check for extensions, we do this first as they can overrule everything |
| 1541 |
|
$extended = $this->extendedCan(__FUNCTION__, $member); |
| 1542 |
|
if($extended !== null) { |
| 1543 |
|
return $extended; |
| 1544 |
|
} |
| 1545 |
|
|
| 1546 |
|
//need to be logged in and/or most checks below rely on $member being a Member |
| 1547 |
|
if(!$member) { |
| 1548 |
|
return false; |
| 1549 |
|
} |
| 1550 |
|
// Members are not allowed to remove themselves, |
| 1551 |
|
// since it would create inconsistencies in the admin UIs. |
| 1552 |
|
if($this->ID && $member->ID == $this->ID) { |
| 1553 |
|
return false; |
| 1554 |
|
} |
| 1555 |
|
|
| 1556 |
|
// HACK: if you want to delete a member, you have to be a member yourself. |
| 1557 |
|
// this is a hack because what this should do is to stop a user |
| 1558 |
|
// deleting a member who has more privileges (e.g. a non-Admin deleting an Admin) |
| 1559 |
|
if(Permission::checkMember($this, 'ADMIN')) { |
| 1560 |
|
if( ! Permission::checkMember($member, 'ADMIN')) { |
| 1561 |
|
return false; |
| 1562 |
|
} |
| 1563 |
|
} |
| 1564 |
|
//standard check |
| 1565 |
|
return Permission::checkMember($member, 'CMS_ACCESS_SecurityAdmin'); |
| 1566 |
|
} |
| 1567 |
|
|
| 1568 |
|
/** |
| 1569 |
|
* Validate this member object. |
sminnee /
silverstripe-framework
