|
@@ 1544-1570 (lines=27) @@
|
| 1541 |
|
* Users can edit their own record. |
| 1542 |
|
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions |
| 1543 |
|
*/ |
| 1544 |
|
public function canEdit($member = null) { |
| 1545 |
|
//get member |
| 1546 |
|
if(!($member instanceof Member)) { |
| 1547 |
|
$member = Member::currentUser(); |
| 1548 |
|
} |
| 1549 |
|
//check for extensions, we do this first as they can overrule everything |
| 1550 |
|
$extended = $this->extendedCan(__FUNCTION__, $member); |
| 1551 |
|
if($extended !== null) { |
| 1552 |
|
return $extended; |
| 1553 |
|
} |
| 1554 |
|
|
| 1555 |
|
//need to be logged in and/or most checks below rely on $member being a Member |
| 1556 |
|
if(!$member) { |
| 1557 |
|
return false; |
| 1558 |
|
} |
| 1559 |
|
|
| 1560 |
|
// HACK: we should not allow for an non-Admin to edit an Admin |
| 1561 |
|
if(!Permission::checkMember($member, 'ADMIN') && Permission::checkMember($this, 'ADMIN')) { |
| 1562 |
|
return false; |
| 1563 |
|
} |
| 1564 |
|
// members can usually edit their own record |
| 1565 |
|
if($this->ID == $member->ID) { |
| 1566 |
|
return true; |
| 1567 |
|
} |
| 1568 |
|
//standard check |
| 1569 |
|
return Permission::checkMember($member, 'CMS_ACCESS_SecurityAdmin'); |
| 1570 |
|
} |
| 1571 |
|
/** |
| 1572 |
|
* Users can edit their own record. |
| 1573 |
|
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions |
|
@@ 1575-1605 (lines=31) @@
|
| 1572 |
|
* Users can edit their own record. |
| 1573 |
|
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions |
| 1574 |
|
*/ |
| 1575 |
|
public function canDelete($member = null) { |
| 1576 |
|
if(!($member instanceof Member)) { |
| 1577 |
|
$member = Member::currentUser(); |
| 1578 |
|
} |
| 1579 |
|
//check for extensions, we do this first as they can overrule everything |
| 1580 |
|
$extended = $this->extendedCan(__FUNCTION__, $member); |
| 1581 |
|
if($extended !== null) { |
| 1582 |
|
return $extended; |
| 1583 |
|
} |
| 1584 |
|
|
| 1585 |
|
//need to be logged in and/or most checks below rely on $member being a Member |
| 1586 |
|
if(!$member) { |
| 1587 |
|
return false; |
| 1588 |
|
} |
| 1589 |
|
// Members are not allowed to remove themselves, |
| 1590 |
|
// since it would create inconsistencies in the admin UIs. |
| 1591 |
|
if($this->ID && $member->ID == $this->ID) { |
| 1592 |
|
return false; |
| 1593 |
|
} |
| 1594 |
|
|
| 1595 |
|
// HACK: if you want to delete a member, you have to be a member yourself. |
| 1596 |
|
// this is a hack because what this should do is to stop a user |
| 1597 |
|
// deleting a member who has more privileges (e.g. a non-Admin deleting an Admin) |
| 1598 |
|
if(Permission::checkMember($this, 'ADMIN')) { |
| 1599 |
|
if( ! Permission::checkMember($member, 'ADMIN')) { |
| 1600 |
|
return false; |
| 1601 |
|
} |
| 1602 |
|
} |
| 1603 |
|
//standard check |
| 1604 |
|
return Permission::checkMember($member, 'CMS_ACCESS_SecurityAdmin'); |
| 1605 |
|
} |
| 1606 |
|
|
| 1607 |
|
/** |
| 1608 |
|
* Validate this member object. |
sminnee /
silverstripe-framework
