Administrator / test_1

Blame view

framework/security/PermissionRole.php 2.69 KB
Edit Raw Normal View History
a63b5418   Administrator   first_commit 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
  <?php
  /**
   * A PermissionRole represents a collection of permission codes that can be applied to groups.
   * 
   * Because permission codes are very granular, this lets website administrators create more
   * business-oriented units of access control - Roles - and assign those to groups.
   * 
   * If the <b>OnlyAdminCanApply</b> property is set to TRUE, the role can only be assigned
   * to new groups by a user with ADMIN privileges. This is a simple way to prevent users
   * with access to {@link SecurityAdmin} (but no ADMIN privileges) to get themselves ADMIN access
   * (which might be implied by certain roles).
   * 
   * @package framework
   * @subpackage security
   *
   * @property string Title
   * @property string OnlyAdminCanApply
   *
   * @method HasManyList Codes() List of PermissionRoleCode objects
   * @method ManyManyList Groups() List of Group objects
   */
  class PermissionRole extends DataObject {
  	private static $db = array(
  		"Title" => "Varchar",
  		"OnlyAdminCanApply" => "Boolean"
  	);
  	
  	private static $has_many = array(
  		"Codes" => "PermissionRoleCode",
  	);
  	
  	private static $belongs_many_many = array(
  		"Groups" => "Group",
  	);
  	
  	private static $default_sort = '"Title"';
  	
  	private static $singular_name = 'Role';
  
  	private static $plural_name = 'Roles';
  	
  	public function getCMSFields() {
  		$fields = parent::getCMSFields();
  		
  		$fields->removeFieldFromTab('Root', 'Codes');
  		$fields->removeFieldFromTab('Root', 'Groups');
  		
  		$fields->addFieldToTab(
  			'Root.Main', 
  			$permissionField = new PermissionCheckboxSetField(
  				'Codes',
  				singleton('Permission')->i18n_plural_name(),
  				'PermissionRoleCode',
  				'RoleID'
  			)
  		);
  		$permissionField->setHiddenPermissions(
  			Config::inst()->get('Permission', 'hidden_permissions')
  		);
  		
  		return $fields;
  	}
  	
  	public function onAfterDelete() {
  		parent::onAfterDelete();
  		
  		// Delete associated permission codes
  		$codes = $this->Codes();
  		foreach ( $codes as $code ) {
  			$code->delete();
  		}
  	}
  
  	public function fieldLabels($includerelations = true) {
  		$labels = parent::fieldLabels($includerelations);
  		$labels['Title'] = _t('PermissionRole.Title', 'Title');
  		$labels['OnlyAdminCanApply'] = _t(
  			'PermissionRole.OnlyAdminCanApply', 
  			'Only admin can apply',
  			'Checkbox to limit which user can apply this role'
  		);
  		
  		return $labels;
  	}
  
  	public function canView($member = null) {
  		return Permission::check('APPLY_ROLES', 'any', $member);
  	}
  
  	public function canCreate($member = null) {
  		return Permission::check('APPLY_ROLES', 'any', $member);
  	}
  
  	public function canEdit($member = null) {
  		return Permission::check('APPLY_ROLES', 'any', $member);
  	}
  
  	public function canDelete($member = null) {
  		return Permission::check('APPLY_ROLES', 'any', $member);
  	}
  }