From 7f510aa4d366cb40e2a4f73bca9aa3b010eb9400 Mon Sep 17 00:00:00 2001 From: Luke Fromhold Date: Sun, 4 Jul 2021 00:17:30 +1000 Subject: [PATCH] Improve permissions flexibility --- src/Model/MenuItem.php | 57 ++++++++++++++++++++++++++++++++---------- src/Model/MenuSet.php | 41 ++++++++++++++++++++++-------- 2 files changed, 74 insertions(+), 24 deletions(-) diff --git a/src/Model/MenuItem.php b/src/Model/MenuItem.php index 2d06e47..6b117fb 100644 --- a/src/Model/MenuItem.php +++ b/src/Model/MenuItem.php @@ -19,12 +19,14 @@ use SilverStripe\Forms\OptionsetField; use SilverStripe\Forms\Tab; use SilverStripe\Forms\TreeDropdownField; +use SilverStripe\Security\Permission; +use SilverStripe\Security\PermissionProvider; use SilverStripe\Versioned\Versioned; use Symbiote\GridFieldExtensions\GridFieldAddNewMultiClass; use Symbiote\GridFieldExtensions\GridFieldOrderableRows; use UncleCheese\DisplayLogic\Forms\Wrapper; -class MenuItem extends SuperLink +class MenuItem extends SuperLink implements PermissionProvider { const SUBMENU_SITETREE = 'sitetree'; const SUBMENU_MANUAL = 'manual'; @@ -308,33 +310,62 @@ public function CMSEditLink() public function canView($member = null) { - if ($this->ParentID) { - return $this->Parent()->canView($member); + $can = Permission::checkMember($member, 'MANAGE_MENUITEMS'); + if ($can) { + if ($this->ParentID) { + $can = $this->Parent()->canView($member, $context); + } } - return $this->MenuSet()->canView($member); + return $can; } public function canEdit($member = null) { - if ($this->ParentID) { - return $this->Parent()->canEdit($member); + $can = Permission::checkMember($member, 'MANAGE_MENUITEMS'); + if ($can) { + if ($this->ParentID) { + $can = $this->Parent()->canEdit($member, $context); + } } - return $this->MenuSet()->canEdit($member); + return $can; } public function canDelete($member = null) { - if ($this->ParentID) { - return $this->Parent()->canDelete($member); + $can = Permission::checkMember($member, 'DELETE_MENUITEMS'); + if ($can) { + if ($this->ParentID) { + $can = $this->Parent()->canDelete($member, $context); + } } - return $this->MenuSet()->canDelete($member); + return $can; } public function canCreate($member = null, $context = []) { - if ($this->ParentID) { - return $this->Parent()->canCreate($member, $context); + $can = Permission::checkMember($member, 'CREATE_MENUITEMS'); + if ($can) { + if ($this->ParentID) { + $can = $this->Parent()->canCreate($member, $context); + } } - return $this->MenuSet()->canEdit($member); + return $can; + } + + public function providePermissions() { + return [ + 'MANAGE_MENUITEMS' => array( + 'name' => 'Manage menu items', + 'category' => 'Menus', + ), + 'CREATE_MENUITEMS' => array( + 'name' => 'Create menu items', + 'category' => 'Menus', + ), + 'DELETE_MENUITEMS' => array( + 'name' => 'Delete menu items', + 'category' => 'Menus', + ) + ]; } } diff --git a/src/Model/MenuSet.php b/src/Model/MenuSet.php index 5c36395..5ca71a7 100644 --- a/src/Model/MenuSet.php +++ b/src/Model/MenuSet.php @@ -21,12 +21,14 @@ use SilverStripe\Forms\TabSet; use SilverStripe\Forms\TextField; use SilverStripe\ORM\DataObject; +use SilverStripe\Security\Permission; +use SilverStripe\Security\PermissionProvider; use SilverStripe\Versioned\Versioned; use SilverStripe\View\SSViewer; use Symbiote\GridFieldExtensions\GridFieldAddNewMultiClass; use Symbiote\GridFieldExtensions\GridFieldOrderableRows; -class MenuSet extends DataObject +class MenuSet extends DataObject implements PermissionProvider { private static $table_name = 'MenuSet'; private static $singular_name = 'Menu'; @@ -447,29 +449,46 @@ public function getCMSFields() public function canCreate($member = null, $context = null) { - return false; + return Permission::checkMember($member, 'CREATE_MENUSETS'); } public function canDelete($member = null) { - return false; + return Permission::checkMember($member, 'DELETE_MENUSETS'); } public function canEdit($member = null) { - $can = $this->Parent()->canEdit($member); - if ($can === false) { - return false; + $can = Permission::checkMember($member, 'MANAGE_MENUSETS'); + if ($can) { + $can = $this->Parent()->canEdit($member); } - return parent::canEdit($member); + return $can; } public function canView($member = null) { - $can = $this->Parent()->canView($member); - if ($can === false) { - return false; + $can = Permission::checkMember($member, 'MANAGE_MENUSETS'); + if ($can) { + $can = $this->Parent()->canView($member); } - return parent::canView($member); + return $can; + } + + public function providePermissions() { + return [ + 'MANAGE_MENUSETS' => array( + 'name' => 'Manage menu sets', + 'category' => 'Menus', + ), + 'CREATE_MENUSETS' => array( + 'name' => 'Create menu sets', + 'category' => 'Menus', + ), + 'DELETE_MENUSETS' => array( + 'name' => 'Delete menu sets', + 'category' => 'Menus', + ) + ]; } }