class InheritedPermissions implements PermissionChecker, MemberCacheFlusher (View source)

Calculates batch permissions for nested objects for:

  • canView: Supports 'Anyone' type
  • canEdit
  • canDelete: Includes special logic for ensuring parent objects can only be deleted if their children can be deleted also.

Traits

A class that can be instantiated or replaced via DI

Constants

DELETE

Delete permission

VIEW

View permission

EDIT

Edit permission

ANYONE

Anyone canView permission

LOGGED_IN_USERS

Restrict to logged in users

ONLY_THESE_USERS

Restrict to specific groups

INHERIT

Inherit from parent

Properties

protected string $baseClass

Class name

protected DefaultPermissionChecker $defaultPermissions

Object for evaluating top level permissions designed as "Inherit"

protected array $globalEditPermissions

Global permissions required to edit.

protected array $cachePermissions

Cache of permissions

protected CacheInterface $cacheService

Methods

public static 
create(mixed ...$args)

An implementation of the factory method, allows you to create an instance of a class

public static 
singleton(string $class = null)

Creates a class instance by the "singleton" design pattern.

public
__construct(string $baseClass, CacheInterface $cache = null)

Construct new permissions object

public
__destruct()

Commits the cache

public
flushMemberCache(array $memberIDs = null)

Clear the cache for this instance only

public
$this
public
$this
setGlobalEditPermissions(array $permissions)

Global permissions required to edit

public
array
getGlobalEditPermissions()

No description

public
getDefaultPermissions()

Get root permissions handler, or null if no handler

public
string
getBaseClass()

Get base class

public
prePopulatePermissionCache(string $permission = 'edit', array $ids = [])

Force pre-calculation of a list of permissions for optimisation

protected
array
batchPermissionCheck(string $type, array $ids, Member $member = null, array $globalPermission = [], bool $useCached = true)

This method is NOT a full replacement for the individual can*() methods, e.g. canEdit(). Rather than checking (potentially slow) PHP logic, it relies on the database group associations, e.g. the "CanEditType" field plus the "SiteTree_EditorGroups" many-many table. By batch checking multiple records, we can combine the queries efficiently.

protected
array
batchPermissionCheckForStage(string $type, array $globalPermission, DataList $stageRecords, string $groupIDsSQLList, Member $member = null)

No description

public
array
canEditMultiple(array $ids, Member $member = null, bool $useCached = true)

No description

public
mixed
canViewMultiple(array $ids, Member $member = null, bool $useCached = true)

No description

public
array
canDeleteMultiple(array $ids, Member $member = null, bool $useCached = true)

No description

public
bool
canDelete(int $id, Member $member = null)

No description

public
bool
canEdit(int $id, Member $member = null)

No description

public
bool
canView(int $id, Member $member = null)

No description

protected
string
getPermissionField(string $type)

Get field to check for permission type for the given check.

protected
string
getJoinTable(string $type)

Get join table for type Defaults to those provided by {InheritedPermissionsExtension)

protected
bool
checkDefaultPermissions(string $type, Member $member = null)

Determine default permission for a givion check

protected
bool
isVersioned()

Check if this model has versioning

public
$this
clearCache()

No description

protected
string
getEditorGroupsTable()

Get table to use for editor groups relation

protected
string
getViewerGroupsTable()

Get table to use for viewer groups relation

protected
mixed
getCachePermissions(string $cacheKey)

Gets the permission from cache

protected
string
generateCacheKey(string $type, int $memberID)

Creates a cache key for a member and type

Details

static Injectable create(mixed ...$args)

An implementation of the factory method, allows you to create an instance of a class

This method will defer class substitution to the Injector API, which can be customised via the Config API to declare substitution classes.

This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create(SiteTree::class); $list = SiteTree::get();

Parameters

mixed ...$args

Return Value

Injectable

static Injectable singleton(string $class = null)

Creates a class instance by the "singleton" design pattern.

It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).

Parameters

string $class

Optional classname to create, if the called class should not be used

Return Value

Injectable

The singleton instance

__construct(string $baseClass, CacheInterface $cache = null)

Construct new permissions object

Parameters

string $baseClass

Base class

CacheInterface $cache

__destruct()

Commits the cache

flushMemberCache(array $memberIDs = null)

Clear the cache for this instance only

Parameters

array $memberIDs

$this setDefaultPermissions(DefaultPermissionChecker $callback)

No description

Parameters

DefaultPermissionChecker $callback

Return Value

$this

$this setGlobalEditPermissions(array $permissions)

Global permissions required to edit

Parameters

array $permissions

Return Value

$this

array getGlobalEditPermissions()

No description

Return Value

array

DefaultPermissionChecker|null getDefaultPermissions()

Get root permissions handler, or null if no handler

Return Value

DefaultPermissionChecker|null

string getBaseClass()

Get base class

Return Value

string

prePopulatePermissionCache(string $permission = 'edit', array $ids = [])

Force pre-calculation of a list of permissions for optimisation

Parameters

string $permission
array $ids

protected array batchPermissionCheck(string $type, array $ids, Member $member = null, array $globalPermission = [], bool $useCached = true)

This method is NOT a full replacement for the individual can*() methods, e.g. canEdit(). Rather than checking (potentially slow) PHP logic, it relies on the database group associations, e.g. the "CanEditType" field plus the "SiteTree_EditorGroups" many-many table. By batch checking multiple records, we can combine the queries efficiently.

Caches based on $typeField data. To invalidate the cache, use SiteTree::reset() or set the $useCached property to FALSE.

Parameters

string $type

Either edit, view, or create

array $ids

Array of IDs

Member $member Member
array $globalPermission

If the member doesn't have this permission code, don't bother iterating deeper

bool $useCached

Enables use of cache. Cache will be populated even if this is false.

Return Value

array

A map of permissions, keys are ID numbers, and values are boolean permission checks ID keys to boolean values

protected array batchPermissionCheckForStage(string $type, array $globalPermission, DataList $stageRecords, string $groupIDsSQLList, Member $member = null)

No description

Parameters

string $type
array $globalPermission

List of global permissions

DataList $stageRecords

List of records to check for this stage

string $groupIDsSQLList

Group IDs this member belongs to

Member $member

Return Value

array

array canEditMultiple(array $ids, Member $member = null, bool $useCached = true)

No description

Parameters

array $ids

An array of IDs of the objects to look up

Member $member

Member object

bool $useCached

Return values from the permission cache if they exist

Return Value

array

A map where the IDs are keys and the values are booleans stating whether the given object can be edited

mixed canViewMultiple(array $ids, Member $member = null, bool $useCached = true)

No description

Parameters

array $ids
Member $member
bool $useCached

Return Value

mixed

array canDeleteMultiple(array $ids, Member $member = null, bool $useCached = true)

No description

Parameters

array $ids

An array of IDs of the objects pages to look up

Member $member

Member object

bool $useCached

Return values from the permission cache if they exist

Return Value

array

bool canDelete(int $id, Member $member = null)

No description

Parameters

int $id
Member $member

Return Value

bool

bool canEdit(int $id, Member $member = null)

No description

Parameters

int $id
Member $member

Return Value

bool

bool canView(int $id, Member $member = null)

No description

Parameters

int $id
Member $member

Return Value

bool

protected string getPermissionField(string $type)

Get field to check for permission type for the given check.

Defaults to those provided by {InheritedPermissionsExtension)

Parameters

string $type

Return Value

string

protected string getJoinTable(string $type)

Get join table for type Defaults to those provided by {InheritedPermissionsExtension)

Parameters

string $type

Return Value

string

protected bool checkDefaultPermissions(string $type, Member $member = null)

Determine default permission for a givion check

Parameters

string $type

Method to check

Member $member

Return Value

bool

protected bool isVersioned()

Check if this model has versioning

Return Value

bool

$this clearCache()

No description

Return Value

$this

protected string getEditorGroupsTable()

Get table to use for editor groups relation

Return Value

string

protected string getViewerGroupsTable()

Get table to use for viewer groups relation

Return Value

string

protected mixed getCachePermissions(string $cacheKey)

Gets the permission from cache

Parameters

string $cacheKey

Return Value

mixed

protected string generateCacheKey(string $type, int $memberID)

Creates a cache key for a member and type

Parameters

string $type
int $memberID

Return Value

string