Skip to content

Instantly share code, notes, and snippets.

@rixth

rixth/gist:288348

Created January 28, 2010 01:36
Show Gist options
  • Save rixth/288348 to your computer and use it in GitHub Desktop.
Save rixth/288348 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.diff
Index: cmsworkflow/code/ThreeStep/SiteConfigThreeStepWorkflow.php
===================================================================
--- cmsworkflow/code/ThreeStep/SiteConfigThreeStepWorkflow.php (revision 97653)
+++ cmsworkflow/code/ThreeStep/SiteConfigThreeStepWorkflow.php (working copy)
@@ -128,6 +128,7 @@
*/
public function canPublish($member = null) {
if(!$member && $member !== FALSE) $member = Member::currentUser();
+ if (is_numeric($member)) $member = DataObject::get_by_id('Member', $member);
// check for admin permission
if(Permission::checkMember($member, 'ADMIN')) return true;
@@ -158,6 +159,7 @@
*/
public function canApprove($member = null) {
if(!$member && $member !== FALSE) $member = Member::currentUser();
+ if (is_numeric($member)) $member = DataObject::get_by_id('Member', $member);
// check for admin permission
if(Permission::checkMember($member, 'ADMIN')) return true;
Index: cmsworkflow/code/ThreeStep/SiteTreeCMSThreeStepWorkflow.php
===================================================================
--- cmsworkflow/code/ThreeStep/SiteTreeCMSThreeStepWorkflow.php (revision 97653)
+++ cmsworkflow/code/ThreeStep/SiteTreeCMSThreeStepWorkflow.php (working copy)
@@ -173,37 +173,26 @@
* @return boolean True if the current user can approve requests for this page.
*/
public function canApprove($member = null) {
- if(!$member && $member !== FALSE) $member = Member::currentUser();
-
- // check for admin permission
- if(Permission::checkMember($member, 'ADMIN')) return true;
+ if(!$member) $member = Member::currentUser();
+ $memberID = $member->ID;
- // check for workflow admin permission
- if(Permission::checkMember($member, 'IS_WORKFLOW_ADMIN')) return true;
+ if(isset(SiteTree::$cache_permissions['CanApproveType'][$this->owner->ID])) {
+ return SiteTree::$cache_permissions['CanApproveType'][$this->owner->ID];
+ }
- // check for missing cmsmain permission
- if(!Permission::checkMember($member, 'CMS_ACCESS_CMSMain')) return false;
+ // DANGER, WILL ROBINSON!
+ // we currently have not implemented extensions here. if you do
+ // be aware that the WorkflowRequest::get_by_* functions use
+ // batch_permission_check directly so you will need to ammend
+ // them appropriately
+ // check for (workflow)admin permission
+ if(Permission::checkMember($member, array('ADMIN', 'IS_WORKFLOW_ADMIN'))) return true;
+
if ($this->canPublish($member)) return true;
- // check for empty spec
- if(!$this->owner->CanApproveType || $this->owner->CanApproveType == 'Anyone') return true;
-
- // check against parent page/site config
- if($this->owner->CanApproveType == 'Inherit') {
- if ($this->owner->Parent()->exists()) {
- // if (!$this->owner->Parent()->getExtensionInstance('SiteTreeCMSThreeStepWorkflow')->canApprove($member)) return false;
- if (!$this->owner->Parent()->canApprove($member)) return false;
- } else { return $this->owner->SiteConfig->canApprove($member); }
- }
-
- // check for any logged-in users
- if($this->owner->CanApproveType == 'LoggedInUsers' && !Permission::checkMember($member, 'CMS_ACCESS_CMSMain')) return false;
-
- // check for specific groups
- if($this->owner->CanApproveType == 'OnlyTheseUsers' && (!$member || !$member->inGroups($this->owner->ApproverGroups()))) return false;
-
- return true;
+ $results = SiteTree::batch_permission_check(array($this->owner->ID), $memberID, 'CanApproveType', 'SiteTree_ApproverGroups', 'canApprove');
+ return isset($results[$this->owner->ID]) ? $results[$this->owner->ID] : false;
}
/**
@@ -243,34 +232,24 @@
* @return boolean True if the current user can publish this page.
*/
public function canPublish($member = null) {
- if(!$member && $member !== FALSE) $member = Member::currentUser();
-
- // check for admin permission
- if(Permission::checkMember($member, 'ADMIN')) return true;
+ if(!$member) $member = Member::currentUser();
+ $memberID = $member->ID;
- // check for workflow admin permission
- if(Permission::checkMember($member, 'IS_WORKFLOW_ADMIN')) return true;
-
- // check for missing cmsmain permission
- if(!Permission::checkMember($member, 'CMS_ACCESS_CMSMain')) return false;
-
- // check for empty spec
- if(!$this->owner->CanPublishType || $this->owner->CanPublishType == 'Anyone') return true;
-
- // check against parent page/site config
- if($this->owner->CanPublishType == 'Inherit') {
- if ($this->owner->Parent()->exists()) {
- if (!$this->owner->Parent()->canPublish($member)) return false;
- } else { return $this->owner->SiteConfig->canPublish($member); }
+ if(isset(SiteTree::$cache_permissions['CanPublishType'][$this->owner->ID])) {
+ return SiteTree::$cache_permissions['CanPublishType'][$this->owner->ID];
}
- // check for any logged-in users
- if($this->owner->CanPublishType == 'LoggedInUsers' && !Permission::checkMember($member, 'CMS_ACCESS_CMSMain')) return false;
+ // DANGER, WILL ROBINSON!
+ // we currently have not implemented extensions here. if you do
+ // be aware that the WorkflowRequest::get_by_* functions use
+ // batch_permission_check directly so you will need to ammend
+ // them appropriately
- // check for specific groups
- if($this->owner->CanPublishType == 'OnlyTheseUsers' && (!$member || !$member->inGroups($this->owner->PublisherGroups()))) return false;
-
- return true;
+ // check for (workflow)admin permission
+ if(Permission::checkMember($member, array('ADMIN', 'IS_WORKFLOW_ADMIN'))) return true;
+
+ $results = SiteTree::batch_permission_check(array($this->owner->ID), $memberID, 'CanPublishType', 'SiteTree_PublisherGroups', 'canPublish');
+ return isset($results[$this->owner->ID]) ? $results[$this->owner->ID] : false;
}
/**
Index: cmsworkflow/code/ThreeStep/WorkflowThreeStepRequest.php
===================================================================
--- cmsworkflow/code/ThreeStep/WorkflowThreeStepRequest.php (revision 97653)
+++ cmsworkflow/code/ThreeStep/WorkflowThreeStepRequest.php (working copy)
@@ -198,18 +198,8 @@
$classes[] = $class;
$classesSQL = implode("','", $classes);
- // build filter
-
- // check for admin permission
- if (Permission::checkMember($approver, 'ADMIN') || Permission::checkMember($approver, 'IS_WORKFLOW_ADMIN')) {
- // Admins can approve/publish anything
- $filter = "{$bt}WorkflowRequest{$bt}.{$bt}ClassName{$bt} IN ('$classesSQL')";
- } else {
- $filter = "{$bt}WorkflowRequest_Approvers{$bt}.{$bt}MemberID{$bt} = {$approver->ID}
- AND {$bt}WorkflowRequest{$bt}.{$bt}ClassName{$bt} IN ('$classesSQL')
- ";
- }
-
+ $filter = "{$bt}WorkflowRequest{$bt}.{$bt}ClassName{$bt} IN ('$classesSQL')";
+
if($status) {
$filter .= "AND {$bt}WorkflowRequest{$bt}.{$bt}Status{$bt} IN (" . $statusStr . ")";
}
@@ -236,6 +226,14 @@
$return->merge($onDraft);
$return->merge($onLive);
$return->removeDuplicates();
+
+ $canApprove = SiteTree::batch_permission_check($return->column('ID'), $approver->ID, 'CanApproveType', 'SiteTree_ApproverGroups', 'canApprove');
+ foreach($return as $page) {
+ if (!isset($canApprove[$page->ID]) || !$canApprove[$page->ID]) {
+ $return->remove($page);
+ }
+ }
+
return $return;
}
@@ -270,17 +268,15 @@
"LEFT JOIN {$bt}WorkflowRequest{$bt} ON {$bt}WorkflowRequest{$bt}.{$bt}PageID{$bt} = {$bt}SiteTree_Live{$bt}.{$bt}ID{$bt} "
);
- $objects = new DataObjectSet();
$return = new DataObjectSet();
- $objects->merge($onDraft);
- $objects->merge($onLive);
- $objects->removeDuplicates();
+ $return->merge($onDraft);
+ $return->merge($onLive);
+ $return->removeDuplicates();
- if ($objects) {
- foreach($objects as $do) {
- if ($do->canPublish($publisher)) {
- $return->push($do);
- }
+ $canPublish = SiteTree::batch_permission_check($return->column('ID'), $publisher->ID, 'CanPublishType', 'SiteTree_PublisherGroups', 'canPublish');
+ foreach($return as $page) {
+ if (!isset($canPublish[$page->ID]) || !$canPublish[$page->ID]) {
+ $return->remove($page);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment