Source of file SiteTreeCMSThreeStepWorkflow.php
Size: 16,296 Bytes - Last Modified: 2021-12-23T10:28:49+00:00
/var/www/docs.ssmods.com/process/src/code/ThreeStep/SiteTreeCMSThreeStepWorkflow.php
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423 | <?php /** * Augment SiteTree with a new permissions, 'canApprove', * and 'canAction'. * * @package cmsworkflow * @subpackage ThreeStep * @author Tom Rix */ class SiteTreeCMSThreeStepWorkflow extends SiteTreeCMSWFDecorator implements PermissionProvider { public function extraStatics() { return array( 'db' => array( "CanApproveType" =>"Enum('LoggedInUsers, OnlyTheseUsers, Inherit', 'Inherit')", "CanPublishType" =>"Enum('LoggedInUsers, OnlyTheseUsers, Inherit', 'Inherit')" ), 'many_many' => array( "ApproverGroups" => "Group", "PublisherGroups" => "Group", ), 'defaults' => array( "CanApproveType" => "Inherit", "CanPublishType" => "Inherit", ) ); } public function getOpenRequest($workflowClass) { $bt = defined('DB::USE_ANSI_SQL') ? "\"" : "`"; $wf = DataObject::get_one($workflowClass, "{$bt}PageID{$bt} = " . (int)$this->owner->ID . " AND {$bt}Status{$bt} NOT IN ('Completed', 'Denied', 'Cancelled')"); if ($wf) { return $wf; } return null; } public function batchPublish() { $page = $this->owner; if ($request = $page->openWorkflowRequest('WorkflowRequest')) { if ($request->Status == 'AwaitingApproval') { $result = $request->approve('Batch approval', null, false); if ($result) { $result = $request->publish('Batch publish', null, false); } } if ($request->Status == 'Approved') { $result = $request->publish('Batch publish', null, false); } } else { $result = false; } return $result; } public function batchApprove() { $page = $this->owner; if ($request = $page->openWorkflowRequest('WorkflowRequest')) { if ($request->Status == 'AwaitingApproval') { return $request->approve('Batch approval', null, false); } } else { return false; } } /** * Returns true if a batch publication action can be triggered on this page */ public function canBatchPublish($member = null) { $request = $this->owner->openWorkflowRequest(); return $request && $request->Status == 'Approved' && $this->owner->canPublish($member); } /** * Returns true if a batch approval action can be triggered on this page */ public function canBatchApprove($member = null) { $request = $this->owner->openWorkflowRequest(); return $request && $request->Status == 'AwaitingApproval' && $this->owner->canApprove($member); } public function canDenyRequests() { return true; } public function canRequestEdit() { return true; } public function whoCanApprove() { return $this->ApproverMembers(); } /** * Implement permissions for ThreeStep * * @return void */ public function updateCMSFields(&$fields) { $fields->addFieldsToTab("Root.Access", array( new HeaderField(_t('SiteTreeCMSWorkflow.APPROVEHEADER', "Who can approve requests inside the CMS?"), 2), $approveTypeField = new OptionsetField( "CanApproveType", "", array( "Inherit" => _t('SiteTree.EDITINHERIT', "Inherit from parent page"), "LoggedInUsers" => _t('SiteTree.EDITANYONE', "Anyone who can log-in to the CMS"), "OnlyTheseUsers" => _t('SiteTree.EDITONLYTHESE', "Only these people (choose from list)") ), "Inherit" ), $approverGroupsField = new TreeMultiselectField("ApproverGroups", $this->owner->fieldLabel('ApproverGroups')) )); $fields->addFieldsToTab("Root.Access", array( new HeaderField(_t('SiteTreeCMSWorkflow.PUBLISHAPPROVEDHEADER', "Who can publish approved requests inside the CMS?"), 2), $actionTypeField = new OptionsetField( "CanPublishType", "", array( "Inherit" => _t('SiteTree.EDITINHERIT', "Inherit from parent page"), "LoggedInUsers" => _t('SiteTree.EDITANYONE', "Anyone who can log-in to the CMS"), "OnlyTheseUsers" => _t('SiteTree.EDITONLYTHESE', "Only these people (choose from list)") ), "Inherit" ), $actionerGroupsField = new TreeMultiselectField("PublisherGroups", $this->owner->fieldLabel('PublisherGroups')) )); if (!$this->owner->canPublish() && !Permission::check('SITETREE_GRANT_ACCESS')) { $fields->replaceField('CanApproveType', $approveTypeField->performReadonlyTransformation()); if ($this->owner->CanApproveType == 'OnlyTheseUsers') { $fields->replaceField('ApproverGroups', $approverGroupsField->performReadonlyTransformation()); } else { $fields->removeByName('ApproverGroups'); } $fields->replaceField('CanPublishType', $actionTypeField->performReadonlyTransformation()); if ($this->owner->CanPublishType == 'OnlyTheseUsers') { $fields->replaceField('PublisherGroups', $actionerGroupsField->performReadonlyTransformation()); } else { $fields->removeByName('PublisherGroups'); } } } /** * Returns a DataObjectSet of all the members that can approve this page */ public function ApproverMembers() { if ($this->owner->CanApproveType == 'OnlyTheseUsers') { $groups = $this->owner->ApproverGroups(); $members = new DataObjectSet(); if ($groups) { foreach ($groups as $group) { $members->merge($group->Members()); } } // Default to ADMINs, if something goes wrong if (!$members->Count()) { $group = Permission::get_groups_by_permission('ADMIN')->first(); $members = $group->Members(); } return $members; } elseif ($this->owner->CanApproveType == 'Inherit') { if ($this->owner->ParentID) { return $this->owner->Parent()->ApproverMembers(); } else { return $this->owner->SiteConfig->ApproverMembers(); } } elseif ($this->owner->CanApproveType == 'LoggedInUsers') { return Permission::get_members_by_permission('CMS_ACCESS_CMSMain'); } else { $group = Permission::get_groups_by_permission('ADMIN')->first(); return $group->Members(); } } /** * This function should return true if the current user can approve requests * for this page. * * @return boolean True if the current user can approve requests for this page. */ public function canApprove($member = null) { if (!$member) { $member = Member::currentUser(); } if (!$member) { return false; } $memberID = $member->ID; // can_approve_multiple will check the cache so this isn't necessary //if(isset(SiteTree::$cache_permissions['approve'][$this->owner->ID])) { // return SiteTree::$cache_permissions['approve'][$this->owner->ID]; //} // DANGER, WILL ROBINSON! // we currently have not implemented extensions here. if you do // be aware that the WorkflowRequest::get_by_* functions use // batch_permission_check directly so you will need to ammend // them appropriately // check for (workflow)admin permission if (Permission::checkMember($member, array('ADMIN', 'IS_WORKFLOW_ADMIN'))) { return true; } $results = self::can_approve_multiple(array($this->owner->ID), $memberID); return isset($results[$this->owner->ID]) ? $results[$this->owner->ID] : false; } public static function can_approve_multiple($ids, $memberID, $useCached = true) { return SiteTree::batch_permission_check($ids, $memberID, 'CanApproveType', 'SiteTree_ApproverGroups', 'canApprove', null, $useCached); } /** * Returns a DataObjectSet of all the members that can publish this page */ public function PublisherMembers() { if ($this->owner->CanPublishType == 'OnlyTheseUsers') { $groups = $this->owner->PublisherGroups(); $members = new DataObjectSet(); if ($groups) { foreach ($groups as $group) { $members->merge($group->Members()); } } // Default to ADMINs, if something goes wrong if (!$members->Count()) { $group = Permission::get_groups_by_permission('ADMIN')->first(); $members = $group->Members(); } return $members; } elseif ($this->owner->CanPublishType == 'Inherit') { if ($this->owner->Parent()->Exists()) { return $this->owner->Parent()->PublisherMembers(); } else { return $this->owner->SiteConfig->PublisherMembers(); } } elseif ($this->owner->CanPublishType == 'LoggedInUsers') { return Permission::get_members_by_permission('CMS_ACCESS_CMSMain'); } else { $group = Permission::get_groups_by_permission('ADMIN')->first(); return $group->Members(); } } /** * This function should return true if the current user can publish this * page. * * @return boolean True if the current user can publish this page. */ public function canPublish($member = null) { if (!$member) { $member = Member::currentUser(); } if (!$member) { return false; } if ($member instanceof Member) { $memberID = $member->ID; } else { $memberID = $member; } // can_publish_multiple will check the cache so this isn't necessary //if(isset(SiteTree::$cache_permissions['publish'][$this->owner->ID])) { // return SiteTree::$cache_permissions['publish'][$this->owner->ID]; //} // DANGER, WILL ROBINSON! // we currently have not implemented extensions here. if you do // be aware that the WorkflowRequest::get_by_* functions use // batch_permission_check directly so you will need to ammend // them appropriately // check for (workflow)admin permission if (Permission::checkMember($member, array('ADMIN', 'IS_WORKFLOW_ADMIN'))) { return true; } $results = self::can_publish_multiple(array($this->owner->ID), $memberID); return isset($results[$this->owner->ID]) ? $results[$this->owner->ID] : false; } public static function can_publish_multiple($ids, $memberID, $useCached = true) { $checks = SiteTree::batch_permission_check($ids, $memberID, 'CanPublishType', 'SiteTree_PublisherGroups', 'canPublish', null, $useCached); return $checks; } /** * Make sure that a page has some peeps associated * * @return void */ public function onAfterWrite() { $bt = defined('DB::USE_ANSI_SQL') ? "\"" : "`"; if (!$this->owner->EditorGroups()->Count()) { $SQL_group = Convert::raw2sql('site-content-authors'); $groupCheckObj = DataObject::get_one('Group', "{$bt}Code{$bt} = '{$SQL_group}'"); if ($groupCheckObj) { $this->owner->EditorGroups()->add($groupCheckObj); } $SQL_group = Convert::raw2sql('site-content-publishers'); $groupCheckObj = DataObject::get_one('Group', "{$bt}Code{$bt} = '{$SQL_group}'"); if ($groupCheckObj) { $this->owner->EditorGroups()->add($groupCheckObj); } } if ($this->owner->CanApproveType == 'OnlyTheseUsers' && !$this->owner->ApproverGroups()->Count()) { $SQL_group = Convert::raw2sql('site-content-approvers'); $groupCheckObj = DataObject::get_one('Group', "{$bt}Code{$bt} = '{$SQL_group}'"); if ($groupCheckObj) { $this->owner->ApproverGroups()->add($groupCheckObj); } } if ($this->owner->CanPublishType == 'OnlyTheseUsers' && !$this->owner->PublisherGroups()->Count()) { $SQL_group = Convert::raw2sql('site-content-publishers'); $groupCheckObj = DataObject::get_one('Group', "{$bt}Code{$bt} = '{$SQL_group}'"); if ($groupCheckObj) { $this->owner->PublisherGroups()->add($groupCheckObj); } } } // @codeCoverageIgnoreStart /** * Setup the default groups * * @return void */ public function augmentDefaultRecords() { // For 2.3 and 2.4 compatibility $bt = defined('DB::USE_ANSI_SQL') ? "\"" : "`"; $query = "SELECT \"ID\" FROM {$bt}Group{$bt} WHERE {$bt}Group{$bt}.{$bt}Code{$bt} = 'site-content-authors'"; if (!DB::query($query)->value()) { $authorGroup = Object::create('Group'); $authorGroup->Title = 'Site Content Authors'; $authorGroup->Code = "site-content-authors"; $authorGroup->write(); Permission::grant($authorGroup->ID, "CMS_ACCESS_CMSMain"); Permission::grant($authorGroup->ID, "CMS_ACCESS_AssetAdmin"); if (method_exists('DB', 'alteration_message')) { DB::alteration_message("Added site content author group", "created"); } } $query = "SELECT \"ID\" FROM {$bt}Group{$bt} WHERE {$bt}Group{$bt}.{$bt}Code{$bt} = 'site-content-approvers'"; if (!DB::query($query)->value()) { $approversGroup = Object::create('Group'); $approversGroup->Title = 'Site Content Approvers'; $approversGroup->Code = "site-content-approvers"; $approversGroup->write(); Permission::grant($approversGroup->ID, "CMS_ACCESS_CMSMain"); Permission::grant($approversGroup->ID, "CMS_ACCESS_AssetAdmin"); if (method_exists('DB', 'alteration_message')) { DB::alteration_message("Added site content approver group", "created"); } } $query = "SELECT \"ID\" FROM {$bt}Group{$bt} WHERE {$bt}Group{$bt}.{$bt}Code{$bt} = 'site-content-publishers'"; if (!DB::query($query)->value()) { $actionersGroup = Object::create('Group'); $actionersGroup->Title = 'Site Content Publishers'; $actionersGroup->Code = "site-content-publishers"; $actionersGroup->write(); Permission::grant($actionersGroup->ID, "CMS_ACCESS_CMSMain"); Permission::grant($actionersGroup->ID, "CMS_ACCESS_AssetAdmin"); if (method_exists('DB', 'alteration_message')) { DB::alteration_message("Added site content publisher group", "created"); } } } public function providePermissions() { return array( "IS_WORKFLOW_ADMIN" => array( 'name' => _t('SiteTreeCMSThreeStepWorkflow.PERM_WF_ADMIN', "Perform any workflow task"), 'category' => _t('Permissions.PERMISSIONS_CATEGORY', 'Roles and access permissions'), 'help' => _t('SiteTreeCMSThreeStepWorkflow.PERM_WF_ADMIN_HELP', 'Ability to do anything within workflow (approve, publish etc.), i.e., a global override of all workflow.'), 'sort' => 500 ) ); } // @codeCoverageIgnoreEnd } |