CwpControllerExtension
class CwpControllerExtension extends Extension implements PermissionProvider (View source)
Properties
| protected | SS_Object | $owner | The object this extension is applied to. |
from Extension |
| protected | DataObject | $ownerBaseClass | The base class that this extension was applied to; $this->owner must be one of these |
from Extension |
| public | $class | from Extension | ||
| public static | $ssl_redirection_enabled | Enables SSL redirections - disabling not recommended as it will prevent forcing SSL on admin panel. |
||
| public static | $ssl_redirection_force_domain | Specify a domain to redirect the vulnerable areas to. |
||
| public static | $test_basicauth_enabled | Enables the BasicAuth protection on all test environments. Disable with caution - it will open up all your UAT and test environments to the world. |
||
| public static | $live_basicauth_enabled | Enables the BasicAuth protection on all live environments. |
Methods
Called when this extension is added to a particular class
Helper method to strip eval'ed arguments from a string thats passed to DataObject::$extensions or Object::add_extension().
This executes the passed callback with subsite filter disabled, then enabled the filter again before returning the callback result (or throwing the exception the callback raised)
Trigger Basic Auth protection, except when there's a reason to bypass it
- The source IP address is in the comma-seperated string in the constant CWP_IP_BYPASS_BASICAUTH (so Pingdom, etc, can access the site)
- There is an identifiable member, that member has the ACCESS_UAT_SERVER permission, and they're trying to access a white-list of URLs (so people following a reset password link can reset their password)
Return a map of permission codes to add to the dropdown shown in the Security section of the CMS.
Details
__construct()
No description
static
add_to_class(string $class, string $extensionClass, mixed $args = null)
Called when this extension is added to a particular class
setOwner(SS_Object $owner, string $ownerBaseClass = null)
Set the owner of this extension.
clearOwner()
No description
SS_Object
getOwner()
Returns the owner of this extension.
static string
get_classname_without_arguments(string $extensionStr)
Helper method to strip eval'ed arguments from a string thats passed to DataObject::$extensions or Object::add_extension().
protected mixed
callWithSubsitesDisabled(callable $callback)
This executes the passed callback with subsite filter disabled, then enabled the filter again before returning the callback result (or throwing the exception the callback raised)
protected
triggerBasicAuthProtection()
Trigger Basic Auth protection, except when there's a reason to bypass it
- The source IP address is in the comma-seperated string in the constant CWP_IP_BYPASS_BASICAUTH (so Pingdom, etc, can access the site)
- There is an identifiable member, that member has the ACCESS_UAT_SERVER permission, and they're trying to access a white-list of URLs (so people following a reset password link can reset their password)
onBeforeInit()
No description
providePermissions()
Return a map of permission codes to add to the dropdown shown in the Security section of the CMS.
array( 'VIEW_SITE' => 'View the site', );