SecureFileExtension
class SecureFileExtension extends DataExtension (View source)
Extension that allows a CMS user to define view access to a particular Folder} and the {@link Files within.
An access file with rewrite rules is written into the Folder directory once it's saved in the CMS (see SecureFileExtension::onAfterWrite()), so that the webserver will force a rewrite on the requested assets file path, turning it into a SilverStripe request so the file can be checked against access settings.
Beware that this will have a performance impact on file requests that exist in a Folder that have been secured, as the file request will be treated as a dynamic request instead of sent directly by the webserver as a static file.
Properties
| protected | SS_Object | $owner | The object this extension is applied to. |
from Extension |
| protected | DataObject | $ownerBaseClass | The base class that this extension was applied to; $this->owner must be one of these |
from Extension |
| public | $class | from Extension |
Methods
Called when this extension is added to a particular class
Helper method to strip eval'ed arguments from a string thats passed to DataObject::$extensions or Object::add_extension().
Update the database schema as required by this extension.
Define extra database fields
This function is used to provide modifications to the form used for front end forms. DataObject->getFrontEndFields()
This is used to provide modifications to the form actions used in the CMS. DataObject->getCMSActions().
this function is used to provide modifications to the summary fields in CMS by the extension By default, the summaryField() of its owner will merge more fields defined in the extension's $extra_fields['summary_fields']
this function is used to provide modifications to the fields labels in CMS by the extension By default, the fieldLabels() of its owner will merge more fields defined in the extension's $extra_fields['field_labels']
Tries to autodetect the current webserver and match it against a registered webserver configuration through access_config. Check _config.php in this module for an example of how those access files are registered through the Config system.
Checks for any default access permissions and tests against them if found. Default permssions are set via the Config system.
Details
__construct()
No description
static
add_to_class(string $class, string $extensionClass, mixed $args = null)
Called when this extension is added to a particular class
setOwner(SS_Object $owner, string $ownerBaseClass = null)
Set the owner of this extension.
clearOwner()
No description
SS_Object
getOwner()
Returns the owner of this extension.
static string
get_classname_without_arguments(string $extensionStr)
Helper method to strip eval'ed arguments from a string thats passed to DataObject::$extensions or Object::add_extension().
static
get_extra_config($class, $extension, $args)
No description
static
unload_extra_statics($class, $extension)
No description
validate(ValidationResult $validationResult)
Hook for extension-specific validation.
augmentSQL(SQLQuery $query)
Edit the given query object to support queries for this extension
augmentDatabase()
Update the database schema as required by this extension.
When duplicating a table's structure, remember to duplicate the create options as well. See Versioned->augmentDatabase for an example.
augmentWrite(array $manipulation)
Augment a write-record request.
onBeforeWrite()
No description
onAfterWrite()
Add or remove access rules to the filesystem path.
CAUTION: This will not work properly in the presence of third-party .htaccess file
onBeforeDelete()
No description
onAfterDelete()
No description
requireDefaultRecords()
No description
populateDefaults()
No description
can($member)
No description
canEdit($member)
No description
canDelete($member)
No description
canCreate($member)
No description
array
extraStatics($class = null, $extension = null)
Define extra database fields
Return a map where the keys are db, has_one, etc, and the values are additional fields/relations to be defined.
updateCMSFields(FieldList $fields)
Access tab, copied from SiteTree
updateFrontEndFields(FieldList $fields)
This function is used to provide modifications to the form used for front end forms. DataObject->getFrontEndFields()
Caution: Use FieldList->push() to add fields.
updateCMSActions(FieldList $actions)
This is used to provide modifications to the form actions used in the CMS. DataObject->getCMSActions().
updateSummaryFields(array $fields)
this function is used to provide modifications to the summary fields in CMS by the extension By default, the summaryField() of its owner will merge more fields defined in the extension's $extra_fields['summary_fields']
updateFieldLabels(array $labels)
this function is used to provide modifications to the fields labels in CMS by the extension By default, the fieldLabels() of its owner will merge more fields defined in the extension's $extra_fields['field_labels']
array
getAccessConfig()
Tries to autodetect the current webserver and match it against a registered webserver configuration through access_config. Check _config.php in this module for an example of how those access files are registered through the Config system.
You can manually set the config by setting current_access_config yourself.
canView($member = null)
No description
bool
defaultPermissions(Member $member = null)
Checks for any default access permissions and tests against them if found. Default permssions are set via the Config system.
needsAccessFile()
No description