InheritedPermissions
class InheritedPermissions implements PermissionChecker, MemberCacheFlusher (View source)
Calculates batch permissions for nested objects for:
- canView: Supports 'Anyone' type
- canEdit
- canDelete: Includes special logic for ensuring parent objects can only be deleted if their children can be deleted also.
Traits
A class that can be instantiated or replaced via DI
Constants
| DELETE |
Delete permission |
| VIEW |
View permission |
| EDIT |
Edit permission |
| ANYONE |
Anyone canView permission |
| LOGGED_IN_USERS |
Restrict to logged in users |
| ONLY_THESE_USERS |
Restrict to specific groups |
| INHERIT |
Inherit from parent |
Properties
| protected | string | $baseClass | Class name |
|
| protected | DefaultPermissionChecker | $defaultPermissions | Object for evaluating top level permissions designed as "Inherit" |
|
| protected | array | $globalEditPermissions | Global permissions required to edit. |
|
| protected | array | $cachePermissions | Cache of permissions |
|
| protected | CacheInterface | $cacheService |
Methods
An implementation of the factory method, allows you to create an instance of a class
Creates a class instance by the "singleton" design pattern.
Construct new permissions object
Get root permissions handler, or null if no handler
Force pre-calculation of a list of permissions for optimisation
This method is NOT a full replacement for the individual can*() methods, e.g. canEdit(). Rather than checking (potentially slow) PHP logic, it relies on the database group associations, e.g. the "CanEditType" field plus the "SiteTree_EditorGroups" many-many table. By batch checking multiple records, we can combine the queries efficiently.
No description
Get field to check for permission type for the given check.
Get join table for type Defaults to those provided by {InheritedPermissionsExtension)
Determine default permission for a givion check
Creates a cache key for a member and type
Details
static Injectable
create(mixed ...$args)
An implementation of the factory method, allows you to create an instance of a class
This method will defer class substitution to the Injector API, which can be customised via the Config API to declare substitution classes.
This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create(SiteTree::class); $list = SiteTree::get();
static Injectable
singleton(string $class = null)
Creates a class instance by the "singleton" design pattern.
It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).
__construct(string $baseClass, CacheInterface $cache = null)
Construct new permissions object
__destruct()
Commits the cache
flushMemberCache(array $memberIDs = null)
Clear the cache for this instance only
$this
setDefaultPermissions(DefaultPermissionChecker $callback)
No description
$this
setGlobalEditPermissions(array $permissions)
Global permissions required to edit
array
getGlobalEditPermissions()
No description
DefaultPermissionChecker|null
getDefaultPermissions()
Get root permissions handler, or null if no handler
string
getBaseClass()
Get base class
prePopulatePermissionCache(string $permission = 'edit', array $ids = [])
Force pre-calculation of a list of permissions for optimisation
protected array
batchPermissionCheck(string $type, array $ids, Member $member = null, array $globalPermission = [], bool $useCached = true)
This method is NOT a full replacement for the individual can*() methods, e.g. canEdit(). Rather than checking (potentially slow) PHP logic, it relies on the database group associations, e.g. the "CanEditType" field plus the "SiteTree_EditorGroups" many-many table. By batch checking multiple records, we can combine the queries efficiently.
Caches based on $typeField data. To invalidate the cache, use SiteTree::reset() or set the $useCached property to FALSE.
protected array
batchPermissionCheckForStage(string $type, array $globalPermission, DataList $stageRecords, string $groupIDsSQLList, Member $member = null)
No description
array
canEditMultiple(array $ids, Member $member = null, bool $useCached = true)
No description
mixed
canViewMultiple(array $ids, Member $member = null, bool $useCached = true)
No description
array
canDeleteMultiple(array $ids, Member $member = null, bool $useCached = true)
No description
bool
canDelete(int $id, Member $member = null)
No description
bool
canEdit(int $id, Member $member = null)
No description
bool
canView(int $id, Member $member = null)
No description
protected string
getPermissionField(string $type)
Get field to check for permission type for the given check.
Defaults to those provided by {InheritedPermissionsExtension)
protected string
getJoinTable(string $type)
Get join table for type Defaults to those provided by {InheritedPermissionsExtension)
protected bool
checkDefaultPermissions(string $type, Member $member = null)
Determine default permission for a givion check
protected bool
isVersioned()
Check if this model has versioning
$this
clearCache()
No description
protected string
getEditorGroupsTable()
Get table to use for editor groups relation
protected string
getViewerGroupsTable()
Get table to use for viewer groups relation
protected mixed
getCachePermissions(string $cacheKey)
Gets the permission from cache
protected string
generateCacheKey(string $type, int $memberID)
Creates a cache key for a member and type