class SecurityAdmin extends LeftAndMain implements PermissionProvider (View source)

Security section of the CMS

Traits

Allows an object to have extensions applied to it.

A class that can be instantiated or replaced via DI

Provides extensions to this object to integrate it with standard config API methods.

Allows an object to declare a set of custom methods

Constants

SCHEMA_HEADER

Form schema header identifier

Properties

static private array $extensions

An array of extension names and parameters to be applied to this object upon construction.

from  Extensible
static private array $casting

An array of objects to cast certain fields to. This is set up as an array in the format:

from  ViewableData
static private string $default_cast

The default object to cast scalar fields to if casting information is not specified, and casting to an object is required.

from  ViewableData
static private string $url_segment

The current url segment attached to the LeftAndMain instance

from  LeftAndMain
static private $url_handlers

The default URL handling rules. This specifies that the next component of the URL corresponds to a method to be called on this RequestHandlingData object.

from  RequestHandler
static private $allowed_actions

Define a list of action handling methods that are allowed to be called directly by URLs.

from  RequestHandler
static private string $url_rule from  LeftAndMain
static private string $menu_title from  LeftAndMain
static private string $menu_icon from  LeftAndMain
static private int $menu_priority from  LeftAndMain
static private int $url_priority from  LeftAndMain
static private string $tree_class

A subclass of {@link DataObject}.

from  LeftAndMain
$help_link from  LeftAndMain
static private array $admin_themes

Assign themes to use for cms

from  LeftAndMain
static private array $required_permission_codes

Codes which are required from the current user to view this controller.

from  LeftAndMain
static private string $session_namespace

Namespace for session info, e.g. current record.

from  LeftAndMain
static private array $extra_requirements_javascript

Register additional requirements through the {@link Requirements} class.

from  LeftAndMain
static private array $extra_requirements_css

YAML configuration example: LeftAndMain: extra_requirements_css: mysite/css/mystyle.css: media: screen

from  LeftAndMain
static private array $extra_requirements_themedCss from  LeftAndMain
static private bool $session_keepalive_ping

If true, call a keepalive ping every 5 minutes from the CMS interface, to ensure that the session never dies.

from  LeftAndMain
static private string $frame_options

Value of X-Frame-Options header

from  LeftAndMain
static private string|null $section_name

The configuration passed to the supporting JS for each CMS section includes a 'name' key that by default matches the FQCN of the current class. This setting allows you to change the key if necessary (for example, if you are overloading CMSMain or another core class and want to keep the core JS - which depends on the core class names - functioning, you would need to set this to the FQCN of the class you are overloading).

from  LeftAndMain
$help_links

The urls used for the links in the Help dropdown in the backend

from  LeftAndMain
$application_link

The href for the anchor on the Silverstripe logo

from  LeftAndMain
static private string $application_name

The application name

from  LeftAndMain

Methods

mixed
__call(string $method, array $arguments)

Attempts to locate and call a method dynamically added to a class at runtime if a default cannot be located

bool
hasMethod(string $method)

Return TRUE if a method exists on this object

array
allMethodNames(bool $custom = false)

Return the names of all the methods available on this object

static bool
add_extension(string $classOrExtension, string $extension = null)

Add an extension to a specific class.

static 
remove_extension(string $extension)

Remove an extension from a class.

static array
get_extensions(string $class = null, bool $includeArgumentString = false)

No description

static array|null
get_extra_config_sources(string $class = null)

Get extra config sources for this class

static bool
has_extension(string $classOrExtension, string $requiredExtension = null, bool $strict = false)

Return TRUE if a class has a specified extension.

array
invokeWithExtensions(string $method, mixed ...$arguments)

Calls a method if available on both this object and all applied {@link Extensions}, and then attempts to merge all results into an array

array
extend(string $method, mixed ...$arguments)

Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed

Extension|null
getExtensionInstance(string $extension)

Get an extension instance attached to this object by name.

bool
hasExtension(string $extension)

Returns TRUE if this object instance has a specific extension applied in {@link $extension_instances}. Extension instances are initialized at constructor time, meaning if you use {@link add_extension()} afterwards, the added extension will just be added to new instances of the extended class. Use the static method {@link has_extension()} to check if a class (not an instance) has a specific extension.

getExtensionInstances()

Get all extension instances for this specific object instance.

static Injectable
create(array ...$args)

An implementation of the factory method, allows you to create an instance of a class

static Injectable
singleton(string $class = null)

Creates a class instance by the "singleton" design pattern.

static Config_ForClass
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

mixed
stat(string $name) deprecated

Get inherited config value

mixed
uninherited(string $name)

Gets the uninherited value for the given config option

$this
set_stat(string $name, mixed $value) deprecated

Update the config value for a given property

__construct()

No description

bool
__isset(string $property)

Check if a field exists on this object or its failover.

mixed
__get(string $property)

Get the value of a property/field on this object. This will check if a method called get{$property} exists, then check if a field is available using {@link ViewableData::getField()}, then fall back on a failover object.

__set(string $property, mixed $value)

Set a property/field on this object. This will check for the existence of a method called set{$property}, then use the {@link ViewableData::setField()} method.

setFailover(ViewableData $failover)

Set a failover object to attempt to get data from if it is not present on this object.

getFailover()

Get the current failover object if set

bool
hasField(string $field)

Check if a field exists on this object. This should be overloaded in child classes.

mixed
getField(string $field)

Get the value of a field on this object. This should be overloaded in child classes.

$this
setField(string $field, mixed $value)

Set a field on this object. This should be overloaded in child classes.

defineMethods()

Add methods from the {@link ViewableData::$failover} object, as well as wrapping any methods prefixed with an underscore into a {@link ViewableData::cachedCall()}.

customise(array|ViewableData $data)

Merge some arbitrary data in with this object. This method returns a {@link ViewableData_Customised} instance with references to both this and the new custom data.

bool
exists()

Return true if this object "exists" i.e. has a sensible value

string
__toString()

No description

setCustomisedObj(ViewableData $object)

No description

string
castingHelper(string $field)

Return the "casting helper" (a piece of PHP code that when evaluated creates a casted value object) for a field on this object. This helper will be a subclass of DBField.

string
castingClass(string $field)

Get the class name a field on this object will be casted to.

string
escapeTypeForField(string $field)

Return the string-format type for the given field.

renderWith(string|array|SSViewer $template, array $customFields = null)

Render this object into the template, and get the result as a string. You can pass one of the following as the $template parameter:

  • a template name (e.g. Page)
  • an array of possible template names - the first valid one will be used
  • an SSViewer instance

object|DBField
obj(string $fieldName, array $arguments = [], bool $cache = false, string $cacheName = null)

Get the value of a field on this object, automatically inserting the value into any available casting objects that have been specified.

object|DBField
cachedCall(string $field, array $arguments = [], string $identifier = null)

A simple wrapper around {@link ViewableData::obj()} that automatically caches the result so it can be used again without re-running the method.

bool
hasValue(string $field, array $arguments = [], bool $cache = true)

Checks if a given method/field has a valid value. If the result is an object, this will return the result of the exists method, otherwise will check if the result is not just an empty paragraph tag.

string
XML_val(string $field, array $arguments = [], bool $cache = false)

Get the string value of a field on this object that has been suitable escaped to be inserted directly into a template.

array
getXMLValues(array $fields)

Get an array of XML-escaped values by field name

getIterator()

Return a single-item iterator so you can iterate over the fields of a single record.

array
getViewerTemplates(string $suffix = '')

Find appropriate templates for SSViewer to use to render this object

Me()

When rendering some objects it is necessary to iterate over the object being rendered, to do this, you need access to itself.

string
ThemeDir() deprecated

Return the directory if the current active theme (relative to the site root).

string
CSSClasses(string $stopAtClass = self::class)

Get part of the current classes ancestry to be used as a CSS class.

Debug()

Return debug information about this object that can be rendered into a template

handleRequest(HTTPRequest $request)

Executes this controller, and return an {@link HTTPResponse} object with the result.

array|null
allowedActions(string $limitToClass = null)

Get a array of allowed actions defined on this controller, any parent classes or extensions.

bool
hasAction(string $action)

No description

bool
checkAccessAction(string $action)

Check that the given action is allowed to be called from a URL.

httpError(int $errorCode, string $errorMessage = null)

Throws a HTTP error response encased in a {@link HTTPResponse_Exception}, which is later caught in {@link RequestHandler::handleAction()} and returned to the user.

getRequest()

Returns the HTTPRequest object that this controller is using.

$this
setRequest(HTTPRequest $request)

Typically the request is set through {@link handleAction()} or {@link handleRequest()}, but in some based we want to set it manually.

string
Link(string $action = null)

You should implement a Link() function in your subclass of LeftAndMain, to point to the URL of that particular controller.

redirect(string $url, int $code = 302)

Overloaded redirection logic to trigger a fake redirect on ajax requests.

string
getBackURL()

Safely get the value of the BackURL param, if provided via querystring / posted var

string
getReferer()

Get referer

redirectBack()

Redirect back. Uses either the HTTP-Referer or a manually set request-variable called "BackURL".

doInit()

A stand in function to protect the init function from failing to be called as well as providing before and after hooks for the init function itself

$this
setURLParams(array $urlParams)

No description

array
getURLParams()

Returns the parameters extracted from the URL by the {@link Director}.

getResponse()

Returns the HTTPResponse object that this controller is building up. Can be used to set the status code and headers.

$this
setResponse(HTTPResponse $response)

Sets the HTTPResponse object that this controller is building up.

defaultAction(string $action)

This is the default action handler used if a method doesn't exist. It will process the controller object with the template returned by {@link getViewer()}.

string
getAction()

Returns the action that is being executed on this controller.

getViewer(string $action)

Return the viewer identified being the default handler for this Controller/Action combination.

string
removeAction(string $fullURL, null|string $action = null)

Removes all the "action" part of the current URL and returns the result. If no action parameter is present, returns the full URL.

bool
hasActionTemplate(string $action)

Returns TRUE if this controller has a template that is specifically designed to handle a specific action.

string
render(array $params = null)

Render the current controller with the templates determined by {@link getViewer()}.

disableBasicAuth() deprecated

Call this to disable site-wide basic authentication for a specific controller. This must be called before Controller::init(). That is, you must call it in your controller's init method before it calls parent::init().

static Controller
curr()

Returns the current controller.

static bool
has_curr()

Tests whether we have a currently active controller or not. True if there is at least 1 controller in the stack.

bool
can(string $perm, null|member $member = null)

Returns true if the member is allowed to do the given action. Defaults to the currently logged in user.

pushCurrent()

Pushes this controller onto the stack of current controllers. This means that any redirection, session setting, or other things that rely on Controller::curr() will now write to this controller object.

popCurrent()

Pop this controller off the top of the stack.

null|string
redirectedTo()

Tests whether a redirection has been requested. If redirect() has been called, it will return the URL redirected to. Otherwise, it will return null.

static string
join_links($arg = null)

Joins two or more link segments together, putting a slash between them if necessary. Use this for building the results of {@link Link()} methods. If either of the links have query strings, then they will be combined and put at the end of the resulting url.

static array
string
getCombinedClientConfig()

Gets the combined configuration of all LeftAndMain subclasses required by the client app.

array
getClientConfig()

Returns configuration required by the client app.

getFormSchema()

Get form schema helper

$this
setFormSchema(FormSchema $schema)

Set form schema helper for this controller

schema(HTTPRequest $request)

Gets a JSON schema representing the current edit form.

jsonError(int $errorCode, string $errorMessage = null)

Return an error HTTPResponse encoded as json

methodSchema(HTTPRequest $request)

No description

bool
canView(Member $member = null)

No description

static array|string|bool
getRequiredPermissions()

Get list of required permissions

index(HTTPRequest $request)

No description

bool
ShowSwitchView()

If this is set to true, the "switchView" context in the template is shown, with links to the staging and publish site.

static 
menu_title_for_class($class) deprecated

No description

static string
menu_title(string $class = null, bool $localise = true)

Get menu title for this section (translated)

static string
menu_icon_for_class(string $class)

Return styling for the menu icon, if a custom icon is set for this class

static string
menu_icon_class_for_class(string $class)

Return the web font icon class name for this interface icon. Uses the built in SilveStripe webfont. {see menu_icon_for_class()} for providing a background image.

show(HTTPRequest $request)

No description

MainMenu(bool $cached = true)

Returns the main menu of the CMS. This is also used by init() to work out which sections the user has access to.

Menu()

No description

MenuCurrentItem()

No description

string|array
getTemplatesWithSuffix(string $suffix)

Return appropriate template(s) for this class, with the given suffix using {@link SSViewer::get_templates_by_class()}

Content()

No description

PreviewPanel()

Render $PreviewPanel content

getRecord(int|DataObject $id)

Get dataobject from the current ID

Breadcrumbs(bool $unlinked = false)

No description

save(array $data, Form $form)

Save handler

getNewItem(string|int $id, bool $setID = true)

Create new item.

delete($data, $form)

No description

EditForm(HTTPRequest $request = null)

Retrieves an edit form, either for display, or to process submitted data.

getEditForm(int $id = null, FieldList $fields = null)

Calls {@link SiteTree->getCMSFields()} by default to determine the form fields to display.

EmptyForm()

Returns a placeholder form, used by {@link getEditForm()} if no record is selected.

Modals()

Handler for all global modals

string
Tools()

Renders a panel containing tools which apply to all displayed "content" (mostly through {@link EditForm()}), for example a tree navigation or a filter panel.

string
EditFormTools()

Renders a panel containing tools which apply to the currently displayed edit form.

batchactions()

Batch Actions Handler

BatchActionsForm()

No description

printable()

No description

getSilverStripeNavigator()

Used for preview controls, mainly links which switch between different states of the page.

int
currentPageID()

Identifier for the currently shown record, in most cases a database ID. Inspects the following sources (in this order):

  • GET/POST parameter named 'ID'
  • URL parameter named 'ID'
  • Session value namespaced by classname, e.g. "CMSMain.currentPage"

setCurrentPageID(int $id)

Forces the current page to be set in session, which can be retrieved later through {@link currentPageID()}.

currentPage()

Uses {@link getRecord()} and {@link currentPageID()} to get the currently selected record.

bool
isCurrentPage(DataObject $record)

Compares a given record to the currently selected one (if any).

string|bool
LinkPreview()

URL to a previewable record which is shown through this controller.

string
CMSVersion()

Return the version number of this application, ie. 'CMS: 4.2.1'

string
CMSVersionNumber()

Return the version number of the CMS, ie. '4.2.1'

array
SwitchView()

No description

SiteConfig()

No description

getHelpLinks()

Returns help_links in a format readable by a template

string
ApplicationLink()

No description

string
getApplicationName()

Get the application name.

string
Title()

No description

string
SectionTitle()

Return the title of the current section. Either this is pulled from the current panel's menu_title or from the first active menu

string
LogoutURL()

Generate a logout url with BackURL to the CMS

string
BaseCSSClasses()

Same as {@link ViewableData->CSSClasses()}, but with a changed name to avoid problems when using {@link ViewableData->customise()} (which always returns "ArrayData" from the $original object).

string
Locale()

No description

providePermissions()

Return a map of permission codes to add to the dropdown shown in the Security section of the CMS.

$this
setVersionProvider(VersionProvider $provider)

Set the SilverStripe version provider to use

getVersionProvider()

Get the SilverStripe version provider

users(HTTPRequest $request)

Shortcut action for setting the correct active tab.

groups(HTTPRequest $request)

Shortcut action for setting the correct active tab.

roles(HTTPRequest $request)

Shortcut action for setting the correct active tab.

memberimport()

No description

MemberImportForm()

No description

groupimport()

No description

GroupImportForm()

No description

Backlink()

Disable GridFieldDetailForm backlinks for this view, as its

Details

mixed __call(string $method, array $arguments)

Attempts to locate and call a method dynamically added to a class at runtime if a default cannot be located

You can add extra methods to a class using {@link Extensions}, {@link Object::createMethod()} or {@link Object::addWrapperMethod()}

Parameters

string $method
array $arguments

Return Value

mixed

Exceptions

BadMethodCallException

bool hasMethod(string $method)

Return TRUE if a method exists on this object

This should be used rather than PHP's inbuild method_exists() as it takes into account methods added via extensions

Parameters

string $method

Return Value

bool

array allMethodNames(bool $custom = false)

Return the names of all the methods available on this object

Parameters

bool $custom

include methods added dynamically at runtime

Return Value

array

Map of method names with lowercase keys

static bool add_extension(string $classOrExtension, string $extension = null)

Add an extension to a specific class.

The preferred method for adding extensions is through YAML config, since it avoids autoloading the class, and is easier to override in more specific configurations.

As an alternative, extensions can be added to a specific class directly in the {@link Object::$extensions} array. See {@link SiteTree::$extensions} for examples. Keep in mind that the extension will only be applied to new instances, not existing ones (including all instances created through {@link singleton()}).

Parameters

string $classOrExtension

Class that should be extended - has to be a subclass of {@link Object}

string $extension

Subclass of {@link Extension} with optional parameters as a string, e.g. "Versioned" or "Translatable('Param')"

Return Value

bool

Flag if the extension was added

See also

http://doc.silverstripe.org/framework/en/trunk/reference/dataextension

static remove_extension(string $extension)

Remove an extension from a class.

Note: This will not remove extensions from parent classes, and must be called directly on the class assigned the extension.

Keep in mind that this won't revert any datamodel additions of the extension at runtime, unless its used before the schema building kicks in (in your _config.php). Doesn't remove the extension from any {@link Object} instances which are already created, but will have an effect on new extensions. Clears any previously created singletons through {@link singleton()} to avoid side-effects from stale extension information.

Parameters

string $extension

class name of an {@link Extension} subclass, without parameters

static array get_extensions(string $class = null, bool $includeArgumentString = false)

Parameters

string $class

If omitted, will get extensions for the current class

bool $includeArgumentString

Include the argument string in the return array, FALSE would return array("Versioned"), TRUE returns array("Versioned('Stage','Live')").

Return Value

array

Numeric array of either {@link DataExtension} class names, or eval'ed class name strings with constructor arguments.

static array|null get_extra_config_sources(string $class = null)

Get extra config sources for this class

Parameters

string $class

Name of class. If left null will return for the current class

Return Value

array|null

static bool has_extension(string $classOrExtension, string $requiredExtension = null, bool $strict = false)

Return TRUE if a class has a specified extension.

This supports backwards-compatible format (static Object::has_extension($requiredExtension)) and new format ($object->has_extension($class, $requiredExtension))

Parameters

string $classOrExtension

Class to check extension for, or the extension name to check if the second argument is null.

string $requiredExtension

If the first argument is the parent class, this is the extension to check. If left null, the first parameter will be treated as the extension.

bool $strict

if the extension has to match the required extension and not be a subclass

Return Value

bool

Flag if the extension exists

array invokeWithExtensions(string $method, mixed ...$arguments)

Calls a method if available on both this object and all applied {@link Extensions}, and then attempts to merge all results into an array

Parameters

string $method

the method name to call

mixed ...$arguments

List of arguments

Return Value

array

List of results with nulls filtered out

array extend(string $method, mixed ...$arguments)

Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed

Currently returns an array, with an index resulting every time the function is called. Only adds returns if they're not NULL, to avoid bogus results from methods just defined on the parent extension. This is important for permission-checks through extend, as they use min() to determine if any of the returns is FALSE. As min() doesn't do type checking, an included NULL return would fail the permission checks.

The extension methods are defined during {@link __construct()} in {@link defineMethods()}.

Parameters

string $method

the name of the method to call on each extension

mixed ...$arguments

Return Value

array

Extension|null getExtensionInstance(string $extension)

Get an extension instance attached to this object by name.

Parameters

string $extension

Return Value

Extension|null

bool hasExtension(string $extension)

Returns TRUE if this object instance has a specific extension applied in {@link $extension_instances}. Extension instances are initialized at constructor time, meaning if you use {@link add_extension()} afterwards, the added extension will just be added to new instances of the extended class. Use the static method {@link has_extension()} to check if a class (not an instance) has a specific extension.

Caution: Don't use singleton()->hasExtension() as it will give you inconsistent results based on when the singleton was first accessed.

Parameters

string $extension

Classname of an {@link Extension} subclass without parameters

Return Value

bool

Extension[] getExtensionInstances()

Get all extension instances for this specific object instance.

See {@link get_extensions()} to get all applied extension classes for this class (not the instance).

This method also provides lazy-population of the extension_instances property.

Return Value

Extension[]

Map of {@link DataExtension} instances, keyed by classname.

static Injectable create(array ...$args)

An implementation of the factory method, allows you to create an instance of a class

This method will defer class substitution to the Injector API, which can be customised via the Config API to declare substitution classes.

This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create('SiteTree'); $list = SiteTree::get();

Parameters

array ...$args

Return Value

Injectable

static Injectable singleton(string $class = null)

Creates a class instance by the "singleton" design pattern.

It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).

Parameters

string $class

Optional classname to create, if the called class should not be used

Return Value

Injectable

The singleton instance

static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Return Value

Config_ForClass

mixed stat(string $name) deprecated

deprecated 5.0 Use ->config()->get() instead

Get inherited config value

Parameters

string $name

Return Value

mixed

mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

$this set_stat(string $name, mixed $value) deprecated

deprecated 5.0 Use ->config()->set() instead

Update the config value for a given property

Parameters

string $name
mixed $value

Return Value

$this

__construct()

bool __isset(string $property)

Check if a field exists on this object or its failover.

Note that, unlike the core isset() implementation, this will return true if the property is defined and set to null.

Parameters

string $property

Return Value

bool

mixed __get(string $property)

Get the value of a property/field on this object. This will check if a method called get{$property} exists, then check if a field is available using {@link ViewableData::getField()}, then fall back on a failover object.

Parameters

string $property

Return Value

mixed

__set(string $property, mixed $value)

Set a property/field on this object. This will check for the existence of a method called set{$property}, then use the {@link ViewableData::setField()} method.

Parameters

string $property
mixed $value

setFailover(ViewableData $failover)

Set a failover object to attempt to get data from if it is not present on this object.

Parameters

ViewableData $failover

ViewableData|null getFailover()

Get the current failover object if set

Return Value

ViewableData|null

bool hasField(string $field)

Check if a field exists on this object. This should be overloaded in child classes.

Parameters

string $field

Return Value

bool

mixed getField(string $field)

Get the value of a field on this object. This should be overloaded in child classes.

Parameters

string $field

Return Value

mixed

$this setField(string $field, mixed $value)

Set a field on this object. This should be overloaded in child classes.

Parameters

string $field
mixed $value

Return Value

$this

defineMethods()

Add methods from the {@link ViewableData::$failover} object, as well as wrapping any methods prefixed with an underscore into a {@link ViewableData::cachedCall()}.

Exceptions

LogicException

ViewableData_Customised customise(array|ViewableData $data)

Merge some arbitrary data in with this object. This method returns a {@link ViewableData_Customised} instance with references to both this and the new custom data.

Note that any fields you specify will take precedence over the fields on this object.

Parameters

array|ViewableData $data

Return Value

ViewableData_Customised

bool exists()

Return true if this object "exists" i.e. has a sensible value

This method should be overriden in subclasses to provide more context about the classes state. For example, a {@link DataObject} class could return false when it is deleted from the database

Return Value

bool

string __toString()

Return Value

string

the class name

ViewableData getCustomisedObj()

Return Value

ViewableData

setCustomisedObj(ViewableData $object)

Parameters

ViewableData $object

string castingHelper(string $field)

Return the "casting helper" (a piece of PHP code that when evaluated creates a casted value object) for a field on this object. This helper will be a subclass of DBField.

Parameters

string $field

Return Value

string

Casting helper As a constructor pattern, and may include arguments.

Exceptions

Exception

string castingClass(string $field)

Get the class name a field on this object will be casted to.

Parameters

string $field

Return Value

string

string escapeTypeForField(string $field)

Return the string-format type for the given field.

Parameters

string $field

Return Value

string

'xml'|'raw'

DBHTMLText renderWith(string|array|SSViewer $template, array $customFields = null)

Render this object into the template, and get the result as a string. You can pass one of the following as the $template parameter:

  • a template name (e.g. Page)
  • an array of possible template names - the first valid one will be used
  • an SSViewer instance

Parameters

string|array|SSViewer $template

the template to render into

array $customFields

fields to customise() the object with before rendering

Return Value

DBHTMLText

object|DBField obj(string $fieldName, array $arguments = [], bool $cache = false, string $cacheName = null)

Get the value of a field on this object, automatically inserting the value into any available casting objects that have been specified.

Parameters

string $fieldName
array $arguments
bool $cache

Cache this object

string $cacheName

a custom cache name

Return Value

object|DBField

object|DBField cachedCall(string $field, array $arguments = [], string $identifier = null)

A simple wrapper around {@link ViewableData::obj()} that automatically caches the result so it can be used again without re-running the method.

Parameters

string $field
array $arguments
string $identifier

an optional custom cache identifier

Return Value

object|DBField

bool hasValue(string $field, array $arguments = [], bool $cache = true)

Checks if a given method/field has a valid value. If the result is an object, this will return the result of the exists method, otherwise will check if the result is not just an empty paragraph tag.

Parameters

string $field
array $arguments
bool $cache

Return Value

bool

string XML_val(string $field, array $arguments = [], bool $cache = false)

Get the string value of a field on this object that has been suitable escaped to be inserted directly into a template.

Parameters

string $field
array $arguments
bool $cache

Return Value

string

array getXMLValues(array $fields)

Get an array of XML-escaped values by field name

Parameters

array $fields

an array of field names

Return Value

array

ArrayIterator getIterator()

Return a single-item iterator so you can iterate over the fields of a single record.

This is useful so you can use a single record inside a <% control %> block in a template - and then use to access individual fields on this object.

Return Value

ArrayIterator

array getViewerTemplates(string $suffix = '')

Find appropriate templates for SSViewer to use to render this object

Parameters

string $suffix

Return Value

array

ViewableData Me()

When rendering some objects it is necessary to iterate over the object being rendered, to do this, you need access to itself.

Return Value

ViewableData

string ThemeDir() deprecated

deprecated 4.0.0:5.0.0 Use $resourcePath or $resourceURL template helpers instead

Return the directory if the current active theme (relative to the site root).

This method is useful for things such as accessing theme images from your template without hardcoding the theme page - e.g. .

This method should only be used when a theme is currently active. However, it will fall over to the current project directory.

Return Value

string

URL to the current theme

string CSSClasses(string $stopAtClass = self::class)

Get part of the current classes ancestry to be used as a CSS class.

This method returns an escaped string of CSS classes representing the current classes ancestry until it hits a stop point - e.g. "Page DataObject ViewableData".

Parameters

string $stopAtClass

the class to stop at (default: ViewableData)

Return Value

string

ViewableData_Debugger Debug()

Return debug information about this object that can be rendered into a template

Return Value

ViewableData_Debugger

HTTPResponse|RequestHandler|string|array handleRequest(HTTPRequest $request)

Executes this controller, and return an {@link HTTPResponse} object with the result.

This method defers to {@link RequestHandler->handleRequest()} to determine which action should be executed

Note: You should rarely need to overload handleRequest() - this kind of change is only really appropriate for things like nested controllers - {@link ModelAsController} and {@link RootURLController} are two examples here. If you want to make more orthodox functionality, it's better to overload {@link init()} or {@link index()}.

Important: If you are going to overload handleRequest, make sure that you start the method with $this->beforeHandleRequest() and end the method with $this->afterHandleRequest()

Parameters

HTTPRequest $request

The object that is reponsible for distributing URL parsing

Return Value

HTTPResponse|RequestHandler|string|array

array|null allowedActions(string $limitToClass = null)

Get a array of allowed actions defined on this controller, any parent classes or extensions.

Caution: Since 3.1, allowed_actions definitions only apply to methods on the controller they're defined on, so it is recommended to use the $class argument when invoking this method.

Parameters

string $limitToClass

Return Value

array|null

bool hasAction(string $action)

Parameters

string $action

Return Value

bool

bool checkAccessAction(string $action)

Check that the given action is allowed to be called from a URL.

It will interrogate {@link self::$allowed_actions} to determine this.

Parameters

string $action

Return Value

bool

Exceptions

Exception

httpError(int $errorCode, string $errorMessage = null)

Throws a HTTP error response encased in a {@link HTTPResponse_Exception}, which is later caught in {@link RequestHandler::handleAction()} and returned to the user.

Parameters

int $errorCode
string $errorMessage

Plaintext error message

Exceptions

HTTPResponse_Exception

HTTPRequest getRequest()

Returns the HTTPRequest object that this controller is using.

Returns a placeholder {@link NullHTTPRequest} object unless {@link handleAction()} or {@link handleRequest()} have been called, which adds a reference to an actual {@link HTTPRequest} object.

Return Value

HTTPRequest

$this setRequest(HTTPRequest $request)

Typically the request is set through {@link handleAction()} or {@link handleRequest()}, but in some based we want to set it manually.

Parameters

HTTPRequest $request

Return Value

$this

You should implement a Link() function in your subclass of LeftAndMain, to point to the URL of that particular controller.

Parameters

string $action

Optional action

Return Value

string

HTTPResponse redirect(string $url, int $code = 302)

Overloaded redirection logic to trigger a fake redirect on ajax requests.

While this violates HTTP principles, its the only way to work around the fact that browsers handle HTTP redirects opaquely, no intervention via JS is possible. In isolation, that's not a problem - but combined with history.pushState() it means we would request the same redirection URL twice if we want to update the URL as well. See LeftAndMain.js for the required jQuery ajaxComplete handlers.

Parameters

string $url
int $code

Return Value

HTTPResponse

string getBackURL()

Safely get the value of the BackURL param, if provided via querystring / posted var

Return Value

string

string getReferer()

Get referer

Return Value

string

HTTPResponse redirectBack()

Redirect back. Uses either the HTTP-Referer or a manually set request-variable called "BackURL".

This variable is needed in scenarios where HTTP-Referer is not sent (e.g when calling a page by location.href in IE). If none of the two variables is available, it will redirect to the base URL (see {@link Director::baseURL()}).

Return Value

HTTPResponse

doInit()

A stand in function to protect the init function from failing to be called as well as providing before and after hooks for the init function itself

This should be called on all controllers before handling requests

$this setURLParams(array $urlParams)

Parameters

array $urlParams

Return Value

$this

array getURLParams()

Returns the parameters extracted from the URL by the {@link Director}.

Return Value

array

HTTPResponse getResponse()

Returns the HTTPResponse object that this controller is building up. Can be used to set the status code and headers.

Return Value

HTTPResponse

$this setResponse(HTTPResponse $response)

Sets the HTTPResponse object that this controller is building up.

Parameters

HTTPResponse $response

Return Value

$this

DBHTMLText defaultAction(string $action)

This is the default action handler used if a method doesn't exist. It will process the controller object with the template returned by {@link getViewer()}.

Parameters

string $action

Return Value

DBHTMLText

string getAction()

Returns the action that is being executed on this controller.

Return Value

string

SSViewer getViewer(string $action)

Return the viewer identified being the default handler for this Controller/Action combination.

Parameters

string $action

Return Value

SSViewer

string removeAction(string $fullURL, null|string $action = null)

Removes all the "action" part of the current URL and returns the result. If no action parameter is present, returns the full URL.

Parameters

string $fullURL
null|string $action

Return Value

string

bool hasActionTemplate(string $action)

Returns TRUE if this controller has a template that is specifically designed to handle a specific action.

Parameters

string $action

Return Value

bool

string render(array $params = null)

Render the current controller with the templates determined by {@link getViewer()}.

Parameters

array $params

Return Value

string

disableBasicAuth() deprecated

deprecated 4.1.0:5.0.0 Add this controller's url to SilverStripe\Security\BasicAuthMiddleware.URLPatterns injected property instead of setting false

Call this to disable site-wide basic authentication for a specific controller. This must be called before Controller::init(). That is, you must call it in your controller's init method before it calls parent::init().

static Controller curr()

Returns the current controller.

Return Value

Controller

static bool has_curr()

Tests whether we have a currently active controller or not. True if there is at least 1 controller in the stack.

Return Value

bool

bool can(string $perm, null|member $member = null)

Returns true if the member is allowed to do the given action. Defaults to the currently logged in user.

Parameters

string $perm
null|member $member

Return Value

bool

pushCurrent()

Pushes this controller onto the stack of current controllers. This means that any redirection, session setting, or other things that rely on Controller::curr() will now write to this controller object.

Note: Ensure this controller is assigned a request with a valid session before pushing it to the stack.

popCurrent()

Pop this controller off the top of the stack.

null|string redirectedTo()

Tests whether a redirection has been requested. If redirect() has been called, it will return the URL redirected to. Otherwise, it will return null.

Return Value

null|string

Joins two or more link segments together, putting a slash between them if necessary. Use this for building the results of {@link Link()} methods. If either of the links have query strings, then they will be combined and put at the end of the resulting url.

Caution: All parameters are expected to be URI-encoded already.

Parameters

$arg

Return Value

string

static array get_template_global_variables()

Return Value

array

Returns an array of items. Each key => value pair is one of three forms:

  • template name (no key)
  • template name => method name
  • template name => array(), where the array can contain these key => value pairs
    • "method" => method name
    • "casting" => casting class to use (i.e., Varchar, HTMLFragment, etc)

string getCombinedClientConfig()

Gets the combined configuration of all LeftAndMain subclasses required by the client app.

Return Value

string

WARNING: Experimental API

array getClientConfig()

Returns configuration required by the client app.

Return Value

array

WARNING: Experimental API

FormSchema getFormSchema()

Get form schema helper

Return Value

FormSchema

$this setFormSchema(FormSchema $schema)

Set form schema helper for this controller

Parameters

FormSchema $schema

Return Value

$this

HTTPResponse schema(HTTPRequest $request)

Gets a JSON schema representing the current edit form.

WARNING: Experimental API.

Parameters

HTTPRequest $request

Return Value

HTTPResponse

HTTPResponse jsonError(int $errorCode, string $errorMessage = null)

Return an error HTTPResponse encoded as json

Parameters

int $errorCode
string $errorMessage

Return Value

HTTPResponse

Exceptions

HTTPResponse_Exception

HTTPResponse methodSchema(HTTPRequest $request)

Parameters

HTTPRequest $request

Return Value

HTTPResponse

bool canView(Member $member = null)

Parameters

Member $member

Return Value

bool

static array|string|bool getRequiredPermissions()

Get list of required permissions

Return Value

array|string|bool

Code, array of codes, or false if no permission required

HTTPResponse index(HTTPRequest $request)

Parameters

HTTPRequest $request

Return Value

HTTPResponse

bool ShowSwitchView()

If this is set to true, the "switchView" context in the template is shown, with links to the staging and publish site.

Return Value

bool

static menu_title_for_class($class) deprecated

deprecated 5.0

Parameters

$class

static string menu_title(string $class = null, bool $localise = true)

Get menu title for this section (translated)

Parameters

string $class

Optional class name if called on LeftAndMain directly

bool $localise

Determine if menu title should be localised via i18n.

Return Value

string

Menu title for the given class

static string menu_icon_for_class(string $class)

Return styling for the menu icon, if a custom icon is set for this class

Example: static $menu-icon = '/path/to/image/';

Parameters

string $class

Return Value

string

static string menu_icon_class_for_class(string $class)

Return the web font icon class name for this interface icon. Uses the built in SilveStripe webfont. {see menu_icon_for_class()} for providing a background image.

Parameters

string $class

.

Return Value

string

HTTPResponse show(HTTPRequest $request)

Parameters

HTTPRequest $request

Return Value

HTTPResponse

Exceptions

HTTPResponse_Exception

PjaxResponseNegotiator getResponseNegotiator()

Caution: Volatile API.

Return Value

PjaxResponseNegotiator

SS_List MainMenu(bool $cached = true)

Returns the main menu of the CMS. This is also used by init() to work out which sections the user has access to.

Parameters

bool $cached

Return Value

SS_List

ArrayData MenuCurrentItem()

Return Value

ArrayData

A single menu entry (see {@link MainMenu})

string|array getTemplatesWithSuffix(string $suffix)

Return appropriate template(s) for this class, with the given suffix using {@link SSViewer::get_templates_by_class()}

Parameters

string $suffix

Return Value

string|array

DBHTMLText PreviewPanel()

Render $PreviewPanel content

Return Value

DBHTMLText

DataObject getRecord(int|DataObject $id)

Get dataobject from the current ID

Parameters

int|DataObject $id

ID or object

Return Value

DataObject

ArrayList Breadcrumbs(bool $unlinked = false)

Parameters

bool $unlinked

Return Value

ArrayList

HTTPResponse save(array $data, Form $form)

Save handler

Parameters

array $data
Form $form

Return Value

HTTPResponse

DataObject getNewItem(string|int $id, bool $setID = true)

Create new item.

Parameters

string|int $id
bool $setID

Return Value

DataObject

delete($data, $form)

Parameters

$data
$form

Form EditForm(HTTPRequest $request = null)

Retrieves an edit form, either for display, or to process submitted data.

Also used in the template rendered through {@link Right()} in the $EditForm placeholder.

This is a "pseudo-abstract" methoed, usually connected to a {@link getEditForm()} method in an entwine subclass. This method can accept a record identifier, selected either in custom logic, or through {@link currentPageID()}. The form usually construct itself from {@link DataObject->getCMSFields()} for the specific managed subclass defined in {@link LeftAndMain::$tree_class}.

Parameters

HTTPRequest $request

Passed if executing a HTTPRequest directly on the form. If empty, this is invoked as $EditForm in the template

Return Value

Form

Should return a form regardless wether a record has been found. Form might be readonly if the current user doesn't have the permission to edit the record.

Form getEditForm(int $id = null, FieldList $fields = null)

Calls {@link SiteTree->getCMSFields()} by default to determine the form fields to display.

Parameters

int $id
FieldList $fields

Return Value

Form

Form EmptyForm()

Returns a placeholder form, used by {@link getEditForm()} if no record is selected.

Our javascript logic always requires a form to be present in the CMS interface.

Return Value

Form

ModalController Modals()

Handler for all global modals

Return Value

ModalController

string Tools()

Renders a panel containing tools which apply to all displayed "content" (mostly through {@link EditForm()}), for example a tree navigation or a filter panel.

Auto-detects applicable templates by naming convention: "_Tools.ss", and takes the most specific template (see {@link getTemplatesWithSuffix()}). To explicitly disable the panel in the subclass, simply create a more specific, empty template.

Return Value

string

HTML

string EditFormTools()

Renders a panel containing tools which apply to the currently displayed edit form.

The main difference to {@link Tools()} is that the panel is displayed within the element structure of the form panel (rendered through {@link EditForm}). This means the panel will be loaded alongside new forms, and refreshed upon save, which can mean a performance hit, depending on how complex your panel logic gets. Any form fields contained in the returned markup will also be submitted with the main form, which might be desired depending on the implementation details.

Return Value

string

HTML

batchactions()

Batch Actions Handler

Form BatchActionsForm()

Return Value

Form

printable()

DBHTMLText getSilverStripeNavigator()

Used for preview controls, mainly links which switch between different states of the page.

Return Value

DBHTMLText

int currentPageID()

Identifier for the currently shown record, in most cases a database ID. Inspects the following sources (in this order):

  • GET/POST parameter named 'ID'
  • URL parameter named 'ID'
  • Session value namespaced by classname, e.g. "CMSMain.currentPage"

Return Value

int

setCurrentPageID(int $id)

Forces the current page to be set in session, which can be retrieved later through {@link currentPageID()}.

Keep in mind that setting an ID through GET/POST or as a URL parameter will overrule this value.

Parameters

int $id

DataObject currentPage()

Uses {@link getRecord()} and {@link currentPageID()} to get the currently selected record.

Return Value

DataObject

bool isCurrentPage(DataObject $record)

Compares a given record to the currently selected one (if any).

Used for marking the current tree node.

Parameters

DataObject $record

Return Value

bool

string|bool LinkPreview()

URL to a previewable record which is shown through this controller.

The controller might not have any previewable content, in which case this method returns FALSE.

Return Value

string|bool

string CMSVersion()

Return the version number of this application, ie. 'CMS: 4.2.1'

Return Value

string

string CMSVersionNumber()

Return the version number of the CMS, ie. '4.2.1'

Return Value

string

array SwitchView()

Return Value

array

SiteConfig SiteConfig()

Return Value

SiteConfig

Returns help_links in a format readable by a template

Return Value

ArrayList

Return Value

string

string getApplicationName()

Get the application name.

Return Value

string

string Title()

Return Value

string

string SectionTitle()

Return the title of the current section. Either this is pulled from the current panel's menu_title or from the first active menu

Return Value

string

string LogoutURL()

Generate a logout url with BackURL to the CMS

Return Value

string

string BaseCSSClasses()

Same as {@link ViewableData->CSSClasses()}, but with a changed name to avoid problems when using {@link ViewableData->customise()} (which always returns "ArrayData" from the $original object).

Return Value

string

string Locale()

Return Value

string

providePermissions()

Return a map of permission codes to add to the dropdown shown in the Security section of the CMS.

array( 'VIEW_SITE' => 'View the site', );

$this setVersionProvider(VersionProvider $provider)

Set the SilverStripe version provider to use

Parameters

VersionProvider $provider

Return Value

$this

VersionProvider getVersionProvider()

Get the SilverStripe version provider

Return Value

VersionProvider

HTTPResponse users(HTTPRequest $request)

Shortcut action for setting the correct active tab.

Parameters

HTTPRequest $request

Return Value

HTTPResponse

HTTPResponse groups(HTTPRequest $request)

Shortcut action for setting the correct active tab.

Parameters

HTTPRequest $request

Return Value

HTTPResponse

HTTPResponse roles(HTTPRequest $request)

Shortcut action for setting the correct active tab.

Parameters

HTTPRequest $request

Return Value

HTTPResponse

memberimport()

Form MemberImportForm()

Return Value

Form

See also

SecurityAdmin_MemberImportForm

groupimport()

Form GroupImportForm()

Return Value

Form

See also

SecurityAdmin_MemberImportForm

Disable GridFieldDetailForm backlinks for this view, as its