__('Users', __FILE__), // getModuleInfo title 'version' => 104, 'summary' => __('Manage system users', __FILE__), // getModuleInfo summary 'permanent' => true, 'permission' => 'user-admin', 'icon' => 'group', 'useNavJSON' => true, ); } protected $lister = null; public function init() { $this->wire('pages')->addHookBefore('save', $this, 'hookPageSave'); parent::init(); // init lister, but only if executing an action that will use it $segment = $this->wire('input')->urlSegment1; $user = $this->wire('user'); if(!in_array($segment, array('edit', 'add', 'navJSON')) && $user->hasPermission('page-lister')) { if($this->wire('modules')->isInstalled('ProcessPageListerPro')) { $this->lister = $this->wire('modules')->get('ProcessPageListerPro'); } if((!$this->lister || !$this->lister->isValid()) && $this->wire('modules')->isInstalled('ProcessPageLister')) { $this->lister = $this->wire('modules')->get('ProcessPageLister'); } } // make this field translatable $roles = $this->wire('fields')->get('roles'); $roles->label = $this->_('Roles'); $roles->description = $this->_("User will inherit the permissions assigned to each role. You may assign multiple roles to a user. When accessing a page, the user will only inherit permissions from the roles that are also assigned to the page's template."); // Roles description } protected function getLister($selector = '') { $selector = "template=$this->template, include=unpublished, check_access=0, $selector"; $lister = $this->lister; if(!$lister) return null; if($lister->className() == 'ProcessPageLister') $lister->editMode = ProcessPageLister::windowModeDirect; $properties = array( 'initSelector' => $selector, 'columns' => $this->showFields, 'defaultSelector' => "name%=, roles=", 'defaultSort' => 'name', 'parent' => $this->page, 'template' => $this->template, 'editURL' => './edit/', 'addURL' => './add/', 'delimiters' => array('roles' => ', '), 'allowSystem' => true, 'allowIncludeAll' => true, ); foreach($properties as $name => $value) { $lister->$name = $value; } if($lister->className() == 'ProcessPageListerPro') { $data = $this->wire('modules')->getModuleConfigData('ProcessPageListerPro'); if(isset($data['settings'][$this->page->name])) { foreach($data['settings'][$this->page->name] as $key => $value) { $lister->$key = $value; } } } return $lister; } protected function renderList($selector = '', $pagerOptions = array()) { $lister = $this->getLister($selector); if(!$lister) return parent::renderList($selector, $pagerOptions); return $lister->execute(); } public function executeConfig() { return $this->getLister()->executeConfig(); } public function executeViewport() { return $this->getLister()->executeViewport(); } public function executeReset() { return $this->getLister()->executeReset(); } public function executeActions() { return $this->getLister()->executeActions(); } public function ___executeEdit() { if(!$this->wire('user')->isSuperuser()) { // prevent showing superuser role at all $this->addHookAfter('InputfieldPage::getSelectablePages', $this, 'hookGetSelectablePages'); } $this->addHookAfter('ProcessPageEdit::buildForm', $this, 'hookPageEditBuildForm'); return parent::___executeEdit(); } public function hookGetSelectablePages($event) { if($event->object->attr('name') != 'roles') return; $suRoleID = $this->wire('config')->superUserRolePageID; foreach($event->return as $role) { if($role->id == $suRoleID) $event->return->remove($role); } } public function hookPageEditBuildForm(HookEvent $event) { $form = $event->return; $theme = $form->getChildByName('admin_theme'); if(!$theme) return; if(!$theme->attr('value')) { $theme->attr('value', $this->wire('config')->defaultAdminTheme); } } /** * Perform a security check to make sure that a non-superuser isn't assigning superuser access to themselves or someone else. * */ public function hookPageSave(HookEvent $event) { $arguments = $event->arguments; $page = $arguments[0]; // don't handle anything other than User page saves if(!$page instanceof User) return; $pages = wire('pages'); $user = wire('user'); // don't allow removal of the guest role if(!$page->roles->has("name=guest")) { $page->roles->add(wire('roles')->get('guest')); // $this->error($this->_("The guest role is required")); } // check if user is editing themself if($user->id == $page->id) { // if so, we have to get a fresh copy of their account to see what it had before they changed it $copy = clone $page; // keep a copy that doesn't go through the uncache process $pages->uncache($page); // take it out of the cache $user = $pages->get($page->id); // get a fresh copy of their account from the DB (pre-modified) $pages->cache($copy); // put the modified version back into the cache $arguments[0] = $copy; // restore it to the arguments sent to $pages->save $event->arguments = $arguments; $page = $copy; // don't let superusers remove their superuser role if($user->isSuperuser() && !$page->roles->has("name=superuser")) { throw new WireException($this->_("You may not remove the superuser role from yourself")); } } // if they are superuser, then all is good, no need to continue if($user->isSuperuser()) return; // if not then we need to do the check below: $suRole = $this->wire('roles')->get($this->wire('config')->superUserRolePageID); if($page->roles->has("name=superuser") || $page->roles->has($suRole)) { // unnecessarily redundant, but might as well throw new WireException($this->_("You may not assign the superuser role")); } } }