ENH add check for specific user inherited permission

silverstripe · Jun 26, 2023 · fa8975c · fa8975c
1 parent 981dd3b
commit fa8975c
Showing 1 changed file with 30 additions and 2 deletions.
diff --git a/src/File.php b/src/File.php
@@ -397,6 +397,14 @@ public function canView($member = null)
             return $member->inGroups($this->ViewerGroups());
         }
 
+        // Specific users can view this file
+        if ($this->CanViewType === InheritedPermissions::ONLY_THESE_MEMBERS) {
+            if (!$member) {
+                return false;
+            }
+            return \in_array($member->ID, $this->ViewerMembers()->column('ID'), true);
+        }
+
         // Check default root level permissions
         return $this->getPermissionChecker()->canView($this->ID, $member);
     }
@@ -423,10 +431,26 @@ public function canEdit($member = null)
         }
 
         // Delegate to parent if inheriting permissions
-        if ($this->CanEditType === 'Inherit' && $this->ParentID) {
+        if ($this->CanEditType === InheritedPermissions::INHERIT && $this->ParentID) {
             return $this->getPermissionChecker()->canEdit($this->ParentID, $member);
         }
 
+        // Specific user groups can edit this file
+        if ($this->CanEditType === InheritedPermissions::ONLY_THESE_USERS) {
+            if (!$member) {
+                return false;
+            }
+            return $member->inGroups($this->EditorGroups());
+        }
+
+        // Specific users can edit this file
+        if ($this->CanEditType === InheritedPermissions::ONLY_THESE_MEMBERS) {
+            if (!$member) {
+                return false;
+            }
+            return \in_array($member->ID, $this->EditorMembers()->column('ID'), true);
+        }
+
         // Check inherited permissions
         return $this->getPermissionChecker()->canEdit($this->ID, $member);
     }
@@ -518,7 +542,11 @@ private function hasRestrictedPermissions(File $file): bool
         $id = $file->ID;
         $parentID = $file->ParentID;
         $canViewType = $file->CanViewType;
-        if (in_array($canViewType, [InheritedPermissions::LOGGED_IN_USERS, InheritedPermissions::ONLY_THESE_USERS])) {
+        if (in_array($canViewType, [
+                InheritedPermissions::LOGGED_IN_USERS,
+                InheritedPermissions::ONLY_THESE_USERS,
+                InheritedPermissions::ONLY_THESE_MEMBERS,
+            ])) {
             self::$has_restricted_permissions_cache[$id] = true;
             return true;
         }