FEAT update SiteTree permissions in CMS

code/Model/SiteTree.php

@@ -35,6 +35,7 @@
 use SilverStripe\Forms\GridField\GridFieldDataColumns;
 use SilverStripe\Forms\GridField\GridFieldLazyLoader;
 use SilverStripe\Forms\HTMLEditor\HTMLEditorField;
+use SilverStripe\Forms\ListboxField;
 use SilverStripe\Forms\LiteralField;
 use SilverStripe\Forms\OptionsetField;
 use SilverStripe\Forms\Tab;
@@ -1187,6 +1188,14 @@ public function canView($member = null)
             return true;
         }
 
+        // check for specific users
+        if ($this->CanViewType === InheritedPermissions::ONLY_THESE_MEMBERS
+            && $member
+            && $this->ViewerMembers()->filter('ID', $member->ID)->count() > 0
+        ) {
+            return true;
+        }
+
         return false;
     }
 
@@ -2238,6 +2247,7 @@ public function getSettingsFields()
         };
         $viewAllGroupsMap = $mapFn(Permission::get_groups_by_permission(['SITETREE_VIEW_ALL', 'ADMIN']));
         $editAllGroupsMap = $mapFn(Permission::get_groups_by_permission(['SITETREE_EDIT_ALL', 'ADMIN']));
+        $membersMap = Member::get()->map('ID', 'Name');
 
         $fields = new FieldList(
             $rootTab = new TabSet(
@@ -2269,6 +2279,11 @@ public function getSettingsFields()
                         _t(__CLASS__.'.VIEWERGROUPS', "Viewer Groups"),
                         Group::class
                     ),
+                    $viewerMembersField = ListboxField::create(
+                        "ViewerMembers",
+                        _t(__CLASS__.'.VIEWERMEMBERS', "Viewer Users"),
+                        $membersMap,
+                    ),
                     $editorsOptionsField = new OptionsetField(
                         "CanEditType",
                         _t(__CLASS__.'.EDITHEADER', "Who can edit this page?")
@@ -2277,6 +2292,11 @@ public function getSettingsFields()
                         "EditorGroups",
                         _t(__CLASS__.'.EDITORGROUPS', "Editor Groups"),
                         Group::class
+                    ),
+                    $editorMembersField = ListboxField::create(
+                        "EditorMembers",
+                        _t(__CLASS__.'.EDITORMEMBERS', "Editor Users"),
+                        $membersMap
                     )
                 )
             )
@@ -2317,6 +2337,10 @@ public function getSettingsFields()
                 __CLASS__.'.ACCESSONLYTHESE',
                 "Only these groups (choose from list)"
             ),
+            InheritedPermissions::ONLY_THESE_MEMBERS => _t(
+                __CLASS__.'.ACCESSONLYMEMBERS',
+                "Only these users (choose from list)"
+            ),
         ];
         $viewersOptionsField->setSource($viewersOptionsSource);
 
@@ -2343,17 +2367,27 @@ public function getSettingsFields()
 
         if (!Permission::check('SITETREE_GRANT_ACCESS')) {
             $fields->makeFieldReadonly($viewersOptionsField);
-            if ($this->CanEditType === InheritedPermissions::ONLY_THESE_USERS) {
+            if ($this->CanViewType === InheritedPermissions::ONLY_THESE_USERS) {
                 $fields->makeFieldReadonly($viewerGroupsField);
+                $fields->removeByName('ViewerMembers');
+            } elseif ($this->CanViewType === InheritedPermissions::ONLY_THESE_MEMBERS) {
+                $fields->makeFieldReadonly($viewerMembersField);
+                $fields->removeByName('ViewerGroups');
             } else {
                 $fields->removeByName('ViewerGroups');
+                $fields->removeByName('ViewerMembers');
             }
 
             $fields->makeFieldReadonly($editorsOptionsField);
             if ($this->CanEditType === InheritedPermissions::ONLY_THESE_USERS) {
                 $fields->makeFieldReadonly($editorGroupsField);
+                $fields->removeByName('EditorMembers');
+            } elseif ($this->CanEditType === InheritedPermissions::ONLY_THESE_MEMBERS) {
+                $fields->makeFieldReadonly($editorMembersField);
+                $fields->removeByName('EditorGroups');
             } else {
                 $fields->removeByName('EditorGroups');
+                $fields->removeByName('EditorMembers');
             }
         }
 

lang/en.yml

@@ -173,6 +173,7 @@ en:
     ACCESSANYONE: Anyone
     ACCESSHEADER: 'Who can view this page?'
     ACCESSLOGGEDIN: 'Logged-in users'
+    ACCESSONLYMEMBERS: 'Only these users (choose from list)'
     ACCESSONLYTHESE: 'Only these groups (choose from list)'
     ADDEDTODRAFTHELP: 'Page has not been published yet'
     ADDEDTODRAFTSHORT: Draft
@@ -200,6 +201,7 @@ en:
     DependtPageColumnLinkType: 'Link type'
     EDITHEADER: 'Who can edit this page?'
     EDITORGROUPS: 'Editor Groups'
+    EDITORMEMBERS: 'Editor Users'
     EDITOR_GROUPS_FIELD_DESC: 'Groups with global edit permissions: {groupList}'
     EDIT_ALL_DESCRIPTION: 'Edit any page'
     EDIT_ALL_HELP: 'Ability to edit any page on the site, regardless of the settings on the Access tab.  Requires the "Access to ''Pages'' section" permission'
@@ -257,6 +259,7 @@ en:
     URLSegment: 'URL segment'
     UntitledDependentObject: 'Untitled {instanceType}'
     VIEWERGROUPS: 'Viewer Groups'
+    VIEWERMEMBERS: 'Viewer Users'
     VIEWER_GROUPS_FIELD_DESC: 'Groups with global view permissions: {groupList}'
     VIEW_ALL_DESCRIPTION: 'View any page'
     VIEW_ALL_HELP: 'Ability to view any page on the site, regardless of the settings on the Access tab.  Requires the "Access to ''Pages'' section" permission'