Member
Introduction
The Member class is used to represent user accounts on a Silverstripe CMS site (including newsletter recipients).
Testing for logged in users
The Security class comes with a static method for getting information about the current logged in user.
Security::getCurrentUser()
retrieves the current logged in member. Returns null
if user is not logged in, otherwise, the Member
object is returned.
use SilverStripe\Security\Security;
$member = Security::getCurrentUser()
if ($member) {
// Work with $member
} else {
// Do non-member stuff
}
Subclassing
This is the least desirable way of extending the Member class. It's better to use DataExtension (see below).
You can define subclasses of Member to add extra fields or functionality to the built-in membership system.
namespace App\Security;
use SilverStripe\Security\Member;
class MyMember extends Member
{
private static $db = [
'Age' => 'Int',
'Address' => 'Text',
];
}
To ensure that all new members are created using this class, put a call to Injector
in
(project)/_config/_config.yml
:
SilverStripe\Core\Injector\Injector:
SilverStripe\Security\Member:
class: App\Security\MyMemberClass
Note that if you want to look this class-name up, you can call Injector::inst()->get('Member')->ClassName
Overriding getCMSFields()
If you override the built-in public function getCMSFields(), then you can change the form that is used to view & edit member details in the newsletter system. This function returns a FieldList object. You should generally start by calling parent::getCMSFields() and manipulate the FieldList from there.
namespace App\Security;
use SilverStripe\Forms\TextField;
use SilverStripe\Security\Member;
class MyMember extends Member
{
// ...
public function getCMSFields()
{
$fields = parent::getCMSFields();
$fields->insertBefore('HTMLEmail', TextField::create('Age'));
$fields->removeByName('JobTitle');
$fields->removeByName('Organisation');
return $fields;
}
}
Extending Member
or DataObject
Basic rule: Class Member
should just be extended for entities who have some kind of login.
If you have different types of Member
s in the system, you have to make sure that those with login-capabilities a unique field to be used for the login.
For persons without login-capabilities (e.g. for an address-database), you shouldn't extend Member
to avoid conflicts
with the Member
database table. This enables us to have a different subclass of Member
for an email-address with login-data,
and another subclass for the same email-address in the address-database.
Member
role extension
Using inheritance to add extra behaviour or data fields to a member is limiting, because you can only inherit from 1
class. A better way is to use role extensions to add this behaviour. Add the following to your
config.yml
.
SilverStripe\Security\Member:
extensions:
- App\Extension\MyMemberExtension
A role extension is simply a subclass of DataExtension
that is designed to be used to add behaviour to Member
.
The roles affect the entire class - all members will get the additional behaviour. However, if you want to restrict
things, you should add appropriate Permission::checkMember()
calls to the role's methods.
namespace App\Extension;
use SilverStripe\Form\FieldList;
use SilverStripe\ORM\DataExtension;
use SilverStripe\Security\Permission;
class MyMemberExtension extends DataExtension
{
// define additional properties
private static $db = [
'MyNewField' => 'Text',
];
/**
* Modify the field set to be displayed in the CMS detail pop-up
*/
public function updateCMSFields(FieldList $currentFields)
{
// Only show the additional fields on an appropriate kind of use
if (Permission::checkMember($this->owner->ID, 'VIEW_FORUM')) {
// Edit the FieldList passed, adding or removing fields as necessary
}
}
public function somethingElse()
{
// You can add any other methods you like, which you can call directly on the member object.
}
}
Saved user logins
Logins can be "remembered" across multiple devices when user checks the "Remember Me" box. By default, a new login token
will be created and associated with the device used during authentication. When user logs out, all previously saved tokens
for all devices will be revoked, unless RememberLoginHash::$logout_across_devices
is set to false. For extra security,
single tokens can be enforced by setting RememberLoginHash::$force_single_token
to true. Tokens will be valid for 30 days by
default and this can be modified via RememberLoginHash::$token_expiry_days
.
Acting as another user
Occasionally, it may be necessary not only to check permissions of a particular member, but also to temporarily assume the identity of another user for certain tasks. For example when running a CLI task, it may be necessary to log in as an administrator to perform write operations.
You can use Member::actAs()
method, which takes a member or member id to act as, and a callback
within which the current user will be assigned the given member. After this method returns
the current state will be restored to whichever current user (if any) was logged in.
If you pass in null as a first argument, you can also mock being logged out, without modifying the current user.
Note: Take care not to invoke this method to perform any operation the current user should not reasonably be expected to be allowed to do.
For example:
namespace App\Task;
use App\Model\DataRecord;
use BadMethodCallException;
use SilverStripe\Control\Director;
use SilverStripe\Dev\BuildTask;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
class CleanRecordsTask extends BuildTask
{
public function run($request)
{
if (!Director::is_cli()) {
throw new BadMethodCallException('This task only runs on CLI');
}
$admin = Security::findAnAdministrator();
Member::actAs($admin, function () {
DataRecord::get()->filter('Dirty', true)->removeAll();
});
}
}