rixth/gist:288348

## gistfile1.diff
Index: cmsworkflow/code/ThreeStep/SiteConfigThreeStepWorkflow.php
===================================================================
--- cmsworkflow/code/ThreeStep/SiteConfigThreeStepWorkflow.php	(revision 97653)
+++ cmsworkflow/code/ThreeStep/SiteConfigThreeStepWorkflow.php	(working copy)
@@ -128,6 +128,7 @@
 	 */
 	public function canPublish($member = null) {
 		if(!$member && $member !== FALSE) $member = Member::currentUser();
+		if (is_numeric($member)) $member = DataObject::get_by_id('Member', $member);

 		// check for admin permission
 		if(Permission::checkMember($member, 'ADMIN')) return true;
@@ -158,6 +159,7 @@
 	 */
 	public function canApprove($member = null) {
 		if(!$member && $member !== FALSE) $member = Member::currentUser();
+		if (is_numeric($member)) $member = DataObject::get_by_id('Member', $member);

 		// check for admin permission
 		if(Permission::checkMember($member, 'ADMIN')) return true;
Index: cmsworkflow/code/ThreeStep/SiteTreeCMSThreeStepWorkflow.php
===================================================================
--- cmsworkflow/code/ThreeStep/SiteTreeCMSThreeStepWorkflow.php	(revision 97653)
+++ cmsworkflow/code/ThreeStep/SiteTreeCMSThreeStepWorkflow.php	(working copy)
@@ -173,37 +173,26 @@
 	 * @return boolean True if the current user can approve requests for this page.
 	 */
 	public function canApprove($member = null) {
-		if(!$member && $member !== FALSE) $member = Member::currentUser();
-
-		// check for admin permission
-		if(Permission::checkMember($member, 'ADMIN')) return true;
+		if(!$member) $member = Member::currentUser();
+		$memberID = $member->ID;

-		// check for workflow admin permission
-		if(Permission::checkMember($member, 'IS_WORKFLOW_ADMIN')) return true;
+		if(isset(SiteTree::$cache_permissions['CanApproveType'][$this->owner->ID])) {
+			return SiteTree::$cache_permissions['CanApproveType'][$this->owner->ID];
+		}

-		// check for missing cmsmain permission
-		if(!Permission::checkMember($member, 'CMS_ACCESS_CMSMain')) return false;
+		// DANGER, WILL ROBINSON!
+		// we currently have not implemented extensions here. if you do
+		// be aware that the WorkflowRequest::get_by_* functions use
+		// batch_permission_check directly so you will need to ammend
+		// them appropriately

+		// check for (workflow)admin permission
+		if(Permission::checkMember($member, array('ADMIN', 'IS_WORKFLOW_ADMIN'))) return true;
+
 		if ($this->canPublish($member)) return true;

-		// check for empty spec
-		if(!$this->owner->CanApproveType || $this->owner->CanApproveType == 'Anyone') return true;
-
-		// check against parent page/site config
-		if($this->owner->CanApproveType == 'Inherit') {
-			if ($this->owner->Parent()->exists()) {
-				// if (!$this->owner->Parent()->getExtensionInstance('SiteTreeCMSThreeStepWorkflow')->canApprove($member)) return false;
-				if (!$this->owner->Parent()->canApprove($member)) return false;
-			} else { return $this->owner->SiteConfig->canApprove($member); }
-		}
-
-		// check for any logged-in users
-		if($this->owner->CanApproveType == 'LoggedInUsers' && !Permission::checkMember($member, 'CMS_ACCESS_CMSMain')) return false;
-
-		// check for specific groups
-		if($this->owner->CanApproveType == 'OnlyTheseUsers' && (!$member || !$member->inGroups($this->owner->ApproverGroups()))) return false;
-
-		return true;
+		$results = SiteTree::batch_permission_check(array($this->owner->ID), $memberID, 'CanApproveType', 'SiteTree_ApproverGroups', 'canApprove');
+		return isset($results[$this->owner->ID]) ? $results[$this->owner->ID] : false;
 	}

 	/**
@@ -243,34 +232,24 @@
 	 * @return boolean True if the current user can publish this page.
 	 */
 	public function canPublish($member = null) {
-		if(!$member && $member !== FALSE) $member = Member::currentUser();
-
-		// check for admin permission
-		if(Permission::checkMember($member, 'ADMIN')) return true;
+		if(!$member) $member = Member::currentUser();
+		$memberID = $member->ID;

-		// check for workflow admin permission
-		if(Permission::checkMember($member, 'IS_WORKFLOW_ADMIN')) return true;
-
-		// check for missing cmsmain permission
-		if(!Permission::checkMember($member, 'CMS_ACCESS_CMSMain')) return false;
-
-		// check for empty spec
-		if(!$this->owner->CanPublishType || $this->owner->CanPublishType == 'Anyone') return true;
-
-		// check against parent page/site config
-		if($this->owner->CanPublishType == 'Inherit') {
-			if ($this->owner->Parent()->exists()) {
-				if (!$this->owner->Parent()->canPublish($member)) return false;
-			} else { return $this->owner->SiteConfig->canPublish($member); }
+		if(isset(SiteTree::$cache_permissions['CanPublishType'][$this->owner->ID])) {
+			return SiteTree::$cache_permissions['CanPublishType'][$this->owner->ID];
 		}

-		// check for any logged-in users
-		if($this->owner->CanPublishType == 'LoggedInUsers' && !Permission::checkMember($member, 'CMS_ACCESS_CMSMain')) return false;
+		// DANGER, WILL ROBINSON!
+		// we currently have not implemented extensions here. if you do
+		// be aware that the WorkflowRequest::get_by_* functions use
+		// batch_permission_check directly so you will need to ammend
+		// them appropriately

-		// check for specific groups
-		if($this->owner->CanPublishType == 'OnlyTheseUsers' && (!$member || !$member->inGroups($this->owner->PublisherGroups()))) return false;
-
-		return true;
+		// check for (workflow)admin permission
+		if(Permission::checkMember($member, array('ADMIN', 'IS_WORKFLOW_ADMIN'))) return true;
+
+		$results = SiteTree::batch_permission_check(array($this->owner->ID), $memberID, 'CanPublishType', 'SiteTree_PublisherGroups', 'canPublish');
+		return isset($results[$this->owner->ID]) ? $results[$this->owner->ID] : false;
 	}

 	/**
Index: cmsworkflow/code/ThreeStep/WorkflowThreeStepRequest.php
===================================================================
--- cmsworkflow/code/ThreeStep/WorkflowThreeStepRequest.php	(revision 97653)
+++ cmsworkflow/code/ThreeStep/WorkflowThreeStepRequest.php	(working copy)
@@ -198,18 +198,8 @@
 		$classes[] = $class;
 		$classesSQL = implode("','", $classes);

-		// build filter
-
-		// check for admin permission
-		if (Permission::checkMember($approver, 'ADMIN') || Permission::checkMember($approver, 'IS_WORKFLOW_ADMIN')) {
-			// Admins can approve/publish anything
-			$filter = "{$bt}WorkflowRequest{$bt}.{$bt}ClassName{$bt} IN ('$classesSQL')";
-		} else {
-			$filter = "{$bt}WorkflowRequest_Approvers{$bt}.{$bt}MemberID{$bt} = {$approver->ID}
-				AND {$bt}WorkflowRequest{$bt}.{$bt}ClassName{$bt} IN ('$classesSQL')
-			";
-		}
-
+		$filter = "{$bt}WorkflowRequest{$bt}.{$bt}ClassName{$bt} IN ('$classesSQL')";
+
 		if($status) {
 			$filter .= "AND {$bt}WorkflowRequest{$bt}.{$bt}Status{$bt} IN (" . $statusStr . ")";
 		}
@@ -236,6 +226,14 @@
 		$return->merge($onDraft);
 		$return->merge($onLive);
 		$return->removeDuplicates();
+
+		$canApprove = SiteTree::batch_permission_check($return->column('ID'), $approver->ID, 'CanApproveType', 'SiteTree_ApproverGroups', 'canApprove');
+		foreach($return as $page) {
+			if (!isset($canApprove[$page->ID]) || !$canApprove[$page->ID]) {
+				$return->remove($page);
+			}
+		}
+
 		return $return;
 	}

@@ -270,17 +268,15 @@
 			"LEFT JOIN {$bt}WorkflowRequest{$bt} ON {$bt}WorkflowRequest{$bt}.{$bt}PageID{$bt} = {$bt}SiteTree_Live{$bt}.{$bt}ID{$bt} "
 		);

-		$objects = new DataObjectSet();
 		$return = new DataObjectSet();
-		$objects->merge($onDraft);
-		$objects->merge($onLive);
-		$objects->removeDuplicates();
+		$return->merge($onDraft);
+		$return->merge($onLive);
+		$return->removeDuplicates();

-		if ($objects) {
-			foreach($objects as $do) {
-				if ($do->canPublish($publisher)) {
-					$return->push($do);
-				}
+		$canPublish = SiteTree::batch_permission_check($return->column('ID'), $publisher->ID, 'CanPublishType', 'SiteTree_PublisherGroups', 'canPublish');
+		foreach($return as $page) {
+			if (!isset($canPublish[$page->ID]) || !$canPublish[$page->ID]) {
+				$return->remove($page);
 			}
 		}
	Index: cmsworkflow/code/ThreeStep/SiteConfigThreeStepWorkflow.php
	===================================================================
	--- cmsworkflow/code/ThreeStep/SiteConfigThreeStepWorkflow.php (revision 97653)
	+++ cmsworkflow/code/ThreeStep/SiteConfigThreeStepWorkflow.php (working copy)
	@@ -128,6 +128,7 @@
	*/
	public function canPublish($member = null) {
	if(!$member && $member !== FALSE) $member = Member::currentUser();
	+ if (is_numeric($member)) $member = DataObject::get_by_id('Member', $member);

	// check for admin permission
	if(Permission::checkMember($member, 'ADMIN')) return true;
	@@ -158,6 +159,7 @@
	*/
	public function canApprove($member = null) {
	if(!$member && $member !== FALSE) $member = Member::currentUser();
	+ if (is_numeric($member)) $member = DataObject::get_by_id('Member', $member);

	// check for admin permission
	if(Permission::checkMember($member, 'ADMIN')) return true;
	Index: cmsworkflow/code/ThreeStep/SiteTreeCMSThreeStepWorkflow.php
	===================================================================
	--- cmsworkflow/code/ThreeStep/SiteTreeCMSThreeStepWorkflow.php (revision 97653)
	+++ cmsworkflow/code/ThreeStep/SiteTreeCMSThreeStepWorkflow.php (working copy)
	@@ -173,37 +173,26 @@
	* @return boolean True if the current user can approve requests for this page.
	*/
	public function canApprove($member = null) {
	- if(!$member && $member !== FALSE) $member = Member::currentUser();
	-
	- // check for admin permission
	- if(Permission::checkMember($member, 'ADMIN')) return true;
	+ if(!$member) $member = Member::currentUser();
	+ $memberID = $member->ID;

	- // check for workflow admin permission
	- if(Permission::checkMember($member, 'IS_WORKFLOW_ADMIN')) return true;
	+ if(isset(SiteTree::$cache_permissions['CanApproveType'][$this->owner->ID])) {
	+ return SiteTree::$cache_permissions['CanApproveType'][$this->owner->ID];
	+ }

	- // check for missing cmsmain permission
	- if(!Permission::checkMember($member, 'CMS_ACCESS_CMSMain')) return false;
	+ // DANGER, WILL ROBINSON!
	+ // we currently have not implemented extensions here. if you do
	+ // be aware that the WorkflowRequest::get_by_* functions use
	+ // batch_permission_check directly so you will need to ammend
	+ // them appropriately

	+ // check for (workflow)admin permission
	+ if(Permission::checkMember($member, array('ADMIN', 'IS_WORKFLOW_ADMIN'))) return true;
	+
	if ($this->canPublish($member)) return true;

	- // check for empty spec
	- if(!$this->owner->CanApproveType \|\| $this->owner->CanApproveType == 'Anyone') return true;
	-
	- // check against parent page/site config
	- if($this->owner->CanApproveType == 'Inherit') {
	- if ($this->owner->Parent()->exists()) {
	- // if (!$this->owner->Parent()->getExtensionInstance('SiteTreeCMSThreeStepWorkflow')->canApprove($member)) return false;
	- if (!$this->owner->Parent()->canApprove($member)) return false;
	- } else { return $this->owner->SiteConfig->canApprove($member); }
	- }
	-
	- // check for any logged-in users
	- if($this->owner->CanApproveType == 'LoggedInUsers' && !Permission::checkMember($member, 'CMS_ACCESS_CMSMain')) return false;
	-
	- // check for specific groups
	- if($this->owner->CanApproveType == 'OnlyTheseUsers' && (!$member \|\| !$member->inGroups($this->owner->ApproverGroups()))) return false;
	-
	- return true;
	+ $results = SiteTree::batch_permission_check(array($this->owner->ID), $memberID, 'CanApproveType', 'SiteTree_ApproverGroups', 'canApprove');
	+ return isset($results[$this->owner->ID]) ? $results[$this->owner->ID] : false;
	}

	/**
	@@ -243,34 +232,24 @@
	* @return boolean True if the current user can publish this page.
	*/
	public function canPublish($member = null) {
	- if(!$member && $member !== FALSE) $member = Member::currentUser();
	-
	- // check for admin permission
	- if(Permission::checkMember($member, 'ADMIN')) return true;
	+ if(!$member) $member = Member::currentUser();
	+ $memberID = $member->ID;

	- // check for workflow admin permission
	- if(Permission::checkMember($member, 'IS_WORKFLOW_ADMIN')) return true;
	-
	- // check for missing cmsmain permission
	- if(!Permission::checkMember($member, 'CMS_ACCESS_CMSMain')) return false;
	-
	- // check for empty spec
	- if(!$this->owner->CanPublishType \|\| $this->owner->CanPublishType == 'Anyone') return true;
	-
	- // check against parent page/site config
	- if($this->owner->CanPublishType == 'Inherit') {
	- if ($this->owner->Parent()->exists()) {
	- if (!$this->owner->Parent()->canPublish($member)) return false;
	- } else { return $this->owner->SiteConfig->canPublish($member); }
	+ if(isset(SiteTree::$cache_permissions['CanPublishType'][$this->owner->ID])) {
	+ return SiteTree::$cache_permissions['CanPublishType'][$this->owner->ID];
	}

	- // check for any logged-in users
	- if($this->owner->CanPublishType == 'LoggedInUsers' && !Permission::checkMember($member, 'CMS_ACCESS_CMSMain')) return false;
	+ // DANGER, WILL ROBINSON!
	+ // we currently have not implemented extensions here. if you do
	+ // be aware that the WorkflowRequest::get_by_* functions use
	+ // batch_permission_check directly so you will need to ammend
	+ // them appropriately

	- // check for specific groups
	- if($this->owner->CanPublishType == 'OnlyTheseUsers' && (!$member \|\| !$member->inGroups($this->owner->PublisherGroups()))) return false;
	-
	- return true;
	+ // check for (workflow)admin permission
	+ if(Permission::checkMember($member, array('ADMIN', 'IS_WORKFLOW_ADMIN'))) return true;
	+
	+ $results = SiteTree::batch_permission_check(array($this->owner->ID), $memberID, 'CanPublishType', 'SiteTree_PublisherGroups', 'canPublish');
	+ return isset($results[$this->owner->ID]) ? $results[$this->owner->ID] : false;
	}

	/**
	Index: cmsworkflow/code/ThreeStep/WorkflowThreeStepRequest.php
	===================================================================
	--- cmsworkflow/code/ThreeStep/WorkflowThreeStepRequest.php (revision 97653)
	+++ cmsworkflow/code/ThreeStep/WorkflowThreeStepRequest.php (working copy)
	@@ -198,18 +198,8 @@
	$classes[] = $class;
	$classesSQL = implode("','", $classes);

	- // build filter
	-
	- // check for admin permission
	- if (Permission::checkMember($approver, 'ADMIN') \|\| Permission::checkMember($approver, 'IS_WORKFLOW_ADMIN')) {
	- // Admins can approve/publish anything
	- $filter = "{$bt}WorkflowRequest{$bt}.{$bt}ClassName{$bt} IN ('$classesSQL')";
	- } else {
	- $filter = "{$bt}WorkflowRequest_Approvers{$bt}.{$bt}MemberID{$bt} = {$approver->ID}
	- AND {$bt}WorkflowRequest{$bt}.{$bt}ClassName{$bt} IN ('$classesSQL')
	- ";
	- }
	-
	+ $filter = "{$bt}WorkflowRequest{$bt}.{$bt}ClassName{$bt} IN ('$classesSQL')";
	+
	if($status) {
	$filter .= "AND {$bt}WorkflowRequest{$bt}.{$bt}Status{$bt} IN (" . $statusStr . ")";
	}
	@@ -236,6 +226,14 @@
	$return->merge($onDraft);
	$return->merge($onLive);
	$return->removeDuplicates();
	+
	+ $canApprove = SiteTree::batch_permission_check($return->column('ID'), $approver->ID, 'CanApproveType', 'SiteTree_ApproverGroups', 'canApprove');
	+ foreach($return as $page) {
	+ if (!isset($canApprove[$page->ID]) \|\| !$canApprove[$page->ID]) {
	+ $return->remove($page);
	+ }
	+ }
	+
	return $return;
	}

	@@ -270,17 +268,15 @@
	"LEFT JOIN {$bt}WorkflowRequest{$bt} ON {$bt}WorkflowRequest{$bt}.{$bt}PageID{$bt} = {$bt}SiteTree_Live{$bt}.{$bt}ID{$bt} "
	);

	- $objects = new DataObjectSet();
	$return = new DataObjectSet();
	- $objects->merge($onDraft);
	- $objects->merge($onLive);
	- $objects->removeDuplicates();
	+ $return->merge($onDraft);
	+ $return->merge($onLive);
	+ $return->removeDuplicates();

	- if ($objects) {
	- foreach($objects as $do) {
	- if ($do->canPublish($publisher)) {
	- $return->push($do);
	- }
	+ $canPublish = SiteTree::batch_permission_check($return->column('ID'), $publisher->ID, 'CanPublishType', 'SiteTree_PublisherGroups', 'canPublish');
	+ foreach($return as $page) {
	+ if (!isset($canPublish[$page->ID]) \|\| !$canPublish[$page->ID]) {
	+ $return->remove($page);
	}
	}