Merge pull request #264 from tractorcow/pulls/fix-author-id

Fix string member IDs breaking permission checking
This commit is contained in:
Christopher Pitt 2015-06-04 12:30:52 +12:00
commit 1430018b67
3 changed files with 25 additions and 7 deletions

View File

@ -165,7 +165,7 @@ class Blog extends Page implements PermissionProvider {
$member = Member::currentUser(); $member = Member::currentUser();
} }
if(is_int($member)) { if(is_numeric($member)) {
$member = Member::get()->byID($member); $member = Member::get()->byID($member);
} }

View File

@ -113,9 +113,7 @@ class BlogPost extends Page {
* @return null|string * @return null|string
*/ */
public function RoleOf($member = null) { public function RoleOf($member = null) {
if(is_int($member)) { $member = $this->getMember($member);
$member = DataObject::get_by_id('Member', $member);
}
if(!$member) { if(!$member) {
return null; return null;
@ -298,7 +296,7 @@ class BlogPost extends Page {
$member = Member::currentUser(); $member = Member::currentUser();
} }
if(is_int($member)) { if(is_numeric($member)) {
$member = Member::get()->byID($member); $member = Member::get()->byID($member);
} }
@ -313,7 +311,7 @@ class BlogPost extends Page {
* @return bool * @return bool
*/ */
public function canCreateCategories($member = null) { public function canCreateCategories($member = null) {
$member = $member = $this->getMember($member); $member = $this->getMember($member);
$parent = $this->Parent(); $parent = $this->Parent();
@ -336,7 +334,7 @@ class BlogPost extends Page {
* @return bool * @return bool
*/ */
public function canCreateTags($member = null) { public function canCreateTags($member = null) {
$member = $member = $this->getMember($member); $member = $this->getMember($member);
$parent = $this->Parent(); $parent = $this->Parent();

View File

@ -189,6 +189,26 @@ class BlogTest extends SapphireTest {
$this->assertEquals('Editor', $postA->RoleOf($editor)); $this->assertEquals('Editor', $postA->RoleOf($editor));
$this->assertEmpty($postA->RoleOf($visitor)); $this->assertEmpty($postA->RoleOf($visitor));
// Test RoleOf with string values given
$this->assertEquals('Editor', $fourthBlog->RoleOf((string)(int)$editor->ID));
$this->assertEquals('Contributor', $fourthBlog->RoleOf((string)(int)$contributor->ID));
$this->assertEquals('Writer', $fourthBlog->RoleOf((string)(int)$writer->ID));
$this->assertEmpty($fourthBlog->RoleOf((string)(int)$visitor->ID));
$this->assertEquals('Author', $postA->RoleOf((string)(int)$writer->ID));
$this->assertEquals('Author', $postA->RoleOf((string)(int)$contributor->ID));
$this->assertEquals('Editor', $postA->RoleOf((string)(int)$editor->ID));
$this->assertEmpty($postA->RoleOf((string)(int)$visitor->ID));
// Test RoleOf with int values given
$this->assertEquals('Editor', $fourthBlog->RoleOf((int)$editor->ID));
$this->assertEquals('Contributor', $fourthBlog->RoleOf((int)$contributor->ID));
$this->assertEquals('Writer', $fourthBlog->RoleOf((int)$writer->ID));
$this->assertEmpty($fourthBlog->RoleOf((int)$visitor->ID));
$this->assertEquals('Author', $postA->RoleOf((int)$writer->ID));
$this->assertEquals('Author', $postA->RoleOf((int)$contributor->ID));
$this->assertEquals('Editor', $postA->RoleOf((int)$editor->ID));
$this->assertEmpty($postA->RoleOf((int)$visitor->ID));
$this->assertTrue($fourthBlog->canEdit($editor)); $this->assertTrue($fourthBlog->canEdit($editor));
$this->assertFalse($firstBlog->canEdit($editor)); $this->assertFalse($firstBlog->canEdit($editor));
$this->assertTrue($fourthBlog->canAddChildren($editor)); $this->assertTrue($fourthBlog->canAddChildren($editor));