tonyair
/
silverstripe-blog
mirror of https://github.com/silverstripe/silverstripe-blog
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix string member IDs breaking permission checking

This commit is contained in:
Damian Mooyman 2015-06-04 11:50:25 +12:00
parent 8b082e013f
commit 6345f9b6f7
3 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
code/model/Blog.php
View File

@ -165,7 +165,7 @@ class Blog extends Page implements PermissionProvider {
$member = Member::currentUser();
}
if(is_int($member)) {
if(is_numeric($member)) {
$member = Member::get()->byID($member);
}

10
code/model/BlogPost.php
View File

@ -113,9 +113,7 @@ class BlogPost extends Page {
* @return null|string
*/
public function RoleOf($member = null) {
if(is_int($member)) {
$member = DataObject::get_by_id('Member', $member);
}
$member = $this->getMember($member);
if(!$member) {
return null;
@ -298,7 +296,7 @@ class BlogPost extends Page {
$member = Member::currentUser();
}
if(is_int($member)) {
if(is_numeric($member)) {
$member = Member::get()->byID($member);
}
@ -313,7 +311,7 @@ class BlogPost extends Page {
* @return bool
*/
public function canCreateCategories($member = null) {
$member = $member = $this->getMember($member);
$member = $this->getMember($member);
$parent = $this->Parent();
@ -336,7 +334,7 @@ class BlogPost extends Page {
* @return bool
*/
public function canCreateTags($member = null) {
$member = $member = $this->getMember($member);
$member = $this->getMember($member);
$parent = $this->Parent();

20
tests/BlogTest.php
View File

@ -189,6 +189,26 @@ class BlogTest extends SapphireTest {
$this->assertEquals('Editor', $postA->RoleOf($editor));
$this->assertEmpty($postA->RoleOf($visitor));
// Test RoleOf with string values given
$this->assertEquals('Editor', $fourthBlog->RoleOf((string)(int)$editor->ID));
$this->assertEquals('Contributor', $fourthBlog->RoleOf((string)(int)$contributor->ID));
$this->assertEquals('Writer', $fourthBlog->RoleOf((string)(int)$writer->ID));
$this->assertEmpty($fourthBlog->RoleOf((string)(int)$visitor->ID));
$this->assertEquals('Author', $postA->RoleOf((string)(int)$writer->ID));
$this->assertEquals('Author', $postA->RoleOf((string)(int)$contributor->ID));
$this->assertEquals('Editor', $postA->RoleOf((string)(int)$editor->ID));
$this->assertEmpty($postA->RoleOf((string)(int)$visitor->ID));
// Test RoleOf with int values given
$this->assertEquals('Editor', $fourthBlog->RoleOf((int)$editor->ID));
$this->assertEquals('Contributor', $fourthBlog->RoleOf((int)$contributor->ID));
$this->assertEquals('Writer', $fourthBlog->RoleOf((int)$writer->ID));
$this->assertEmpty($fourthBlog->RoleOf((int)$visitor->ID));
$this->assertEquals('Author', $postA->RoleOf((int)$writer->ID));
$this->assertEquals('Author', $postA->RoleOf((int)$contributor->ID));
$this->assertEquals('Editor', $postA->RoleOf((int)$editor->ID));
$this->assertEmpty($postA->RoleOf((int)$visitor->ID));
$this->assertTrue($fourthBlog->canEdit($editor));
$this->assertFalse($firstBlog->canEdit($editor));
$this->assertTrue($fourthBlog->canAddChildren($editor));