From 6345f9b6f7c06991cdd3981cb33d183424460f38 Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Thu, 4 Jun 2015 11:50:25 +1200 Subject: [PATCH] Fix string member IDs breaking permission checking --- code/model/Blog.php | 2 +- code/model/BlogPost.php | 10 ++++------ tests/BlogTest.php | 20 ++++++++++++++++++++ 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/code/model/Blog.php b/code/model/Blog.php index 2d9fe51..8923db7 100644 --- a/code/model/Blog.php +++ b/code/model/Blog.php @@ -165,7 +165,7 @@ class Blog extends Page implements PermissionProvider { $member = Member::currentUser(); } - if(is_int($member)) { + if(is_numeric($member)) { $member = Member::get()->byID($member); } diff --git a/code/model/BlogPost.php b/code/model/BlogPost.php index e97213e..ef0d5ae 100644 --- a/code/model/BlogPost.php +++ b/code/model/BlogPost.php @@ -113,9 +113,7 @@ class BlogPost extends Page { * @return null|string */ public function RoleOf($member = null) { - if(is_int($member)) { - $member = DataObject::get_by_id('Member', $member); - } + $member = $this->getMember($member); if(!$member) { return null; @@ -298,7 +296,7 @@ class BlogPost extends Page { $member = Member::currentUser(); } - if(is_int($member)) { + if(is_numeric($member)) { $member = Member::get()->byID($member); } @@ -313,7 +311,7 @@ class BlogPost extends Page { * @return bool */ public function canCreateCategories($member = null) { - $member = $member = $this->getMember($member); + $member = $this->getMember($member); $parent = $this->Parent(); @@ -336,7 +334,7 @@ class BlogPost extends Page { * @return bool */ public function canCreateTags($member = null) { - $member = $member = $this->getMember($member); + $member = $this->getMember($member); $parent = $this->Parent(); diff --git a/tests/BlogTest.php b/tests/BlogTest.php index 27dc573..07e8404 100755 --- a/tests/BlogTest.php +++ b/tests/BlogTest.php @@ -189,6 +189,26 @@ class BlogTest extends SapphireTest { $this->assertEquals('Editor', $postA->RoleOf($editor)); $this->assertEmpty($postA->RoleOf($visitor)); + // Test RoleOf with string values given + $this->assertEquals('Editor', $fourthBlog->RoleOf((string)(int)$editor->ID)); + $this->assertEquals('Contributor', $fourthBlog->RoleOf((string)(int)$contributor->ID)); + $this->assertEquals('Writer', $fourthBlog->RoleOf((string)(int)$writer->ID)); + $this->assertEmpty($fourthBlog->RoleOf((string)(int)$visitor->ID)); + $this->assertEquals('Author', $postA->RoleOf((string)(int)$writer->ID)); + $this->assertEquals('Author', $postA->RoleOf((string)(int)$contributor->ID)); + $this->assertEquals('Editor', $postA->RoleOf((string)(int)$editor->ID)); + $this->assertEmpty($postA->RoleOf((string)(int)$visitor->ID)); + + // Test RoleOf with int values given + $this->assertEquals('Editor', $fourthBlog->RoleOf((int)$editor->ID)); + $this->assertEquals('Contributor', $fourthBlog->RoleOf((int)$contributor->ID)); + $this->assertEquals('Writer', $fourthBlog->RoleOf((int)$writer->ID)); + $this->assertEmpty($fourthBlog->RoleOf((int)$visitor->ID)); + $this->assertEquals('Author', $postA->RoleOf((int)$writer->ID)); + $this->assertEquals('Author', $postA->RoleOf((int)$contributor->ID)); + $this->assertEquals('Editor', $postA->RoleOf((int)$editor->ID)); + $this->assertEmpty($postA->RoleOf((int)$visitor->ID)); + $this->assertTrue($fourthBlog->canEdit($editor)); $this->assertFalse($firstBlog->canEdit($editor)); $this->assertTrue($fourthBlog->canAddChildren($editor));