Merge pull request #487 from creative-commoners/pulls/2.4/fix-parent-canview

FIX Ensure that draft blog posts are always viewable to users with view draft permission
This commit is contained in:
Damian Mooyman 2017-11-03 15:12:44 +13:00 committed by GitHub
commit f2a0c36bd6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 48 additions and 20 deletions

View File

@ -461,7 +461,12 @@ class BlogPost extends Page
return false; return false;
} }
if($this->canEdit($member)) { if ($this->canEdit($member)) {
return true;
}
// If on draft stage, user has permission to view draft, so show it
if (Versioned::current_stage() === 'Stage') {
return true; return true;
} }
@ -469,7 +474,7 @@ class BlogPost extends Page
* @var SS_Datetime $publishDate * @var SS_Datetime $publishDate
*/ */
$publishDate = $this->dbObject('PublishDate'); $publishDate = $this->dbObject('PublishDate');
if(!$publishDate->exists()) { if (!$publishDate->exists()) {
return false; return false;
} }

View File

@ -27,44 +27,67 @@ class BlogPostTest extends SapphireTest
/** /**
* @dataProvider canViewProvider * @dataProvider canViewProvider
*/ */
public function testCanView($date, $user, $page, $canView) public function testCanView($date, $user, $page, $canView, $stage)
{ {
$userRecord = $this->objFromFixture('Member', $user); $userRecord = $this->objFromFixture('Member', $user);
$pageRecord = $this->objFromFixture('BlogPost', $page); $pageRecord = $this->objFromFixture('BlogPost', $page);
if ($stage === 'Live') {
$pageRecord->doPublish();
}
Versioned::reading_stage($stage);
SS_Datetime::set_mock_now($date); SS_Datetime::set_mock_now($date);
$this->assertEquals($canView, $pageRecord->canView($userRecord)); $this->assertEquals($canView, $pageRecord->canView($userRecord));
} }
/**
* @return array Format:
* - mock now date
* - user role (see fixture)
* - blog post fixture ID
* - expected result
* - versioned stage
*/
public function canViewProvider() public function canViewProvider()
{ {
$someFutureDate = '2013-10-10 20:00:00'; $someFutureDate = '2013-10-10 20:00:00';
$somePastDate = '2009-10-10 20:00:00'; $somePastDate = '2009-10-10 20:00:00';
return array( return array(
// Check this post given the date has passed // Check this post given the date has passed
array($someFutureDate, 'Editor', 'PostA', true), array($someFutureDate, 'Editor', 'PostA', true, 'Stage'),
array($someFutureDate, 'Contributor', 'PostA', true), array($someFutureDate, 'Contributor', 'PostA', true, 'Stage'),
array($someFutureDate, 'BlogEditor', 'PostA', true), array($someFutureDate, 'BlogEditor', 'PostA', true, 'Stage'),
array($someFutureDate, 'Writer', 'PostA', true), array($someFutureDate, 'Writer', 'PostA', true, 'Stage'),
// Check unpublished pages // Check unpublished pages
array($somePastDate, 'Editor', 'PostA', true), array($somePastDate, 'Editor', 'PostA', true, 'Stage'),
array($somePastDate, 'Contributor', 'PostA', true), array($somePastDate, 'Contributor', 'PostA', true, 'Stage'),
array($somePastDate, 'BlogEditor', 'PostA', true), array($somePastDate, 'BlogEditor', 'PostA', true, 'Stage'),
array($somePastDate, 'Writer', 'PostA', true), array($somePastDate, 'Writer', 'PostA', true, 'Stage'),
// Test a page that was authored by another user // Test a page that was authored by another user
// Check this post given the date has passed // Check this post given the date has passed
array($someFutureDate, 'Editor', 'FirstBlogPost', true), array($someFutureDate, 'Editor', 'FirstBlogPost', true, 'Stage'),
array($someFutureDate, 'Contributor', 'FirstBlogPost', true), array($someFutureDate, 'Contributor', 'FirstBlogPost', true, 'Stage'),
array($someFutureDate, 'BlogEditor', 'FirstBlogPost', true), array($someFutureDate, 'BlogEditor', 'FirstBlogPost', true, 'Stage'),
array($someFutureDate, 'Writer', 'FirstBlogPost', true), array($someFutureDate, 'Writer', 'FirstBlogPost', true, 'Stage'),
// Check future pages - non-editors shouldn't be able to see this // Check future pages in draft stage - users with "view draft pages" permission should
array($somePastDate, 'Editor', 'FirstBlogPost', true), // be able to see this, but visitors should not
array($somePastDate, 'Contributor', 'FirstBlogPost', false), array($somePastDate, 'Editor', 'FirstBlogPost', true, 'Stage'),
array($somePastDate, 'BlogEditor', 'FirstBlogPost', false), array($somePastDate, 'Contributor', 'FirstBlogPost', true, 'Stage'),
array($somePastDate, 'Writer', 'FirstBlogPost', false), array($somePastDate, 'BlogEditor', 'FirstBlogPost', true, 'Stage'),
array($somePastDate, 'Writer', 'FirstBlogPost', true, 'Stage'),
array($somePastDate, 'Visitor', 'FirstBlogPost', false, 'Stage'),
// No future pages in live stage should be visible, even to users that can edit them (in draft)
array($somePastDate, 'Editor', 'FirstBlogPost', false, 'Live'),
array($somePastDate, 'Contributor', 'FirstBlogPost', false, 'Live'),
array($somePastDate, 'BlogEditor', 'FirstBlogPost', false, 'Live'),
array($somePastDate, 'Writer', 'FirstBlogPost', false, 'Live'),
array($somePastDate, 'Visitor', 'FirstBlogPost', false, 'Live'),
); );
} }