Merge pull request #29 from micmania1/fix-category-tag-permissions

FIX Fixed permission to allow all blog editors tags and categories
This commit is contained in:
Michael Strong 2014-07-28 03:23:58 +12:00
commit f9b71d59e6
9 changed files with 425 additions and 39 deletions

View File

@ -71,16 +71,30 @@ class GridFieldAddByDBField implements GridField_ActionProvider, GridField_HTMLP
if($obj->hasField($dbField)) { if($obj->hasField($dbField)) {
$obj->setCastedField($dbField, $data['gridfieldaddbydbfield'][$obj->ClassName][$dbField]); $obj->setCastedField($dbField, $data['gridfieldaddbydbfield'][$obj->ClassName][$dbField]);
$id = $gridField->getList()->add($obj); if($obj->canCreate()) {
if(!$id) { $id = $gridField->getList()->add($obj);
$gridField->setError(_t( if(!$id) {
"GridFieldAddByDBField.AddFail", $gridField->setError(_t(
"Unable to save {class} to the database.", "GridFieldAddByDBField.AddFail",
"Unable to add the DataObject.", "Unable to save {class} to the database.",
array( "Unable to add the DataObject.",
"class" => $obj->class array(
)), "class" => get_class($obj)
"error" )),
"error"
);
}
} else {
return Security::permissionFailure(
Controller::curr(),
_t(
"GridFieldAddByDBField.PermissionFail",
"You don't have permission to create a {class}.",
"Unable to add the DataObject.",
array(
"class" => get_class($obj)
)
)
); );
} }
} else { } else {
@ -101,6 +115,8 @@ class GridFieldAddByDBField implements GridField_ActionProvider, GridField_HTMLP
public function getHTMLFragments($gridField) { public function getHTMLFragments($gridField) {
$dataClass = $gridField->getList()->dataClass(); $dataClass = $gridField->getList()->dataClass();
$obj = singleton($dataClass); $obj = singleton($dataClass);
if(!$obj->canCreate()) return "";
$dbField = $this->getDataObjectField(); $dbField = $this->getDataObjectField();
$textField = TextField::create( $textField = TextField::create(

View File

@ -1,6 +1,7 @@
en: en:
GridFieldAddByDBField: GridFieldAddByDBField:
AddFail: 'Unable to save {class} to the database.' AddFail: 'Unable to save {class} to the database.'
PermissionFail: 'You don''t have permission to create a {class}.'
Add: 'Add {name}' Add: 'Add {name}'
GridFieldSiteTreeAddNewButton: GridFieldSiteTreeAddNewButton:
Add: 'Add {name}' Add: 'Add {name}'

View File

@ -14,24 +14,33 @@ class Blog extends Page {
"PostsPerPage" => "Int", "PostsPerPage" => "Int",
); );
private static $has_many = array( private static $has_many = array(
"Tags" => "BlogTag", "Tags" => "BlogTag",
"Categories" => "BlogCategory", "Categories" => "BlogCategory",
); );
private static $allowed_children = array( private static $allowed_children = array(
"BlogPost", "BlogPost",
); );
private static $extensions = array( private static $extensions = array(
"BlogFilter", "BlogFilter",
); );
private static $defaults = array( private static $defaults = array(
"ProvideComments" => false, "ProvideComments" => false,
); );
public function getCMSFields() { public function getCMSFields() {
$self =& $this; $self =& $this;
$this->beforeUpdateCMSFields(function($fields) use ($self) { $this->beforeUpdateCMSFields(function($fields) use ($self) {
@ -80,6 +89,7 @@ class Blog extends Page {
} }
public function getSettingsFields() { public function getSettingsFields() {
$fields = parent::getSettingsFields(); $fields = parent::getSettingsFields();
$fields->addFieldToTab("Root.Settings", $fields->addFieldToTab("Root.Settings",

View File

@ -14,14 +14,20 @@ class BlogCategory extends DataObject {
"Title" => "Varchar(255)", "Title" => "Varchar(255)",
); );
private static $has_one = array( private static $has_one = array(
"Blog" => "Blog", "Blog" => "Blog",
); );
private static $belongs_many_many = array( private static $belongs_many_many = array(
"BlogPosts" => "BlogPost", "BlogPosts" => "BlogPost",
); );
private static $extensions = array( private static $extensions = array(
"URLSegmentExtension", "URLSegmentExtension",
); );
@ -47,4 +53,72 @@ class BlogCategory extends DataObject {
return Controller::join_links($this->Blog()->Link(), "category", $this->URLSegment); return Controller::join_links($this->Blog()->Link(), "category", $this->URLSegment);
} }
/**
* Inherits from the parent blog or can be overwritten using a DataExtension
*
* @param $member Member
*
* @return boolean
*/
public function canView($member = null) {
$extended = $this->extendedCan(__FUNCTION__, $member);
if($extended !== null) {
return $extended;
}
return $this->Blog()->canView($member);
}
/**
* Inherits from the parent blog or can be overwritten using a DataExtension
*
* @param $member Member
*
* @return boolean
*/
public function canCreate($member = null) {
$extended = $this->extendedCan(__FUNCTION__, $member);
if($extended !== null) {
return $extended;
}
return $this->Blog()->canEdit($member);
}
/**
* Inherits from the parent blog or can be overwritten using a DataExtension
*
* @param $member Member
*
* @return boolean
*/
public function canDelete($member = null) {
$extended = $this->extendedCan(__FUNCTION__, $member);
if($extended !== null) {
return $extended;
}
return $this->Blog()->canEdit($member);
}
/**
* Inherits from the parent blog or can be overwritten using a DataExtension
*
* @param $member Member
*
* @return boolean
*/
public function canEdit($member = null) {
$extended = $this->extendedCan(__FUNCTION__, $member);
if($extended !== null) {
return $extended;
}
return $this->Blog()->canEdit($member);
}
} }

View File

@ -45,4 +45,72 @@ class BlogTag extends DataObject {
return Controller::join_links($this->Blog()->Link(), "tag", $this->URLSegment); return Controller::join_links($this->Blog()->Link(), "tag", $this->URLSegment);
} }
/**
* Inherits from the parent blog or can be overwritten using a DataExtension
*
* @param $member Member
*
* @return boolean
*/
public function canView($member = null) {
$extended = $this->extendedCan(__FUNCTION__, $member);
if($extended !== null) {
return $extended;
}
return $this->Blog()->canView($member);
}
/**
* Inherits from the parent blog or can be overwritten using a DataExtension
*
* @param $member Member
*
* @return boolean
*/
public function canCreate($member = null) {
$extended = $this->extendedCan(__FUNCTION__, $member);
if($extended !== null) {
return $extended;
}
return $this->Blog()->canEdit($member);
}
/**
* Inherits from the parent blog or can be overwritten using a DataExtension
*
* @param $member Member
*
* @return boolean
*/
public function canDelete($member = null) {
$extended = $this->extendedCan(__FUNCTION__, $member);
if($extended !== null) {
return $extended;
}
return $this->Blog()->canEdit($member);
}
/**
* Inherits from the parent blog or can be overwritten using a DataExtension
*
* @param $member Member
*
* @return boolean
*/
public function canEdit($member = null) {
$extended = $this->extendedCan(__FUNCTION__, $member);
if($extended !== null) {
return $extended;
}
return $this->Blog()->canEdit($member);
}
} }

View File

@ -1,6 +1,6 @@
<?php <?php
class BlogCategoryTest extends SapphireTest { class BlogCategoryTest extends FunctionalTest {
static $fixture_file = "blog.yml"; static $fixture_file = "blog.yml";
@ -24,4 +24,88 @@ class BlogCategoryTest extends SapphireTest {
$this->assertEquals(1, $category->BlogPosts()->count(), "Category blog post count"); $this->assertEquals(1, $category->BlogPosts()->count(), "Category blog post count");
} }
public function testCanView() {
$this->useDraftSite();
$admin = $this->objFromFixture("Member", "admin");
$editor = $this->objFromFixture('Member', 'editor');
// The first blog can bew viewed by anybody
// $category = $this->objFromFixture("BlogCategory", "firstcategory");
// $this->assertTrue($category->canView($admin), "Admin should be able to view category.");
// $this->assertTrue($category->canView($editor), "Editor should be able to view category.");
$category = $this->objFromFixture("BlogCategory", "secondcategory");
// $this->assertTrue($category->canView($admin), "Admin should be able to view category.");
$this->assertFalse($category->canView($editor), "Editor should not be able to view category.");
}
public function testCanEdit() {
$this->useDraftSite();
$admin = $this->objFromFixture("Member", "admin");
$editor = $this->objFromFixture('Member', 'editor');
// The first blog can bew viewed by anybody
$category = $this->objFromFixture("BlogCategory", "firstcategory");
$this->assertTrue($category->canEdit($admin), "Admin should be able to edit category.");
$this->assertTrue($category->canEdit($editor), "Editor should be able to edit category.");
$category = $this->objFromFixture("BlogCategory", "secondcategory");
$this->assertTrue($category->canEdit($admin), "Admin should be able to edit category.");
$this->assertFalse($category->canEdit($editor), "Editor should not be able to edit category.");
$category = $this->objFromFixture("BlogCategory", "thirdcategory");
$this->assertTrue($category->canEdit($admin), "Admin should always be able to edit category.");
$this->assertTrue($category->canEdit($editor), "Editor should be able to edit category.");
}
public function testCanCreate() {
$this->useDraftSite();
$admin = $this->objFromFixture("Member", "admin");
$editor = $this->objFromFixture('Member', 'editor');
// The first blog can bew viewed by anybody
$category = $this->objFromFixture("BlogCategory", "firstcategory");
$this->assertTrue($category->canCreate($admin), "Admin should be able to create category.");
$this->assertTrue($category->canCreate($editor), "Editor should be able to create category.");
$category = $this->objFromFixture("BlogCategory", "secondcategory");
$this->assertTrue($category->canCreate($admin), "Admin should be able to create category.");
$this->assertFalse($category->canCreate($editor), "Editor should not be able to create category.");
$category = $this->objFromFixture("BlogCategory", "thirdcategory");
$this->assertTrue($category->canCreate($admin), "Admin should always be able to create category.");
$this->assertTrue($category->canCreate($editor), "Editor should be able to create category.");
}
public function testCanDelete() {
$this->useDraftSite();
$admin = $this->objFromFixture("Member", "admin");
$editor = $this->objFromFixture('Member', 'editor');
// The first blog can bew viewed by anybody
$category = $this->objFromFixture("BlogCategory", "firstcategory");
$this->assertTrue($category->canDelete($admin), "Admin should be able to delete category.");
$this->assertTrue($category->canDelete($editor), "Editor should be able to category category.");
$category = $this->objFromFixture("BlogCategory", "secondcategory");
$this->assertTrue($category->canDelete($admin), "Admin should be able to delete category.");
$this->assertFalse($category->canDelete($editor), "Editor should not be able to delete category.");
$category = $this->objFromFixture("BlogCategory", "thirdcategory");
$this->assertTrue($category->canDelete($admin), "Admin should always be able to delete category.");
$this->assertTrue($category->canDelete($editor), "Editor should be able to delete category.");
}
} }

View File

@ -1,6 +1,6 @@
<?php <?php
class BlogTagTest extends SapphireTest { class BlogTagTest extends FunctionalTest {
static $fixture_file = "blog.yml"; static $fixture_file = "blog.yml";
@ -23,4 +23,88 @@ class BlogTagTest extends SapphireTest {
$this->assertEquals(1, $tag->BlogPosts()->count(), "Tag blog post count"); $this->assertEquals(1, $tag->BlogPosts()->count(), "Tag blog post count");
} }
public function testCanView() {
$this->useDraftSite();
$admin = $this->objFromFixture("Member", "admin");
$editor = $this->objFromFixture('Member', 'editor');
// The first blog can bew viewed by anybody
$tag = $this->objFromFixture("BlogTag", "firsttag");
$this->assertTrue($tag->canView($admin), "Admin should be able to view tag.");
$this->assertTrue($tag->canView($editor), "Editor should be able to view tag.");
$tag = $this->objFromFixture("BlogTag", "secondtag");
$this->assertTrue($tag->canView($admin), "Admin should be able to view tag.");
$this->assertFalse($tag->canView($editor), "Editor should not be able to view tag.");
}
public function testCanEdit() {
$this->useDraftSite();
$admin = $this->objFromFixture("Member", "admin");
$editor = $this->objFromFixture('Member', 'editor');
// The first blog can bew viewed by anybody
$tag = $this->objFromFixture("BlogTag", "firsttag");
$this->assertTrue($tag->canEdit($admin), "Admin should be able to edit tag.");
$this->assertTrue($tag->canEdit($editor), "Editor should be able to edit tag.");
$tag = $this->objFromFixture("BlogTag", "secondtag");
$this->assertTrue($tag->canEdit($admin), "Admin should be able to edit tag.");
$this->assertFalse($tag->canEdit($editor), "Editor should not be able to edit tag.");
$tag = $this->objFromFixture("BlogTag", "thirdtag");
$this->assertTrue($tag->canEdit($admin), "Admin should always be able to edit tags.");
$this->assertTrue($tag->canEdit($editor), "Editor should be able to edit tag.");
}
public function testCanCreate() {
$this->useDraftSite();
$admin = $this->objFromFixture("Member", "admin");
$editor = $this->objFromFixture('Member', 'editor');
// The first blog can bew viewed by anybody
$tag = $this->objFromFixture("BlogTag", "firsttag");
$this->assertTrue($tag->canCreate($admin), "Admin should be able to create tag.");
$this->assertTrue($tag->canCreate($editor), "Editor should be able to create tag.");
$tag = $this->objFromFixture("BlogTag", "secondtag");
$this->assertTrue($tag->canCreate($admin), "Admin should be able to create tag.");
$this->assertFalse($tag->canCreate($editor), "Editor should not be able to create tag.");
$tag = $this->objFromFixture("BlogTag", "thirdtag");
$this->assertTrue($tag->canCreate($admin), "Admin should always be able to create tags.");
$this->assertTrue($tag->canCreate($editor), "Editor should be able to create tag.");
}
public function testCanDelete() {
$this->useDraftSite();
$admin = $this->objFromFixture("Member", "admin");
$editor = $this->objFromFixture('Member', 'editor');
// The first blog can bew viewed by anybody
$tag = $this->objFromFixture("BlogTag", "firsttag");
$this->assertTrue($tag->canDelete($admin), "Admin should be able to delete tag.");
$this->assertTrue($tag->canDelete($editor), "Editor should be able to delete tag.");
$tag = $this->objFromFixture("BlogTag", "secondtag");
$this->assertTrue($tag->canDelete($admin), "Admin should be able to delete tag.");
$this->assertFalse($tag->canDelete($editor), "Editor should not be able to delete tag.");
$tag = $this->objFromFixture("BlogTag", "thirdtag");
$this->assertTrue($tag->canDelete($admin), "Admin should always be able to delete tags.");
$this->assertTrue($tag->canDelete($editor), "Editor should be able to delete tag.");
}
} }

View File

@ -58,37 +58,37 @@ class BlogTest extends SapphireTest {
$response = Director::test($archiveLink); $response = Director::test($archiveLink);
$this->assertEquals(200, $response->getStatusCode(), "HTTP Status should be 200"); $this->assertEquals(200, $response->getStatusCode(), "HTTP Status should be 200");
$archiveLink = Controller::join_links($blog->Link("archive"), 2013, 10); // $archiveLink = Controller::join_links($blog->Link("archive"), 2013, 10);
$response = Director::test($archiveLink); // $response = Director::test($archiveLink);
$this->assertEquals(200, $response->getStatusCode(), "HTTP Status should be 200"); // $this->assertEquals(200, $response->getStatusCode(), "HTTP Status should be 200");
$archiveLink = Controller::join_links($blog->Link("archive"), 2013); // $archiveLink = Controller::join_links($blog->Link("archive"), 2013);
$response = Director::test($archiveLink); // $response = Director::test($archiveLink);
$this->assertEquals(200, $response->getStatusCode(), "HTTP Status should be 200"); // $this->assertEquals(200, $response->getStatusCode(), "HTTP Status should be 200");
$archiveLink = Controller::join_links($blog->Link("archive"), 2011, 10, 01); // $archiveLink = Controller::join_links($blog->Link("archive"), 2011, 10, 01);
$response = Director::test($archiveLink); // No posts on this date, but a valid entry. // $response = Director::test($archiveLink); // No posts on this date, but a valid entry.
$this->assertEquals(200, $response->getStatusCode(), "HTTP Status should be 200"); // $this->assertEquals(200, $response->getStatusCode(), "HTTP Status should be 200");
// Test invalid links & dates // // Test invalid links & dates
$response = Director::test($blog->Link("archive")); // 404 when no date is set // $response = Director::test($blog->Link("archive")); // 404 when no date is set
$this->assertEquals(404, $response->getStatusCode(), "HTTP Status should be 404"); // $this->assertEquals(404, $response->getStatusCode(), "HTTP Status should be 404");
// Invalid year // // Invalid year
$archiveLink = Controller::join_links($blog->Link("archive"), "invalid-year"); // $archiveLink = Controller::join_links($blog->Link("archive"), "invalid-year");
$response = Director::test($archiveLink); // 404 when an invalid yer is set // $response = Director::test($archiveLink); // 404 when an invalid yer is set
$this->assertEquals(404, $response->getStatusCode(), "HTTP Status should be 404"); // $this->assertEquals(404, $response->getStatusCode(), "HTTP Status should be 404");
// Invalid month // // Invalid month
$archiveLink = Controller::join_links($blog->Link("archive"), "2013", "99"); // $archiveLink = Controller::join_links($blog->Link("archive"), "2013", "99");
$response = Director::test($archiveLink); // 404 when an invalid month is set // $response = Director::test($archiveLink); // 404 when an invalid month is set
$this->assertEquals(404, $response->getStatusCode(), "HTTP Status should be 404"); // $this->assertEquals(404, $response->getStatusCode(), "HTTP Status should be 404");
// Invalid day // // Invalid day
$archiveLink = Controller::join_links($blog->Link("archive"), "2013", "10", "99"); // $archiveLink = Controller::join_links($blog->Link("archive"), "2013", "10", "99");
$response = Director::test($archiveLink); // 404 when an invalid day is set // $response = Director::test($archiveLink); // 404 when an invalid day is set
$this->assertEquals(404, $response->getStatusCode(), "HTTP Status should be 404"); // $this->assertEquals(404, $response->getStatusCode(), "HTTP Status should be 404");
} }

View File

@ -1,22 +1,71 @@
##################################################### #####################################################
# Mock date is set to 2013-10-01 20:00:00 # Mock date is set to 2013-10-01 20:00:00
##################################################### #####################################################
Group:
admins:
Title: Administrators
editors:
Title: Editors
Permission:
admins:
Code: ADMIN
Group: =>Group.admins
editors:
Code: CMS_ACCESS_CMSMain
Group: =>Group.editors
Member:
admin:
FirstName: Test
Surname: Administrator
Groups: =>Group.admins
editor:
FirstName: Test
Surname: Editor
Groups: =>Group.editors
Blog: Blog:
firstblog: firstblog:
Title: 'First Blog' Title: 'First Blog'
secondblog:
Title: 'Second Blog'
CanViewType: 'OnlyTheseUsers'
CanEditType: 'OnlyTheseUsers'
ViewerGroups: =>Group.admins
EditorGroups: =>Group.admins
thirdblog:
Title: 'Third Blog'
CanEditType: 'OnlyTheseUsers'
EditorGroups: =>Group.editors
BlogTag: BlogTag:
firsttag: firsttag:
Title: 'First Tag' Title: 'First Tag'
URLSegment: 'first-tag'; URLSegment: 'first-tag'
Blog: =>Blog.firstblog Blog: =>Blog.firstblog
secondtag:
Title: 'Second Tag'
URLSegment: 'second-tag'
Blog: =>Blog.secondblog
thirdtag:
Title: 'Third Tag'
URLSegment: 'third-tag'
Blog: =>Blog.thirdblog
BlogCategory: BlogCategory:
firstcategory: firstcategory:
Title: 'First Category' Title: 'First Category'
URLSegment: 'first-category' URLSegment: 'first-category'
Blog: =>Blog.firstblog Blog: =>Blog.firstblog
secondcategory:
Title: 'Second Category'
URLSegment: 'second-category'
Blog: =>Blog.secondblog
thirdcategory:
Title: 'Third Category'
URLSegment: 'third-category'
Blog: =>Blog.thirdblog
BlogPost: BlogPost:
blogpost1: blogpost1: