2011-03-18 16:23:47 +13:00
< ? php
2016-06-16 16:57:19 +12:00
2017-08-09 14:53:38 +12:00
namespace SilverStripe\CMS\Tests\Model ;
2017-08-09 13:25:12 +12:00
2018-03-21 17:44:24 +13:00
use Page ;
2017-08-09 14:53:38 +12:00
use SilverStripe\CMS\Model\SiteTree ;
use SilverStripe\Control\HTTPResponse_Exception ;
use SilverStripe\Dev\FunctionalTest ;
2017-03-21 17:26:46 +13:00
use SilverStripe\Security\Group ;
2017-08-09 14:53:38 +12:00
use SilverStripe\Security\Member ;
2017-05-21 15:15:00 +12:00
use SilverStripe\Security\Security ;
2017-03-21 17:26:46 +13:00
use SilverStripe\SiteConfig\SiteConfig ;
2018-09-27 14:07:42 +02:00
use SilverStripe\Subsites\Extensions\SiteTreeSubsites ;
2017-03-21 17:26:46 +13:00
use SilverStripe\Versioned\Versioned ;
2017-08-09 13:25:12 +12:00
2011-03-18 16:23:47 +13:00
/**
* @ todo Test canAddChildren ()
* @ todo Test canCreate ()
*/
2017-01-26 09:59:25 +13:00
class SiteTreePermissionsTest extends FunctionalTest
{
protected static $fixture_file = " SiteTreePermissionsTest.yml " ;
2018-09-27 14:07:42 +02:00
protected static $illegal_extensions = [
SiteTree :: class => [ SiteTreeSubsites :: class ],
];
2017-01-26 09:59:25 +13:00
2018-09-27 14:07:42 +02:00
protected function setUp ()
2017-01-26 09:59:25 +13:00
{
parent :: setUp ();
// we're testing HTTP status codes before being redirected to login forms
$this -> autoFollowRedirection = false ;
2018-03-21 17:44:24 +13:00
// Ensure all pages are published
/** @var Page $page */
foreach ( Page :: get () as $page ) {
if ( $page -> URLSegment !== 'draft-only' ) {
$page -> publishSingle ();
}
}
2017-01-26 09:59:25 +13:00
}
public function testAccessingStageWithBlankStage ()
{
$this -> autoFollowRedirection = false ;
2017-06-21 16:29:40 +12:00
/** @var Page $draftOnlyPage */
2018-03-21 17:44:24 +13:00
$draftOnlyPage = $this -> objFromFixture ( Page :: class , 'draftOnlyPage' );
2017-06-21 16:29:40 +12:00
$this -> logOut ();
2017-01-26 09:59:25 +13:00
2017-06-21 16:29:40 +12:00
$response = $this -> get ( $draftOnlyPage -> URLSegment . '?stage=Live' );
2017-01-26 09:59:25 +13:00
$this -> assertEquals ( $response -> getStatusCode (), '404' );
2017-06-21 16:29:40 +12:00
$response = $this -> get ( $draftOnlyPage -> URLSegment );
2017-01-26 09:59:25 +13:00
$this -> assertEquals ( $response -> getStatusCode (), '404' );
// should be prompted for a login
try {
2017-06-21 16:29:40 +12:00
$response = $this -> get ( $draftOnlyPage -> URLSegment . '?stage=Stage' );
2017-01-26 09:59:25 +13:00
} catch ( HTTPResponse_Exception $responseException ) {
$response = $responseException -> getResponse ();
}
$this -> assertEquals ( $response -> getStatusCode (), '302' );
$this -> assertContains (
2017-06-21 16:29:40 +12:00
Security :: config () -> get ( 'login_url' ),
2017-01-26 09:59:25 +13:00
$response -> getHeader ( 'Location' )
);
$this -> logInWithPermission ( 'ADMIN' );
2017-06-21 16:29:40 +12:00
$response = $this -> get ( $draftOnlyPage -> URLSegment . '?stage=Live' );
$this -> assertEquals ( '404' , $response -> getStatusCode ());
2017-01-26 09:59:25 +13:00
2017-06-21 16:29:40 +12:00
$response = $this -> get ( $draftOnlyPage -> URLSegment . '?stage=Stage' );
$this -> assertEquals ( '200' , $response -> getStatusCode ());
2017-01-26 09:59:25 +13:00
2018-03-21 17:44:24 +13:00
$draftOnlyPage -> publishSingle ();
2017-06-21 16:29:40 +12:00
$response = $this -> get ( $draftOnlyPage -> URLSegment );
$this -> assertEquals ( '200' , $response -> getStatusCode ());
2017-01-26 09:59:25 +13:00
}
public function testPermissionCheckingWorksOnDeletedPages ()
{
// Set up fixture - a published page deleted from draft
$this -> logInWithPermission ( " ADMIN " );
2018-03-21 17:44:24 +13:00
$page = $this -> objFromFixture ( Page :: class , 'restrictedEditOnlySubadminGroup' );
2017-01-26 09:59:25 +13:00
$pageID = $page -> ID ;
$this -> assertTrue ( $page -> publishRecursive ());
$page -> delete ();
// Re-fetch the page from the live site
2017-06-21 16:29:40 +12:00
$page = Versioned :: get_one_by_stage ( SiteTree :: class , 'Live' , " \" SiteTree \" . \" ID \" = $pageID " );
2017-01-26 09:59:25 +13:00
// subadmin has edit rights on that page
2017-03-21 17:26:46 +13:00
$member = $this -> objFromFixture ( Member :: class , 'subadmin' );
2017-05-21 15:15:00 +12:00
Security :: setCurrentUser ( $member );
2017-01-26 09:59:25 +13:00
// Test can_edit_multiple
$this -> assertEquals (
2017-05-12 12:47:46 +12:00
[ $pageID => true ],
SiteTree :: getPermissionChecker () -> canEditMultiple ([ $pageID ], $member )
2017-01-26 09:59:25 +13:00
);
// Test canEdit
2017-05-21 15:15:00 +12:00
Security :: setCurrentUser ( $member );
2017-01-26 09:59:25 +13:00
$this -> assertTrue ( $page -> canEdit ());
}
public function testPermissionCheckingWorksOnUnpublishedPages ()
{
// Set up fixture - an unpublished page
$this -> logInWithPermission ( " ADMIN " );
2018-03-21 17:44:24 +13:00
$page = $this -> objFromFixture ( Page :: class , 'restrictedEditOnlySubadminGroup' );
2017-01-26 09:59:25 +13:00
$pageID = $page -> ID ;
$page -> doUnpublish ();
// subadmin has edit rights on that page
2017-03-21 17:26:46 +13:00
$member = $this -> objFromFixture ( Member :: class , 'subadmin' );
2017-05-21 15:15:00 +12:00
Security :: setCurrentUser ( $member );
2017-01-26 09:59:25 +13:00
// Test can_edit_multiple
$this -> assertEquals (
2017-05-12 12:47:46 +12:00
[ $pageID => true ],
SiteTree :: getPermissionChecker () -> canEditMultiple ([ $pageID ], $member )
2017-01-26 09:59:25 +13:00
);
// Test canEdit
2017-05-21 15:15:00 +12:00
Security :: setCurrentUser ( $member );
2017-01-26 09:59:25 +13:00
$this -> assertTrue ( $page -> canEdit ());
}
public function testCanEditOnPageDeletedFromStageAndLiveReturnsFalse ()
{
// Find a page that exists and delete it from both stage and published
$this -> logInWithPermission ( " ADMIN " );
2018-03-21 17:44:24 +13:00
$page = $this -> objFromFixture ( Page :: class , 'restrictedEditOnlySubadminGroup' );
2017-01-26 09:59:25 +13:00
$pageID = $page -> ID ;
$page -> doUnpublish ();
$page -> delete ();
// We'll need to resurrect the page from the version cache to test this case
2017-06-21 16:29:40 +12:00
$page = Versioned :: get_latest_version ( SiteTree :: class , $pageID );
2017-01-26 09:59:25 +13:00
// subadmin had edit rights on that page, but now it's gone
2017-03-21 17:26:46 +13:00
$member = $this -> objFromFixture ( Member :: class , 'subadmin' );
2017-05-21 15:15:00 +12:00
Security :: setCurrentUser ( $member );
2017-01-26 09:59:25 +13:00
$this -> assertFalse ( $page -> canEdit ());
}
public function testCanViewStage ()
{
// Get page & make sure it exists on Live
2018-03-21 17:44:24 +13:00
/** @var Page $page */
$page = $this -> objFromFixture ( Page :: class , 'standardpage' );
$page -> publishSingle ();
2017-01-26 09:59:25 +13:00
// Then make sure there's a new version on Stage
$page -> Title = 1 ;
$page -> write ();
2017-03-21 17:26:46 +13:00
$editor = $this -> objFromFixture ( Member :: class , 'editor' );
$websiteuser = $this -> objFromFixture ( Member :: class , 'websiteuser' );
2017-01-26 09:59:25 +13:00
$this -> assertTrue ( $page -> canViewStage ( 'Live' , $websiteuser ));
$this -> assertFalse ( $page -> canViewStage ( 'Stage' , $websiteuser ));
$this -> assertTrue ( $page -> canViewStage ( 'Live' , $editor ));
$this -> assertTrue ( $page -> canViewStage ( 'Stage' , $editor ));
}
public function testAccessTabOnlyDisplaysWithGrantAccessPermissions ()
{
2018-03-21 17:44:24 +13:00
$page = $this -> objFromFixture ( Page :: class , 'standardpage' );
2017-01-26 09:59:25 +13:00
2017-03-21 17:26:46 +13:00
$subadminuser = $this -> objFromFixture ( Member :: class , 'subadmin' );
2017-05-21 15:15:00 +12:00
Security :: setCurrentUser ( $subadminuser );
2017-01-26 09:59:25 +13:00
$fields = $page -> getSettingsFields ();
$this -> assertFalse (
$fields -> dataFieldByName ( 'CanViewType' ) -> isReadonly (),
'Users with SITETREE_GRANT_ACCESS permission can change "view" permissions in cms fields'
);
$this -> assertFalse (
$fields -> dataFieldByName ( 'CanEditType' ) -> isReadonly (),
'Users with SITETREE_GRANT_ACCESS permission can change "edit" permissions in cms fields'
);
2017-03-21 17:26:46 +13:00
$editoruser = $this -> objFromFixture ( Member :: class , 'editor' );
2017-05-21 15:15:00 +12:00
Security :: setCurrentUser ( $editoruser );
2017-01-26 09:59:25 +13:00
$fields = $page -> getSettingsFields ();
$this -> assertTrue (
$fields -> dataFieldByName ( 'CanViewType' ) -> isReadonly (),
'Users without SITETREE_GRANT_ACCESS permission cannot change "view" permissions in cms fields'
);
$this -> assertTrue (
$fields -> dataFieldByName ( 'CanEditType' ) -> isReadonly (),
'Users without SITETREE_GRANT_ACCESS permission cannot change "edit" permissions in cms fields'
);
2021-08-18 12:35:36 +12:00
$this -> logOut ();
2017-01-26 09:59:25 +13:00
}
public function testRestrictedViewLoggedInUsers ()
{
2018-03-21 17:44:24 +13:00
$page = $this -> objFromFixture ( Page :: class , 'restrictedViewLoggedInUsers' );
2017-01-26 09:59:25 +13:00
// unauthenticated users
$this -> assertFalse (
$page -> canView ( false ),
'Unauthenticated members cant view a page marked as "Viewable for any logged in users"'
);
2021-08-18 17:18:01 +12:00
$this -> logOut ();
2017-01-26 09:59:25 +13:00
$response = $this -> get ( $page -> RelativeLink ());
$this -> assertEquals (
$response -> getStatusCode (),
302 ,
'Unauthenticated members cant view a page marked as "Viewable for any logged in users"'
);
// website users
2017-03-21 17:26:46 +13:00
$websiteuser = $this -> objFromFixture ( Member :: class , 'websiteuser' );
2017-01-26 09:59:25 +13:00
$this -> assertTrue (
$page -> canView ( $websiteuser ),
'Authenticated members can view a page marked as "Viewable for any logged in users" even if they dont have access to the CMS'
);
2021-08-18 17:18:01 +12:00
$this -> logInAs ( $websiteuser );
2017-01-26 09:59:25 +13:00
$response = $this -> get ( $page -> RelativeLink ());
$this -> assertEquals (
$response -> getStatusCode (),
200 ,
'Authenticated members can view a page marked as "Viewable for any logged in users" even if they dont have access to the CMS'
);
2021-08-18 17:18:01 +12:00
$this -> logOut ();
2017-01-26 09:59:25 +13:00
}
public function testRestrictedViewOnlyTheseUsers ()
{
2018-03-21 17:44:24 +13:00
$page = $this -> objFromFixture ( Page :: class , 'restrictedViewOnlyWebsiteUsers' );
2017-01-26 09:59:25 +13:00
// unauthenticcated users
$this -> assertFalse (
$page -> canView ( false ),
'Unauthenticated members cant view a page marked as "Viewable by these groups"'
);
2021-08-18 17:18:01 +12:00
$this -> logOut ();
2017-01-26 09:59:25 +13:00
$response = $this -> get ( $page -> RelativeLink ());
$this -> assertEquals (
$response -> getStatusCode (),
302 ,
'Unauthenticated members cant view a page marked as "Viewable by these groups"'
);
// subadmin users
2017-03-21 17:26:46 +13:00
$subadminuser = $this -> objFromFixture ( Member :: class , 'subadmin' );
2017-01-26 09:59:25 +13:00
$this -> assertFalse (
$page -> canView ( $subadminuser ),
'Authenticated members cant view a page marked as "Viewable by these groups" if theyre not in the listed groups'
);
2021-08-18 17:18:01 +12:00
$this -> LogInAs ( $subadminuser );
2017-01-26 09:59:25 +13:00
$response = $this -> get ( $page -> RelativeLink ());
$this -> assertEquals (
$response -> getStatusCode (),
403 ,
'Authenticated members cant view a page marked as "Viewable by these groups" if theyre not in the listed groups'
);
2021-08-18 17:18:01 +12:00
$this -> logOut ();
2017-01-26 09:59:25 +13:00
// website users
2017-03-21 17:26:46 +13:00
$websiteuser = $this -> objFromFixture ( Member :: class , 'websiteuser' );
2017-01-26 09:59:25 +13:00
$this -> assertTrue (
$page -> canView ( $websiteuser ),
'Authenticated members can view a page marked as "Viewable by these groups" if theyre in the listed groups'
);
2021-08-18 17:18:01 +12:00
$this -> logInAs ( $websiteuser );
2017-01-26 09:59:25 +13:00
$response = $this -> get ( $page -> RelativeLink ());
$this -> assertEquals (
$response -> getStatusCode (),
200 ,
'Authenticated members can view a page marked as "Viewable by these groups" if theyre in the listed groups'
);
2021-08-18 17:18:01 +12:00
$this -> logOut ();
2017-01-26 09:59:25 +13:00
}
public function testRestrictedEditLoggedInUsers ()
{
2018-03-21 17:44:24 +13:00
$page = $this -> objFromFixture ( Page :: class , 'restrictedEditLoggedInUsers' );
2017-01-26 09:59:25 +13:00
// unauthenticcated users
$this -> assertFalse (
$page -> canEdit ( false ),
'Unauthenticated members cant edit a page marked as "Editable by logged in users"'
);
// website users
2017-03-21 17:26:46 +13:00
$websiteuser = $this -> objFromFixture ( Member :: class , 'websiteuser' );
2017-05-21 15:15:00 +12:00
Security :: setCurrentUser ( $websiteuser );
2017-01-26 09:59:25 +13:00
$this -> assertFalse (
$page -> canEdit ( $websiteuser ),
'Authenticated members cant edit a page marked as "Editable by logged in users" if they dont have cms permissions'
);
// subadmin users
2017-03-21 17:26:46 +13:00
$subadminuser = $this -> objFromFixture ( Member :: class , 'subadmin' );
2017-01-26 09:59:25 +13:00
$this -> assertTrue (
$page -> canEdit ( $subadminuser ),
'Authenticated members can edit a page marked as "Editable by logged in users" if they have cms permissions and belong to any of these groups'
);
}
public function testRestrictedEditOnlySubadminGroup ()
{
2018-03-21 17:44:24 +13:00
$page = $this -> objFromFixture ( Page :: class , 'restrictedEditOnlySubadminGroup' );
2017-01-26 09:59:25 +13:00
// unauthenticated users
$this -> assertFalse (
$page -> canEdit ( false ),
'Unauthenticated members cant edit a page marked as "Editable by these groups"'
);
// subadmin users
2017-03-21 17:26:46 +13:00
$subadminuser = $this -> objFromFixture ( Member :: class , 'subadmin' );
2017-01-26 09:59:25 +13:00
$this -> assertTrue (
$page -> canEdit ( $subadminuser ),
'Authenticated members can view a page marked as "Editable by these groups" if theyre in the listed groups'
);
// website users
2017-03-21 17:26:46 +13:00
$websiteuser = $this -> objFromFixture ( Member :: class , 'websiteuser' );
2017-01-26 09:59:25 +13:00
$this -> assertFalse (
$page -> canEdit ( $websiteuser ),
'Authenticated members cant edit a page marked as "Editable by these groups" if theyre not in the listed groups'
);
}
public function testRestrictedViewInheritance ()
{
2018-03-21 17:44:24 +13:00
$parentPage = $this -> objFromFixture ( Page :: class , 'parent_restrictedViewOnlySubadminGroup' );
$childPage = $this -> objFromFixture ( Page :: class , 'child_restrictedViewOnlySubadminGroup' );
2017-01-26 09:59:25 +13:00
// unauthenticated users
$this -> assertFalse (
$childPage -> canView ( false ),
'Unauthenticated members cant view a page marked as "Viewable by these groups" by inherited permission'
);
2021-08-18 17:18:01 +12:00
$this -> logOut ();
2017-01-26 09:59:25 +13:00
$response = $this -> get ( $childPage -> RelativeLink ());
$this -> assertEquals (
$response -> getStatusCode (),
302 ,
'Unauthenticated members cant view a page marked as "Viewable by these groups" by inherited permission'
);
// subadmin users
2017-03-21 17:26:46 +13:00
$subadminuser = $this -> objFromFixture ( Member :: class , 'subadmin' );
2017-01-26 09:59:25 +13:00
$this -> assertTrue (
$childPage -> canView ( $subadminuser ),
'Authenticated members can view a page marked as "Viewable by these groups" if theyre in the listed groups by inherited permission'
);
2021-08-18 17:18:01 +12:00
$this -> logInAs ( $subadminuser );
2017-01-26 09:59:25 +13:00
$response = $this -> get ( $childPage -> RelativeLink ());
$this -> assertEquals (
$response -> getStatusCode (),
200 ,
'Authenticated members can view a page marked as "Viewable by these groups" if theyre in the listed groups by inherited permission'
);
2021-08-18 17:18:01 +12:00
$this -> logOut ();
2017-01-26 09:59:25 +13:00
}
public function testRestrictedEditInheritance ()
{
2018-03-21 17:44:24 +13:00
$parentPage = $this -> objFromFixture ( Page :: class , 'parent_restrictedEditOnlySubadminGroup' );
$childPage = $this -> objFromFixture ( Page :: class , 'child_restrictedEditOnlySubadminGroup' );
2017-01-26 09:59:25 +13:00
// unauthenticated users
$this -> assertFalse (
$childPage -> canEdit ( false ),
'Unauthenticated members cant edit a page marked as "Editable by these groups" by inherited permission'
);
// subadmin users
2017-03-21 17:26:46 +13:00
$subadminuser = $this -> objFromFixture ( Member :: class , 'subadmin' );
2017-01-26 09:59:25 +13:00
$this -> assertTrue (
$childPage -> canEdit ( $subadminuser ),
'Authenticated members can edit a page marked as "Editable by these groups" if theyre in the listed groups by inherited permission'
);
}
public function testDeleteRestrictedChild ()
{
2018-03-21 17:44:24 +13:00
$parentPage = $this -> objFromFixture ( Page :: class , 'deleteTestParentPage' );
$childPage = $this -> objFromFixture ( Page :: class , 'deleteTestChildPage' );
2017-01-26 09:59:25 +13:00
// unauthenticated users
$this -> assertFalse (
$parentPage -> canDelete ( false ),
'Unauthenticated members cant delete a page if it doesnt have delete permissions on any of its descendants'
);
$this -> assertFalse (
$childPage -> canDelete ( false ),
'Unauthenticated members cant delete a child page marked as "Editable by these groups"'
);
}
public function testRestrictedEditLoggedInUsersDeletedFromStage ()
{
2018-03-21 17:44:24 +13:00
$page = $this -> objFromFixture ( Page :: class , 'restrictedEditLoggedInUsers' );
2017-01-26 09:59:25 +13:00
$pageID = $page -> ID ;
$this -> logInWithPermission ( " ADMIN " );
$page -> publishRecursive ();
$page -> deleteFromStage ( 'Stage' );
// Get the live version of the page
2017-03-21 17:26:46 +13:00
$page = Versioned :: get_one_by_stage ( SiteTree :: class , Versioned :: LIVE , " \" SiteTree \" . \" ID \" = $pageID " );
2017-01-26 09:59:25 +13:00
$this -> assertTrue ( is_object ( $page ), 'Versioned::get_one_by_stage() is returning an object' );
// subadmin users
2017-03-21 17:26:46 +13:00
$subadminuser = $this -> objFromFixture ( Member :: class , 'subadmin' );
2017-01-26 09:59:25 +13:00
$this -> assertTrue (
$page -> canEdit ( $subadminuser ),
'Authenticated members can edit a page that was deleted from stage and marked as "Editable by logged in users" if they have cms permissions and belong to any of these groups'
);
}
public function testInheritCanViewFromSiteConfig ()
{
2018-03-21 17:44:24 +13:00
$page = $this -> objFromFixture ( Page :: class , 'inheritWithNoParent' );
2017-03-21 17:26:46 +13:00
$siteconfig = $this -> objFromFixture ( SiteConfig :: class , 'default' );
$editor = $this -> objFromFixture ( Member :: class , 'editor' );
$editorGroup = $this -> objFromFixture ( Group :: class , 'editorgroup' );
2017-01-26 09:59:25 +13:00
$siteconfig -> CanViewType = 'Anyone' ;
$siteconfig -> write ();
$this -> assertTrue ( $page -> canView ( false ), 'Anyone can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers' );
$siteconfig -> CanViewType = 'LoggedInUsers' ;
$siteconfig -> write ();
$this -> assertFalse ( $page -> canView ( false ), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers' );
$siteconfig -> CanViewType = 'LoggedInUsers' ;
$siteconfig -> write ();
$this -> assertTrue ( $page -> canView ( $editor ), 'Users can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers' );
$siteconfig -> CanViewType = 'OnlyTheseUsers' ;
$siteconfig -> ViewerGroups () -> add ( $editorGroup );
$siteconfig -> write ();
$this -> assertTrue ( $page -> canView ( $editor ), 'Editors can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers' );
$this -> assertFalse ( $page -> canView ( false ), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers' );
}
public function testInheritCanEditFromSiteConfig ()
{
2018-03-21 17:44:24 +13:00
$page = $this -> objFromFixture ( Page :: class , 'inheritWithNoParent' );
2017-03-21 17:26:46 +13:00
$siteconfig = $this -> objFromFixture ( SiteConfig :: class , 'default' );
$editor = $this -> objFromFixture ( Member :: class , 'editor' );
$user = $this -> objFromFixture ( Member :: class , 'websiteuser' );
$editorGroup = $this -> objFromFixture ( Group :: class , 'editorgroup' );
2017-01-26 09:59:25 +13:00
$siteconfig -> CanEditType = 'LoggedInUsers' ;
$siteconfig -> write ();
$this -> assertFalse ( $page -> canEdit ( false ), 'Anonymous can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to LoggedInUsers' );
2017-05-21 15:15:00 +12:00
Security :: setCurrentUser ( $editor );
2017-01-26 09:59:25 +13:00
$this -> assertTrue ( $page -> canEdit (), 'Users can edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to LoggedInUsers' );
$siteconfig -> CanEditType = 'OnlyTheseUsers' ;
$siteconfig -> EditorGroups () -> add ( $editorGroup );
$siteconfig -> write ();
$this -> assertTrue ( $page -> canEdit ( $editor ), 'Editors can edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers' );
2017-05-21 15:15:00 +12:00
Security :: setCurrentUser ( null );
2017-01-26 09:59:25 +13:00
$this -> assertFalse ( $page -> canEdit ( false ), 'Anonymous can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers' );
2017-05-21 15:15:00 +12:00
Security :: setCurrentUser ( $user );
2017-01-26 09:59:25 +13:00
$this -> assertFalse ( $page -> canEdit ( $user ), 'Website user can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers' );
}
2011-03-18 16:23:47 +13:00
}