mirror of
https://github.com/silverstripe/silverstripe-cms
synced 2024-10-22 08:05:56 +02:00
BUG Enforce $allowed_children in controllers on page creation (fixes #7694)
Original bug fix contributed by @kmayo-ss
This commit is contained in:
parent
e5401668fa
commit
1cd82e2db1
@ -1511,7 +1511,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||||||
// deconstructs any inheritance trees already.
|
// deconstructs any inheritance trees already.
|
||||||
$allowed = $parent->allowedChildren();
|
$allowed = $parent->allowedChildren();
|
||||||
$subject = ($this instanceof VirtualPage) ? $this->CopyContentFrom() : $this;
|
$subject = ($this instanceof VirtualPage) ? $this->CopyContentFrom() : $this;
|
||||||
if($subject->ID && !in_array($subject->ClassName, $allowed)) {
|
if(!in_array($subject->ClassName, $allowed)) {
|
||||||
|
|
||||||
$result->error(
|
$result->error(
|
||||||
_t(
|
_t(
|
||||||
|
@ -4,6 +4,7 @@
|
|||||||
* @subpackage tests
|
* @subpackage tests
|
||||||
*/
|
*/
|
||||||
class CMSMainTest extends FunctionalTest {
|
class CMSMainTest extends FunctionalTest {
|
||||||
|
|
||||||
static $fixture_file = 'CMSMainTest.yml';
|
static $fixture_file = 'CMSMainTest.yml';
|
||||||
|
|
||||||
protected $autoFollowRedirection = false;
|
protected $autoFollowRedirection = false;
|
||||||
@ -221,6 +222,44 @@ class CMSMainTest extends FunctionalTest {
|
|||||||
$this->session()->inst_set('loggedInAs', NULL);
|
$this->session()->inst_set('loggedInAs', NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testCreationOfRestrictedPage(){
|
||||||
|
$adminUser = $this->objFromFixture('Member', 'admin');
|
||||||
|
$adminUser->logIn();
|
||||||
|
|
||||||
|
// Create toplevel page
|
||||||
|
$this->get('admin/pages/add');
|
||||||
|
$response = $this->post(
|
||||||
|
'admin/pages/add/AddForm',
|
||||||
|
array('ParentID' => '0', 'PageType' => 'CMSMainTest_ClassA', 'Locale' => 'en_US', 'action_doAdd' => 1)
|
||||||
|
);
|
||||||
|
$this->assertFalse($response->isError());
|
||||||
|
preg_match('/edit\/show\/(\d*)/', $response->getHeader('Location'), $matches);
|
||||||
|
$newPageId = $matches[1];
|
||||||
|
|
||||||
|
// Create allowed child
|
||||||
|
$this->get('admin/pages/add');
|
||||||
|
$response = $this->post(
|
||||||
|
'admin/pages/add/AddForm',
|
||||||
|
array('ParentID' => $newPageId, 'PageType' => 'CMSMainTest_ClassB', 'Locale' => 'en_US', 'action_doAdd' => 1)
|
||||||
|
);
|
||||||
|
$this->assertFalse($response->isError());
|
||||||
|
$this->assertNull($response->getBody());
|
||||||
|
|
||||||
|
// Create disallowed child
|
||||||
|
$this->get('admin/pages/add');
|
||||||
|
$response = $this->post(
|
||||||
|
'admin/pages/add/AddForm',
|
||||||
|
array('ParentID' => $newPageId, 'PageType' => 'Page', 'Locale' => 'en_US', 'action_doAdd' => 1)
|
||||||
|
);
|
||||||
|
$this->assertFalse($response->isError());
|
||||||
|
$this->assertContains(
|
||||||
|
_t('SiteTree.PageTypeNotAllowed', array('type' => 'Page')),
|
||||||
|
$response->getBody()
|
||||||
|
);
|
||||||
|
|
||||||
|
$this->session()->inst_set('loggedInAs', NULL);
|
||||||
|
}
|
||||||
|
|
||||||
function testBreadcrumbs() {
|
function testBreadcrumbs() {
|
||||||
$page3 = $this->objFromFixture('Page', 'page3');
|
$page3 = $this->objFromFixture('Page', 'page3');
|
||||||
$page31 = $this->objFromFixture('Page', 'page31');
|
$page31 = $this->objFromFixture('Page', 'page31');
|
||||||
@ -239,3 +278,11 @@ class CMSMainTest extends FunctionalTest {
|
|||||||
$this->session()->inst_set('loggedInAs', null);
|
$this->session()->inst_set('loggedInAs', null);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
class CMSMainTest_ClassA extends Page implements TestOnly {
|
||||||
|
static $allowed_children = array('CMSMainTest_ClassB');
|
||||||
|
}
|
||||||
|
|
||||||
|
class CMSMainTest_ClassB extends Page implements TestOnly {
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user