diff --git a/code/Controllers/CMSMain.php b/code/Controllers/CMSMain.php index 08e09a96..6d271c9f 100644 --- a/code/Controllers/CMSMain.php +++ b/code/Controllers/CMSMain.php @@ -756,7 +756,7 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr if (!SecurityToken::inst()->checkRequest($request)) { return $this->httpError(400); } - if (!Permission::check('SITETREE_REORGANISE') && !Permission::check('ADMIN')) { + if (!$this->CanOrganiseSitetree()) { return $this->httpError( 403, _t( @@ -862,11 +862,16 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr ->setBody(json_encode($statusUpdates)); } + /** + * Whatever the current member has the permission to reorganise SiteTree objects. + * @return bool + */ public function CanOrganiseSitetree() { - return !Permission::check('SITETREE_REORGANISE') && !Permission::check('ADMIN') ? false : true; + return Permission::check('SITETREE_REORGANISE'); } + /** * @return boolean */ diff --git a/tests/php/Controllers/CMSMainTest.php b/tests/php/Controllers/CMSMainTest.php index 01a8444a..9f28bb82 100644 --- a/tests/php/Controllers/CMSMainTest.php +++ b/tests/php/Controllers/CMSMainTest.php @@ -660,4 +660,24 @@ class CMSMainTest extends FunctionalTest $searchSchema ); } + + public function testCanOrganiseSitetree() + { + $cms = CMSMain::create(); + + $this->assertFalse($cms->CanOrganiseSitetree()); + + $this->logInWithPermission('CMS_ACCESS_CMSMain'); + $this->assertFalse($cms->CanOrganiseSitetree()); + + $this->logOut(); + $this->logInWithPermission('SITETREE_REORGANISE'); + $this->assertTrue($cms->CanOrganiseSitetree()); + + $this->logOut(); + $this->logInWithPermission('ADMIN'); + $this->assertTrue($cms->CanOrganiseSitetree()); + + + } }