BUGFIX: Ticket #4805

added a canCreateTopLevel() if there is no parent object in CMSMain.php added testCreationOfTopLevelPage toCMSMainTest.php added the nessessary 'database entries' in the CMSMainTest.yml git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@98001 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-06-18 10:41:39 +02:00 · 2010-02-02 04:50:28 +00:00 · 2010-02-02 04:50:28 +00:00 · 48a7c1ee87
commit 48a7c1ee87
parent 3a61db6221
3 changed files with 44 additions and 3 deletions
--- a/code/CMSMain.php
+++ b/code/CMSMain.php
@ -494,8 +494,13 @@ JS;
 		if(is_numeric($parent)) $parentObj = DataObject::get_by_id("SiteTree", $parent);
 		if(!$parentObj || !$parentObj->ID) $parent = 0;
 		
-		if($parentObj && !$parentObj->canAddChildren()) return Security::permissionFailure($this);
-		if(!singleton($className)->canCreate()) return Security::permissionFailure($this);
+		if($parentObj){
+			if(!$parentObj->canAddChildren()) return Security::permissionFailure($this);
+			if(!singleton($className)->canCreate()) return Security::permissionFailure($this);
+		}else{
+			if(!SiteConfig::current_site_config()->canCreateTopLevel())
+				return Security::permissionFailure($this);
+		}

 		$p = $this->getNewItem("new-$className-$parent".$suffix, false);
 		$p->Locale = $_REQUEST['Locale'];
--- a/tests/CMSMainTest.php
+++ b/tests/CMSMainTest.php
@ -163,4 +163,24 @@ class CMSMainTest extends FunctionalTest {
 		$result = $this->get('admin/getfilteredsubtree?filter=CMSSiteTreeFilter_DeletedPages&ajax=1&ID=' . $id);
 		$this->assertEquals(200, $result->getStatusCode());
 	}
+	
+	function testCreationOfTopLevelPage(){
+		$cmsUser = $this->objFromFixture('Member', 'allcmssectionsuser');
+		$rootEditUser = $this->objFromFixture('Member', 'rootedituser');
+
+		// with insufficient permissions
+		$cmsUser->logIn();
+		$response = $this->post('admin/addpage', array('ParentID' => '0', 'PageType' => 'Page', 'Locale' => 'en_US'));
+		// should redirect, which is a permission error
+		$this->assertEquals(403, $response->getStatusCode(), 'Add TopLevel page must fail for normal user');
+
+		// with correct permissions
+		$rootEditUser->logIn();
+		$response = $this->post('admin/addpage', array('ParentID' => '0', 'PageType' => 'Page', 'Locale' => 'en_US'));
+		$this->assertEquals(302, $response->getStatusCode(), 'Must be a redirect on success');
+		$location=$response->getHeader('Location');
+		$this->assertContains('/show/',$location, 'Must redirect to /show/ the new page');
+		// TODO Logout
+		$this->session()->inst_set('loggedInAs', NULL);
+	}
 }
--- a/tests/CMSMainTest.yml
+++ b/tests/CMSMainTest.yml
@ -25,6 +25,8 @@ Group:
      Title: assetsonly
   allcmssections:
      Title: allcmssections
+   rooteditusers:
+      Title: rooteditusers
 Member:
   admin:
      Email: admin@example.com
@ -36,6 +38,9 @@ Member:
   allcmssectionsuser:
      Email: allcmssectionsuser@test.com
      Groups: =>Group.allcmssections
+   rootedituser:
+      Email: rootedituser@test.com
+      Groups: =>Group.rooteditusers
 Permission:
   admin:
      Code: ADMIN
@ -45,4 +50,15 @@ Permission:
      GroupID: =>Group.assetsonly
   allcmssections:
      Code: CMS_ACCESS_LeftAndMain
-      GroupID: =>Group.allcmssections
+      GroupID: =>Group.allcmssections
+   allcmssections2:
+      Code: CMS_ACCESS_LeftAndMain
+      GroupID: =>Group.rooteditusers
+SiteConfig:
+   siteconfig1:
+      EditorGroups: =>Group.rooteditusers
+      CanCreateTopLevelType: 'OnlyTheseUsers'
+SiteConfig_CreateTopLevelGroups:
+   createtoplevelgroups1:
+      siteconfigid:  1
+      GroupID: =>Group.rooteditusers