From 48a7c1ee87955524a65a128cfd538bde52fefe2c Mon Sep 17 00:00:00 2001 From: Frank Winkelmann Date: Tue, 2 Feb 2010 04:50:28 +0000 Subject: [PATCH] BUGFIX: Ticket #4805 added a canCreateTopLevel() if there is no parent object in CMSMain.php added testCreationOfTopLevelPage toCMSMainTest.php added the nessessary 'database entries' in the CMSMainTest.yml git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@98001 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- code/CMSMain.php | 9 +++++++-- tests/CMSMainTest.php | 20 ++++++++++++++++++++ tests/CMSMainTest.yml | 18 +++++++++++++++++- 3 files changed, 44 insertions(+), 3 deletions(-) diff --git a/code/CMSMain.php b/code/CMSMain.php index bad3c804..23172ff9 100755 --- a/code/CMSMain.php +++ b/code/CMSMain.php @@ -494,8 +494,13 @@ JS; if(is_numeric($parent)) $parentObj = DataObject::get_by_id("SiteTree", $parent); if(!$parentObj || !$parentObj->ID) $parent = 0; - if($parentObj && !$parentObj->canAddChildren()) return Security::permissionFailure($this); - if(!singleton($className)->canCreate()) return Security::permissionFailure($this); + if($parentObj){ + if(!$parentObj->canAddChildren()) return Security::permissionFailure($this); + if(!singleton($className)->canCreate()) return Security::permissionFailure($this); + }else{ + if(!SiteConfig::current_site_config()->canCreateTopLevel()) + return Security::permissionFailure($this); + } $p = $this->getNewItem("new-$className-$parent".$suffix, false); $p->Locale = $_REQUEST['Locale']; diff --git a/tests/CMSMainTest.php b/tests/CMSMainTest.php index 5de6d15c..266b6592 100644 --- a/tests/CMSMainTest.php +++ b/tests/CMSMainTest.php @@ -163,4 +163,24 @@ class CMSMainTest extends FunctionalTest { $result = $this->get('admin/getfilteredsubtree?filter=CMSSiteTreeFilter_DeletedPages&ajax=1&ID=' . $id); $this->assertEquals(200, $result->getStatusCode()); } + + function testCreationOfTopLevelPage(){ + $cmsUser = $this->objFromFixture('Member', 'allcmssectionsuser'); + $rootEditUser = $this->objFromFixture('Member', 'rootedituser'); + + // with insufficient permissions + $cmsUser->logIn(); + $response = $this->post('admin/addpage', array('ParentID' => '0', 'PageType' => 'Page', 'Locale' => 'en_US')); + // should redirect, which is a permission error + $this->assertEquals(403, $response->getStatusCode(), 'Add TopLevel page must fail for normal user'); + + // with correct permissions + $rootEditUser->logIn(); + $response = $this->post('admin/addpage', array('ParentID' => '0', 'PageType' => 'Page', 'Locale' => 'en_US')); + $this->assertEquals(302, $response->getStatusCode(), 'Must be a redirect on success'); + $location=$response->getHeader('Location'); + $this->assertContains('/show/',$location, 'Must redirect to /show/ the new page'); + // TODO Logout + $this->session()->inst_set('loggedInAs', NULL); + } } diff --git a/tests/CMSMainTest.yml b/tests/CMSMainTest.yml index 2288554f..32285a2b 100644 --- a/tests/CMSMainTest.yml +++ b/tests/CMSMainTest.yml @@ -25,6 +25,8 @@ Group: Title: assetsonly allcmssections: Title: allcmssections + rooteditusers: + Title: rooteditusers Member: admin: Email: admin@example.com @@ -36,6 +38,9 @@ Member: allcmssectionsuser: Email: allcmssectionsuser@test.com Groups: =>Group.allcmssections + rootedituser: + Email: rootedituser@test.com + Groups: =>Group.rooteditusers Permission: admin: Code: ADMIN @@ -45,4 +50,15 @@ Permission: GroupID: =>Group.assetsonly allcmssections: Code: CMS_ACCESS_LeftAndMain - GroupID: =>Group.allcmssections \ No newline at end of file + GroupID: =>Group.allcmssections + allcmssections2: + Code: CMS_ACCESS_LeftAndMain + GroupID: =>Group.rooteditusers +SiteConfig: + siteconfig1: + EditorGroups: =>Group.rooteditusers + CanCreateTopLevelType: 'OnlyTheseUsers' +SiteConfig_CreateTopLevelGroups: + createtoplevelgroups1: + siteconfigid: 1 + GroupID: =>Group.rooteditusers