BUGFIX: Ticket #4805

added a canCreateTopLevel() if there is no parent object in CMSMain.php 
added testCreationOfTopLevelPage toCMSMainTest.php
added the nessessary 'database entries' in the CMSMainTest.yml 

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@98001 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Frank Winkelmann 2010-02-02 04:50:28 +00:00 committed by Sam Minnee
parent 3a61db6221
commit 48a7c1ee87
3 changed files with 44 additions and 3 deletions

View File

@ -494,8 +494,13 @@ JS;
if(is_numeric($parent)) $parentObj = DataObject::get_by_id("SiteTree", $parent);
if(!$parentObj || !$parentObj->ID) $parent = 0;
if($parentObj && !$parentObj->canAddChildren()) return Security::permissionFailure($this);
if($parentObj){
if(!$parentObj->canAddChildren()) return Security::permissionFailure($this);
if(!singleton($className)->canCreate()) return Security::permissionFailure($this);
}else{
if(!SiteConfig::current_site_config()->canCreateTopLevel())
return Security::permissionFailure($this);
}
$p = $this->getNewItem("new-$className-$parent".$suffix, false);
$p->Locale = $_REQUEST['Locale'];

View File

@ -163,4 +163,24 @@ class CMSMainTest extends FunctionalTest {
$result = $this->get('admin/getfilteredsubtree?filter=CMSSiteTreeFilter_DeletedPages&ajax=1&ID=' . $id);
$this->assertEquals(200, $result->getStatusCode());
}
function testCreationOfTopLevelPage(){
$cmsUser = $this->objFromFixture('Member', 'allcmssectionsuser');
$rootEditUser = $this->objFromFixture('Member', 'rootedituser');
// with insufficient permissions
$cmsUser->logIn();
$response = $this->post('admin/addpage', array('ParentID' => '0', 'PageType' => 'Page', 'Locale' => 'en_US'));
// should redirect, which is a permission error
$this->assertEquals(403, $response->getStatusCode(), 'Add TopLevel page must fail for normal user');
// with correct permissions
$rootEditUser->logIn();
$response = $this->post('admin/addpage', array('ParentID' => '0', 'PageType' => 'Page', 'Locale' => 'en_US'));
$this->assertEquals(302, $response->getStatusCode(), 'Must be a redirect on success');
$location=$response->getHeader('Location');
$this->assertContains('/show/',$location, 'Must redirect to /show/ the new page');
// TODO Logout
$this->session()->inst_set('loggedInAs', NULL);
}
}

View File

@ -25,6 +25,8 @@ Group:
Title: assetsonly
allcmssections:
Title: allcmssections
rooteditusers:
Title: rooteditusers
Member:
admin:
Email: admin@example.com
@ -36,6 +38,9 @@ Member:
allcmssectionsuser:
Email: allcmssectionsuser@test.com
Groups: =>Group.allcmssections
rootedituser:
Email: rootedituser@test.com
Groups: =>Group.rooteditusers
Permission:
admin:
Code: ADMIN
@ -46,3 +51,14 @@ Permission:
allcmssections:
Code: CMS_ACCESS_LeftAndMain
GroupID: =>Group.allcmssections
allcmssections2:
Code: CMS_ACCESS_LeftAndMain
GroupID: =>Group.rooteditusers
SiteConfig:
siteconfig1:
EditorGroups: =>Group.rooteditusers
CanCreateTopLevelType: 'OnlyTheseUsers'
SiteConfig_CreateTopLevelGroups:
createtoplevelgroups1:
siteconfigid: 1
GroupID: =>Group.rooteditusers