tonyair/silverstripe-cms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-cms synced 2024-09-27 20:06:43 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX: fixing CMS_ACCESS_LeftAndMain permission (=access all cms sections). Also added the test.

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@95788 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Mateusz Uzdowski 2009-12-17 21:53:03 +00:00 committed by Sam Minnee
parent 177b3998b3
commit b89cb9b018
3 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
code/LeftAndMain.php
View File

@ -83,7 +83,8 @@ class LeftAndMain extends Controller {
}
// Default security check for LeftAndMain sub-class permissions
if(!Permission::checkMember($member, "CMS_ACCESS_$this->class")) {
if(!Permission::checkMember($member, "CMS_ACCESS_$this->class") &&
!Permission::checkMember($member, "CMS_ACCESS_LeftAndMain")) {
return false;
}

10
tests/CMSMainTest.yml
View File

@ -17,6 +17,8 @@ Group:
Title: Empty Group
assetsonly:
Title: assetsonly
allcmssections:
Title: allcmssections
Member:
admin:
Email: admin@example.com
@ -25,10 +27,16 @@ Member:
assetsonlyuser:
Email: assetsonlyuser@test.com
Groups: =>Group.assetsonly
allcmssectionsuser:
Email: allcmssectionsuser@test.com
Groups: =>Group.allcmssections
Permission:
admin:
Code: ADMIN
GroupID: =>Group.admin
assetsonly:
Code: CMS_ACCESS_AssetAdmin
GroupID: =>Group.assetsonly
GroupID: =>Group.assetsonly
allcmssections:
Code: CMS_ACCESS_LeftAndMain
GroupID: =>Group.allcmssections

11
tests/LeftAndMainTest.php
View File

@ -45,6 +45,7 @@ class LeftAndMainTest extends FunctionalTest {
function testCanView() {
$adminuser = $this->objFromFixture('Member', 'admin');
$assetsonlyuser = $this->objFromFixture('Member', 'assetsonlyuser');
$allcmssectionsuser = $this->objFromFixture('Member', 'allcmssectionsuser');
// anonymous user
$this->session()->inst_set('loggedInAs', null);
@ -64,6 +65,16 @@ class LeftAndMainTest extends FunctionalTest {
'Groups with limited access can only access the interfaces they have permissions for'
);
// all cms sections user
$this->session()->inst_set('loggedInAs', $allcmssectionsuser->ID);
$menuItems = singleton('LeftAndMain')->MainMenu();
$requiredSections = array('CMSMain','AssetAdmin','CommentAdmin','SecurityAdmin','Help');
$this->assertEquals(
array_diff($requiredSections, $menuItems->column('Code')),
array(),
'Group with CMS_ACCESS_LeftAndMain permission can access all sections'
);
// admin
$this->session()->inst_set('loggedInAs', $adminuser->ID);
$menuItems = singleton('LeftAndMain')->MainMenu();