From b89cb9b01863d4c263d1d83a98de2b361afd5dc1 Mon Sep 17 00:00:00 2001
From: Mateusz Uzdowski <mateusz@silverstripe.com>
Date: Thu, 17 Dec 2009 21:53:03 +0000
Subject: [PATCH] BUGFIX: fixing CMS_ACCESS_LeftAndMain permission (=access all
 cms sections). Also added the test.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@95788 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 code/LeftAndMain.php      |  3 ++-
 tests/CMSMainTest.yml     | 10 +++++++++-
 tests/LeftAndMainTest.php | 11 +++++++++++
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/code/LeftAndMain.php b/code/LeftAndMain.php
index df890236..c9efbb68 100644
--- a/code/LeftAndMain.php
+++ b/code/LeftAndMain.php
@@ -83,7 +83,8 @@ class LeftAndMain extends Controller {
 		}
 			
 		// Default security check for LeftAndMain sub-class permissions
-		if(!Permission::checkMember($member, "CMS_ACCESS_$this->class")) {
+		if(!Permission::checkMember($member, "CMS_ACCESS_$this->class") && 
+		   !Permission::checkMember($member, "CMS_ACCESS_LeftAndMain")) {
 			return false;
 		}
 		
diff --git a/tests/CMSMainTest.yml b/tests/CMSMainTest.yml
index 94384142..0b7fc3f5 100644
--- a/tests/CMSMainTest.yml
+++ b/tests/CMSMainTest.yml
@@ -17,6 +17,8 @@ Group:
       Title: Empty Group
    assetsonly:
       Title: assetsonly
+   allcmssections:
+      Title: allcmssections
 Member:
    admin:
       Email: admin@example.com
@@ -25,10 +27,16 @@ Member:
    assetsonlyuser:
       Email: assetsonlyuser@test.com
       Groups: =>Group.assetsonly
+   allcmssectionsuser:
+      Email: allcmssectionsuser@test.com
+      Groups: =>Group.allcmssections
 Permission:
    admin:
       Code: ADMIN
       GroupID: =>Group.admin
    assetsonly:
       Code: CMS_ACCESS_AssetAdmin
-      GroupID: =>Group.assetsonly
\ No newline at end of file
+      GroupID: =>Group.assetsonly
+   allcmssections:
+      Code: CMS_ACCESS_LeftAndMain
+      GroupID: =>Group.allcmssections
\ No newline at end of file
diff --git a/tests/LeftAndMainTest.php b/tests/LeftAndMainTest.php
index 8f9cad55..6835f7c1 100644
--- a/tests/LeftAndMainTest.php
+++ b/tests/LeftAndMainTest.php
@@ -45,6 +45,7 @@ class LeftAndMainTest extends FunctionalTest {
 	function testCanView() {
 		$adminuser = $this->objFromFixture('Member', 'admin');
 		$assetsonlyuser = $this->objFromFixture('Member', 'assetsonlyuser');
+		$allcmssectionsuser = $this->objFromFixture('Member', 'allcmssectionsuser');
 		
 		// anonymous user
 		$this->session()->inst_set('loggedInAs', null);
@@ -64,6 +65,16 @@ class LeftAndMainTest extends FunctionalTest {
 			'Groups with limited access can only access the interfaces they have permissions for'
 		);
 		
+		// all cms sections user
+		$this->session()->inst_set('loggedInAs', $allcmssectionsuser->ID);
+		$menuItems = singleton('LeftAndMain')->MainMenu();
+		$requiredSections = array('CMSMain','AssetAdmin','CommentAdmin','SecurityAdmin','Help');
+		$this->assertEquals(
+			array_diff($requiredSections, $menuItems->column('Code')),
+			array(),
+			'Group with CMS_ACCESS_LeftAndMain permission can access all sections'
+		);
+		
 		// admin
 		$this->session()->inst_set('loggedInAs', $adminuser->ID);
 		$menuItems = singleton('LeftAndMain')->MainMenu();