From a2a4957fa5b45eb549756669b4260a685cba7396 Mon Sep 17 00:00:00 2001
From: Naomi Guyer <naomi@silverstripe.com>
Date: Wed, 7 Aug 2013 13:46:40 +1200
Subject: [PATCH 1/8] BUG: Context menu too long (Fixes #811)

Added javascript to add and remove classes on context sub menus, to
allow for multi column layout.
---
 javascript/CMSMain.Tree.js | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/javascript/CMSMain.Tree.js b/javascript/CMSMain.Tree.js
index e866f440..f5713c1d 100644
--- a/javascript/CMSMain.Tree.js
+++ b/javascript/CMSMain.Tree.js
@@ -2,6 +2,40 @@
 
 	$.entwine('ss.tree', function($){
 		$('.cms-tree').entwine({
+			onadd: function(){
+				var self = this;
+				$(document).on('context_show.vakata', function(){
+					self.adjustContextClass(this);
+				});
+
+				this._super();
+			},
+			/*
+			 * Add and remove classes from context menus to allow for
+			 * adjusting the display
+			 */
+			adjustContextClass: function(){
+				var menus = $('#vakata-contextmenu').find("ul ul");
+
+				menus.each(function(i){
+					var col = "1", 
+						count = $(menus[i]).find('li').length;
+
+					//Assign columns to menus over 10 items long
+					if(count > 20){
+						col = "3"; 
+					}else if(count > 10){
+						col = "2"; 
+					}
+
+					$(menus[i]).addClass('col-' + col).removeClass('right');
+
+					//Remove "right" class that jstree adds on mouseenter
+					$(menus[i]).find('li').on("mouseenter", function (e) { 
+						$(this).parent('ul').removeClass("right");
+					});
+				});
+			},
 			getTreeConfig: function() {
 				var self = this, config = this._super(), hints = this.getHints();
 				config.plugins.push('contextmenu');
@@ -101,7 +135,7 @@
 										);
 									}
 								}
-							]									
+							]
 						};
 
 						return menuitems;

From 2fae9280e58849530fddb49bca8f0a423cf356e7 Mon Sep 17 00:00:00 2001
From: Hamish Friedlander <hamish@silverstripe.com>
Date: Thu, 8 Aug 2013 17:17:35 +1200
Subject: [PATCH 2/8] FIX ArchiveDate enforcement

---
 code/controllers/ContentController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/code/controllers/ContentController.php b/code/controllers/ContentController.php
index 0ff261c5..9851f9df 100644
--- a/code/controllers/ContentController.php
+++ b/code/controllers/ContentController.php
@@ -108,7 +108,7 @@ class ContentController extends Controller {
 
 		// Draft/Archive security check - only CMS users should be able to look at stage/archived content
 		if($this->URLSegment != 'Security' && !Session::get('unsecuredDraftSite') && (Versioned::current_archived_date() || (Versioned::current_stage() && Versioned::current_stage() != 'Live'))) {
-			if(!$this->dataRecord->canViewStage(Versioned::current_stage())) {
+			if(!$this->dataRecord->canViewStage(Versioned::current_archived_date() ? 'Stage' : Versioned::current_stage())) {
 				$link = $this->Link();
 				$message = _t("ContentController.DRAFT_SITE_ACCESS_RESTRICTION", 'You must log in with your CMS password in order to view the draft or archived content.  <a href="%s">Click here to go back to the published site.</a>');
 				Session::clear('currentStage');

From b1664f86a430e52f65d12019ef4367eaa7a96c4e Mon Sep 17 00:00:00 2001
From: Simon Welsh <simon@simon.geek.nz>
Date: Fri, 9 Aug 2013 10:45:09 +1200
Subject: [PATCH 3/8] FIX Check for stage and drafts in SiteTree::canView()

---
 code/model/SiteTree.php         | 17 +++++++++++++++++
 tests/search/SearchFormTest.php |  9 +++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/code/model/SiteTree.php b/code/model/SiteTree.php
index 19a5d171..9801f8ea 100644
--- a/code/model/SiteTree.php
+++ b/code/model/SiteTree.php
@@ -787,6 +787,23 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
 		// admin override
 		if($member && Permission::checkMember($member, array("ADMIN", "SITETREE_VIEW_ALL"))) return true;
 
+		// make sure we were loaded off an allowed stage
+
+		// Were we definitely loaded directly off Live during our query?
+		$fromLive = true;
+
+		foreach (array('mode' => 'stage', 'stage' => 'live') as $param => $match) {
+			$fromLive = $fromLive && strtolower((string)$this->getSourceQueryParam("Versioned.$param")) == $match;
+		}
+
+		if(!$fromLive
+			&& !Session::get('unsecuredDraftSite')
+			&& !Permission::checkMember($member, array('CMS_ACCESS_CMSMain', 'VIEW_DRAFT_CONTENT'))) {
+			// If we weren't definitely loaded from live, and we can't view non-live content, we need to
+			// check to make sure this version is the live version and so can be viewed
+			if (Versioned::get_versionnumber_by_stage($this->class, 'Live', $this->ID) != $this->Version) return false;
+		}
+
 		// Standard mechanism for accepting permission changes from extensions
 		$extended = $this->extendedCan('canView', $member);
 		if($extended !== null) return $extended;
diff --git a/tests/search/SearchFormTest.php b/tests/search/SearchFormTest.php
index c0794fa0..257525b5 100644
--- a/tests/search/SearchFormTest.php
+++ b/tests/search/SearchFormTest.php
@@ -88,6 +88,7 @@ class ZZZSearchFormTest extends FunctionalTest {
 		$sf = new SearchForm($this->mockController, 'SearchForm');
 		
 		$page = $this->objFromFixture('SiteTree', 'restrictedViewLoggedInUsers');
+		$page->publish('Stage', 'Live');
 		$results = $sf->getResults(null, array('Search'=>'restrictedViewLoggedInUsers'));
 		$this->assertNotContains(
 			$page->ID,
@@ -110,6 +111,7 @@ class ZZZSearchFormTest extends FunctionalTest {
 		$sf = new SearchForm($this->mockController, 'SearchForm');
 		
 		$page = $this->objFromFixture('SiteTree', 'restrictedViewOnlyWebsiteUsers');
+		$page->publish('Stage', 'Live');
 		$results = $sf->getResults(null, array('Search'=>'restrictedViewOnlyWebsiteUsers'));
 		$this->assertNotContains(
 			$page->ID,
@@ -138,11 +140,14 @@ class ZZZSearchFormTest extends FunctionalTest {
 		$member->logOut();
 	}
 	
-	public function testInheritedRestrictedPagesNotInlucded() {
+	public function testInheritedRestrictedPagesNotIncluded() {
 		$sf = new SearchForm($this->mockController, 'SearchForm');
+
+		$parent = $this->objFromFixture('SiteTree', 'restrictedViewLoggedInUsers');
+		$parent->publish('Stage', 'Live');
 		
 		$page = $this->objFromFixture('SiteTree', 'inheritRestrictedView');
-		
+		$page->publish('Stage', 'Live');
 		$results = $sf->getResults(null, array('Search'=>'inheritRestrictedView'));
 		$this->assertNotContains(
 			$page->ID,

From bb86373ab905f879cdafa04375346ca44511a8cc Mon Sep 17 00:00:00 2001
From: Shea Dawson <shea@livesource.co.nz>
Date: Mon, 19 Aug 2013 11:18:37 +1000
Subject: [PATCH 4/8] CMS tree pane to scroll to the page being edited. Fixes
 #827

---
 javascript/CMSMain.Tree.js | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/javascript/CMSMain.Tree.js b/javascript/CMSMain.Tree.js
index e866f440..5c3d2bc5 100644
--- a/javascript/CMSMain.Tree.js
+++ b/javascript/CMSMain.Tree.js
@@ -110,6 +110,18 @@
 				return config;
 			}
 		});
+		
+		// Scroll tree down to context of the current page
+		$('.cms-tree a.jstree-clicked').entwine({
+            onmatch: function(){
+                var self = this,
+                	panel = self.parents('.cms-panel-content');
+
+                panel.animate({
+                    scrollTop: self.offset().top - (panel.height() / 2)
+                }, 'slow'); 
+            }
+        });
 	});
 
 }(jQuery));

From 26bca388e885cf8336fe531f1efc7bfa231da400 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Tue, 20 Aug 2013 15:20:44 +0200
Subject: [PATCH 5/8] Revert "Updated siteconfig layout to be more like
 modeladmin"

This reverts commit afd9f282790ae426eb8c841d43e7485d4e1dc7d1.
See https://github.com/silverstripe/silverstripe-cms/issues/830
---
 code/controllers/CMSSettingsController.php    |  3 +-
 .../Includes/CMSSettingsController_Content.ss |  7 ++-
 .../CMSSettingsController_EditForm.ss         | 52 +++++++++----------
 3 files changed, 29 insertions(+), 33 deletions(-)

diff --git a/code/controllers/CMSSettingsController.php b/code/controllers/CMSSettingsController.php
index 986157c2..8b2404db 100644
--- a/code/controllers/CMSSettingsController.php
+++ b/code/controllers/CMSSettingsController.php
@@ -41,7 +41,8 @@ class CMSSettingsController extends LeftAndMain {
 			$this, 'EditForm', $fields, $actions
 		)->setHTMLID('Form_EditForm');
 		$form->setResponseNegotiator($this->getResponseNegotiator());
-		$form->addExtraClass('cms-add-form cms-content center cms-edit-form');
+		$form->addExtraClass('root-form');
+		$form->addExtraClass('cms-edit-form cms-panel-padded center');
 		// don't add data-pjax-fragment=CurrentForm, its added in the content template instead
 
 		if($form->Fields()->hasTabset()) $form->Fields()->findOrMakeTab('Root')->setTemplate('CMSTabSet');
diff --git a/templates/Includes/CMSSettingsController_Content.ss b/templates/Includes/CMSSettingsController_Content.ss
index c10e458e..900872c0 100644
--- a/templates/Includes/CMSSettingsController_Content.ss
+++ b/templates/Includes/CMSSettingsController_Content.ss
@@ -1,4 +1,4 @@
-<div id="settings-controller-cms-content" class="cms-content cms-edit-form center cms-tabset $BaseCSSClasses" data-layout-type="border" data-pjax-fragment="Content CurrentForm">
+<div id="settings-controller-cms-content" class="cms-content center cms-tabset $BaseCSSClasses" data-layout-type="border" data-pjax-fragment="Content CurrentForm">
 
 	<div class="cms-content-header north">
 		<% with $EditForm %>
@@ -7,10 +7,9 @@
 					<% include CMSBreadcrumbs %>
 				<% end_with %>
 			</div>
-
 			<% if $Fields.hasTabset %>
 				<% with $Fields.fieldByName('Root') %>
-				<div class="cms-content-header-tabs cms-tabset-nav-primary ss-ui-tabs-nav">
+				<div class="cms-content-header-tabs">
 					<ul class="cms-tabset-nav-primary">
 					<% loop $Tabs %>
 						<li<% if $extraClass %> class="$extraClass"<% end_if %>><a href="#$id">$Title</a></li>
@@ -28,4 +27,4 @@
 
 	</div>
 
-</div>
\ No newline at end of file
+</div>
diff --git a/templates/Includes/CMSSettingsController_EditForm.ss b/templates/Includes/CMSSettingsController_EditForm.ss
index 6ffc7fc9..b7f5f3ca 100644
--- a/templates/Includes/CMSSettingsController_EditForm.ss
+++ b/templates/Includes/CMSSettingsController_EditForm.ss
@@ -1,33 +1,29 @@
-<form $FormAttributes data-layout-type="border">
+<form $FormAttributes>
 
-	<div class="cms-content-fields center">
-		<% if $Message %>
-		<p id="{$FormName}_error" class="message $MessageType">$Message</p>
-		<% else %>
-		<p id="{$FormName}_error" class="message $MessageType" style="display: none"></p>
-		<% end_if %>
+	<% if $Message %>
+	<p id="{$FormName}_error" class="message $MessageType">$Message</p>
+	<% else %>
+	<p id="{$FormName}_error" class="message $MessageType" style="display: none"></p>
+	<% end_if %>
 
-		<fieldset>
-			<% if $Legend %><legend>$Legend</legend><% end_if %>
-			<% loop $Fields %>
-				$FieldHolder
-			<% end_loop %>
-			<div class="clear"><!-- --></div>
-		</fieldset>
-	</div>
+	<fieldset>
+		<% if $Legend %><legend>$Legend</legend><% end_if %>
+		<% loop $Fields %>
+			$FieldHolder
+		<% end_loop %>
+		<div class="clear"><!-- --></div>
+	</fieldset>
 
-	<div class="cms-content-actions cms-content-controls south">
-		<% if $Actions %>
-		<div class="Actions">
-			<% loop $Actions %>
-				$Field
-			<% end_loop %>
-			<% if $Controller.LinkPreview %>
-				<a href="$Controller.LinkPreview" class="cms-preview-toggle-link ss-ui-button" data-icon="preview">
-					<% _t('LeftAndMain.PreviewButton', 'Preview') %> &raquo;
-				</a>
-			<% end_if %>
-		</div>
+	<% if $Actions %>
+	<div class="Actions">
+		<% loop $Actions %>
+			$Field
+		<% end_loop %>
+		<% if $Controller.LinkPreview %>
+			<a href="$Controller.LinkPreview" class="cms-preview-toggle-link ss-ui-button" data-icon="preview">
+				<% _t('LeftAndMain.PreviewButton', 'Preview') %> &raquo;
+			</a>
 		<% end_if %>
 	</div>
-</form>
\ No newline at end of file
+	<% end_if %>
+</form>

From c4e54fd7eb55d56f821a77b832e7f44087260810 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Tue, 20 Aug 2013 15:37:17 +0200
Subject: [PATCH 6/8] Fixed fromDocument usage in .cms-tree

See https://github.com/silverstripe/silverstripe-cms/pull/823
---
 javascript/CMSMain.Tree.js | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/javascript/CMSMain.Tree.js b/javascript/CMSMain.Tree.js
index f5713c1d..0d6460eb 100644
--- a/javascript/CMSMain.Tree.js
+++ b/javascript/CMSMain.Tree.js
@@ -2,13 +2,10 @@
 
 	$.entwine('ss.tree', function($){
 		$('.cms-tree').entwine({
-			onadd: function(){
-				var self = this;
-				$(document).on('context_show.vakata', function(){
-					self.adjustContextClass(this);
-				});
-
-				this._super();
+			fromDocument: {
+				'oncontext_show.vakata': function(e){
+					this.adjustContextClass();
+				}
 			},
 			/*
 			 * Add and remove classes from context menus to allow for

From 1628cd130ce51502fe89cdcbe0d7a4eb5e62f927 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Tue, 20 Aug 2013 16:56:24 +0200
Subject: [PATCH 7/8] Skip html entity SearchFormTest for PostgreSQL

Should be fixed, but its not trivial.
---
 tests/search/SearchFormTest.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/search/SearchFormTest.php b/tests/search/SearchFormTest.php
index f060842b..19a7a142 100644
--- a/tests/search/SearchFormTest.php
+++ b/tests/search/SearchFormTest.php
@@ -232,6 +232,10 @@ class ZZZSearchFormTest extends FunctionalTest {
 	public function testSearchTitleAndContentWithSpecialCharacters() {
 		if(!$this->checkFulltextSupport()) return;
 
+		if(class_exists('PostgreSQLDatabase') && DB::getConn() instanceof PostgreSQLDatabase) {
+			$this->markTestSkipped("PostgreSQLDatabase doesn't support entity-encoded searches");
+		}
+
 		$sf = new SearchForm($this->mockController, 'SearchForm');
 		
 		$pageWithSpecialChars = $this->objFromFixture('SiteTree', 'pageWithSpecialChars');

From 3dc86f98a3c5920466321e08c77841089179a9f7 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Tue, 20 Aug 2013 21:42:06 +0200
Subject: [PATCH 8/8] Fixed merge error

---
 code/controllers/ContentController.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/code/controllers/ContentController.php b/code/controllers/ContentController.php
index f45908fa..f2b7a45d 100644
--- a/code/controllers/ContentController.php
+++ b/code/controllers/ContentController.php
@@ -101,6 +101,11 @@ class ContentController extends Controller {
 
 		if($this->redirectedTo()) return;
 
+		// Check page permissions
+		if($this->dataRecord && $this->URLSegment != 'Security' && !$this->dataRecord->canView()) {
+			return Security::permissionFailure($this);
+		}
+
 		// Draft/Archive security check - only CMS users should be able to look at stage/archived content
 		if(
 			$this->URLSegment != 'Security' 
@@ -128,9 +133,10 @@ class ContentController extends Controller {
 					),
 					Controller::join_links($this->Link(), "?stage=Live")
 				);
+
+				return Security::permissionFailure($this, $permissionMessage);
 			}
 
-			return Security::permissionFailure($this, $permissionMessage);
 		}
 		
 		// Use theme from the site config