tonyair/silverstripe-cms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-cms synced 2024-10-22 06:05:56 +00:00
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/3.1.0' into 3.1

Browse Source
This commit is contained in:
Ingo Schommer 2013-08-20 21:00:00 +02:00
commit d4e9471820
3 changed files with 43 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
code/controllers/ContentController.php
View File

@ -101,12 +101,22 @@ class ContentController extends Controller {
if($this->redirectedTo()) return; if($this->redirectedTo()) return;
// Check page permissions // Draft/Archive security check - only CMS users should be able to look at stage/archived content
if($this->dataRecord && $this->URLSegment != 'Security' && !$this->dataRecord->canView()) { if(
$permissionMessage = null; $this->URLSegment != 'Security'
&& !Session::get('unsecuredDraftSite')
// Check if we could view the live version, offer redirect if so && (
if($this->canViewStage('Live')) { Versioned::current_archived_date()
|| (Versioned::current_stage() && Versioned::current_stage() != 'Live')
)
) {
if(!$this->dataRecord->canViewStage(Versioned::current_archived_date() ? 'Stage' : Versioned::current_stage())) {
$link = $this->Link();
$message = _t(
"ContentController.DRAFT_SITE_ACCESS_RESTRICTION",
'You must log in with your CMS password in order to view the draft or archived content. ' .
'<a href="%s">Click here to go back to the published site.</a>'
);
Session::clear('currentStage'); Session::clear('currentStage');
Session::clear('archiveDate'); Session::clear('archiveDate');
@ -215,7 +225,7 @@ class ContentController extends Controller {
$response = $this->request->isMedia() ? null : ErrorPage::response_for($code); $response = $this->request->isMedia() ? null : ErrorPage::response_for($code);
// Failover to $message if the HTML response is unavailable / inappropriate // Failover to $message if the HTML response is unavailable / inappropriate
parent::httpError($code, $response ? $response : $message); parent::httpError($code, $response ? $response : $message);
} }
/** /**
* Get the project name * Get the project name

20
code/model/SiteTree.php
View File

@ -841,8 +841,8 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
} }
if(!$fromLive if(!$fromLive
&& !Session::get('unsecuredDraftSite') && !Session::get('unsecuredDraftSite')
&& !Permission::checkMember($member, array('CMS_ACCESS_CMSMain', 'VIEW_DRAFT_CONTENT'))) { && !Permission::checkMember($member, array('CMS_ACCESS_CMSMain', 'VIEW_DRAFT_CONTENT'))) {
// If we weren't definitely loaded from live, and we can't view non-live content, we need to // If we weren't definitely loaded from live, and we can't view non-live content, we need to
// check to make sure this version is the live version and so can be viewed // check to make sure this version is the live version and so can be viewed
if (Versioned::get_versionnumber_by_stage($this->class, 'Live', $this->ID) != $this->Version) return false; if (Versioned::get_versionnumber_by_stage($this->class, 'Live', $this->ID) != $this->Version) return false;
@ -1607,7 +1607,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
); );
return !($existingPage); return !($existingPage);
} }
/** /**
* Generate a URL segment based on the title provided. * Generate a URL segment based on the title provided.
@ -1712,7 +1712,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
foreach($contentLinks as $item) { foreach($contentLinks as $item) {
$item->DependentLinkType = 'Content link'; $item->DependentLinkType = 'Content link';
$linkList->push($item); $linkList->push($item);
} }
$items->merge($linkList); $items->merge($linkList);
} }
@ -1724,9 +1724,9 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
foreach($virtuals as $item) { foreach($virtuals as $item) {
$item->DependentLinkType = 'Virtual page'; $item->DependentLinkType = 'Virtual page';
$virtualList->push($item); $virtualList->push($item);
}
$items->merge($virtualList);
} }
$items->merge($virtualList);
}
} }
// Redirector pages // Redirector pages
@ -1736,7 +1736,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
foreach($redirectors as $item) { foreach($redirectors as $item) {
$item->DependentLinkType = 'Redirector page'; $item->DependentLinkType = 'Redirector page';
$redirectorList->push($item); $redirectorList->push($item);
} }
$items->merge($redirectorList); $items->merge($redirectorList);
} }
@ -1999,9 +1999,9 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
->setAttribute( ->setAttribute(
'data-placeholder', 'data-placeholder',
_t('SiteTree.GroupPlaceholder', 'Click to select group') _t('SiteTree.GroupPlaceholder', 'Click to select group')
)
) )
) )
)
); );
$visibility->setTitle($this->fieldLabel('Visibility')); $visibility->setTitle($this->fieldLabel('Visibility'));
@ -2226,7 +2226,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
// Set up the initial state of the button to reflect the state of the underlying SiteTree object. // Set up the initial state of the button to reflect the state of the underlying SiteTree object.
if($this->stagesDiffer('Stage', 'Live')) { if($this->stagesDiffer('Stage', 'Live')) {
$publish->addExtraClass('ss-ui-alternate'); $publish->addExtraClass('ss-ui-alternate');
} }
} }
$actions = new FieldList(array($majorActions, $rootTabSet)); $actions = new FieldList(array($majorActions, $rootTabSet));
@ -2666,7 +2666,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
if(!$this->canEdit() && !$this->canAddChildren()) { if(!$this->canEdit() && !$this->canAddChildren()) {
if (!$this->canView()) { if (!$this->canView()) {
$classes .= " disabled"; $classes .= " disabled";
} else { } else {
$classes .= " edit-disabled"; $classes .= " edit-disabled";
} }

5
tests/search/SearchFormTest.php
View File

@ -109,7 +109,6 @@ class ZZZSearchFormTest extends FunctionalTest {
$page = $this->objFromFixture('SiteTree', 'restrictedViewLoggedInUsers'); $page = $this->objFromFixture('SiteTree', 'restrictedViewLoggedInUsers');
$page->publish('Stage', 'Live'); $page->publish('Stage', 'Live');
$results = $sf->getResults(null, array('Search'=>'restrictedViewLoggedInUsers')); $results = $sf->getResults(null, array('Search'=>'restrictedViewLoggedInUsers'));
$this->assertNotContains( $this->assertNotContains(
$page->ID, $page->ID,
@ -135,7 +134,6 @@ class ZZZSearchFormTest extends FunctionalTest {
$page = $this->objFromFixture('SiteTree', 'restrictedViewOnlyWebsiteUsers'); $page = $this->objFromFixture('SiteTree', 'restrictedViewOnlyWebsiteUsers');
$page->publish('Stage', 'Live'); $page->publish('Stage', 'Live');
$results = $sf->getResults(null, array('Search'=>'restrictedViewOnlyWebsiteUsers')); $results = $sf->getResults(null, array('Search'=>'restrictedViewOnlyWebsiteUsers'));
$this->assertNotContains( $this->assertNotContains(
$page->ID, $page->ID,
@ -165,8 +163,6 @@ class ZZZSearchFormTest extends FunctionalTest {
} }
public function testInheritedRestrictedPagesNotIncluded() { public function testInheritedRestrictedPagesNotIncluded() {
if(!$this->checkFulltextSupport()) return;
$sf = new SearchForm($this->mockController, 'SearchForm'); $sf = new SearchForm($this->mockController, 'SearchForm');
$parent = $this->objFromFixture('SiteTree', 'restrictedViewLoggedInUsers'); $parent = $this->objFromFixture('SiteTree', 'restrictedViewLoggedInUsers');
@ -174,7 +170,6 @@ class ZZZSearchFormTest extends FunctionalTest {
$page = $this->objFromFixture('SiteTree', 'inheritRestrictedView'); $page = $this->objFromFixture('SiteTree', 'inheritRestrictedView');
$page->publish('Stage', 'Live'); $page->publish('Stage', 'Live');
$results = $sf->getResults(null, array('Search'=>'inheritRestrictedView')); $results = $sf->getResults(null, array('Search'=>'inheritRestrictedView'));
$this->assertNotContains( $this->assertNotContains(
$page->ID, $page->ID,