mirror of
https://github.com/silverstripe/silverstripe-cms
synced 2024-10-22 08:05:56 +02:00
Merge pull request #825 from simonwelsh/canview
FIX Check for stage and drafts in SiteTree::canView()
This commit is contained in:
commit
e922717b42
@ -787,6 +787,23 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
||||
// admin override
|
||||
if($member && Permission::checkMember($member, array("ADMIN", "SITETREE_VIEW_ALL"))) return true;
|
||||
|
||||
// make sure we were loaded off an allowed stage
|
||||
|
||||
// Were we definitely loaded directly off Live during our query?
|
||||
$fromLive = true;
|
||||
|
||||
foreach (array('mode' => 'stage', 'stage' => 'live') as $param => $match) {
|
||||
$fromLive = $fromLive && strtolower((string)$this->getSourceQueryParam("Versioned.$param")) == $match;
|
||||
}
|
||||
|
||||
if(!$fromLive
|
||||
&& !Session::get('unsecuredDraftSite')
|
||||
&& !Permission::checkMember($member, array('CMS_ACCESS_CMSMain', 'VIEW_DRAFT_CONTENT'))) {
|
||||
// If we weren't definitely loaded from live, and we can't view non-live content, we need to
|
||||
// check to make sure this version is the live version and so can be viewed
|
||||
if (Versioned::get_versionnumber_by_stage($this->class, 'Live', $this->ID) != $this->Version) return false;
|
||||
}
|
||||
|
||||
// Standard mechanism for accepting permission changes from extensions
|
||||
$extended = $this->extendedCan('canView', $member);
|
||||
if($extended !== null) return $extended;
|
||||
|
@ -88,6 +88,7 @@ class ZZZSearchFormTest extends FunctionalTest {
|
||||
$sf = new SearchForm($this->mockController, 'SearchForm');
|
||||
|
||||
$page = $this->objFromFixture('SiteTree', 'restrictedViewLoggedInUsers');
|
||||
$page->publish('Stage', 'Live');
|
||||
$results = $sf->getResults(null, array('Search'=>'restrictedViewLoggedInUsers'));
|
||||
$this->assertNotContains(
|
||||
$page->ID,
|
||||
@ -110,6 +111,7 @@ class ZZZSearchFormTest extends FunctionalTest {
|
||||
$sf = new SearchForm($this->mockController, 'SearchForm');
|
||||
|
||||
$page = $this->objFromFixture('SiteTree', 'restrictedViewOnlyWebsiteUsers');
|
||||
$page->publish('Stage', 'Live');
|
||||
$results = $sf->getResults(null, array('Search'=>'restrictedViewOnlyWebsiteUsers'));
|
||||
$this->assertNotContains(
|
||||
$page->ID,
|
||||
@ -138,11 +140,14 @@ class ZZZSearchFormTest extends FunctionalTest {
|
||||
$member->logOut();
|
||||
}
|
||||
|
||||
public function testInheritedRestrictedPagesNotInlucded() {
|
||||
public function testInheritedRestrictedPagesNotIncluded() {
|
||||
$sf = new SearchForm($this->mockController, 'SearchForm');
|
||||
|
||||
$parent = $this->objFromFixture('SiteTree', 'restrictedViewLoggedInUsers');
|
||||
$parent->publish('Stage', 'Live');
|
||||
|
||||
$page = $this->objFromFixture('SiteTree', 'inheritRestrictedView');
|
||||
|
||||
$page->publish('Stage', 'Live');
|
||||
$results = $sf->getResults(null, array('Search'=>'inheritRestrictedView'));
|
||||
$this->assertNotContains(
|
||||
$page->ID,
|
||||
|
Loading…
Reference in New Issue
Block a user