BUGFIX: Ticket #4805

added a canCreateTopLevel() if there is no parent object in CMSMain.php added testCreationOfTopLevelPage toCMSMainTest.php added the nessessary 'database entries' in the CMSMainTest.yml (from r98001) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@102749 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-06-26 14:39:27 +02:00 · 2010-04-14 01:36:42 +00:00 · 2010-04-14 01:36:42 +00:00 · fe543edcd6
commit fe543edcd6
parent 67e39d229b
3 changed files with 45 additions and 4 deletions
--- a/code/CMSMain.php
+++ b/code/CMSMain.php
@ -433,9 +433,14 @@ JS;
 		if(is_numeric($parentID)) $parentObj = DataObject::get_by_id("SiteTree", $parentID);
 		if(!$parentObj || !$parentObj->ID) $parentID = 0;
 		
-		if($parentObj && !$parentObj->canAddChildren()) return Security::permissionFailure($this);
-		if(!singleton($className)->canCreate()) return Security::permissionFailure($this);
-
+		if($parentObj) {
+			if(!$parentObj->canAddChildren()) return Security::permissionFailure($this);
+			if(!singleton($className)->canCreate()) return Security::permissionFailure($this);
+		} else {
+			if(!SiteConfig::current_site_config()->canCreateTopLevel())
+				return Security::permissionFailure($this);
+		}
+		
 		$p = $this->getNewItem("new-$className-$parentID".$suffix, false);
 		$p->Locale = $data['Locale'];
 		$p->write();
--- a/tests/CMSMainTest.php
+++ b/tests/CMSMainTest.php
@ -164,4 +164,24 @@ class CMSMainTest extends FunctionalTest {
 		$result = $this->get('admin/getsubtree?filter=CMSSiteTreeFilter_DeletedPages&ajax=1&ID=' . $id);
 		$this->assertEquals(200, $result->getStatusCode());
 	}
+	
+	function testCreationOfTopLevelPage(){
+		$cmsUser = $this->objFromFixture('Member', 'allcmssectionsuser');
+		$rootEditUser = $this->objFromFixture('Member', 'rootedituser');
+
+		// with insufficient permissions
+		$cmsUser->logIn();
+		$response = $this->post('admin/addpage', array('ParentID' => '0', 'PageType' => 'Page', 'Locale' => 'en_US'));
+		// should redirect, which is a permission error
+		$this->assertEquals(403, $response->getStatusCode(), 'Add TopLevel page must fail for normal user');
+
+		// with correct permissions
+		$rootEditUser->logIn();
+		$response = $this->post('admin/addpage', array('ParentID' => '0', 'PageType' => 'Page', 'Locale' => 'en_US'));
+		$this->assertEquals(302, $response->getStatusCode(), 'Must be a redirect on success');
+		$location=$response->getHeader('Location');
+		$this->assertContains('/show/',$location, 'Must redirect to /show/ the new page');
+		// TODO Logout
+		$this->session()->inst_set('loggedInAs', NULL);
+	}
 }
--- a/tests/CMSMainTest.yml
+++ b/tests/CMSMainTest.yml
@ -25,6 +25,8 @@ Group:
      Title: assetsonly
   allcmssections:
      Title: allcmssections
+   rooteditusers:
+      Title: rooteditusers
 Member:
   admin:
      Email: admin@example.com
@ -36,6 +38,9 @@ Member:
   allcmssectionsuser:
      Email: allcmssectionsuser@test.com
      Groups: =>Group.allcmssections
+   rootedituser:
+      Email: rootedituser@test.com
+      Groups: =>Group.rooteditusers
 Permission:
   admin:
      Code: ADMIN
@ -45,4 +50,15 @@ Permission:
      GroupID: =>Group.assetsonly
   allcmssections:
      Code: CMS_ACCESS_LeftAndMain
-      GroupID: =>Group.allcmssections
+      GroupID: =>Group.allcmssections
+   allcmssections2:
+      Code: CMS_ACCESS_LeftAndMain
+      GroupID: =>Group.rooteditusers
+SiteConfig:
+   siteconfig1:
+      EditorGroups: =>Group.rooteditusers
+      CanCreateTopLevelType: 'OnlyTheseUsers'
+SiteConfig_CreateTopLevelGroups:
+   createtoplevelgroups1:
+      siteconfigid:  1
+      GroupID: =>Group.rooteditusers