From fe543edcd62b376c72b115faf799fd3b77b32a66 Mon Sep 17 00:00:00 2001 From: Ingo Schommer Date: Wed, 14 Apr 2010 01:36:42 +0000 Subject: [PATCH] BUGFIX: Ticket #4805 added a canCreateTopLevel() if there is no parent object in CMSMain.php added testCreationOfTopLevelPage toCMSMainTest.php added the nessessary 'database entries' in the CMSMainTest.yml (from r98001) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@102749 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- code/CMSMain.php | 11 ++++++++--- tests/CMSMainTest.php | 20 ++++++++++++++++++++ tests/CMSMainTest.yml | 18 +++++++++++++++++- 3 files changed, 45 insertions(+), 4 deletions(-) diff --git a/code/CMSMain.php b/code/CMSMain.php index c44c3161..d85f2285 100755 --- a/code/CMSMain.php +++ b/code/CMSMain.php @@ -433,9 +433,14 @@ JS; if(is_numeric($parentID)) $parentObj = DataObject::get_by_id("SiteTree", $parentID); if(!$parentObj || !$parentObj->ID) $parentID = 0; - if($parentObj && !$parentObj->canAddChildren()) return Security::permissionFailure($this); - if(!singleton($className)->canCreate()) return Security::permissionFailure($this); - + if($parentObj) { + if(!$parentObj->canAddChildren()) return Security::permissionFailure($this); + if(!singleton($className)->canCreate()) return Security::permissionFailure($this); + } else { + if(!SiteConfig::current_site_config()->canCreateTopLevel()) + return Security::permissionFailure($this); + } + $p = $this->getNewItem("new-$className-$parentID".$suffix, false); $p->Locale = $data['Locale']; $p->write(); diff --git a/tests/CMSMainTest.php b/tests/CMSMainTest.php index 4bd337d7..125b22d2 100644 --- a/tests/CMSMainTest.php +++ b/tests/CMSMainTest.php @@ -164,4 +164,24 @@ class CMSMainTest extends FunctionalTest { $result = $this->get('admin/getsubtree?filter=CMSSiteTreeFilter_DeletedPages&ajax=1&ID=' . $id); $this->assertEquals(200, $result->getStatusCode()); } + + function testCreationOfTopLevelPage(){ + $cmsUser = $this->objFromFixture('Member', 'allcmssectionsuser'); + $rootEditUser = $this->objFromFixture('Member', 'rootedituser'); + + // with insufficient permissions + $cmsUser->logIn(); + $response = $this->post('admin/addpage', array('ParentID' => '0', 'PageType' => 'Page', 'Locale' => 'en_US')); + // should redirect, which is a permission error + $this->assertEquals(403, $response->getStatusCode(), 'Add TopLevel page must fail for normal user'); + + // with correct permissions + $rootEditUser->logIn(); + $response = $this->post('admin/addpage', array('ParentID' => '0', 'PageType' => 'Page', 'Locale' => 'en_US')); + $this->assertEquals(302, $response->getStatusCode(), 'Must be a redirect on success'); + $location=$response->getHeader('Location'); + $this->assertContains('/show/',$location, 'Must redirect to /show/ the new page'); + // TODO Logout + $this->session()->inst_set('loggedInAs', NULL); + } } diff --git a/tests/CMSMainTest.yml b/tests/CMSMainTest.yml index 2288554f..32285a2b 100644 --- a/tests/CMSMainTest.yml +++ b/tests/CMSMainTest.yml @@ -25,6 +25,8 @@ Group: Title: assetsonly allcmssections: Title: allcmssections + rooteditusers: + Title: rooteditusers Member: admin: Email: admin@example.com @@ -36,6 +38,9 @@ Member: allcmssectionsuser: Email: allcmssectionsuser@test.com Groups: =>Group.allcmssections + rootedituser: + Email: rootedituser@test.com + Groups: =>Group.rooteditusers Permission: admin: Code: ADMIN @@ -45,4 +50,15 @@ Permission: GroupID: =>Group.assetsonly allcmssections: Code: CMS_ACCESS_LeftAndMain - GroupID: =>Group.allcmssections \ No newline at end of file + GroupID: =>Group.allcmssections + allcmssections2: + Code: CMS_ACCESS_LeftAndMain + GroupID: =>Group.rooteditusers +SiteConfig: + siteconfig1: + EditorGroups: =>Group.rooteditusers + CanCreateTopLevelType: 'OnlyTheseUsers' +SiteConfig_CreateTopLevelGroups: + createtoplevelgroups1: + siteconfigid: 1 + GroupID: =>Group.rooteditusers