tonyair/silverstripe-dms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-dms synced 2024-10-22 14:05:56 +02:00
Code Issues Projects Releases Wiki Activity

FIX document and documentset permissions

Browse Source
This commit is contained in:
Franco Springveldt 2017-06-14 11:05:19 +12:00
parent 4d83b95040
commit 79da01513e
9 changed files with 290 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
code/cms/DMSDocumentAddController.php
View File

@ -316,4 +316,29 @@ class DMSDocumentAddController extends LeftAndMain
) )
); );
} }
/**
* Overrides the parent method to allow users with access to DMS admin to access this controller
*
* @param Member $member
* @return bool
*/
public function canView($member = null)
{
if (!$member || !(is_a($member, 'Member')) || is_numeric($member)) {
$member = Member::currentUser();
}
if ($member &&
Permission::checkMember(
$member,
array(
'CMS_ACCESS_DMSDocumentAdmin',
)
)
) {
return true;
}
return parent::canView($member);
}
} }

4
code/cms/DMSDocumentAdmin.php
View File

@ -18,7 +18,6 @@ class DMSDocumentAdmin extends ModelAdmin
parent::init(); parent::init();
Requirements::javascript(DMS_DIR . '/javascript/DMSGridField.js'); Requirements::javascript(DMS_DIR . '/javascript/DMSGridField.js');
} }
/** /**
* Remove the default "add" button and replace it with a customised version for DMS * Remove the default "add" button and replace it with a customised version for DMS
* *
@ -45,6 +44,9 @@ class DMSDocumentAdmin extends ModelAdmin
{ {
$gridFieldConfig = $gridField->getConfig(); $gridFieldConfig = $gridField->getConfig();
$gridFieldConfig->removeComponentsByType('GridFieldEditButton');
$gridFieldConfig->addComponent(new DMSGridFieldEditButton(), 'GridFieldDeleteAction');
if ($this->modelClass === 'DMSDocument') { if ($this->modelClass === 'DMSDocument') {
$gridFieldConfig->removeComponentsByType('GridFieldAddNewButton'); $gridFieldConfig->removeComponentsByType('GridFieldAddNewButton');
$gridFieldConfig->addComponent( $gridFieldConfig->addComponent(

26
code/cms/DMSGridFieldEditButton.php Executable file
View File

@ -0,0 +1,26 @@
<?php
class DMSGridFieldEditButton extends GridFieldEditButton implements GridField_ColumnProvider
{
/**
* Overriding the parent method to change the template that the DMS edit button will be rendered with based on
* whether or not the user has edit permissions.
*
* @param GridField $gridField
* @param DataObject $record
* @param string $columnName
*
* @return string - the HTML for the column
*/
public function getColumnContent($gridField, $record, $columnName)
{
$data = new ArrayData(array(
'Link' => Controller::join_links($gridField->Link('item'), $record->ID, 'edit')
));
$template = $record->canEdit() ? 'GridFieldEditButton' : 'GridFieldViewButton';
return $data->renderWith($template);
}
}

9
code/extensions/DMSSiteTreeExtension.php
View File

@ -16,6 +16,15 @@ class DMSSiteTreeExtension extends DataExtension
return; return;
} }
// Hides the DocumentSets tab if the user has no permisions
if (!Permission::checkMember(
Member::currentUser(),
array('ADMIN', 'CMS_ACCESS_DMSDocumentAdmin')
)
) {
return;
}
$gridField = GridField::create( $gridField = GridField::create(
'Document Sets', 'Document Sets',
false, false,

44
code/model/DMSDocument.php
View File

@ -116,7 +116,6 @@ class DMSDocument extends DataObject implements DMSDocumentInterface
if (!$this->CanViewType || $this->CanViewType == 'Anyone') { if (!$this->CanViewType || $this->CanViewType == 'Anyone') {
return true; return true;
} }
if ($member && Permission::checkMember($member, array( if ($member && Permission::checkMember($member, array(
'ADMIN', 'ADMIN',
'SITETREE_EDIT_ALL', 'SITETREE_EDIT_ALL',
@ -198,6 +197,13 @@ class DMSDocument extends DataObject implements DMSDocumentInterface
} }
} }
// Do early admin check
if ($member &&
Permission::checkMember($member, array('CMS_ACCESS_DMSDocumentAdmin'))
) {
return true;
}
return $this->canEdit($member); return $this->canEdit($member);
} }
@ -220,7 +226,7 @@ class DMSDocument extends DataObject implements DMSDocumentInterface
} }
} }
return $this->canView(); return $this->canEdit($member);
} }
/** /**
@ -838,8 +844,6 @@ class DMSDocument extends DataObject implements DMSDocumentInterface
$this->addActionPanelTask('find-versions', 'Versions'); $this->addActionPanelTask('find-versions', 'Versions');
} }
$fields->add(LiteralField::create('BottomTaskSelection', $this->getActionTaskHtml()));
$embargoValue = 'None'; $embargoValue = 'None';
if ($this->EmbargoedIndefinitely) { if ($this->EmbargoedIndefinitely) {
$embargoValue = 'Indefinitely'; $embargoValue = 'Indefinitely';
@ -894,12 +898,19 @@ class DMSDocument extends DataObject implements DMSDocumentInterface
FieldGroup::create($uploadField)->addExtraClass('replace'), FieldGroup::create($uploadField)->addExtraClass('replace'),
FieldGroup::create($pagesGrid)->addExtraClass('find-usage'), FieldGroup::create($pagesGrid)->addExtraClass('find-usage'),
FieldGroup::create($referencesGrid)->addExtraClass('find-references'), FieldGroup::create($referencesGrid)->addExtraClass('find-references'),
FieldGroup::create($versionsGrid)->addExtraClass('find-versions'),
FieldGroup::create($this->getRelatedDocumentsGridField())->addExtraClass('find-relateddocuments'),
FieldGroup::create($this->getPermissionsActionPanel())->addExtraClass('permissions') FieldGroup::create($this->getPermissionsActionPanel())->addExtraClass('permissions')
); );
$actionsPanel->setName("ActionsPanel"); if ($this->canEdit()) {
$actionsPanel->push(FieldGroup::create($versionsGrid)->addExtraClass('find-versions'));
$actionsPanel->push(
FieldGroup::create($this->getRelatedDocumentsGridField())->addExtraClass('find-relateddocuments')
);
} else {
$this->removeActionPanelTask('find-relateddocuments')->removeActionPanelTask('find-versions');
}
$fields->add(LiteralField::create('BottomTaskSelection', $this->getActionTaskHtml()));
$actionsPanel->setName('ActionsPanel');
$actionsPanel->addExtraClass('dmsdocument-actionspanel'); $actionsPanel->addExtraClass('dmsdocument-actionspanel');
$fields->push($actionsPanel); $fields->push($actionsPanel);
@ -1204,6 +1215,10 @@ class DMSDocument extends DataObject implements DMSDocumentInterface
new GridFieldConfig_RelationEditor new GridFieldConfig_RelationEditor
); );
$gridFieldConfig = $gridField->getConfig();
$gridFieldConfig->removeComponentsByType('GridFieldEditButton');
$gridFieldConfig->addComponent(new DMSGridFieldEditButton(), 'GridFieldDeleteAction');
$gridField->getConfig()->removeComponentsByType('GridFieldAddNewButton'); $gridField->getConfig()->removeComponentsByType('GridFieldAddNewButton');
// Move the autocompleter to the left // Move the autocompleter to the left
$gridField->getConfig()->removeComponentsByType('GridFieldAddExistingAutocompleter'); $gridField->getConfig()->removeComponentsByType('GridFieldAddExistingAutocompleter');
@ -1219,7 +1234,6 @@ class DMSDocument extends DataObject implements DMSDocumentInterface
$addExisting->setResultsFormat('$Filename'); $addExisting->setResultsFormat('$Filename');
$this->extend('updateRelatedDocumentsGridField', $gridField); $this->extend('updateRelatedDocumentsGridField', $gridField);
return $gridField; return $gridField;
} }
@ -1323,4 +1337,18 @@ class DMSDocument extends DataObject implements DMSDocumentInterface
return $html; return $html;
} }
/**
* Removes an "action panel" tasks
*
* @param string $panelKey
* @return $this
*/
public function removeActionPanelTask($panelKey)
{
if (array_key_exists($panelKey, $this->actionTasks)) {
unset($this->actionTasks[$panelKey]);
}
return $this;
}
} }

68
code/model/DMSDocumentSet.php
View File

@ -97,7 +97,7 @@ class DMSDocumentSet extends DataObject
new GridFieldFilterHeader(), new GridFieldFilterHeader(),
new GridFieldSortableHeader(), new GridFieldSortableHeader(),
new GridFieldDataColumns(), new GridFieldDataColumns(),
new GridFieldEditButton(), new DMSGridFieldEditButton(),
// Special delete dialog to handle custom behaviour of unlinking and deleting // Special delete dialog to handle custom behaviour of unlinking and deleting
new GridFieldDeleteAction(true), new GridFieldDeleteAction(true),
new GridFieldDetailForm() new GridFieldDetailForm()
@ -121,6 +121,13 @@ class DMSDocumentSet extends DataObject
$fields->fieldByName('Root.Main.PageID')->setTitle(_t('DMSDocumentSet.SHOWONPAGE', 'Show on page')); $fields->fieldByName('Root.Main.PageID')->setTitle(_t('DMSDocumentSet.SHOWONPAGE', 'Show on page'));
} }
// Don't show which page this is if we're already editing within a page context
if (Controller::curr() instanceof CMSPageEditController) {
$fields->removeByName('PageID');
} else {
$fields->fieldByName('Root.Main.PageID')->setTitle(_t('DMSDocumentSet.SHOWONPAGE', 'Show on page'));
}
$gridFieldConfig->getComponentByType('GridFieldDataColumns') $gridFieldConfig->getComponentByType('GridFieldDataColumns')
->setDisplayFields($self->getDocumentDisplayFields()) ->setDisplayFields($self->getDocumentDisplayFields())
->setFieldCasting(array('LastEdited' => 'Datetime->Ago')) ->setFieldCasting(array('LastEdited' => 'Datetime->Ago'))
@ -348,4 +355,63 @@ class DMSDocumentSet extends DataObject
} }
return $result; return $result;
} }
public function canView($member = null)
{
$extended = $this->extendedCan(__FUNCTION__, $member);
if ($extended !== null) {
return $extended;
}
return $this->getGlobalPermission($member);
}
public function canCreate($member = null)
{
$extended = $this->extendedCan(__FUNCTION__, $member);
if ($extended !== null) {
return $extended;
}
return $this->getGlobalPermission($member);
}
public function canEdit($member = null)
{
$extended = $this->extendedCan(__FUNCTION__, $member);
if ($extended !== null) {
return $extended;
}
return $this->getGlobalPermission($member);
}
public function canDelete($member = null)
{
$extended = $this->extendedCan(__FUNCTION__, $member);
if ($extended !== null) {
return $extended;
}
return $this->getGlobalPermission($member);
}
/**
* Checks if a then given (or logged in) member is either an ADMIN, SITETREE_EDIT_ALL or has access
* to the DMSDocumentAdmin module, in which case permissions is granted.
*
* @param Member $member
* @return bool
*/
public function getGlobalPermission(Member $member = null)
{
if (!$member || !(is_a($member, 'Member')) || is_numeric($member)) {
$member = Member::currentUser();
}
$result = ($member &&
Permission::checkMember(
$member,
array('ADMIN', 'SITETREE_EDIT_ALL', 'CMS_ACCESS_DMSDocumentAdmin')
)
);
return (bool) $result;
}
} }

23
tests/DMSDocumentSetTest.php
View File

@ -244,4 +244,27 @@ class DMSDocumentSetTest extends SapphireTest
$fields = $set->getCMSFields(); $fields = $set->getCMSFields();
$this->assertNull($fields->fieldByName('Root.Main.PageID')); $this->assertNull($fields->fieldByName('Root.Main.PageID'));
} }
/**
* Tests all crud permissions
*/
public function testPermissions()
{
if ($member = Member::currentUser()) {
$member->logout();
}
$set = $this->objFromFixture('DMSDocumentSet', 'ds1');
$this->assertFalse($set->canCreate());
$this->assertFalse($set->canDelete());
$this->assertFalse($set->canEdit());
$this->assertFalse($set->canView());
$this->logInWithPermission('CMS_ACCESS_DMSDocumentAdmin');
$this->assertTrue($set->canCreate());
$this->assertTrue($set->canDelete());
$this->assertTrue($set->canEdit());
$this->assertTrue($set->canView());
}
} }

89
tests/DMSDocumentTest.php
View File

@ -49,7 +49,9 @@ class DMSDocumentTest extends SapphireTest
public function testDocumentHasCmsFieldForManagingRelatedDocuments() public function testDocumentHasCmsFieldForManagingRelatedDocuments()
{ {
$document = $this->objFromFixture('DMSDocument', 'document_with_relations'); $document = $this->objFromFixture('DMSDocument', 'document_with_relations');
$gridField = $this->getGridFieldFromDocument($document); $gridField = $this->getRelatedDocumentsGridField($document);
$this->assertInstanceOf('GridField', $gridField);
$gridFieldConfig = $gridField->getConfig(); $gridFieldConfig = $gridField->getConfig();
$this->assertNotNull( $this->assertNotNull(
@ -64,13 +66,25 @@ class DMSDocumentTest extends SapphireTest
); );
} }
/**
* Ensures that the DMS Document CMS Related and Versions fields are removed if user can't edit
*/
public function testDocumentHasNoCMSFieldsForManagingRelatedDocumentsIfCantEdit()
{
$this->logInWithPermission('another-user');
$document = $this->objFromFixture('DMSDocument', 'doc-only-these-users');
$gridField = $this->getRelatedDocumentsGridField($document);
$this->assertNull($gridField);
}
/** /**
* Ensure that the related documents list does not include the current document itself * Ensure that the related documents list does not include the current document itself
*/ */
public function testGetRelatedDocumentsForAutocompleter() public function testGetRelatedDocumentsForAutocompleter()
{ {
$document = $this->objFromFixture('DMSDocument', 'd1'); $document = $this->objFromFixture('DMSDocument', 'd1');
$gridField = $this->getGridFieldFromDocument($document); $gridField = $this->getRelatedDocumentsGridField($document);
$this->assertInstanceOf('GridField', $gridField);
$config = $gridField->getConfig(); $config = $gridField->getConfig();
@ -90,7 +104,7 @@ class DMSDocumentTest extends SapphireTest
/** /**
* @return GridField * @return GridField
*/ */
protected function getGridFieldFromDocument(DMSDocument $document) protected function getRelatedDocumentsGridField(DMSDocument $document)
{ {
$documentFields = $document->getCMSFields(); $documentFields = $document->getCMSFields();
/** @var FieldGroup $actions */ /** @var FieldGroup $actions */
@ -103,7 +117,6 @@ class DMSDocumentTest extends SapphireTest
break; break;
} }
} }
$this->assertInstanceOf('GridField', $gridField);
return $gridField; return $gridField;
} }
@ -121,6 +134,19 @@ class DMSDocumentTest extends SapphireTest
$this->assertContains('<li class="ss-ui-button dmsdocument-action" data-panel="', $result); $this->assertContains('<li class="ss-ui-button dmsdocument-action" data-panel="', $result);
$this->assertContains('permission', $result); $this->assertContains('permission', $result);
$this->assertContains('Example', $result); $this->assertContains('Example', $result);
$actions = array('example', 'embargo','find-usage');
foreach ($actions as $action) {
// Test remove with string
$document->removeActionPanelTask($action);
}
$result = $document->getActionTaskHtml();
$this->assertNotContains('Example', $result);
$this->assertNotContains('embargo', $result);
$this->assertNotContains('find-usage', $result);
// Positive test to see some action still remains
$this->assertContains('find-references', $result);
} }
/* /*
@ -142,11 +168,7 @@ class DMSDocumentTest extends SapphireTest
{ {
/** @var DMSDocument $document */ /** @var DMSDocument $document */
$document = $this->objFromFixture('DMSDocument', 'doc-logged-in-users'); $document = $this->objFromFixture('DMSDocument', 'doc-logged-in-users');
// Make sure user is logged out $this->logoutMember();
if ($member = Member::currentUser()) {
$member->logOut();
}
// Logged out user test // Logged out user test
$this->assertFalse($document->canView()); $this->assertFalse($document->canView());
@ -178,10 +200,7 @@ class DMSDocumentTest extends SapphireTest
*/ */
public function testCanEdit() public function testCanEdit()
{ {
// Make sure user is logged out $this->logoutMember();
if ($member = Member::currentUser()) {
$member->logOut();
}
/** @var DMSDocument $document1 */ /** @var DMSDocument $document1 */
$document1 = $this->objFromFixture('DMSDocument', 'doc-logged-in-users'); $document1 = $this->objFromFixture('DMSDocument', 'doc-logged-in-users');
@ -204,6 +223,50 @@ class DMSDocumentTest extends SapphireTest
$this->assertTrue($document2->canEdit($cableGuy)); $this->assertTrue($document2->canEdit($cableGuy));
} }
/**
* Tests delete permissions
*/
public function testCanDelete()
{
$this->logoutMember();
$document1 = $this->objFromFixture('DMSDocument', 'doc-logged-in-users');
// Logged out user test
$this->assertFalse($document1->canDelete());
// Test editors can delete
$contentAuthor = $this->objFromFixture('Member', 'editor');
$this->assertTrue($document1->canDelete($contentAuthor));
}
/**
* Tests create permission
*/
public function testCanCreate()
{
$this->logoutMember();
$document1 = $this->objFromFixture('DMSDocument', 'doc-logged-in-users');
$this->logInWithPermission('CMS_ACCESS_DMSDocumentAdmin');
// Test CMS access can create
$this->assertTrue($document1->canCreate());
$this->logoutMember();
// Test editors can create
$contentAuthor = $this->objFromFixture('Member', 'editor');
$this->assertTrue($document1->canCreate($contentAuthor));
}
/**
* Logs out any active member
*/
protected function logoutMember()
{
if ($member = Member::currentUser()) {
$member->logOut();
}
}
/** /**
* Test permission denied reasons for documents * Test permission denied reasons for documents
*/ */

29
tests/cms/DMSDocumentAdminTest.php
View File

@ -12,9 +12,9 @@ class DMSDocumentAdminTest extends FunctionalTest
} }
/** /**
* Check that the default "add new" button is gone, and replaced with our customised version of it * Check that the default "add new" and "edit" buttons are gone, and replaced with our customised version of it
*/ */
public function testGridFieldHasCustomisedAddNewButton() public function testGridFieldHasCustomisedButtons()
{ {
$modelAdmin = new DMSDocumentAdmin; $modelAdmin = new DMSDocumentAdmin;
$modelAdmin->init(); $modelAdmin->init();
@ -22,22 +22,31 @@ class DMSDocumentAdminTest extends FunctionalTest
$form = $modelAdmin->getEditForm(); $form = $modelAdmin->getEditForm();
$gridFieldConfig = $form->Fields()->first()->getConfig(); $gridFieldConfig = $form->Fields()->first()->getConfig();
$replacements = array(
'GridFieldAddNewButton'=>'DMSGridFieldAddNewButton',
'GridFieldEditButton'=>'DMSGridFieldEditButton'
);
foreach ($replacements as $oldClass => $newClass) {
// Our button is an instance of the original, so is returned when asking for the original // Our button is an instance of the original, so is returned when asking for the original
$addNewButtons = $gridFieldConfig->getComponentsByType('GridFieldAddNewButton'); $newButtons = $gridFieldConfig->getComponentsByType($oldClass);
foreach ($addNewButtons as $key => $addNewButton) { foreach ($newButtons as $key => $newButton) {
if ($addNewButton instanceof DMSGridFieldAddNewButton) { if ($newButton instanceof $newClass) {
// Remove our version for testing's sake // Remove our version for testing's sake
$addNewButtons->remove($addNewButton); $newButtons->remove($newButton);
} }
} }
$this->assertCount(0, $addNewButtons, 'Original add new button is removed'); $this->assertCount(0, $newButtons, 'Original button is removed');
$this->assertInstanceOf( $this->assertInstanceOf(
'DMSGridFieldAddNewButton', $newClass,
$gridFieldConfig->getComponentByType('DMSGridFieldAddNewButton'), $gridFieldConfig->getComponentByType($newClass),
'Model admin for documents contains customised DMS add new button' "Model admin for documents contains customised {$newClass} button"
); );
} }
}
/** /**
* Quick check to ensure that the ModelAdmin endpoint is working * Quick check to ensure that the ModelAdmin endpoint is working