Merge branch '2.4' into 2

client/javascript/BrokenExternalLinksReport.js

@@ -17,6 +17,7 @@
       },
 
       start: function() {
+        var self = this;
         // initiate a new job
         $('.external-links-report__report-progress')
           .empty()
@@ -25,10 +26,14 @@
         $.ajax({
           url: "admin/externallinks/start",
           async: true,
-          timeout: 3000
+          timeout: 3000,
+          success: function() {
+            self.poll();
+          },
+          error: function() {
+            self.buttonReset();
+          }
         });
-
-        this.poll();
       },
 
       /**
@@ -125,10 +130,7 @@
               $('.external-links-report__create-report').poll();
             }, 1000));
           },
-          error: function(e) {
-            if (typeof console !== 'undefined') {
-              console.log(e);
-            }
+          error: function() {
             self.buttonReset();
           }
         });

src/Controllers/CMSExternalLinksController.php

@@ -8,6 +8,7 @@ use SilverStripe\ExternalLinks\Tasks\CheckExternalLinksTask;
 use SilverStripe\Control\Controller;
 use Symbiote\QueuedJobs\Services\QueuedJobService;
 use SilverStripe\Control\Middleware\HTTPCacheControlMiddleware;
+use SilverStripe\Security\Permission;
 
 class CMSExternalLinksController extends Controller
 {
@@ -24,6 +25,9 @@ class CMSExternalLinksController extends Controller
      */
     public function getJobStatus()
     {
+        if (!Permission::check('CMS_ACCESS_CMSMain')) {
+            return $this->httpError(403, 'You do not have permission to access this resource');
+        }
         // Set headers
         HTTPCacheControlMiddleware::singleton()->setMaxAge(0);
         $this->response
@@ -49,6 +53,9 @@ class CMSExternalLinksController extends Controller
      */
     public function start()
     {
+        if (!Permission::check('CMS_ACCESS_CMSMain')) {
+            return $this->httpError(403, 'You do not have permission to access this resource');
+        }
         // return if the a job is already running
         $status = BrokenExternalPageTrackStatus::get_latest();
         if ($status && $status->Status == 'Running') {

tests/php/ExternalLinksTest.php

@@ -3,7 +3,7 @@
 namespace SilverStripe\ExternalLinks\Tests;
 
 use SilverStripe\Core\Injector\Injector;
-use SilverStripe\Dev\SapphireTest;
+use SilverStripe\Dev\FunctionalTest;
 use SilverStripe\ExternalLinks\Model\BrokenExternalPageTrackStatus;
 use SilverStripe\ExternalLinks\Reports\BrokenExternalLinksReport;
 use SilverStripe\ExternalLinks\Tasks\CheckExternalLinksTask;
@@ -13,7 +13,7 @@ use SilverStripe\ExternalLinks\Tests\Stubs\PretendLinkChecker;
 use SilverStripe\i18n\i18n;
 use SilverStripe\Reports\Report;
 
-class ExternalLinksTest extends SapphireTest
+class ExternalLinksTest extends FunctionalTest
 {
 
     protected static $fixture_file = 'ExternalLinksTest.yml';
@@ -125,4 +125,29 @@ class ExternalLinksTest extends SapphireTest
         // Ensure report does not list the link associated with an archived page
         $this->assertEquals(3, BrokenExternalLinksReport::create()->sourceRecords()->count());
     }
+
+    public function provideGetJobStatus(): array
+    {
+        return [
+            'ADMIN - valid permission' => ['ADMIN', 200],
+            'CMS_ACCESS_CMSMain - valid permission' => ['CMS_ACCESS_CMSMain', 200],
+            'VIEW_SITE - not enough permission' => ['VIEW_SITE', 403],
+        ];
+    }
+
+    /**
+     * @dataProvider provideGetJobStatus
+     */
+    public function testGetJobStatus(
+        string $permission,
+        int $expectedResponseCode
+    ): void {
+        $this->logInWithPermission($permission);
+
+        $response = $this->get('admin/externallinks/start', null, ['Accept' => 'application/json']);
+        $this->assertEquals($expectedResponseCode, $response->getStatusCode());
+
+        $response = $this->get('admin/externallinks/getJobStatus', null, ['Accept' => 'application/json']);
+        $this->assertEquals($expectedResponseCode, $response->getStatusCode());
+    }
 }