tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
9ec8c5c310
silverstripe-framework/tests/SiteTreePermissionsTest.php

264 lines
9.3 KiB
PHP
Raw Normal View History

API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
<?php
/**
* @package sapphire
* @subpackage tests
*
* @todo Test canAddChildren()
* @todo Test canCreate()
*/
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
class SiteTreePermissionsTest extends FunctionalTest {
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
static $fixture_file = "sapphire/tests/SiteTreePermissionsTest.yml";
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
function setUp() {
parent::setUp();
$this->useDraftSite();
// we're testing HTTP status codes before being redirected to login forms
$this->autoFollowRedirection = false;
}
MINOR merged branches/2.3 into trunk git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@67465 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-12-04 23:38:32 +01:00
function testAccessTabOnlyDisplaysWithGrantAccessPermissions() {
$page = $this->objFromFixture('Page', 'standardpage');
$subadminuser = $this->objFromFixture('Member', 'subadmin');
$this->session()->inst_set('loggedInAs', $subadminuser->ID);
$fields = $page->getCMSFields();
$this->assertFalse(
$fields->dataFieldByName('CanViewType')->isReadonly(),
'Users with SITETREE_GRANT_ACCESS permission can change "view" permissions in cms fields'
);
$this->assertFalse(
$fields->dataFieldByName('CanEditType')->isReadonly(),
'Users with SITETREE_GRANT_ACCESS permission can change "edit" permissions in cms fields'
);
$editoruser = $this->objFromFixture('Member', 'editor');
$this->session()->inst_set('loggedInAs', $editoruser->ID);
$fields = $page->getCMSFields();
$this->assertTrue(
$fields->dataFieldByName('CanViewType')->isReadonly(),
'Users without SITETREE_GRANT_ACCESS permission cannot change "view" permissions in cms fields'
);
$this->assertTrue(
$fields->dataFieldByName('CanEditType')->isReadonly(),
'Users without SITETREE_GRANT_ACCESS permission cannot change "edit" permissions in cms fields'
);
$this->session()->inst_set('loggedInAs', null);
}
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
function testRestrictedViewLoggedInUsers() {
$page = $this->objFromFixture('Page', 'restrictedViewLoggedInUsers');
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// unauthenticated users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$this->assertFalse(
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$page->canView(FALSE),
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
'Unauthenticated members cant view a page marked as "Viewable for any logged in users"'
);
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$this->session()->inst_set('loggedInAs', null);
$response = $this->get($page->URLSegment);
$this->assertEquals(
$response->getStatusCode(),
MINOR merged branches/2.3 into trunk git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@67465 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-12-04 23:38:32 +01:00
302,
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
'Unauthenticated members cant view a page marked as "Viewable for any logged in users"'
);
MINOR Added SiteTreePermissionsTest->testRestrictedEditLoggedInUsersDeletedFromStage(), which verifies that previous fixes in r85335 and r85336 apply the correct permissions git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85338 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 08:56:13 +02:00
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// website users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$websiteuser = $this->objFromFixture('Member', 'websiteuser');
$this->assertTrue(
$page->canView($websiteuser),
'Authenticated members can view a page marked as "Viewable for any logged in users" even if they dont have access to the CMS'
);
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$this->session()->inst_set('loggedInAs', $websiteuser->ID);
$response = $this->get($page->URLSegment);
$this->assertEquals(
$response->getStatusCode(),
200,
'Authenticated members can view a page marked as "Viewable for any logged in users" even if they dont have access to the CMS'
);
$this->session()->inst_set('loggedInAs', null);
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
}
function testRestrictedViewOnlyTheseUsers() {
$page = $this->objFromFixture('Page', 'restrictedViewOnlyWebsiteUsers');
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// unauthenticcated users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$this->assertFalse(
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$page->canView(FALSE),
'Unauthenticated members cant view a page marked as "Viewable by these groups"'
);
$this->session()->inst_set('loggedInAs', null);
$response = $this->get($page->URLSegment);
$this->assertEquals(
$response->getStatusCode(),
MINOR merged branches/2.3 into trunk git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@67465 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-12-04 23:38:32 +01:00
302,
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
'Unauthenticated members cant view a page marked as "Viewable by these groups"'
);
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// subadmin users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$subadminuser = $this->objFromFixture('Member', 'subadmin');
$this->assertFalse(
$page->canView($subadminuser),
'Authenticated members cant view a page marked as "Viewable by these groups" if theyre not in the listed groups'
);
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$this->session()->inst_set('loggedInAs', $subadminuser->ID);
$response = $this->get($page->URLSegment);
$this->assertEquals(
$response->getStatusCode(),
ENHANCEMENT: If you are logged in and Security::permissionFailure() is called, just return a 403 git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@81430 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-07-09 05:20:32 +02:00
403,
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
'Authenticated members cant view a page marked as "Viewable by these groups" if theyre not in the listed groups'
);
$this->session()->inst_set('loggedInAs', null);
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// website users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$websiteuser = $this->objFromFixture('Member', 'websiteuser');
$this->assertTrue(
$page->canView($websiteuser),
'Authenticated members can view a page marked as "Viewable by these groups" if theyre in the listed groups'
);
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$this->session()->inst_set('loggedInAs', $websiteuser->ID);
$response = $this->get($page->URLSegment);
$this->assertEquals(
$response->getStatusCode(),
200,
'Authenticated members can view a page marked as "Viewable by these groups" if theyre in the listed groups'
);
$this->session()->inst_set('loggedInAs', null);
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
}
function testRestrictedEditLoggedInUsers() {
$page = $this->objFromFixture('Page', 'restrictedEditLoggedInUsers');
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// unauthenticcated users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$this->assertFalse(
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$page->canEdit(FALSE),
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
'Unauthenticated members cant edit a page marked as "Editable by logged in users"'
);
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// website users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$websiteuser = $this->objFromFixture('Member', 'websiteuser');
$websiteuser->logIn();
$this->assertFalse(
$page->canEdit($websiteuser),
'Authenticated members cant edit a page marked as "Editable by logged in users" if they dont have cms permissions'
);
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// subadmin users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$subadminuser = $this->objFromFixture('Member', 'subadmin');
$this->assertTrue(
$page->canEdit($subadminuser),
'Authenticated members can edit a page marked as "Editable by logged in users" if they have cms permissions and belong to any of these groups'
);
}
function testRestrictedEditOnlySubadminGroup() {
$page = $this->objFromFixture('Page', 'restrictedEditOnlySubadminGroup');
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// unauthenticated users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$this->assertFalse(
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$page->canEdit(FALSE),
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
'Unauthenticated members cant edit a page marked as "Editable by these groups"'
);
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// subadmin users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$subadminuser = $this->objFromFixture('Member', 'subadmin');
$this->assertTrue(
$page->canEdit($subadminuser),
'Authenticated members can view a page marked as "Editable by these groups" if theyre in the listed groups'
);
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// website users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$websiteuser = $this->objFromFixture('Member', 'websiteuser');
$this->assertFalse(
$page->canEdit($websiteuser),
'Authenticated members cant edit a page marked as "Editable by these groups" if theyre not in the listed groups'
);
}
function testRestrictedViewInheritance() {
$parentPage = $this->objFromFixture('Page', 'parent_restrictedViewOnlySubadminGroup');
$childPage = $this->objFromFixture('Page', 'child_restrictedViewOnlySubadminGroup');
MINOR Added SiteTreePermissionsTest->testRestrictedEditLoggedInUsersDeletedFromStage(), which verifies that previous fixes in r85335 and r85336 apply the correct permissions git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85338 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 08:56:13 +02:00
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// unauthenticated users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$this->assertFalse(
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$childPage->canView(FALSE),
'Unauthenticated members cant view a page marked as "Viewable by these groups" by inherited permission'
);
$this->session()->inst_set('loggedInAs', null);
$response = $this->get($childPage->URLSegment);
$this->assertEquals(
$response->getStatusCode(),
MINOR merged branches/2.3 into trunk git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@67465 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-12-04 23:38:32 +01:00
302,
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
'Unauthenticated members cant view a page marked as "Viewable by these groups" by inherited permission'
);
MINOR Added SiteTreePermissionsTest->testRestrictedEditLoggedInUsersDeletedFromStage(), which verifies that previous fixes in r85335 and r85336 apply the correct permissions git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85338 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 08:56:13 +02:00
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// subadmin users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$subadminuser = $this->objFromFixture('Member', 'subadmin');
$this->assertTrue(
$childPage->canView($subadminuser),
'Authenticated members can view a page marked as "Viewable by these groups" if theyre in the listed groups by inherited permission'
);
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$this->session()->inst_set('loggedInAs', $subadminuser->ID);
$response = $this->get($childPage->URLSegment);
$this->assertEquals(
$response->getStatusCode(),
200,
'Authenticated members can view a page marked as "Viewable by these groups" if theyre in the listed groups by inherited permission'
);
$this->session()->inst_set('loggedInAs', null);
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
}
function testRestrictedEditInheritance() {
$parentPage = $this->objFromFixture('Page', 'parent_restrictedEditOnlySubadminGroup');
$childPage = $this->objFromFixture('Page', 'child_restrictedEditOnlySubadminGroup');
MINOR Added SiteTreePermissionsTest->testRestrictedEditLoggedInUsersDeletedFromStage(), which verifies that previous fixes in r85335 and r85336 apply the correct permissions git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85338 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 08:56:13 +02:00
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// unauthenticated users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$this->assertFalse(
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$childPage->canEdit(FALSE),
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
'Unauthenticated members cant edit a page marked as "Editable by these groups" by inherited permission'
);
MINOR Added SiteTreePermissionsTest->testRestrictedEditLoggedInUsersDeletedFromStage(), which verifies that previous fixes in r85335 and r85336 apply the correct permissions git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85338 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 08:56:13 +02:00
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// subadmin users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$subadminuser = $this->objFromFixture('Member', 'subadmin');
$this->assertTrue(
$childPage->canEdit($subadminuser),
'Authenticated members can edit a page marked as "Editable by these groups" if theyre in the listed groups by inherited permission'
);
}
function testDeleteRestrictedChild() {
$parentPage = $this->objFromFixture('Page', 'deleteTestParentPage');
$childPage = $this->objFromFixture('Page', 'deleteTestChildPage');
MINOR Added SiteTreePermissionsTest->testRestrictedEditLoggedInUsersDeletedFromStage(), which verifies that previous fixes in r85335 and r85336 apply the correct permissions git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85338 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 08:56:13 +02:00
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
// unauthenticated users
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
$this->assertFalse(
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$parentPage->canDelete(FALSE),
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
'Unauthenticated members cant delete a page if it doesnt have delete permissions on any of its descendants'
);
$this->assertFalse(
BUGFIX Fixed SiteTreePermissionsTest checking for logged-in users (was using Member->logIn() instead of setting "loggedInAs" on test session) ENHANCEMENT Added FunctionalTest HTTP GET checks for SiteTreePermissionsTest to check that canView() permissions are actually enforced over HTTP git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66681 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 23:36:23 +01:00
$childPage->canDelete(FALSE),
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
'Unauthenticated members cant delete a child page marked as "Editable by these groups"'
);
}
MINOR Added SiteTreePermissionsTest->testRestrictedEditLoggedInUsersDeletedFromStage(), which verifies that previous fixes in r85335 and r85336 apply the correct permissions git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85338 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 08:56:13 +02:00
function testRestrictedEditLoggedInUsersDeletedFromStage() {
$page = $this->objFromFixture('Page', 'restrictedEditLoggedInUsers');
$pageID = $page->ID;
$page->doPublish();
$page->deleteFromStage('Stage');
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
MINOR Added SiteTreePermissionsTest->testRestrictedEditLoggedInUsersDeletedFromStage(), which verifies that previous fixes in r85335 and r85336 apply the correct permissions git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85338 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-27 08:56:13 +02:00
// Get the live version of the page
$page = Versioned::get_one_by_stage("SiteTree", "Live", "\"SiteTree\".ID = $pageID");
// subadmin users
$subadminuser = $this->objFromFixture('Member', 'subadmin');
$this->assertTrue(
$page->canEdit($subadminuser),
'Authenticated members can edit a page that was deleted from stage and marked as "Editable by logged in users" if they have cms permissions and belong to any of these groups'
);
}
API CHANGE Changed SiteTree->Viewers to SiteTree->CanViewType, Changed SiteTree->Editors to SiteTree->CanEditType (see #2847) API CHANGE Changed SiteTree->ViewersGroup has_one relationship to SiteTree->ViewerGroups has_many relationship (see #2847) API CHANGE Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847) ENHANCEMENT Added 'Inherit' flag to SiteTree->CanViewType and SiteTree->CanEditType (see #2419) ENHANCEMENT Added unit tests for SiteTree permissions BUGFIX Checking recursively for permissions on children with SiteTree->canDelete() BUGFIX Disallow SiteTree->canEdit() if SiteTree->canView() is not granted Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65150 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 15:52:35 +01:00
}
?>
Reference in New Issue Copy Permalink