Merge pull request #10330 from creative-commoners/pulls/4.9/permissions-repeated-records

ENH Replace record in Permission Table if GroupID already exist
This commit is contained in:
Guy Sartorelli 2022-05-23 18:30:21 +12:00 committed by GitHub
commit 07aae0e56a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 159 additions and 6 deletions

View File

@ -392,9 +392,16 @@ class Permission extends DataObject implements TemplateGlobalProvider, Resettabl
*/ */
public static function grant($groupID, $code, $arg = "any") public static function grant($groupID, $code, $arg = "any")
{ {
$permissions = Permission::get()->filter(['GroupID' => $groupID, 'Code' => $code]);
if ($permissions && $permissions->count() > 0) {
$perm = $permissions->last();
} else {
$perm = new Permission(); $perm = new Permission();
$perm->GroupID = $groupID; $perm->GroupID = $groupID;
$perm->Code = $code; $perm->Code = $code;
}
$perm->Type = self::GRANT_PERMISSION; $perm->Type = self::GRANT_PERMISSION;
// Arg component // Arg component
@ -427,9 +434,16 @@ class Permission extends DataObject implements TemplateGlobalProvider, Resettabl
*/ */
public static function deny($groupID, $code, $arg = "any") public static function deny($groupID, $code, $arg = "any")
{ {
$permissions = Permission::get()->filter(['GroupID' => $groupID, 'Code' => $code]);
if ($permissions && $permissions->count() > 0) {
$perm = $permissions->last();
} else {
$perm = new Permission(); $perm = new Permission();
$perm->GroupID = $groupID; $perm->GroupID = $groupID;
$perm->Code = $code; $perm->Code = $code;
}
$perm->Type = self::DENY_PERMISSION; $perm->Type = self::DENY_PERMISSION;
// Arg component // Arg component

View File

@ -3,6 +3,7 @@
namespace SilverStripe\Security\Tests; namespace SilverStripe\Security\Tests;
use SilverStripe\Security\Permission; use SilverStripe\Security\Permission;
use SilverStripe\Security\Group;
use SilverStripe\Security\Member; use SilverStripe\Security\Member;
use SilverStripe\Security\PermissionCheckboxSetField; use SilverStripe\Security\PermissionCheckboxSetField;
use SilverStripe\Core\Config\Config; use SilverStripe\Core\Config\Config;
@ -163,4 +164,124 @@ class PermissionTest extends SapphireTest
$this->assertFalse(Permission::checkMember($member, 'ADMIN')); $this->assertFalse(Permission::checkMember($member, 'ADMIN'));
$this->assertFalse(Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain')); $this->assertFalse(Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain'));
} }
public function testGrantPermission()
{
$group = $this->objFromFixture(Group::class, 'testpermissiongroup');
$id = $group->ID;
Permission::grant($id, 'CMS_ACCESS_CMSMain');
Permission::grant($id, 'CMS_ACCESS_AssetAdmin');
Permission::grant($id, 'CMS_ACCESS_ReportAdmin');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(3, $groupPermission->count());
$this->assertEquals(0, $groupPermission->first()->Arg);
$this->assertEquals(1, $groupPermission->first()->Type);
Permission::grant($id, 'CMS_ACCESS_CMSMain', 'all');
Permission::grant($id, 'CMS_ACCESS_AssetAdmin', 'all');
Permission::grant($id, 'CMS_ACCESS_ReportAdmin', 'all');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(3, $groupPermission->count());
$this->assertEquals(-1, $groupPermission->first()->Arg);
$this->assertEquals(1, $groupPermission->first()->Type);
Permission::grant($id, 'CMS_ACCESS_CMSMain', 'any');
Permission::grant($id, 'CMS_ACCESS_AssetAdmin', 'any');
Permission::grant($id, 'CMS_ACCESS_ReportAdmin', 'any');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(3, $groupPermission->count());
$this->assertEquals(-1, $groupPermission->first()->Arg);
$this->assertEquals(1, $groupPermission->first()->Type);
}
public function testDenyPermission()
{
$group = $this->objFromFixture(Group::class, 'testpermissiongroup');
$id = $group->ID;
Permission::deny($id, 'CMS_ACCESS_CMSMain');
Permission::deny($id, 'CMS_ACCESS_AssetAdmin');
Permission::deny($id, 'CMS_ACCESS_ReportAdmin');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(3, $groupPermission->count());
$this->assertEquals(0, $groupPermission->first()->Arg);
$this->assertEquals(-1, $groupPermission->first()->Type);
Permission::deny($id, 'CMS_ACCESS_CMSMain', 'all');
Permission::deny($id, 'CMS_ACCESS_AssetAdmin', 'all');
Permission::deny($id, 'CMS_ACCESS_ReportAdmin', 'all');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(3, $groupPermission->count());
$this->assertEquals(-1, $groupPermission->first()->Arg);
$this->assertEquals(-1, $groupPermission->first()->Type);
Permission::deny($id, 'CMS_ACCESS_CMSMain', 'any');
Permission::deny($id, 'CMS_ACCESS_AssetAdmin', 'any');
Permission::deny($id, 'CMS_ACCESS_ReportAdmin', 'any');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(3, $groupPermission->count());
$this->assertEquals(-1, $groupPermission->first()->Arg);
$this->assertEquals(-1, $groupPermission->first()->Type);
}
public function testDenyThenGrantPermission()
{
$member = $this->objFromFixture(Member::class, 'testcmseditormember');
$group = $this->objFromFixture(Group::class, 'testcmseditorgroup');
$id = $group->ID;
$this->logInAs($member);
Permission::grant($id, 'TEST_CMS_EDITOR');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(1, $groupPermission->count());
$this->assertEquals(1, $groupPermission->first()->Type);
$this->assertTrue(Permission::check('TEST_CMS_EDITOR'));
Permission::deny($id, 'TEST_CMS_EDITOR');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(1, $groupPermission->count());
$this->assertEquals(-1, $groupPermission->last()->Type);
$this->assertFalse(Permission::check('TEST_CMS_EDITOR'));
Permission::grant($id, 'TEST_CMS_EDITOR');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(1, $groupPermission->count());
$this->assertEquals(1, $groupPermission->first()->Type);
$this->assertTrue(Permission::check('TEST_CMS_EDITOR'));
Permission::grant($id, 'CMS_ACCESS_AssetAdmin');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(2, $groupPermission->count());
$groupPermissionAssetAdmin = Permission::get()->filter(
[
'GroupID' => $id,
'Code' => 'CMS_ACCESS_AssetAdmin',
]
);
$this->assertEquals(1, $groupPermissionAssetAdmin->count());
$this->assertEquals(1, $groupPermissionAssetAdmin->first()->Type);
$this->assertTrue(Permission::check('CMS_ACCESS_AssetAdmin'));
$this->logOut();
}
} }

View File

@ -33,6 +33,10 @@
FirstName: Left FirstName: Left
Surname: AndMain Surname: AndMain
Email: leftandmain@example.com Email: leftandmain@example.com
testcmseditormember:
FirstName: CMS
Surname: Editor
Email: testcmseditor@example.com
'SilverStripe\Security\Group': 'SilverStripe\Security\Group':
author: author:
@ -50,6 +54,14 @@
leftandmain: leftandmain:
Title: LeftAndMain Title: LeftAndMain
Members: '=>SilverStripe\Security\Member.leftandmain' Members: '=>SilverStripe\Security\Member.leftandmain'
cmsmaingroup:
Title: CMSMain
Members: '=>SilverStripe\Security\Member.testcmseditormember'
testpermissiongroup:
Title: TestPermissionGroup
testcmseditorgroup:
Title: TestCMSEditor
Members: '=>SilverStripe\Security\Member.testcmseditormember'
'SilverStripe\Security\Permission': 'SilverStripe\Security\Permission':
extra1: extra1:
@ -61,3 +73,9 @@
leftandmain: leftandmain:
Code: CMS_ACCESS_LeftAndMain Code: CMS_ACCESS_LeftAndMain
Group: '=>SilverStripe\Security\Group.leftandmain' Group: '=>SilverStripe\Security\Group.leftandmain'
cmsmain:
Code: CMS_ACCESS_CMSMain
Group: '=>SilverStripe\Security\Group.cmsmaingroup'
testcmseditor:
Code: TEST_CMS_EDITOR
Group: '=>SilverStripe\Security\Group.testcmseditorgroup'