mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #10330 from creative-commoners/pulls/4.9/permissions-repeated-records
ENH Replace record in Permission Table if GroupID already exist
This commit is contained in:
commit
07aae0e56a
@ -392,9 +392,16 @@ class Permission extends DataObject implements TemplateGlobalProvider, Resettabl
|
|||||||
*/
|
*/
|
||||||
public static function grant($groupID, $code, $arg = "any")
|
public static function grant($groupID, $code, $arg = "any")
|
||||||
{
|
{
|
||||||
$perm = new Permission();
|
$permissions = Permission::get()->filter(['GroupID' => $groupID, 'Code' => $code]);
|
||||||
$perm->GroupID = $groupID;
|
|
||||||
$perm->Code = $code;
|
if ($permissions && $permissions->count() > 0) {
|
||||||
|
$perm = $permissions->last();
|
||||||
|
} else {
|
||||||
|
$perm = new Permission();
|
||||||
|
$perm->GroupID = $groupID;
|
||||||
|
$perm->Code = $code;
|
||||||
|
}
|
||||||
|
|
||||||
$perm->Type = self::GRANT_PERMISSION;
|
$perm->Type = self::GRANT_PERMISSION;
|
||||||
|
|
||||||
// Arg component
|
// Arg component
|
||||||
@ -427,9 +434,16 @@ class Permission extends DataObject implements TemplateGlobalProvider, Resettabl
|
|||||||
*/
|
*/
|
||||||
public static function deny($groupID, $code, $arg = "any")
|
public static function deny($groupID, $code, $arg = "any")
|
||||||
{
|
{
|
||||||
$perm = new Permission();
|
$permissions = Permission::get()->filter(['GroupID' => $groupID, 'Code' => $code]);
|
||||||
$perm->GroupID = $groupID;
|
|
||||||
$perm->Code = $code;
|
if ($permissions && $permissions->count() > 0) {
|
||||||
|
$perm = $permissions->last();
|
||||||
|
} else {
|
||||||
|
$perm = new Permission();
|
||||||
|
$perm->GroupID = $groupID;
|
||||||
|
$perm->Code = $code;
|
||||||
|
}
|
||||||
|
|
||||||
$perm->Type = self::DENY_PERMISSION;
|
$perm->Type = self::DENY_PERMISSION;
|
||||||
|
|
||||||
// Arg component
|
// Arg component
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
namespace SilverStripe\Security\Tests;
|
namespace SilverStripe\Security\Tests;
|
||||||
|
|
||||||
use SilverStripe\Security\Permission;
|
use SilverStripe\Security\Permission;
|
||||||
|
use SilverStripe\Security\Group;
|
||||||
use SilverStripe\Security\Member;
|
use SilverStripe\Security\Member;
|
||||||
use SilverStripe\Security\PermissionCheckboxSetField;
|
use SilverStripe\Security\PermissionCheckboxSetField;
|
||||||
use SilverStripe\Core\Config\Config;
|
use SilverStripe\Core\Config\Config;
|
||||||
@ -163,4 +164,124 @@ class PermissionTest extends SapphireTest
|
|||||||
$this->assertFalse(Permission::checkMember($member, 'ADMIN'));
|
$this->assertFalse(Permission::checkMember($member, 'ADMIN'));
|
||||||
$this->assertFalse(Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain'));
|
$this->assertFalse(Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testGrantPermission()
|
||||||
|
{
|
||||||
|
$group = $this->objFromFixture(Group::class, 'testpermissiongroup');
|
||||||
|
$id = $group->ID;
|
||||||
|
|
||||||
|
Permission::grant($id, 'CMS_ACCESS_CMSMain');
|
||||||
|
Permission::grant($id, 'CMS_ACCESS_AssetAdmin');
|
||||||
|
Permission::grant($id, 'CMS_ACCESS_ReportAdmin');
|
||||||
|
|
||||||
|
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||||
|
|
||||||
|
$this->assertEquals(3, $groupPermission->count());
|
||||||
|
$this->assertEquals(0, $groupPermission->first()->Arg);
|
||||||
|
$this->assertEquals(1, $groupPermission->first()->Type);
|
||||||
|
|
||||||
|
|
||||||
|
Permission::grant($id, 'CMS_ACCESS_CMSMain', 'all');
|
||||||
|
Permission::grant($id, 'CMS_ACCESS_AssetAdmin', 'all');
|
||||||
|
Permission::grant($id, 'CMS_ACCESS_ReportAdmin', 'all');
|
||||||
|
|
||||||
|
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||||
|
|
||||||
|
$this->assertEquals(3, $groupPermission->count());
|
||||||
|
$this->assertEquals(-1, $groupPermission->first()->Arg);
|
||||||
|
$this->assertEquals(1, $groupPermission->first()->Type);
|
||||||
|
|
||||||
|
Permission::grant($id, 'CMS_ACCESS_CMSMain', 'any');
|
||||||
|
Permission::grant($id, 'CMS_ACCESS_AssetAdmin', 'any');
|
||||||
|
Permission::grant($id, 'CMS_ACCESS_ReportAdmin', 'any');
|
||||||
|
|
||||||
|
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||||
|
|
||||||
|
$this->assertEquals(3, $groupPermission->count());
|
||||||
|
$this->assertEquals(-1, $groupPermission->first()->Arg);
|
||||||
|
$this->assertEquals(1, $groupPermission->first()->Type);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testDenyPermission()
|
||||||
|
{
|
||||||
|
$group = $this->objFromFixture(Group::class, 'testpermissiongroup');
|
||||||
|
$id = $group->ID;
|
||||||
|
|
||||||
|
Permission::deny($id, 'CMS_ACCESS_CMSMain');
|
||||||
|
Permission::deny($id, 'CMS_ACCESS_AssetAdmin');
|
||||||
|
Permission::deny($id, 'CMS_ACCESS_ReportAdmin');
|
||||||
|
|
||||||
|
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||||
|
|
||||||
|
$this->assertEquals(3, $groupPermission->count());
|
||||||
|
$this->assertEquals(0, $groupPermission->first()->Arg);
|
||||||
|
$this->assertEquals(-1, $groupPermission->first()->Type);
|
||||||
|
|
||||||
|
Permission::deny($id, 'CMS_ACCESS_CMSMain', 'all');
|
||||||
|
Permission::deny($id, 'CMS_ACCESS_AssetAdmin', 'all');
|
||||||
|
Permission::deny($id, 'CMS_ACCESS_ReportAdmin', 'all');
|
||||||
|
|
||||||
|
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||||
|
|
||||||
|
$this->assertEquals(3, $groupPermission->count());
|
||||||
|
$this->assertEquals(-1, $groupPermission->first()->Arg);
|
||||||
|
$this->assertEquals(-1, $groupPermission->first()->Type);
|
||||||
|
|
||||||
|
Permission::deny($id, 'CMS_ACCESS_CMSMain', 'any');
|
||||||
|
Permission::deny($id, 'CMS_ACCESS_AssetAdmin', 'any');
|
||||||
|
Permission::deny($id, 'CMS_ACCESS_ReportAdmin', 'any');
|
||||||
|
|
||||||
|
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||||
|
|
||||||
|
$this->assertEquals(3, $groupPermission->count());
|
||||||
|
$this->assertEquals(-1, $groupPermission->first()->Arg);
|
||||||
|
$this->assertEquals(-1, $groupPermission->first()->Type);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testDenyThenGrantPermission()
|
||||||
|
{
|
||||||
|
$member = $this->objFromFixture(Member::class, 'testcmseditormember');
|
||||||
|
$group = $this->objFromFixture(Group::class, 'testcmseditorgroup');
|
||||||
|
$id = $group->ID;
|
||||||
|
|
||||||
|
$this->logInAs($member);
|
||||||
|
|
||||||
|
Permission::grant($id, 'TEST_CMS_EDITOR');
|
||||||
|
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||||
|
|
||||||
|
$this->assertEquals(1, $groupPermission->count());
|
||||||
|
$this->assertEquals(1, $groupPermission->first()->Type);
|
||||||
|
$this->assertTrue(Permission::check('TEST_CMS_EDITOR'));
|
||||||
|
|
||||||
|
Permission::deny($id, 'TEST_CMS_EDITOR');
|
||||||
|
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||||
|
|
||||||
|
$this->assertEquals(1, $groupPermission->count());
|
||||||
|
$this->assertEquals(-1, $groupPermission->last()->Type);
|
||||||
|
$this->assertFalse(Permission::check('TEST_CMS_EDITOR'));
|
||||||
|
|
||||||
|
Permission::grant($id, 'TEST_CMS_EDITOR');
|
||||||
|
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||||
|
|
||||||
|
$this->assertEquals(1, $groupPermission->count());
|
||||||
|
$this->assertEquals(1, $groupPermission->first()->Type);
|
||||||
|
$this->assertTrue(Permission::check('TEST_CMS_EDITOR'));
|
||||||
|
|
||||||
|
Permission::grant($id, 'CMS_ACCESS_AssetAdmin');
|
||||||
|
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||||
|
$this->assertEquals(2, $groupPermission->count());
|
||||||
|
|
||||||
|
$groupPermissionAssetAdmin = Permission::get()->filter(
|
||||||
|
[
|
||||||
|
'GroupID' => $id,
|
||||||
|
'Code' => 'CMS_ACCESS_AssetAdmin',
|
||||||
|
]
|
||||||
|
);
|
||||||
|
$this->assertEquals(1, $groupPermissionAssetAdmin->count());
|
||||||
|
$this->assertEquals(1, $groupPermissionAssetAdmin->first()->Type);
|
||||||
|
|
||||||
|
$this->assertTrue(Permission::check('CMS_ACCESS_AssetAdmin'));
|
||||||
|
|
||||||
|
$this->logOut();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -33,6 +33,10 @@
|
|||||||
FirstName: Left
|
FirstName: Left
|
||||||
Surname: AndMain
|
Surname: AndMain
|
||||||
Email: leftandmain@example.com
|
Email: leftandmain@example.com
|
||||||
|
testcmseditormember:
|
||||||
|
FirstName: CMS
|
||||||
|
Surname: Editor
|
||||||
|
Email: testcmseditor@example.com
|
||||||
|
|
||||||
'SilverStripe\Security\Group':
|
'SilverStripe\Security\Group':
|
||||||
author:
|
author:
|
||||||
@ -50,6 +54,14 @@
|
|||||||
leftandmain:
|
leftandmain:
|
||||||
Title: LeftAndMain
|
Title: LeftAndMain
|
||||||
Members: '=>SilverStripe\Security\Member.leftandmain'
|
Members: '=>SilverStripe\Security\Member.leftandmain'
|
||||||
|
cmsmaingroup:
|
||||||
|
Title: CMSMain
|
||||||
|
Members: '=>SilverStripe\Security\Member.testcmseditormember'
|
||||||
|
testpermissiongroup:
|
||||||
|
Title: TestPermissionGroup
|
||||||
|
testcmseditorgroup:
|
||||||
|
Title: TestCMSEditor
|
||||||
|
Members: '=>SilverStripe\Security\Member.testcmseditormember'
|
||||||
|
|
||||||
'SilverStripe\Security\Permission':
|
'SilverStripe\Security\Permission':
|
||||||
extra1:
|
extra1:
|
||||||
@ -61,3 +73,9 @@
|
|||||||
leftandmain:
|
leftandmain:
|
||||||
Code: CMS_ACCESS_LeftAndMain
|
Code: CMS_ACCESS_LeftAndMain
|
||||||
Group: '=>SilverStripe\Security\Group.leftandmain'
|
Group: '=>SilverStripe\Security\Group.leftandmain'
|
||||||
|
cmsmain:
|
||||||
|
Code: CMS_ACCESS_CMSMain
|
||||||
|
Group: '=>SilverStripe\Security\Group.cmsmaingroup'
|
||||||
|
testcmseditor:
|
||||||
|
Code: TEST_CMS_EDITOR
|
||||||
|
Group: '=>SilverStripe\Security\Group.testcmseditorgroup'
|
||||||
|
Loading…
Reference in New Issue
Block a user