tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97480 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-01-25 06:43:23 +00:00 committed by Sam Minnee
parent 51c14227b2
commit 31280ece2c
2 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
security/Security.php
View File

@ -826,6 +826,8 @@ class Security extends Controller {
/** /**
* Checks the database is in a state to perform security checks. * Checks the database is in a state to perform security checks.
* See {@link DatabaseAdmin->init()} for more information.
*
* @return bool * @return bool
*/ */
public static function database_is_ready() { public static function database_is_ready() {
@ -833,10 +835,21 @@ class Security extends Controller {
$requiredTables[] = 'Group'; $requiredTables[] = 'Group';
$requiredTables[] = 'Permission'; $requiredTables[] = 'Permission';
foreach($requiredTables as $table) if(!ClassInfo::hasTable($table)) return false; foreach($requiredTables as $table) {
// if any of the tables aren't created in the database
if(!ClassInfo::hasTable($table)) return false;
return (($permissionFields = DB::fieldList('Permission')) && isset($permissionFields['Type'])) && // if any of the tables don't have all fields mapped as table columns
(($memberFields = DB::fieldList('Member')) && isset($memberFields['RememberLoginToken'])); $dbFields = DB::fieldList($table);
if(!$dbFields) return false;
$objFields = DataObject::database_fields($table);
$missingFields = array_diff_key($objFields, $dbFields);
if($missingFields) return false;
}
return true;
} }
/** /**

13
tests/security/SecurityTest.php
View File

@ -260,6 +260,19 @@ class SecurityTest extends FunctionalTest {
$this->assertEquals($attempt->Email, 'sam@silverstripe.com'); $this->assertEquals($attempt->Email, 'sam@silverstripe.com');
$this->assertEquals($attempt->Member(), $member); $this->assertEquals($attempt->Member(), $member);
} }
function testDatabaseIsReadyWithInsufficientMemberColumns() {
// Assumption: The database has been built correctly by the test runner,
// and has all columns present in the ORM
DB::getConn()->renameField('Member', 'Email', 'Email_renamed');
// Email column is now missing, which means we're not ready to do permission checks
$this->assertFalse(Security::database_is_ready());
// Rebuild the database (which re-adds the Email column), and try again
$this->resetDBSchema(true);
$this->assertTrue(Security::database_is_ready());
}
/** /**
* Execute a log-in form using Director::test(). * Execute a log-in form using Director::test().