BUGFIX #4686 Fixed $member non-object error, and decorated checks from not working in Member::canView(), Member::canEdit() and Member::canDelete()

MINOR Added additional tests to MemberTest (from r94358)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95601 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sean Harvey 2009-12-16 05:39:39 +00:00
parent eb25344862
commit 35628832d6
3 changed files with 101 additions and 5 deletions

View File

@ -972,10 +972,13 @@ class Member extends DataObject {
// decorated access checks
$results = $this->extend('canView', $member);
if($results && is_array($results)) if(!min($results)) return false;
if($results && is_array($results)) {
if(!min($results)) return false;
else return true;
}
// members can usually edit their own record
if($this->ID == $member->ID) return true;
if($member && $this->ID == $member->ID) return true;
if(
Permission::checkMember($member, 'ADMIN')
@ -996,7 +999,10 @@ class Member extends DataObject {
// decorated access checks
$results = $this->extend('canEdit', $member);
if($results && is_array($results)) if(!min($results)) return false;
if($results && is_array($results)) {
if(!min($results)) return false;
else return true;
}
// No member found
if(!($member && $member->exists())) return false;
@ -1013,7 +1019,10 @@ class Member extends DataObject {
// decorated access checks
$results = $this->extend('canDelete', $member);
if($results && is_array($results)) if(!min($results)) return false;
if($results && is_array($results)) {
if(!min($results)) return false;
else return true;
}
// No member found
if(!($member && $member->exists())) return false;

View File

@ -3,7 +3,7 @@
* @package sapphire
* @subpackage tests
*/
class MemberTest extends SapphireTest {
class MemberTest extends FunctionalTest {
static $fixture_file = 'sapphire/tests/security/MemberTest.yml';
function setUp() {
@ -300,4 +300,83 @@ class MemberTest extends SapphireTest {
'Non-existant group returns false'
);
}
/**
* Tests that the user is able to view their own record, and in turn, they can
* edit and delete their own record too.
*/
public function testCanManipulateOwnRecord() {
$extensions = $this->removeExtensions(Object::get_extensions('Member'));
$member = $this->objFromFixture('Member', 'test');
$member2 = $this->objFromFixture('Member', 'staffmember');
$this->session()->inst_set('loggedInAs', null);
/* Not logged in, you can't view, delete or edit the record */
$this->assertFalse($member->canView());
$this->assertFalse($member->canDelete());
$this->assertFalse($member->canEdit());
/* Logged in users can edit their own record */
$this->session()->inst_set('loggedInAs', $member->ID);
$this->assertTrue($member->canView());
$this->assertTrue($member->canDelete());
$this->assertTrue($member->canEdit());
/* Other uses cannot view, delete or edit others records */
$this->session()->inst_set('loggedInAs', $member2->ID);
$this->assertFalse($member->canView());
$this->assertFalse($member->canDelete());
$this->assertFalse($member->canEdit());
$this->addExtensions($extensions);
$this->session()->inst_set('loggedInAs', null);
}
public function testAuthorisedMembersCanManipulateOthersRecords() {
$extensions = $this->removeExtensions(Object::get_extensions('Member'));
$member = $this->objFromFixture('Member', 'test');
$member2 = $this->objFromFixture('Member', 'staffmember');
/* Group members with SecurityAdmin permissions can manipulate other records */
$this->session()->inst_set('loggedInAs', $member->ID);
$this->assertTrue($member2->canView());
$this->assertTrue($member2->canDelete());
$this->assertTrue($member2->canEdit());
$this->addExtensions($extensions);
$this->session()->inst_set('loggedInAs', null);
}
/**
* Add the given array of member extensions as class names.
* This is useful for re-adding extensions after being removed
* in a test case to produce an unbiased test.
*
* @param array $extensions
* @return array The added extensions
*/
protected function addExtensions($extensions) {
if($extensions) foreach($extensions as $extension) {
Object::add_extension('Member', $extension);
}
return $extensions;
}
/**
* Remove given extensions from Member. This is useful for
* removing extensions that could produce a biased
* test result, as some extensions applied by project
* code or modules can do this.
*
* @param array $extensions
* @return array The removed extensions
*/
protected function removeExtensions($extensions) {
if($extensions) foreach($extensions as $extension) {
Object::remove_extension('Member', $extension);
}
return $extensions;
}
}

View File

@ -1,4 +1,11 @@
Permission:
security-admin:
Code: CMS_ACCESS_SecurityAdmin
Group:
securityadminsgroup:
Title: securityadminsgroup
Code: securityadminsgroup
Permissions: =>Permission.security-admin
staffgroup:
Title: staffgroup
Code: staffgroup
@ -21,6 +28,7 @@ Member:
Email: sam@silverstripe.com
Password: 1nitialPassword
PasswordExpiry: 2030-01-01
Groups: =>Group.securityadminsgroup
expiredpassword:
FirstName: Test
Surname: User