mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge branch '3.4' into 3
This commit is contained in:
commit
391161208e
@ -179,7 +179,7 @@ jQuery.noConflict();
|
||||
var msg = (xhr.getResponseHeader('X-Status')) ? xhr.getResponseHeader('X-Status') : xhr.statusText,
|
||||
reathenticate = xhr.getResponseHeader('X-Reauthenticate'),
|
||||
msgType = (xhr.status < 200 || xhr.status > 399) ? 'bad' : 'good',
|
||||
ignoredMessages = ['OK', 'success'];
|
||||
ignoredMessages = ['OK', 'success', 'HTTP/2.0 200'];
|
||||
|
||||
// Enable reauthenticate dialog if requested
|
||||
if(reathenticate) {
|
||||
|
@ -416,7 +416,8 @@ class Form extends RequestHandler {
|
||||
$this->controller->hasMethod($funcName)
|
||||
&& !$this->controller->checkAccessAction($funcName)
|
||||
// If a button exists, allow it on the controller
|
||||
&& !$this->actions->dataFieldByName('action_' . $funcName)
|
||||
// buttonClicked() validates that the action set above is valid
|
||||
&& !$this->buttonClicked()
|
||||
) {
|
||||
return $this->httpError(
|
||||
403,
|
||||
@ -475,16 +476,28 @@ class Form extends RequestHandler {
|
||||
* @return bool
|
||||
*/
|
||||
public function checkAccessAction($action) {
|
||||
return (
|
||||
parent::checkAccessAction($action)
|
||||
// Always allow actions which map to buttons. See httpSubmission() for further access checks.
|
||||
|| $this->actions->dataFieldByName('action_' . $action)
|
||||
// Always allow actions on fields
|
||||
|| (
|
||||
$field = $this->checkFieldsForAction($this->Fields(), $action)
|
||||
&& $field->checkAccessAction($action)
|
||||
)
|
||||
);
|
||||
if (parent::checkAccessAction($action)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Always allow actions which map to buttons. See httpSubmission() for further access checks.
|
||||
$fields = $this->fields->dataFields() ?: array();
|
||||
$actions = $this->actions->dataFields() ?: array();
|
||||
|
||||
$fieldsAndActions = array_merge($fields, $actions);
|
||||
foreach ($fieldsAndActions as $fieldOrAction) {
|
||||
if ($fieldOrAction instanceof FormAction && $fieldOrAction->actionName() === $action) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
// Always allow actions on fields
|
||||
$field = $this->checkFieldsForAction($this->Fields(), $action);
|
||||
if ($field && $field->checkAccessAction($action)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1635,11 +1648,21 @@ class Form extends RequestHandler {
|
||||
* @return FormAction
|
||||
*/
|
||||
public function buttonClicked() {
|
||||
foreach($this->actions->dataFields() as $action) {
|
||||
if($action->hasMethod('actionname') && $this->buttonClickedFunc == $action->actionName()) {
|
||||
return $action;
|
||||
$fields = $this->fields->dataFields() ?: array();
|
||||
$actions = $this->actions->dataFields() ?: array();
|
||||
|
||||
if(!$actions && !$fields) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$fieldsAndActions = array_merge($fields, $actions);
|
||||
foreach ($fieldsAndActions as $fieldOrAction) {
|
||||
if ($fieldOrAction instanceof FormAction && $this->buttonClickedFunc === $fieldOrAction->actionName()) {
|
||||
return $fieldOrAction;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1651,7 +1674,7 @@ class Form extends RequestHandler {
|
||||
public function defaultAction() {
|
||||
if($this->hasDefaultAction && $this->actions) {
|
||||
return $this->actions->First();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -565,6 +565,60 @@ class FormTest extends FunctionalTest {
|
||||
$this->assertEquals('bar', $attrs['foo']);
|
||||
}
|
||||
|
||||
public function testButtonClicked() {
|
||||
$form = $this->getStubForm();
|
||||
$action = $form->buttonClicked();
|
||||
$this->assertNull($action);
|
||||
|
||||
$controller = new FormTest_Controller();
|
||||
$form = $controller->Form();
|
||||
$request = new SS_HTTPRequest('POST', 'FormTest_Controller/Form', array(), array(
|
||||
'Email' => 'test@test.com',
|
||||
'SomeRequiredField' => 1,
|
||||
'action_doSubmit' => 1
|
||||
));
|
||||
|
||||
$form->httpSubmission($request);
|
||||
$button = $form->buttonClicked();
|
||||
$this->assertInstanceOf('FormAction', $button);
|
||||
$this->assertEquals('doSubmit', $button->actionName());
|
||||
|
||||
$form = new Form(
|
||||
$controller,
|
||||
'Form',
|
||||
new FieldList(new FormAction('doSubmit', 'Inline action')),
|
||||
new FieldList()
|
||||
);
|
||||
$form->disableSecurityToken();
|
||||
$request = new SS_HTTPRequest('POST', 'FormTest_Controller/Form', array(), array(
|
||||
'action_doSubmit' => 1
|
||||
));
|
||||
|
||||
$form->httpSubmission($request);
|
||||
$button = $form->buttonClicked();
|
||||
$this->assertInstanceOf('FormAction', $button);
|
||||
$this->assertEquals('doSubmit', $button->actionName());
|
||||
}
|
||||
|
||||
public function testCheckAccessAction() {
|
||||
$controller = new FormTest_Controller();
|
||||
$form = new Form(
|
||||
$controller,
|
||||
'Form',
|
||||
new FieldList(),
|
||||
new FieldList(new FormAction('actionName', 'Action'))
|
||||
);
|
||||
$this->assertTrue($form->checkAccessAction('actionName'));
|
||||
|
||||
$form = new Form(
|
||||
$controller,
|
||||
'Form',
|
||||
new FieldList(new FormAction('inlineAction', 'Inline action')),
|
||||
new FieldList()
|
||||
);
|
||||
$this->assertTrue($form->checkAccessAction('inlineAction'));
|
||||
}
|
||||
|
||||
public function testAttributesHTML() {
|
||||
$form = $this->getStubForm();
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user