tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

FIX Members with no ID inherit logged in user permission

Browse Source
This commit is contained in:
Daniel Hensby 2016-01-05 08:16:18 +00:00
parent d63441623a
commit 4335d8ed22
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
security/Permission.php
View File

@ -160,7 +160,11 @@ class Permission extends DataObject implements TemplateGlobalProvider {
if(!$member) {
$memberID = $member = Member::currentUserID();
} else {
$memberID = (is_object($member)) ? $member->ID : $member;
$memberID = (is_object($member)) ? $member->ID : $member;
}
if (!$memberID) {
return false;
}
// Turn the code into an array as we may need to add other permsissions to the set we check

10
tests/security/PermissionTest.php
View File

@ -124,4 +124,14 @@ class PermissionTest extends SapphireTest {
Config::inst()->remove('Permission', 'hidden_permissions');
$this->assertContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field());
}
public function testEmptyMemberFails() {
$member = new Member();
$this->assertFalse($member->exists());
$this->logInWithPermission('ADMIN');
$this->assertFalse(Permission::checkMember($member, 'ADMIN'));
$this->assertFalse(Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain'));
}
}