Merge branch '3.3' into 3.4

This commit is contained in:
Loz Calver 2016-07-15 14:34:18 +01:00
commit 44d7919496
No known key found for this signature in database
GPG Key ID: F91FFC2D7E0CAEDB
3 changed files with 93 additions and 16 deletions

View File

@ -179,7 +179,7 @@ jQuery.noConflict();
var msg = (xhr.getResponseHeader('X-Status')) ? xhr.getResponseHeader('X-Status') : xhr.statusText,
reathenticate = xhr.getResponseHeader('X-Reauthenticate'),
msgType = (xhr.status < 200 || xhr.status > 399) ? 'bad' : 'good',
ignoredMessages = ['OK', 'success'];
ignoredMessages = ['OK', 'success', 'HTTP/2.0 200'];
// Enable reauthenticate dialog if requested
if(reathenticate) {

View File

@ -416,7 +416,8 @@ class Form extends RequestHandler {
$this->controller->hasMethod($funcName)
&& !$this->controller->checkAccessAction($funcName)
// If a button exists, allow it on the controller
&& !$this->actions->dataFieldByName('action_' . $funcName)
// buttonClicked() validates that the action set above is valid
&& !$this->buttonClicked()
) {
return $this->httpError(
403,
@ -475,16 +476,28 @@ class Form extends RequestHandler {
* @return bool
*/
public function checkAccessAction($action) {
return (
parent::checkAccessAction($action)
// Always allow actions which map to buttons. See httpSubmission() for further access checks.
|| $this->actions->dataFieldByName('action_' . $action)
// Always allow actions on fields
|| (
$field = $this->checkFieldsForAction($this->Fields(), $action)
&& $field->checkAccessAction($action)
)
);
if (parent::checkAccessAction($action)) {
return true;
}
// Always allow actions which map to buttons. See httpSubmission() for further access checks.
$fields = $this->fields->dataFields() ?: array();
$actions = $this->actions->dataFields() ?: array();
$fieldsAndActions = array_merge($fields, $actions);
foreach ($fieldsAndActions as $fieldOrAction) {
if ($fieldOrAction instanceof FormAction && $fieldOrAction->actionName() === $action) {
return true;
}
}
// Always allow actions on fields
$field = $this->checkFieldsForAction($this->Fields(), $action);
if ($field && $field->checkAccessAction($action)) {
return true;
}
return false;
}
/**
@ -1635,11 +1648,21 @@ class Form extends RequestHandler {
* @return FormAction
*/
public function buttonClicked() {
foreach($this->actions->dataFields() as $action) {
if($action->hasMethod('actionname') && $this->buttonClickedFunc == $action->actionName()) {
return $action;
$fields = $this->fields->dataFields() ?: array();
$actions = $this->actions->dataFields() ?: array();
if(!$actions && !$fields) {
return null;
}
$fieldsAndActions = array_merge($fields, $actions);
foreach ($fieldsAndActions as $fieldOrAction) {
if ($fieldOrAction instanceof FormAction && $this->buttonClickedFunc === $fieldOrAction->actionName()) {
return $fieldOrAction;
}
}
return null;
}
/**
@ -1651,7 +1674,7 @@ class Form extends RequestHandler {
public function defaultAction() {
if($this->hasDefaultAction && $this->actions) {
return $this->actions->First();
}
}
}
/**

View File

@ -565,6 +565,60 @@ class FormTest extends FunctionalTest {
$this->assertEquals('bar', $attrs['foo']);
}
public function testButtonClicked() {
$form = $this->getStubForm();
$action = $form->buttonClicked();
$this->assertNull($action);
$controller = new FormTest_Controller();
$form = $controller->Form();
$request = new SS_HTTPRequest('POST', 'FormTest_Controller/Form', array(), array(
'Email' => 'test@test.com',
'SomeRequiredField' => 1,
'action_doSubmit' => 1
));
$form->httpSubmission($request);
$button = $form->buttonClicked();
$this->assertInstanceOf('FormAction', $button);
$this->assertEquals('doSubmit', $button->actionName());
$form = new Form(
$controller,
'Form',
new FieldList(new FormAction('doSubmit', 'Inline action')),
new FieldList()
);
$form->disableSecurityToken();
$request = new SS_HTTPRequest('POST', 'FormTest_Controller/Form', array(), array(
'action_doSubmit' => 1
));
$form->httpSubmission($request);
$button = $form->buttonClicked();
$this->assertInstanceOf('FormAction', $button);
$this->assertEquals('doSubmit', $button->actionName());
}
public function testCheckAccessAction() {
$controller = new FormTest_Controller();
$form = new Form(
$controller,
'Form',
new FieldList(),
new FieldList(new FormAction('actionName', 'Action'))
);
$this->assertTrue($form->checkAccessAction('actionName'));
$form = new Form(
$controller,
'Form',
new FieldList(new FormAction('inlineAction', 'Inline action')),
new FieldList()
);
$this->assertTrue($form->checkAccessAction('inlineAction'));
}
public function testAttributesHTML() {
$form = $this->getStubForm();