mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-29 20:59:23 +02:00
Merge branch '3.3' into 3.4
This commit is contained in:
commit
44d7919496
@ -179,7 +179,7 @@ jQuery.noConflict();
|
|||||||
var msg = (xhr.getResponseHeader('X-Status')) ? xhr.getResponseHeader('X-Status') : xhr.statusText,
|
var msg = (xhr.getResponseHeader('X-Status')) ? xhr.getResponseHeader('X-Status') : xhr.statusText,
|
||||||
reathenticate = xhr.getResponseHeader('X-Reauthenticate'),
|
reathenticate = xhr.getResponseHeader('X-Reauthenticate'),
|
||||||
msgType = (xhr.status < 200 || xhr.status > 399) ? 'bad' : 'good',
|
msgType = (xhr.status < 200 || xhr.status > 399) ? 'bad' : 'good',
|
||||||
ignoredMessages = ['OK', 'success'];
|
ignoredMessages = ['OK', 'success', 'HTTP/2.0 200'];
|
||||||
|
|
||||||
// Enable reauthenticate dialog if requested
|
// Enable reauthenticate dialog if requested
|
||||||
if(reathenticate) {
|
if(reathenticate) {
|
||||||
|
@ -416,7 +416,8 @@ class Form extends RequestHandler {
|
|||||||
$this->controller->hasMethod($funcName)
|
$this->controller->hasMethod($funcName)
|
||||||
&& !$this->controller->checkAccessAction($funcName)
|
&& !$this->controller->checkAccessAction($funcName)
|
||||||
// If a button exists, allow it on the controller
|
// If a button exists, allow it on the controller
|
||||||
&& !$this->actions->dataFieldByName('action_' . $funcName)
|
// buttonClicked() validates that the action set above is valid
|
||||||
|
&& !$this->buttonClicked()
|
||||||
) {
|
) {
|
||||||
return $this->httpError(
|
return $this->httpError(
|
||||||
403,
|
403,
|
||||||
@ -475,16 +476,28 @@ class Form extends RequestHandler {
|
|||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function checkAccessAction($action) {
|
public function checkAccessAction($action) {
|
||||||
return (
|
if (parent::checkAccessAction($action)) {
|
||||||
parent::checkAccessAction($action)
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
// Always allow actions which map to buttons. See httpSubmission() for further access checks.
|
// Always allow actions which map to buttons. See httpSubmission() for further access checks.
|
||||||
|| $this->actions->dataFieldByName('action_' . $action)
|
$fields = $this->fields->dataFields() ?: array();
|
||||||
|
$actions = $this->actions->dataFields() ?: array();
|
||||||
|
|
||||||
|
$fieldsAndActions = array_merge($fields, $actions);
|
||||||
|
foreach ($fieldsAndActions as $fieldOrAction) {
|
||||||
|
if ($fieldOrAction instanceof FormAction && $fieldOrAction->actionName() === $action) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Always allow actions on fields
|
// Always allow actions on fields
|
||||||
|| (
|
$field = $this->checkFieldsForAction($this->Fields(), $action);
|
||||||
$field = $this->checkFieldsForAction($this->Fields(), $action)
|
if ($field && $field->checkAccessAction($action)) {
|
||||||
&& $field->checkAccessAction($action)
|
return true;
|
||||||
)
|
}
|
||||||
);
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -1635,11 +1648,21 @@ class Form extends RequestHandler {
|
|||||||
* @return FormAction
|
* @return FormAction
|
||||||
*/
|
*/
|
||||||
public function buttonClicked() {
|
public function buttonClicked() {
|
||||||
foreach($this->actions->dataFields() as $action) {
|
$fields = $this->fields->dataFields() ?: array();
|
||||||
if($action->hasMethod('actionname') && $this->buttonClickedFunc == $action->actionName()) {
|
$actions = $this->actions->dataFields() ?: array();
|
||||||
return $action;
|
|
||||||
|
if(!$actions && !$fields) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
$fieldsAndActions = array_merge($fields, $actions);
|
||||||
|
foreach ($fieldsAndActions as $fieldOrAction) {
|
||||||
|
if ($fieldOrAction instanceof FormAction && $this->buttonClickedFunc === $fieldOrAction->actionName()) {
|
||||||
|
return $fieldOrAction;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -565,6 +565,60 @@ class FormTest extends FunctionalTest {
|
|||||||
$this->assertEquals('bar', $attrs['foo']);
|
$this->assertEquals('bar', $attrs['foo']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testButtonClicked() {
|
||||||
|
$form = $this->getStubForm();
|
||||||
|
$action = $form->buttonClicked();
|
||||||
|
$this->assertNull($action);
|
||||||
|
|
||||||
|
$controller = new FormTest_Controller();
|
||||||
|
$form = $controller->Form();
|
||||||
|
$request = new SS_HTTPRequest('POST', 'FormTest_Controller/Form', array(), array(
|
||||||
|
'Email' => 'test@test.com',
|
||||||
|
'SomeRequiredField' => 1,
|
||||||
|
'action_doSubmit' => 1
|
||||||
|
));
|
||||||
|
|
||||||
|
$form->httpSubmission($request);
|
||||||
|
$button = $form->buttonClicked();
|
||||||
|
$this->assertInstanceOf('FormAction', $button);
|
||||||
|
$this->assertEquals('doSubmit', $button->actionName());
|
||||||
|
|
||||||
|
$form = new Form(
|
||||||
|
$controller,
|
||||||
|
'Form',
|
||||||
|
new FieldList(new FormAction('doSubmit', 'Inline action')),
|
||||||
|
new FieldList()
|
||||||
|
);
|
||||||
|
$form->disableSecurityToken();
|
||||||
|
$request = new SS_HTTPRequest('POST', 'FormTest_Controller/Form', array(), array(
|
||||||
|
'action_doSubmit' => 1
|
||||||
|
));
|
||||||
|
|
||||||
|
$form->httpSubmission($request);
|
||||||
|
$button = $form->buttonClicked();
|
||||||
|
$this->assertInstanceOf('FormAction', $button);
|
||||||
|
$this->assertEquals('doSubmit', $button->actionName());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testCheckAccessAction() {
|
||||||
|
$controller = new FormTest_Controller();
|
||||||
|
$form = new Form(
|
||||||
|
$controller,
|
||||||
|
'Form',
|
||||||
|
new FieldList(),
|
||||||
|
new FieldList(new FormAction('actionName', 'Action'))
|
||||||
|
);
|
||||||
|
$this->assertTrue($form->checkAccessAction('actionName'));
|
||||||
|
|
||||||
|
$form = new Form(
|
||||||
|
$controller,
|
||||||
|
'Form',
|
||||||
|
new FieldList(new FormAction('inlineAction', 'Inline action')),
|
||||||
|
new FieldList()
|
||||||
|
);
|
||||||
|
$this->assertTrue($form->checkAccessAction('inlineAction'));
|
||||||
|
}
|
||||||
|
|
||||||
public function testAttributesHTML() {
|
public function testAttributesHTML() {
|
||||||
$form = $this->getStubForm();
|
$form = $this->getStubForm();
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user