mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #603 from willrossi/trac7296
FIX: ensure permissions_for_member() accounts for denied permissions
This commit is contained in:
Ingo Schommer
commit
4b9ccabcf6
@ -230,15 +230,16 @@ class Permission extends DataObject implements TemplateGlobalProvider {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all the 'any' permission codes available to the given member.
|
* Get all the 'any' permission codes available to the given member.
|
||||||
* @return array();
|
*
|
||||||
|
* @return array
|
||||||
*/
|
*/
|
||||||
public static function permissions_for_member($memberID) {
|
public static function permissions_for_member($memberID) {
|
||||||
$groupList = self::groupList($memberID);
|
$groupList = self::groupList($memberID);
|
||||||
|
|
||||||
if($groupList) {
|
if($groupList) {
|
||||||
$groupCSV = implode(", ", $groupList);
|
$groupCSV = implode(", ", $groupList);
|
||||||
|
|
||||||
// Raw SQL for efficiency
|
$allowed = array_unique(DB::query("
|
||||||
return array_unique(DB::query("
|
|
||||||
SELECT \"Code\"
|
SELECT \"Code\"
|
||||||
FROM \"Permission\"
|
FROM \"Permission\"
|
||||||
WHERE \"Type\" = " . self::GRANT_PERMISSION . " AND \"GroupID\" IN ($groupCSV)
|
WHERE \"Type\" = " . self::GRANT_PERMISSION . " AND \"GroupID\" IN ($groupCSV)
|
||||||
@ -252,9 +253,16 @@ class Permission extends DataObject implements TemplateGlobalProvider {
|
|||||||
WHERE \"GroupID\" IN ($groupCSV)
|
WHERE \"GroupID\" IN ($groupCSV)
|
||||||
")->column());
|
")->column());
|
||||||
|
|
||||||
} else {
|
$denied = array_unique(DB::query("
|
||||||
return array();
|
SELECT \"Code\"
|
||||||
|
FROM \"Permission\"
|
||||||
|
WHERE \"Type\" = " . self::DENY_PERMISSION . " AND \"GroupID\" IN ($groupCSV)
|
||||||
|
")->column());
|
||||||
|
|
||||||
|
return array_diff($allowed, $denied);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return array();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,11 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @package framework
|
||||||
|
* @subpackage tests
|
||||||
|
*/
|
||||||
class PermissionTest extends SapphireTest {
|
class PermissionTest extends SapphireTest {
|
||||||
|
|
||||||
static $fixture_file = 'PermissionTest.yml';
|
static $fixture_file = 'PermissionTest.yml';
|
||||||
|
|
||||||
function testGetCodesGrouped() {
|
function testGetCodesGrouped() {
|
||||||
@ -34,6 +39,23 @@ class PermissionTest extends SapphireTest {
|
|||||||
$this->assertFalse(Permission::checkMember($member, "SITETREE_VIEW_ALL"));
|
$this->assertFalse(Permission::checkMember($member, "SITETREE_VIEW_ALL"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testPermissionsForMember() {
|
||||||
|
$member = $this->objFromFixture('Member', 'access');
|
||||||
|
$permissions = Permission::permissions_for_member($member->ID);
|
||||||
|
$this->assertEquals(4, count($permissions));
|
||||||
|
$this->assertTrue(in_array('CMS_ACCESS_MyAdmin', $permissions));
|
||||||
|
$this->assertTrue(in_array('CMS_ACCESS_AssetAdmin', $permissions));
|
||||||
|
$this->assertTrue(in_array('CMS_ACCESS_SecurityAdmin', $permissions));
|
||||||
|
$this->assertTrue(in_array('EDIT_PERMISSIONS', $permissions));
|
||||||
|
|
||||||
|
$group = $this->objFromFixture("Group", "access");
|
||||||
|
|
||||||
|
Permission::deny($group->ID, "CMS_ACCESS_MyAdmin");
|
||||||
|
$permissions = Permission::permissions_for_member($member->ID);
|
||||||
|
$this->assertEquals(3, count($permissions));
|
||||||
|
$this->assertFalse(in_array('CMS_ACCESS_MyAdmin', $permissions));
|
||||||
|
}
|
||||||
|
|
||||||
function testRolesAndPermissionsFromParentGroupsAreInherited() {
|
function testRolesAndPermissionsFromParentGroupsAreInherited() {
|
||||||
$member = $this->objFromFixture('Member', 'globalauthor');
|
$member = $this->objFromFixture('Member', 'globalauthor');
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user