tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

MERGE merged back a whole bunch of defect fixes from trunk (from r87846)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96712 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2010-01-12 22:48:03 +00:00
parent 5a6131bdde
commit 51a2eeed15
6 changed files with 132 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
core/model/SiteConfig.php
View File

@ -4,18 +4,21 @@
* Sitewide configuration * Sitewide configuration
* *
* @author Tom Rix * @author Tom Rix
* @package cms
*/ */
class SiteConfig extends DataObject implements PermissionProvider { class SiteConfig extends DataObject {
static $db = array( static $db = array(
"Title" => "Varchar(255)", "Title" => "Varchar(255)",
"Tagline" => "Varchar(255)", "Tagline" => "Varchar(255)",
"CanViewType" => "Enum('Anyone, LoggedInUsers, OnlyTheseUsers', 'Anyone')", "CanViewType" => "Enum('Anyone, LoggedInUsers, OnlyTheseUsers', 'Anyone')",
"CanEditType" => "Enum('LoggedInUsers, OnlyTheseUsers', 'LoggedInUsers')" "CanEditType" => "Enum('LoggedInUsers, OnlyTheseUsers', 'LoggedInUsers')",
"CanCreateTopLevelType" => "Enum('LoggedInUsers, OnlyTheseUsers', 'LoggedInUsers')",
); );
static $many_many = array( static $many_many = array(
"ViewerGroups" => "Group", "ViewerGroups" => "Group",
"EditorGroups" => "Group" "EditorGroups" => "Group",
"CreateTopLevelGroups" => "Group"
); );
/** /**
@ -28,16 +31,19 @@ class SiteConfig extends DataObject implements PermissionProvider {
$fields = new FieldSet( $fields = new FieldSet(
new TabSet("Root", new TabSet("Root",
new Tab('Main', new Tab('Main',
$titleField = new TextField("Title", "Title"), $titleField = new TextField("Title", _t('SiteConfig.SITETITLE', "Site title")),
$taglineField = new TextField("Tagline", "Tagline") $taglineField = new TextField("Tagline", _t('SiteConfig.SITETAGLINE', "Site Tagline/Slogan"))
), ),
new Tab('Access', new Tab('Access',
new HeaderField('WhoCanViewHeader', "Who can view pages on this site?", 2), new HeaderField('WhoCanViewHeader', _t('SiteConfig.VIEWHEADER', "Who can view pages on this site?"), 2),
$viewersOptionsField = new OptionsetField("CanViewType"), $viewersOptionsField = new OptionsetField("CanViewType"),
$viewerGroupsField = new TreeMultiselectField("ViewerGroups", _t('SiteTree.VIEWERGROUPS', "Viewer Groups")), $viewerGroupsField = new TreeMultiselectField("ViewerGroups", _t('SiteTree.VIEWERGROUPS', "Viewer Groups")),
new HeaderField('WhoCanEditHeader', "Who can edit pages on this site?", 2), new HeaderField('WhoCanEditHeader', _t('SiteConfig.EDITHEADER', "Who can edit pages on this site?"), 2),
$editorsOptionsField = new OptionsetField("CanEditType"), $editorsOptionsField = new OptionsetField("CanEditType"),
$editorGroupsField = new TreeMultiselectField("EditorGroups", _t('SiteTree.EDITORGROUPS', "Editor Groups")) $editorGroupsField = new TreeMultiselectField("EditorGroups", _t('SiteTree.EDITORGROUPS', "Editor Groups")),
new HeaderField('WhoCanCreateTopLevelHeader', _t('SiteConfig.TOPLEVELCREATE', "Who can create pages in the root of the site?"), 2),
$topLevelCreatorsOptionsField = new OptionsetField("CanCreateTopLevelType"),
$topLevelCreatorsGroupsField = new TreeMultiselectField("CreateTopLevelGroups", _t('SiteTree.TOPLEVELCREATORGROUPS', "Top level creators"))
) )
) )
); );
@ -52,12 +58,16 @@ class SiteConfig extends DataObject implements PermissionProvider {
$editorsOptionsSource["LoggedInUsers"] = _t('SiteTree.EDITANYONE', "Anyone who can log-in to the CMS"); $editorsOptionsSource["LoggedInUsers"] = _t('SiteTree.EDITANYONE', "Anyone who can log-in to the CMS");
$editorsOptionsSource["OnlyTheseUsers"] = _t('SiteTree.EDITONLYTHESE', "Only these people (choose from list)"); $editorsOptionsSource["OnlyTheseUsers"] = _t('SiteTree.EDITONLYTHESE', "Only these people (choose from list)");
$editorsOptionsField->setSource($editorsOptionsSource); $editorsOptionsField->setSource($editorsOptionsSource);
$topLevelCreatorsOptionsField->setSource($editorsOptionsSource);
if (!Permission::check('EDIT_SITECONFIG')) { if (!Permission::check('EDIT_SITECONFIG')) {
$fields->makeFieldReadonly($viewersOptionsField); $fields->makeFieldReadonly($viewersOptionsField);
$fields->makeFieldReadonly($viewerGroupsField); $fields->makeFieldReadonly($viewerGroupsField);
$fields->makeFieldReadonly($editorsOptionsField); $fields->makeFieldReadonly($editorsOptionsField);
$fields->makeFieldReadonly($editorGroupsField); $fields->makeFieldReadonly($editorGroupsField);
$fields->makeFieldReadonly($topLevelCreatorsOptionsField);
$fields->makeFieldReadonly($topLevelCreatorsGroupsField);
$fields->makeFieldReadonly($taglineField); $fields->makeFieldReadonly($taglineField);
$fields->makeFieldReadonly($titleField); $fields->makeFieldReadonly($titleField);
} }
@ -111,6 +121,11 @@ class SiteConfig extends DataObject implements PermissionProvider {
} }
} }
/**
* Make a default site config if there isn't on already
*
* @return void
*/
static function make_site_config() { static function make_site_config() {
if(!DataObject::get_one('SiteConfig')){ if(!DataObject::get_one('SiteConfig')){
$siteConfig = new SiteConfig(); $siteConfig = new SiteConfig();
@ -120,6 +135,14 @@ class SiteConfig extends DataObject implements PermissionProvider {
} }
} }
/**
* Can a user view pages on this site? This method is only
* called if a page is set to Inherit, but there is nothing
* to inherit from.
*
* @param mixed $member
* @return boolean
*/
public function canView($member = null) { public function canView($member = null) {
if ($this->CanViewType == 'Anyone') return true; if ($this->CanViewType == 'Anyone') return true;
@ -137,11 +160,19 @@ class SiteConfig extends DataObject implements PermissionProvider {
return false; return false;
} }
/**
* Can a user edit pages on this site? This method is only
* called if a page is set to Inherit, but there is nothing
* to inherit from.
*
* @param mixed $member
* @return boolean
*/
public function canEdit($member = null) { public function canEdit($member = null) {
if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) { if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) {
$member = Member::currentUserID(); $member = Member::currentUserID();
} }
// check for any logged-in users // check for any logged-in users
if($this->CanEditType == 'LoggedInUsers' && $member) return true; if($this->CanEditType == 'LoggedInUsers' && $member) return true;
@ -149,6 +180,7 @@ class SiteConfig extends DataObject implements PermissionProvider {
if($member && is_numeric($member)) $member = DataObject::get_by_id('Member', $member); if($member && is_numeric($member)) $member = DataObject::get_by_id('Member', $member);
if($this->CanEditType == 'OnlyTheseUsers' && $member && $member->inGroups($this->EditorGroups())) return true; if($this->CanEditType == 'OnlyTheseUsers' && $member && $member->inGroups($this->EditorGroups())) return true;
return false; return false;
} }
@ -162,4 +194,26 @@ class SiteConfig extends DataObject implements PermissionProvider {
) )
); );
} }
}
/**
* Can a user create pages in the root of this site?
*
* @param mixed $member
* @return boolean
*/
public function canCreateTopLevel($member = null) {
if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) {
$member = Member::currentUserID();
}
// check for any logged-in users
if($this->CanCreateTopLevelType == 'LoggedInUsers' && $member) return true;
// check for specific groups
if($member && is_numeric($member)) $member = DataObject::get_by_id('Member', $member);
if($this->CanCreateTopLevelType == 'OnlyTheseUsers' && $member && $member->inGroups($this->CreateTopLevelGroups())) return true;
return false;
}
}

3
core/model/SiteTree.php
View File

@ -637,6 +637,9 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
* *
* @uses DataObjectDecorator->can() * @uses DataObjectDecorator->can()
* *
* If a page is set to inherit, but has no parent, it inherits from
* {@link SiteConfig}
*
* @param string $perm The permission to be checked, such as 'View'. * @param string $perm The permission to be checked, such as 'View'.
* @param Member $member The member whose permissions need checking. * @param Member $member The member whose permissions need checking.
* Defaults to the currently logged in user. * Defaults to the currently logged in user.

1
css/TreeDropdownField.css
View File

@ -16,6 +16,7 @@ div.TreeDropdownField span.items {
background-color: #fff; background-color: #fff;
margin:0; margin:0;
font-size: 12px; font-size: 12px;
overflow:hidden;
} }
div.TreeDropdownField div.tree_holder { div.TreeDropdownField div.tree_holder {

33
security/Permission.php
View File

@ -413,22 +413,10 @@ class Permission extends DataObject {
* permission. * permission.
*/ */
public static function get_members_by_permission($code) { public static function get_members_by_permission($code) {
$toplevelGroups = self::get_groups_by_permission($code);
if (!$toplevelGroups) return false;
$groupIDs = array(); $groupIDs = array();
$SQL_codeList = (is_array($code)) ? implode("','", Convert::raw2sql($code)) : Convert::raw2sql($code);
$SQL_filter = "\"Permission\".\"Code\" IN ('" . $SQL_codeList . "') " .
"AND \"Permission\".\"Type\" = " . self::GRANT_PERMISSION;
$toplevelGroups = DataObject::get(
'Group',
$SQL_filter, // filter
null, // limit
"LEFT JOIN \"Permission\" ON \"Group\".\"ID\" = \"Permission\".\"GroupID\""
);
if(!$toplevelGroups)
return false;
foreach($toplevelGroups as $group) { foreach($toplevelGroups as $group) {
$familyIDs = $group->collateFamilyIDs(); $familyIDs = $group->collateFamilyIDs();
if(is_array($familyIDs)) { if(is_array($familyIDs)) {
@ -438,7 +426,7 @@ class Permission extends DataObject {
if(!count($groupIDs)) if(!count($groupIDs))
return false; return false;
$members = DataObject::get( $members = DataObject::get(
Object::getCustomClass('Member'), Object::getCustomClass('Member'),
$_filter = "\"Group\".\"ID\" IN (" . implode(",",$groupIDs) . ")", $_filter = "\"Group\".\"ID\" IN (" . implode(",",$groupIDs) . ")",
@ -446,6 +434,7 @@ class Permission extends DataObject {
$_join = "LEFT JOIN \"Group_Members\" ON \"Member\".\"ID\" = \"Group_Members\".\"MemberID\" " . $_join = "LEFT JOIN \"Group_Members\" ON \"Member\".\"ID\" = \"Group_Members\".\"MemberID\" " .
"LEFT JOIN \"Group\" ON \"Group_Members\".\"GroupID\" = \"Group\".\"ID\" " "LEFT JOIN \"Group\" ON \"Group_Members\".\"GroupID\" = \"Group\".\"ID\" "
); );
return $members; return $members;
} }
@ -460,12 +449,14 @@ class Permission extends DataObject {
$SQLa_codes = Convert::raw2sql($codes); $SQLa_codes = Convert::raw2sql($codes);
$SQL_codes = join("','", $SQLa_codes); $SQL_codes = join("','", $SQLa_codes);
return DataObject::get( // Via Roles are groups that have the permission via a role
'Group', return DataObject::get('Group',
"\"Permission\".\"Code\" IN ('$SQL_codes')", "PermissionRoleCode.`Code` IN ('$SQL_codes') OR Permission.`Code` IN ('$SQL_codes')",
"", "",
"LEFT JOIN \"Permission\" ON \"Group\".\"ID\" = \"Permission\".\"GroupID\"" "LEFT JOIN Permission ON Permission.GroupID = `Group`.ID
); LEFT JOIN Group_Roles ON Group_Roles.GroupID = `Group`.ID
LEFT JOIN PermissionRole ON Group_Roles.PermissionRoleID = PermissionRole.ID
LEFT JOIN PermissionRoleCode ON PermissionRoleCode.RoleID = PermissionRole.ID");
} }

2
security/Security.php
View File

@ -150,7 +150,7 @@ class Security extends Controller {
if(Director::is_ajax()) { if(Director::is_ajax()) {
$response = ($controller) ? $controller->getResponse() : new SS_HTTPResponse(); $response = ($controller) ? $controller->getResponse() : new SS_HTTPResponse();
$response->setStatusCode(403); $response->setStatusCode(403);
$response->setBody('NOTLOGGEDIN:'); if(!Member::currentUser()) $response->setBody('NOTLOGGEDIN:');
return $response; return $response;
} else { } else {
// Prepare the messageSet provided // Prepare the messageSet provided

51
tests/SiteTreePermissionsTest.php
View File

@ -273,6 +273,57 @@ class SiteTreePermissionsTest extends FunctionalTest {
'Authenticated members can edit a page that was deleted from stage and marked as "Editable by logged in users" if they have cms permissions and belong to any of these groups' 'Authenticated members can edit a page that was deleted from stage and marked as "Editable by logged in users" if they have cms permissions and belong to any of these groups'
); );
} }
function testInheritCanViewFromSiteConfig() {
$page = $this->objFromFixture('Page', 'inheritWithNoParent');
$siteconfig = $this->objFromFixture('SiteConfig', 'default');
$editor = $this->objFromFixture('Member', 'editor');
$editorGroup = $this->objFromFixture('Group', 'editorgroup');
$siteconfig->CanViewType = 'Anyone';
$siteconfig->write();
$this->assertTrue($page->canView(FALSE), 'Anyone can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers');
$siteconfig->CanViewType = 'LoggedInUsers';
$siteconfig->write();
$this->assertFalse($page->canView(FALSE), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers');
$siteconfig->CanViewType = 'LoggedInUsers';
$siteconfig->write();
$this->assertTrue($page->canView($editor), 'Users can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers');
$siteconfig->CanViewType = 'OnlyTheseUsers';
$siteconfig->ViewerGroups()->add($editorGroup);
$siteconfig->ViewerGroups()->write();
$siteconfig->write();
$this->assertTrue($page->canView($editor), 'Editors can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers');
$this->assertFalse($page->canView(FALSE), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers');
}
function testInheritCanEditFromSiteConfig() {
$page = $this->objFromFixture('Page', 'inheritWithNoParent');
$siteconfig = $this->objFromFixture('SiteConfig', 'default');
$editor = $this->objFromFixture('Member', 'editor');
$user = $this->objFromFixture('Member', 'websiteuser');
$editorGroup = $this->objFromFixture('Group', 'editorgroup');
$siteconfig->CanEditType = 'LoggedInUsers';
$siteconfig->write();
$this->assertFalse($page->canEdit(FALSE), 'Anonymous can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to LoggedInUsers');
$this->session()->inst_set('loggedInAs', $editor->ID);
$this->assertTrue($page->canEdit(), 'Users can edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to LoggedInUsers');
$siteconfig->CanEditType = 'OnlyTheseUsers';
$siteconfig->EditorGroups()->add($editorGroup);
$siteconfig->EditorGroups()->write();
$siteconfig->write();
$this->assertTrue($page->canEdit($editor), 'Editors can edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers');
$this->session()->inst_set('loggedInAs', null);
$this->assertFalse($page->canEdit(FALSE), 'Anonymous can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers');
$this->session()->inst_set('loggedInAs', $user->ID);
$this->assertFalse($page->canEdit($user), 'Website user can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers');
}
function testInheritCanViewFromSiteConfig() { function testInheritCanViewFromSiteConfig() {
$page = $this->objFromFixture('Page', 'inheritWithNoParent'); $page = $this->objFromFixture('Page', 'inheritWithNoParent');