BUGFIX: Fixed notice-level errors when checking permissions of pages that don't exist anywhere (from r93166) (from r96755)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102387 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 12:05:37 +00:00 · 2010-04-12 03:12:14 +00:00 · 2010-04-12 03:12:14 +00:00 · 6167cad850
commit 6167cad850
parent 1192b9ef2c
2 changed files with 126 additions and 2 deletions
--- a/core/model/SiteTree.php
+++ b/core/model/SiteTree.php
@ -803,7 +803,10 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
 		
 		// Regular canEdit logic is handled by can_edit_multiple
 		$results = self::can_delete_multiple(array($this->ID), $memberID);
-		return $results[$this->ID];
+		
+		// If this page no longer exists in stage/live results won't contain the page.
+		// Fail-over to false
+		return isset($results[$this->ID]) ? $results[$this->ID] : false;
 	}

 	/**
@ -878,7 +881,9 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
 			// Regular canEdit logic is handled by can_edit_multiple
 			$results = self::can_edit_multiple(array($this->ID), $memberID);
 		
-			return $results[$this->ID];
+			// If this page no longer exists in stage/live results won't contain the page.
+			// Fail-over to false
+			return isset($results[$this->ID]) ? $results[$this->ID] : false;
 			
 		// Default for unsaved pages
 		} else {
@ -995,6 +1000,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
 			foreach(array('Stage', 'Live') as $stage) {
 				// Start by filling the array with the pages that actually exist
 				$table = ($stage=='Stage') ? "SiteTree" : "SiteTree_$stage";
+				
 				$result = array_fill_keys(DB::query("SELECT \"ID\" FROM \"$table\" 
 						WHERE \"ID\" IN (".implode(", ", $ids).")")->column(), false);
 				
--- a/tests/SiteTreePermissionsTest.php
+++ b/tests/SiteTreePermissionsTest.php
@ -29,7 +29,74 @@ class SiteTreePermissionsTest extends FunctionalTest {
 		// we're testing HTTP status codes before being redirected to login forms
 		$this->autoFollowRedirection = false;
 	}
+
+	function testPermissionCheckingWorksOnDeletedPages() {
+		// Set up fixture - a published page deleted from draft
+		$this->logInWithPermssion("ADMIN");
+		$page = $this->objFromFixture('Page','restrictedEditOnlySubadminGroup');
+		$pageID = $page->ID;
+		$this->assertTrue($page->doPublish());
+		$page->delete();
+
+		// Re-fetch the page from the live site
+ 		$page = Versioned::get_one_by_stage('SiteTree', 'Live', "\"SiteTree\".\"ID\" = $pageID");
+
+		// subadmin has edit rights on that page
+		$member = $this->objFromFixture('Member','subadmin');
+		$member->logIn();
+		
+		// Test can_edit_multiple
+		$this->assertEquals(
+			array($pageID => true),
+			SiteTree::can_edit_multiple(array($pageID), $member->ID)
+		);
+		
+		// Test canEdit
+		$member->logIn();
+		$this->assertTrue($page->canEdit());
+	}
 	
+	function testPermissionCheckingWorksOnUnpublishedPages() {
+		// Set up fixture - an unpublished page
+		$this->logInWithPermssion("ADMIN");
+		$page = $this->objFromFixture('Page','restrictedEditOnlySubadminGroup');
+		$pageID = $page->ID;
+		$page->doUnpublish();
+
+		// subadmin has edit rights on that page
+		$member = $this->objFromFixture('Member','subadmin');
+		$member->logIn();
+
+		// Test can_edit_multiple
+		$this->assertEquals(
+			array($pageID => true),
+			SiteTree::can_edit_multiple(array($pageID), $member->ID)
+		);
+
+		// Test canEdit
+		$member->logIn();
+		$this->assertTrue($page->canEdit());
+	}
+
+	function testCanEditOnPageDeletedFromStageAndLiveReturnsFalse() {
+		// Find a page that exists and delete it from both stage and published
+		$this->logInWithPermssion("ADMIN");
+		$page = $this->objFromFixture('Page','restrictedEditOnlySubadminGroup');
+		$pageID = $page->ID;
+		$page->doUnpublish();
+		$page->delete();
+
+		// We'll need to resurrect the page from the version cache to test this case
+		$page = Versioned::get_latest_version('SiteTree', $pageID);
+
+		// subadmin had edit rights on that page, but now it's gone
+		$member = $this->objFromFixture('Member','subadmin');
+		$member->logIn();
+		
+		$this->assertFalse($page->canEdit());
+	}
+
+/*	
 	function testCanViewStage() {
 		$page = $this->objFromFixture('Page', 'standardpage');
 		$editor = $this->objFromFixture('Member', 'editor');
@ -312,6 +379,57 @@ class SiteTreePermissionsTest extends FunctionalTest {
 		$this->assertFalse($page->canView(FALSE), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers');
 	}
 	
+	function testInheritCanEditFromSiteConfig() {
+		$page = $this->objFromFixture('Page', 'inheritWithNoParent');
+		$siteconfig = $this->objFromFixture('SiteConfig', 'default');
+		$editor = $this->objFromFixture('Member', 'editor');
+		$user = $this->objFromFixture('Member', 'websiteuser');
+		$editorGroup = $this->objFromFixture('Group', 'editorgroup');
+		
+		$siteconfig->CanEditType = 'LoggedInUsers';
+		$siteconfig->write();
+		
+		$this->assertFalse($page->canEdit(FALSE), 'Anonymous can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to LoggedInUsers');
+		$this->session()->inst_set('loggedInAs', $editor->ID);
+		$this->assertTrue($page->canEdit(), 'Users can edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to LoggedInUsers');
+		
+		$siteconfig->CanEditType = 'OnlyTheseUsers';
+		$siteconfig->EditorGroups()->add($editorGroup);
+		$siteconfig->EditorGroups()->write();
+		$siteconfig->write();
+		$this->assertTrue($page->canEdit($editor), 'Editors can edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers');
+		$this->session()->inst_set('loggedInAs', null);
+		$this->assertFalse($page->canEdit(FALSE), 'Anonymous can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers');
+		$this->session()->inst_set('loggedInAs', $user->ID);
+		$this->assertFalse($page->canEdit($user), 'Website user can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers');
+	}
+*/
+	function testInheritCanViewFromSiteConfig() {
+		$page = $this->objFromFixture('Page', 'inheritWithNoParent');
+		$siteconfig = $this->objFromFixture('SiteConfig', 'default');
+		$editor = $this->objFromFixture('Member', 'editor');
+		$editorGroup = $this->objFromFixture('Group', 'editorgroup');
+		
+		$siteconfig->CanViewType = 'Anyone';
+		$siteconfig->write();
+		$this->assertTrue($page->canView(FALSE), 'Anyone can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers');
+		
+		$siteconfig->CanViewType = 'LoggedInUsers';
+		$siteconfig->write();
+		$this->assertFalse($page->canView(FALSE), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers');
+		
+		$siteconfig->CanViewType = 'LoggedInUsers';
+		$siteconfig->write();
+		$this->assertTrue($page->canView($editor), 'Users can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers');
+		
+		$siteconfig->CanViewType = 'OnlyTheseUsers';
+		$siteconfig->ViewerGroups()->add($editorGroup);
+		$siteconfig->ViewerGroups()->write();
+		$siteconfig->write();
+		$this->assertTrue($page->canView($editor), 'Editors can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers');
+		$this->assertFalse($page->canView(FALSE), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers');
+	}
+	
 	function testInheritCanEditFromSiteConfig() {
 		$page = $this->objFromFixture('Page', 'inheritWithNoParent');
 		$siteconfig = $this->objFromFixture('SiteConfig', 'default');