mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-06 08:08:33 +02:00
BUGFIX: Fixed notice-level errors when checking permissions of pages that don't exist anywhere (from r93166) (from r96755)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102387 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
1192b9ef2c
commit
6167cad850
@ -803,7 +803,10 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||||||
|
|
||||||
// Regular canEdit logic is handled by can_edit_multiple
|
// Regular canEdit logic is handled by can_edit_multiple
|
||||||
$results = self::can_delete_multiple(array($this->ID), $memberID);
|
$results = self::can_delete_multiple(array($this->ID), $memberID);
|
||||||
return $results[$this->ID];
|
|
||||||
|
// If this page no longer exists in stage/live results won't contain the page.
|
||||||
|
// Fail-over to false
|
||||||
|
return isset($results[$this->ID]) ? $results[$this->ID] : false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -878,7 +881,9 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||||||
// Regular canEdit logic is handled by can_edit_multiple
|
// Regular canEdit logic is handled by can_edit_multiple
|
||||||
$results = self::can_edit_multiple(array($this->ID), $memberID);
|
$results = self::can_edit_multiple(array($this->ID), $memberID);
|
||||||
|
|
||||||
return $results[$this->ID];
|
// If this page no longer exists in stage/live results won't contain the page.
|
||||||
|
// Fail-over to false
|
||||||
|
return isset($results[$this->ID]) ? $results[$this->ID] : false;
|
||||||
|
|
||||||
// Default for unsaved pages
|
// Default for unsaved pages
|
||||||
} else {
|
} else {
|
||||||
@ -995,6 +1000,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||||||
foreach(array('Stage', 'Live') as $stage) {
|
foreach(array('Stage', 'Live') as $stage) {
|
||||||
// Start by filling the array with the pages that actually exist
|
// Start by filling the array with the pages that actually exist
|
||||||
$table = ($stage=='Stage') ? "SiteTree" : "SiteTree_$stage";
|
$table = ($stage=='Stage') ? "SiteTree" : "SiteTree_$stage";
|
||||||
|
|
||||||
$result = array_fill_keys(DB::query("SELECT \"ID\" FROM \"$table\"
|
$result = array_fill_keys(DB::query("SELECT \"ID\" FROM \"$table\"
|
||||||
WHERE \"ID\" IN (".implode(", ", $ids).")")->column(), false);
|
WHERE \"ID\" IN (".implode(", ", $ids).")")->column(), false);
|
||||||
|
|
||||||
|
@ -30,6 +30,73 @@ class SiteTreePermissionsTest extends FunctionalTest {
|
|||||||
$this->autoFollowRedirection = false;
|
$this->autoFollowRedirection = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testPermissionCheckingWorksOnDeletedPages() {
|
||||||
|
// Set up fixture - a published page deleted from draft
|
||||||
|
$this->logInWithPermssion("ADMIN");
|
||||||
|
$page = $this->objFromFixture('Page','restrictedEditOnlySubadminGroup');
|
||||||
|
$pageID = $page->ID;
|
||||||
|
$this->assertTrue($page->doPublish());
|
||||||
|
$page->delete();
|
||||||
|
|
||||||
|
// Re-fetch the page from the live site
|
||||||
|
$page = Versioned::get_one_by_stage('SiteTree', 'Live', "\"SiteTree\".\"ID\" = $pageID");
|
||||||
|
|
||||||
|
// subadmin has edit rights on that page
|
||||||
|
$member = $this->objFromFixture('Member','subadmin');
|
||||||
|
$member->logIn();
|
||||||
|
|
||||||
|
// Test can_edit_multiple
|
||||||
|
$this->assertEquals(
|
||||||
|
array($pageID => true),
|
||||||
|
SiteTree::can_edit_multiple(array($pageID), $member->ID)
|
||||||
|
);
|
||||||
|
|
||||||
|
// Test canEdit
|
||||||
|
$member->logIn();
|
||||||
|
$this->assertTrue($page->canEdit());
|
||||||
|
}
|
||||||
|
|
||||||
|
function testPermissionCheckingWorksOnUnpublishedPages() {
|
||||||
|
// Set up fixture - an unpublished page
|
||||||
|
$this->logInWithPermssion("ADMIN");
|
||||||
|
$page = $this->objFromFixture('Page','restrictedEditOnlySubadminGroup');
|
||||||
|
$pageID = $page->ID;
|
||||||
|
$page->doUnpublish();
|
||||||
|
|
||||||
|
// subadmin has edit rights on that page
|
||||||
|
$member = $this->objFromFixture('Member','subadmin');
|
||||||
|
$member->logIn();
|
||||||
|
|
||||||
|
// Test can_edit_multiple
|
||||||
|
$this->assertEquals(
|
||||||
|
array($pageID => true),
|
||||||
|
SiteTree::can_edit_multiple(array($pageID), $member->ID)
|
||||||
|
);
|
||||||
|
|
||||||
|
// Test canEdit
|
||||||
|
$member->logIn();
|
||||||
|
$this->assertTrue($page->canEdit());
|
||||||
|
}
|
||||||
|
|
||||||
|
function testCanEditOnPageDeletedFromStageAndLiveReturnsFalse() {
|
||||||
|
// Find a page that exists and delete it from both stage and published
|
||||||
|
$this->logInWithPermssion("ADMIN");
|
||||||
|
$page = $this->objFromFixture('Page','restrictedEditOnlySubadminGroup');
|
||||||
|
$pageID = $page->ID;
|
||||||
|
$page->doUnpublish();
|
||||||
|
$page->delete();
|
||||||
|
|
||||||
|
// We'll need to resurrect the page from the version cache to test this case
|
||||||
|
$page = Versioned::get_latest_version('SiteTree', $pageID);
|
||||||
|
|
||||||
|
// subadmin had edit rights on that page, but now it's gone
|
||||||
|
$member = $this->objFromFixture('Member','subadmin');
|
||||||
|
$member->logIn();
|
||||||
|
|
||||||
|
$this->assertFalse($page->canEdit());
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
function testCanViewStage() {
|
function testCanViewStage() {
|
||||||
$page = $this->objFromFixture('Page', 'standardpage');
|
$page = $this->objFromFixture('Page', 'standardpage');
|
||||||
$editor = $this->objFromFixture('Member', 'editor');
|
$editor = $this->objFromFixture('Member', 'editor');
|
||||||
@ -312,6 +379,57 @@ class SiteTreePermissionsTest extends FunctionalTest {
|
|||||||
$this->assertFalse($page->canView(FALSE), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers');
|
$this->assertFalse($page->canView(FALSE), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testInheritCanEditFromSiteConfig() {
|
||||||
|
$page = $this->objFromFixture('Page', 'inheritWithNoParent');
|
||||||
|
$siteconfig = $this->objFromFixture('SiteConfig', 'default');
|
||||||
|
$editor = $this->objFromFixture('Member', 'editor');
|
||||||
|
$user = $this->objFromFixture('Member', 'websiteuser');
|
||||||
|
$editorGroup = $this->objFromFixture('Group', 'editorgroup');
|
||||||
|
|
||||||
|
$siteconfig->CanEditType = 'LoggedInUsers';
|
||||||
|
$siteconfig->write();
|
||||||
|
|
||||||
|
$this->assertFalse($page->canEdit(FALSE), 'Anonymous can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to LoggedInUsers');
|
||||||
|
$this->session()->inst_set('loggedInAs', $editor->ID);
|
||||||
|
$this->assertTrue($page->canEdit(), 'Users can edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to LoggedInUsers');
|
||||||
|
|
||||||
|
$siteconfig->CanEditType = 'OnlyTheseUsers';
|
||||||
|
$siteconfig->EditorGroups()->add($editorGroup);
|
||||||
|
$siteconfig->EditorGroups()->write();
|
||||||
|
$siteconfig->write();
|
||||||
|
$this->assertTrue($page->canEdit($editor), 'Editors can edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers');
|
||||||
|
$this->session()->inst_set('loggedInAs', null);
|
||||||
|
$this->assertFalse($page->canEdit(FALSE), 'Anonymous can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers');
|
||||||
|
$this->session()->inst_set('loggedInAs', $user->ID);
|
||||||
|
$this->assertFalse($page->canEdit($user), 'Website user can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers');
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
function testInheritCanViewFromSiteConfig() {
|
||||||
|
$page = $this->objFromFixture('Page', 'inheritWithNoParent');
|
||||||
|
$siteconfig = $this->objFromFixture('SiteConfig', 'default');
|
||||||
|
$editor = $this->objFromFixture('Member', 'editor');
|
||||||
|
$editorGroup = $this->objFromFixture('Group', 'editorgroup');
|
||||||
|
|
||||||
|
$siteconfig->CanViewType = 'Anyone';
|
||||||
|
$siteconfig->write();
|
||||||
|
$this->assertTrue($page->canView(FALSE), 'Anyone can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers');
|
||||||
|
|
||||||
|
$siteconfig->CanViewType = 'LoggedInUsers';
|
||||||
|
$siteconfig->write();
|
||||||
|
$this->assertFalse($page->canView(FALSE), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers');
|
||||||
|
|
||||||
|
$siteconfig->CanViewType = 'LoggedInUsers';
|
||||||
|
$siteconfig->write();
|
||||||
|
$this->assertTrue($page->canView($editor), 'Users can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers');
|
||||||
|
|
||||||
|
$siteconfig->CanViewType = 'OnlyTheseUsers';
|
||||||
|
$siteconfig->ViewerGroups()->add($editorGroup);
|
||||||
|
$siteconfig->ViewerGroups()->write();
|
||||||
|
$siteconfig->write();
|
||||||
|
$this->assertTrue($page->canView($editor), 'Editors can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers');
|
||||||
|
$this->assertFalse($page->canView(FALSE), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers');
|
||||||
|
}
|
||||||
|
|
||||||
function testInheritCanEditFromSiteConfig() {
|
function testInheritCanEditFromSiteConfig() {
|
||||||
$page = $this->objFromFixture('Page', 'inheritWithNoParent');
|
$page = $this->objFromFixture('Page', 'inheritWithNoParent');
|
||||||
$siteconfig = $this->objFromFixture('SiteConfig', 'default');
|
$siteconfig = $this->objFromFixture('SiteConfig', 'default');
|
||||||
|
Loading…
Reference in New Issue
Block a user