mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #777 from halkyon/field_edit3
Member_ProfileForm respect canEdit() permissions on Member
This commit is contained in:
Will Rossiter
commit
69ea73b4ed
@ -1502,10 +1502,14 @@ class Member_ProfileForm extends Form {
|
|||||||
if(!isset($data['ID']) || $data['ID'] != Member::currentUserID()) {
|
if(!isset($data['ID']) || $data['ID'] != Member::currentUserID()) {
|
||||||
return $this->controller->redirectBack();
|
return $this->controller->redirectBack();
|
||||||
}
|
}
|
||||||
|
|
||||||
$SQL_data = Convert::raw2sql($data);
|
$SQL_data = Convert::raw2sql($data);
|
||||||
$member = DataObject::get_by_id("Member", $SQL_data['ID']);
|
$member = DataObject::get_by_id("Member", $SQL_data['ID']);
|
||||||
|
|
||||||
|
if(!$member->canEdit()) {
|
||||||
|
$form->sessionMessage(_t('Member.CANTEDIT', 'You don\'t have permission to do that'), 'bad');
|
||||||
|
return $this->controller->redirectBack();
|
||||||
|
}
|
||||||
|
|
||||||
if($SQL_data['Locale'] != $member->Locale) {
|
if($SQL_data['Locale'] != $member->Locale) {
|
||||||
$form->addErrorMessage("Generic", _t('Member.REFRESHLANG'),"good");
|
$form->addErrorMessage("Generic", _t('Member.REFRESHLANG'),"good");
|
||||||
}
|
}
|
||||||
|
|||||||
82
tests/control/CMSProfileControllerTest.php
Normal file
82
tests/control/CMSProfileControllerTest.php
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
<?php
|
||||||
|
class CMSProfileControllerTest extends FunctionalTest {
|
||||||
|
|
||||||
|
public static $fixture_file = 'CMSProfileControllerTest.yml';
|
||||||
|
|
||||||
|
public $autoFollowRedirection = false;
|
||||||
|
|
||||||
|
public function testMemberCantEditAnother() {
|
||||||
|
$member = $this->objFromFixture('Member', 'user1');
|
||||||
|
$anotherMember = $this->objFromFixture('Member', 'user2');
|
||||||
|
$this->session()->inst_set('loggedInAs', $member->ID);
|
||||||
|
|
||||||
|
$response = $this->post('admin/myprofile/Member_ProfileForm', array(
|
||||||
|
'action_dosave' => 1,
|
||||||
|
'ID' => $anotherMember->ID,
|
||||||
|
'FirstName' => 'JoeEdited',
|
||||||
|
'Surname' => 'BloggsEdited',
|
||||||
|
'Email' => $member->Email,
|
||||||
|
'Locale' => $member->Locale,
|
||||||
|
'Password[_Password]' => 'password',
|
||||||
|
'Password[_ConfirmPassword]' => 'password',
|
||||||
|
));
|
||||||
|
|
||||||
|
$anotherMember = $this->objFromFixture('Member', 'user2');
|
||||||
|
|
||||||
|
$this->assertNotEquals($anotherMember->FirstName, 'JoeEdited', 'FirstName field stays the same');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testMemberEditsOwnProfile() {
|
||||||
|
$member = $this->objFromFixture('Member', 'user1');
|
||||||
|
$this->session()->inst_set('loggedInAs', $member->ID);
|
||||||
|
|
||||||
|
$response = $this->post('admin/myprofile/Member_ProfileForm', array(
|
||||||
|
'action_dosave' => 1,
|
||||||
|
'ID' => $member->ID,
|
||||||
|
'FirstName' => 'JoeEdited',
|
||||||
|
'Surname' => 'BloggsEdited',
|
||||||
|
'Email' => $member->Email,
|
||||||
|
'Locale' => $member->Locale,
|
||||||
|
'Password[_Password]' => 'password',
|
||||||
|
'Password[_ConfirmPassword]' => 'password',
|
||||||
|
));
|
||||||
|
|
||||||
|
$member = $this->objFromFixture('Member', 'user1');
|
||||||
|
|
||||||
|
$this->assertEquals($member->FirstName, 'JoeEdited', 'FirstName field was changed');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testExtendedPermissionsStopEditingOwnProfile() {
|
||||||
|
$existingExtensions = Config::inst()->get('Member', 'extensions');
|
||||||
|
Config::inst()->update('Member', 'extensions', array('CMSProfileControllerTestExtension'));
|
||||||
|
|
||||||
|
$member = $this->objFromFixture('Member', 'user1');
|
||||||
|
$this->session()->inst_set('loggedInAs', $member->ID);
|
||||||
|
|
||||||
|
$response = $this->post('admin/myprofile/Member_ProfileForm', array(
|
||||||
|
'action_dosave' => 1,
|
||||||
|
'ID' => $member->ID,
|
||||||
|
'FirstName' => 'JoeEdited',
|
||||||
|
'Surname' => 'BloggsEdited',
|
||||||
|
'Email' => $member->Email,
|
||||||
|
'Locale' => $member->Locale,
|
||||||
|
'Password[_Password]' => 'password',
|
||||||
|
'Password[_ConfirmPassword]' => 'password',
|
||||||
|
));
|
||||||
|
|
||||||
|
$member = $this->objFromFixture('Member', 'user1');
|
||||||
|
|
||||||
|
$this->assertNotEquals($member->FirstName, 'JoeEdited', 'FirstName field was NOT changed because we modified canEdit');
|
||||||
|
|
||||||
|
Config::inst()->remove('Member', 'extensions');
|
||||||
|
Config::inst()->update('Member', 'extensions', $existingExtensions);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
class CMSProfileControllerTestExtension extends DataExtension {
|
||||||
|
|
||||||
|
public function canEdit($member = null) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
27
tests/control/CMSProfileControllerTest.yml
Normal file
27
tests/control/CMSProfileControllerTest.yml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
Permission:
|
||||||
|
admin:
|
||||||
|
Code: ADMIN
|
||||||
|
cmsmain:
|
||||||
|
Code: CMS_ACCESS_LeftAndMain
|
||||||
|
leftandmain:
|
||||||
|
Code: CMS_ACCESS_CMSMain
|
||||||
|
Group:
|
||||||
|
admins:
|
||||||
|
Title: Administrators
|
||||||
|
Permissions: =>Permission.admin
|
||||||
|
cmsusers:
|
||||||
|
Title: CMS Users
|
||||||
|
Permissions: =>Permission.cmsmain, =>Permission.leftandmain
|
||||||
|
Member:
|
||||||
|
admin:
|
||||||
|
FirstName: Admin
|
||||||
|
Email: admin@user.com
|
||||||
|
Groups: =>Group.admins
|
||||||
|
user1:
|
||||||
|
FirstName: Joe
|
||||||
|
Email: user1@user.com
|
||||||
|
Groups: =>Group.cmsusers
|
||||||
|
user2:
|
||||||
|
FirstName: Steve
|
||||||
|
Email: user2@user.com
|
||||||
|
Groups: =>Group.cmsusers
|
||||||
Loading…
Reference in New Issue
Block a user