ENH Override record if a provided GroupId with provided Code already exist in Permission table.

This commit is contained in:
Sabina Talipova 2022-05-20 16:54:52 +12:00
parent b64ad664bb
commit 70f1dc8841
3 changed files with 159 additions and 6 deletions

View File

@ -392,9 +392,16 @@ class Permission extends DataObject implements TemplateGlobalProvider, Resettabl
*/
public static function grant($groupID, $code, $arg = "any")
{
$perm = new Permission();
$perm->GroupID = $groupID;
$perm->Code = $code;
$permissions = Permission::get()->filter(['GroupID' => $groupID, 'Code' => $code]);
if ($permissions && $permissions->count() > 0) {
$perm = $permissions->last();
} else {
$perm = new Permission();
$perm->GroupID = $groupID;
$perm->Code = $code;
}
$perm->Type = self::GRANT_PERMISSION;
// Arg component
@ -427,9 +434,16 @@ class Permission extends DataObject implements TemplateGlobalProvider, Resettabl
*/
public static function deny($groupID, $code, $arg = "any")
{
$perm = new Permission();
$perm->GroupID = $groupID;
$perm->Code = $code;
$permissions = Permission::get()->filter(['GroupID' => $groupID, 'Code' => $code]);
if ($permissions && $permissions->count() > 0) {
$perm = $permissions->last();
} else {
$perm = new Permission();
$perm->GroupID = $groupID;
$perm->Code = $code;
}
$perm->Type = self::DENY_PERMISSION;
// Arg component

View File

@ -3,6 +3,7 @@
namespace SilverStripe\Security\Tests;
use SilverStripe\Security\Permission;
use SilverStripe\Security\Group;
use SilverStripe\Security\Member;
use SilverStripe\Security\PermissionCheckboxSetField;
use SilverStripe\Core\Config\Config;
@ -163,4 +164,124 @@ class PermissionTest extends SapphireTest
$this->assertFalse(Permission::checkMember($member, 'ADMIN'));
$this->assertFalse(Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain'));
}
public function testGrantPermission()
{
$group = $this->objFromFixture(Group::class, 'testpermissiongroup');
$id = $group->ID;
Permission::grant($id, 'CMS_ACCESS_CMSMain');
Permission::grant($id, 'CMS_ACCESS_AssetAdmin');
Permission::grant($id, 'CMS_ACCESS_ReportAdmin');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(3, $groupPermission->count());
$this->assertEquals(0, $groupPermission->first()->Arg);
$this->assertEquals(1, $groupPermission->first()->Type);
Permission::grant($id, 'CMS_ACCESS_CMSMain', 'all');
Permission::grant($id, 'CMS_ACCESS_AssetAdmin', 'all');
Permission::grant($id, 'CMS_ACCESS_ReportAdmin', 'all');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(3, $groupPermission->count());
$this->assertEquals(-1, $groupPermission->first()->Arg);
$this->assertEquals(1, $groupPermission->first()->Type);
Permission::grant($id, 'CMS_ACCESS_CMSMain', 'any');
Permission::grant($id, 'CMS_ACCESS_AssetAdmin', 'any');
Permission::grant($id, 'CMS_ACCESS_ReportAdmin', 'any');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(3, $groupPermission->count());
$this->assertEquals(-1, $groupPermission->first()->Arg);
$this->assertEquals(1, $groupPermission->first()->Type);
}
public function testDenyPermission()
{
$group = $this->objFromFixture(Group::class, 'testpermissiongroup');
$id = $group->ID;
Permission::deny($id, 'CMS_ACCESS_CMSMain');
Permission::deny($id, 'CMS_ACCESS_AssetAdmin');
Permission::deny($id, 'CMS_ACCESS_ReportAdmin');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(3, $groupPermission->count());
$this->assertEquals(0, $groupPermission->first()->Arg);
$this->assertEquals(-1, $groupPermission->first()->Type);
Permission::deny($id, 'CMS_ACCESS_CMSMain', 'all');
Permission::deny($id, 'CMS_ACCESS_AssetAdmin', 'all');
Permission::deny($id, 'CMS_ACCESS_ReportAdmin', 'all');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(3, $groupPermission->count());
$this->assertEquals(-1, $groupPermission->first()->Arg);
$this->assertEquals(-1, $groupPermission->first()->Type);
Permission::deny($id, 'CMS_ACCESS_CMSMain', 'any');
Permission::deny($id, 'CMS_ACCESS_AssetAdmin', 'any');
Permission::deny($id, 'CMS_ACCESS_ReportAdmin', 'any');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(3, $groupPermission->count());
$this->assertEquals(-1, $groupPermission->first()->Arg);
$this->assertEquals(-1, $groupPermission->first()->Type);
}
public function testDenyThenGrantPermission()
{
$member = $this->objFromFixture(Member::class, 'testcmseditormember');
$group = $this->objFromFixture(Group::class, 'testcmseditorgroup');
$id = $group->ID;
$this->logInAs($member);
Permission::grant($id, 'TEST_CMS_EDITOR');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(1, $groupPermission->count());
$this->assertEquals(1, $groupPermission->first()->Type);
$this->assertTrue(Permission::check('TEST_CMS_EDITOR'));
Permission::deny($id, 'TEST_CMS_EDITOR');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(1, $groupPermission->count());
$this->assertEquals(-1, $groupPermission->last()->Type);
$this->assertFalse(Permission::check('TEST_CMS_EDITOR'));
Permission::grant($id, 'TEST_CMS_EDITOR');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(1, $groupPermission->count());
$this->assertEquals(1, $groupPermission->first()->Type);
$this->assertTrue(Permission::check('TEST_CMS_EDITOR'));
Permission::grant($id, 'CMS_ACCESS_AssetAdmin');
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
$this->assertEquals(2, $groupPermission->count());
$groupPermissionAssetAdmin = Permission::get()->filter(
[
'GroupID' => $id,
'Code' => 'CMS_ACCESS_AssetAdmin',
]
);
$this->assertEquals(1, $groupPermissionAssetAdmin->count());
$this->assertEquals(1, $groupPermissionAssetAdmin->first()->Type);
$this->assertTrue(Permission::check('CMS_ACCESS_AssetAdmin'));
$this->logOut();
}
}

View File

@ -33,6 +33,10 @@
FirstName: Left
Surname: AndMain
Email: leftandmain@example.com
testcmseditormember:
FirstName: CMS
Surname: Editor
Email: testcmseditor@example.com
'SilverStripe\Security\Group':
author:
@ -50,6 +54,14 @@
leftandmain:
Title: LeftAndMain
Members: '=>SilverStripe\Security\Member.leftandmain'
cmsmaingroup:
Title: CMSMain
Members: '=>SilverStripe\Security\Member.testcmseditormember'
testpermissiongroup:
Title: TestPermissionGroup
testcmseditorgroup:
Title: TestCMSEditor
Members: '=>SilverStripe\Security\Member.testcmseditormember'
'SilverStripe\Security\Permission':
extra1:
@ -61,3 +73,9 @@
leftandmain:
Code: CMS_ACCESS_LeftAndMain
Group: '=>SilverStripe\Security\Group.leftandmain'
cmsmain:
Code: CMS_ACCESS_CMSMain
Group: '=>SilverStripe\Security\Group.cmsmaingroup'
testcmseditor:
Code: TEST_CMS_EDITOR
Group: '=>SilverStripe\Security\Group.testcmseditorgroup'