mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
ENH Override record if a provided GroupId with provided Code already exist in Permission table.
This commit is contained in:
parent
b64ad664bb
commit
70f1dc8841
@ -392,9 +392,16 @@ class Permission extends DataObject implements TemplateGlobalProvider, Resettabl
|
||||
*/
|
||||
public static function grant($groupID, $code, $arg = "any")
|
||||
{
|
||||
$perm = new Permission();
|
||||
$perm->GroupID = $groupID;
|
||||
$perm->Code = $code;
|
||||
$permissions = Permission::get()->filter(['GroupID' => $groupID, 'Code' => $code]);
|
||||
|
||||
if ($permissions && $permissions->count() > 0) {
|
||||
$perm = $permissions->last();
|
||||
} else {
|
||||
$perm = new Permission();
|
||||
$perm->GroupID = $groupID;
|
||||
$perm->Code = $code;
|
||||
}
|
||||
|
||||
$perm->Type = self::GRANT_PERMISSION;
|
||||
|
||||
// Arg component
|
||||
@ -427,9 +434,16 @@ class Permission extends DataObject implements TemplateGlobalProvider, Resettabl
|
||||
*/
|
||||
public static function deny($groupID, $code, $arg = "any")
|
||||
{
|
||||
$perm = new Permission();
|
||||
$perm->GroupID = $groupID;
|
||||
$perm->Code = $code;
|
||||
$permissions = Permission::get()->filter(['GroupID' => $groupID, 'Code' => $code]);
|
||||
|
||||
if ($permissions && $permissions->count() > 0) {
|
||||
$perm = $permissions->last();
|
||||
} else {
|
||||
$perm = new Permission();
|
||||
$perm->GroupID = $groupID;
|
||||
$perm->Code = $code;
|
||||
}
|
||||
|
||||
$perm->Type = self::DENY_PERMISSION;
|
||||
|
||||
// Arg component
|
||||
|
@ -3,6 +3,7 @@
|
||||
namespace SilverStripe\Security\Tests;
|
||||
|
||||
use SilverStripe\Security\Permission;
|
||||
use SilverStripe\Security\Group;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\PermissionCheckboxSetField;
|
||||
use SilverStripe\Core\Config\Config;
|
||||
@ -163,4 +164,124 @@ class PermissionTest extends SapphireTest
|
||||
$this->assertFalse(Permission::checkMember($member, 'ADMIN'));
|
||||
$this->assertFalse(Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain'));
|
||||
}
|
||||
|
||||
public function testGrantPermission()
|
||||
{
|
||||
$group = $this->objFromFixture(Group::class, 'testpermissiongroup');
|
||||
$id = $group->ID;
|
||||
|
||||
Permission::grant($id, 'CMS_ACCESS_CMSMain');
|
||||
Permission::grant($id, 'CMS_ACCESS_AssetAdmin');
|
||||
Permission::grant($id, 'CMS_ACCESS_ReportAdmin');
|
||||
|
||||
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||
|
||||
$this->assertEquals(3, $groupPermission->count());
|
||||
$this->assertEquals(0, $groupPermission->first()->Arg);
|
||||
$this->assertEquals(1, $groupPermission->first()->Type);
|
||||
|
||||
|
||||
Permission::grant($id, 'CMS_ACCESS_CMSMain', 'all');
|
||||
Permission::grant($id, 'CMS_ACCESS_AssetAdmin', 'all');
|
||||
Permission::grant($id, 'CMS_ACCESS_ReportAdmin', 'all');
|
||||
|
||||
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||
|
||||
$this->assertEquals(3, $groupPermission->count());
|
||||
$this->assertEquals(-1, $groupPermission->first()->Arg);
|
||||
$this->assertEquals(1, $groupPermission->first()->Type);
|
||||
|
||||
Permission::grant($id, 'CMS_ACCESS_CMSMain', 'any');
|
||||
Permission::grant($id, 'CMS_ACCESS_AssetAdmin', 'any');
|
||||
Permission::grant($id, 'CMS_ACCESS_ReportAdmin', 'any');
|
||||
|
||||
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||
|
||||
$this->assertEquals(3, $groupPermission->count());
|
||||
$this->assertEquals(-1, $groupPermission->first()->Arg);
|
||||
$this->assertEquals(1, $groupPermission->first()->Type);
|
||||
}
|
||||
|
||||
public function testDenyPermission()
|
||||
{
|
||||
$group = $this->objFromFixture(Group::class, 'testpermissiongroup');
|
||||
$id = $group->ID;
|
||||
|
||||
Permission::deny($id, 'CMS_ACCESS_CMSMain');
|
||||
Permission::deny($id, 'CMS_ACCESS_AssetAdmin');
|
||||
Permission::deny($id, 'CMS_ACCESS_ReportAdmin');
|
||||
|
||||
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||
|
||||
$this->assertEquals(3, $groupPermission->count());
|
||||
$this->assertEquals(0, $groupPermission->first()->Arg);
|
||||
$this->assertEquals(-1, $groupPermission->first()->Type);
|
||||
|
||||
Permission::deny($id, 'CMS_ACCESS_CMSMain', 'all');
|
||||
Permission::deny($id, 'CMS_ACCESS_AssetAdmin', 'all');
|
||||
Permission::deny($id, 'CMS_ACCESS_ReportAdmin', 'all');
|
||||
|
||||
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||
|
||||
$this->assertEquals(3, $groupPermission->count());
|
||||
$this->assertEquals(-1, $groupPermission->first()->Arg);
|
||||
$this->assertEquals(-1, $groupPermission->first()->Type);
|
||||
|
||||
Permission::deny($id, 'CMS_ACCESS_CMSMain', 'any');
|
||||
Permission::deny($id, 'CMS_ACCESS_AssetAdmin', 'any');
|
||||
Permission::deny($id, 'CMS_ACCESS_ReportAdmin', 'any');
|
||||
|
||||
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||
|
||||
$this->assertEquals(3, $groupPermission->count());
|
||||
$this->assertEquals(-1, $groupPermission->first()->Arg);
|
||||
$this->assertEquals(-1, $groupPermission->first()->Type);
|
||||
}
|
||||
|
||||
public function testDenyThenGrantPermission()
|
||||
{
|
||||
$member = $this->objFromFixture(Member::class, 'testcmseditormember');
|
||||
$group = $this->objFromFixture(Group::class, 'testcmseditorgroup');
|
||||
$id = $group->ID;
|
||||
|
||||
$this->logInAs($member);
|
||||
|
||||
Permission::grant($id, 'TEST_CMS_EDITOR');
|
||||
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||
|
||||
$this->assertEquals(1, $groupPermission->count());
|
||||
$this->assertEquals(1, $groupPermission->first()->Type);
|
||||
$this->assertTrue(Permission::check('TEST_CMS_EDITOR'));
|
||||
|
||||
Permission::deny($id, 'TEST_CMS_EDITOR');
|
||||
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||
|
||||
$this->assertEquals(1, $groupPermission->count());
|
||||
$this->assertEquals(-1, $groupPermission->last()->Type);
|
||||
$this->assertFalse(Permission::check('TEST_CMS_EDITOR'));
|
||||
|
||||
Permission::grant($id, 'TEST_CMS_EDITOR');
|
||||
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||
|
||||
$this->assertEquals(1, $groupPermission->count());
|
||||
$this->assertEquals(1, $groupPermission->first()->Type);
|
||||
$this->assertTrue(Permission::check('TEST_CMS_EDITOR'));
|
||||
|
||||
Permission::grant($id, 'CMS_ACCESS_AssetAdmin');
|
||||
$groupPermission = Permission::get()->filter(['GroupID' => $id]);
|
||||
$this->assertEquals(2, $groupPermission->count());
|
||||
|
||||
$groupPermissionAssetAdmin = Permission::get()->filter(
|
||||
[
|
||||
'GroupID' => $id,
|
||||
'Code' => 'CMS_ACCESS_AssetAdmin',
|
||||
]
|
||||
);
|
||||
$this->assertEquals(1, $groupPermissionAssetAdmin->count());
|
||||
$this->assertEquals(1, $groupPermissionAssetAdmin->first()->Type);
|
||||
|
||||
$this->assertTrue(Permission::check('CMS_ACCESS_AssetAdmin'));
|
||||
|
||||
$this->logOut();
|
||||
}
|
||||
}
|
||||
|
@ -33,6 +33,10 @@
|
||||
FirstName: Left
|
||||
Surname: AndMain
|
||||
Email: leftandmain@example.com
|
||||
testcmseditormember:
|
||||
FirstName: CMS
|
||||
Surname: Editor
|
||||
Email: testcmseditor@example.com
|
||||
|
||||
'SilverStripe\Security\Group':
|
||||
author:
|
||||
@ -50,6 +54,14 @@
|
||||
leftandmain:
|
||||
Title: LeftAndMain
|
||||
Members: '=>SilverStripe\Security\Member.leftandmain'
|
||||
cmsmaingroup:
|
||||
Title: CMSMain
|
||||
Members: '=>SilverStripe\Security\Member.testcmseditormember'
|
||||
testpermissiongroup:
|
||||
Title: TestPermissionGroup
|
||||
testcmseditorgroup:
|
||||
Title: TestCMSEditor
|
||||
Members: '=>SilverStripe\Security\Member.testcmseditormember'
|
||||
|
||||
'SilverStripe\Security\Permission':
|
||||
extra1:
|
||||
@ -61,3 +73,9 @@
|
||||
leftandmain:
|
||||
Code: CMS_ACCESS_LeftAndMain
|
||||
Group: '=>SilverStripe\Security\Group.leftandmain'
|
||||
cmsmain:
|
||||
Code: CMS_ACCESS_CMSMain
|
||||
Group: '=>SilverStripe\Security\Group.cmsmaingroup'
|
||||
testcmseditor:
|
||||
Code: TEST_CMS_EDITOR
|
||||
Group: '=>SilverStripe\Security\Group.testcmseditorgroup'
|
||||
|
Loading…
Reference in New Issue
Block a user