From 7dd6d10cde7ecd40a261fb50367dd69c5e85a86b Mon Sep 17 00:00:00 2001 From: Sam Minnee Date: Thu, 15 Oct 2009 21:53:15 +0000 Subject: [PATCH] MINOR added more documentation around SiteConfig. Also wrote unit tests for permissions inheritance off it. (from r86132) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89164 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- forms/TableListField.php | 16 ++++++++-- security/Group.php | 15 +++++++++ static-main.php | 8 +++-- tests/SiteTreePermissionsTest.php | 53 ++++++++++++++++++++++++++++++- tests/SiteTreePermissionsTest.yml | 10 ++++++ 5 files changed, 96 insertions(+), 6 deletions(-) diff --git a/forms/TableListField.php b/forms/TableListField.php index fa9da7581..ab7920e06 100755 --- a/forms/TableListField.php +++ b/forms/TableListField.php @@ -37,6 +37,8 @@ class TableListField extends FormField { protected $fieldList; + protected $disableSorting = false; + /** * @var $fieldListCsv array */ @@ -342,6 +344,10 @@ JS } return new DataObjectSet($headings); } + + function disableSorting($to = true) { + $this->disableSorting = $to; + } /** * Determines if a field is "sortable". @@ -352,7 +358,7 @@ JS * @return bool */ function isFieldSortable($fieldName) { - if($this->customSourceItems) { + if($this->customSourceItems || $this->disableSorting) { return false; } @@ -362,8 +368,14 @@ JS $query = $this->__cachedQuery = $this->getQuery(); } $sql = $query->sql(); + + $selects = $query->select; + foreach($selects as $i => $sel) { + if (preg_match('/"(.+?)"\."(.+?)"/', $sel, $matches)) $selects[$i] = $matches[2]; + } + $SQL_fieldName = Convert::raw2sql($fieldName); - return (in_array($SQL_fieldName,$query->select) || stripos($sql,"AS {$SQL_fieldName}")); + return (in_array($SQL_fieldName,$selects) || stripos($sql,"AS {$SQL_fieldName}")); } /** diff --git a/security/Group.php b/security/Group.php index beabea9c4..28074bee6 100644 --- a/security/Group.php +++ b/security/Group.php @@ -101,6 +101,21 @@ class Group extends DataObject { $fields->removeFieldFromTab('Root', 'IP Addresses'); } + if(Permission::check('EDIT_PERMISSIONS') && DataObject::get('PermissionRole')) { + $fields->addFieldToTab(_t('SecurityAdmin.ROLES', 'Roles'), + new LiteralField( + "", + "

" . + _t('SecurityAdmin.ROLESDESCRIPTION', + "This section allows you to add roles to this group. Roles are logical groupings of permissions, which can be editied in the Roles tab" + ) . + "

" + ) + ); + + $fields->addFieldToTab(_t('SecurityAdmin.ROLES', 'Roles'), new CheckboxSetField('Roles', 'Roles', DataObject::get('PermissionRole'))); + } + $memberList->setController($this); $memberList->setPermissions(array('show', 'edit', 'delete', 'export', 'add')); $memberList->setParentClass('Group'); diff --git a/static-main.php b/static-main.php index 91564aaf6..b7ab6d7f8 100644 --- a/static-main.php +++ b/static-main.php @@ -16,6 +16,8 @@ $cacheOn = true; $cacheDebug = false; $hostmapLocation = '../subsites/host-map.php'; +date_default_timezone_set('Pacific/Auckland'); + if ($cacheOn) { if (file_exists($hostmapLocation)) { @@ -34,14 +36,14 @@ if ($cacheOn) { $file = $file ? $file : 'index'; if (file_exists('../cache/'.$cacheDir.$file.'.html')) { - header('X-cache: hit at '.date('r')); + header('X-cache: hit at '.@date('r')); echo file_get_contents('../cache/'.$cacheDir.$file.'.html'); } elseif (file_exists('../cache/'.$cacheDir.$file.'.php')) { - header('X-cache: hit at '.date('r')); + header('X-cache: hit at '.@date('r')); include_once '../cache/'.$cacheDir.$file.'.php'; if ($cacheDebug) echo "

File was cached

"; } else { - header('X-cache: miss at '.date('r') . ' on ' . $cacheDir . $file); + header('X-cache: miss at '.@date('r') . ' on ' . $cacheDir . $file); // No cache hit... fallback!!! include 'main.php'; if ($cacheDebug) echo "

File was !NOT! cached

"; diff --git a/tests/SiteTreePermissionsTest.php b/tests/SiteTreePermissionsTest.php index 6c8aa95fd..cc74083ec 100755 --- a/tests/SiteTreePermissionsTest.php +++ b/tests/SiteTreePermissionsTest.php @@ -263,7 +263,7 @@ class SiteTreePermissionsTest extends FunctionalTest { // Get the live version of the page $page = Versioned::get_one_by_stage("SiteTree", "Live", "\"SiteTree\".\"ID\" = $pageID"); - + // subadmin users $subadminuser = $this->objFromFixture('Member', 'subadmin'); $this->assertTrue( @@ -271,6 +271,57 @@ class SiteTreePermissionsTest extends FunctionalTest { 'Authenticated members can edit a page that was deleted from stage and marked as "Editable by logged in users" if they have cms permissions and belong to any of these groups' ); } + + function testInheritCanViewFromSiteConfig() { + $page = $this->objFromFixture('Page', 'inheritWithNoParent'); + $siteconfig = $this->objFromFixture('SiteConfig', 'default'); + $editor = $this->objFromFixture('Member', 'editor'); + $editorGroup = $this->objFromFixture('Group', 'editorgroup'); + + $siteconfig->CanViewType = 'Anyone'; + $siteconfig->write(); + $this->assertTrue($page->canView(FALSE), 'Anyone can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers'); + + $siteconfig->CanViewType = 'LoggedInUsers'; + $siteconfig->write(); + $this->assertFalse($page->canView(FALSE), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers'); + + $siteconfig->CanViewType = 'LoggedInUsers'; + $siteconfig->write(); + $this->assertTrue($page->canView($editor), 'Users can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to LoggedInUsers'); + + $siteconfig->CanViewType = 'OnlyTheseUsers'; + $siteconfig->ViewerGroups()->add($editorGroup); + $siteconfig->ViewerGroups()->write(); + $siteconfig->write(); + $this->assertTrue($page->canView($editor), 'Editors can view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers'); + $this->assertFalse($page->canView(FALSE), 'Anonymous can\'t view a page when set to inherit from the SiteConfig, and SiteConfig has canView set to OnlyTheseUsers'); + } + + function testInheritCanEditFromSiteConfig() { + $page = $this->objFromFixture('Page', 'inheritWithNoParent'); + $siteconfig = $this->objFromFixture('SiteConfig', 'default'); + $editor = $this->objFromFixture('Member', 'editor'); + $user = $this->objFromFixture('Member', 'websiteuser'); + $editorGroup = $this->objFromFixture('Group', 'editorgroup'); + + $siteconfig->CanEditType = 'LoggedInUsers'; + $siteconfig->write(); + + $this->assertFalse($page->canEdit(FALSE), 'Anonymous can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to LoggedInUsers'); + $this->session()->inst_set('loggedInAs', $editor->ID); + $this->assertTrue($page->canEdit(), 'Users can edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to LoggedInUsers'); + + $siteconfig->CanEditType = 'OnlyTheseUsers'; + $siteconfig->EditorGroups()->add($editorGroup); + $siteconfig->EditorGroups()->write(); + $siteconfig->write(); + $this->assertTrue($page->canEdit($editor), 'Editors can edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers'); + $this->session()->inst_set('loggedInAs', null); + $this->assertFalse($page->canEdit(FALSE), 'Anonymous can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers'); + $this->session()->inst_set('loggedInAs', $user->ID); + $this->assertFalse($page->canEdit($user), 'Website user can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers'); + } } ?> \ No newline at end of file diff --git a/tests/SiteTreePermissionsTest.yml b/tests/SiteTreePermissionsTest.yml index c0c6fdff0..67e2987cb 100644 --- a/tests/SiteTreePermissionsTest.yml +++ b/tests/SiteTreePermissionsTest.yml @@ -1,3 +1,9 @@ +SiteConfig: + default: + Title: My test site + Tagline: There is no doubt this is a great test site + CanViewType: Anyone + CanEditType: LoggedInUsers Permission: cmsmain1: Code: CMS_ACCESS_CMSMain @@ -50,6 +56,10 @@ Page: CanEditType: OnlyTheseUsers EditorGroups: =>Group.subadmingroup URLSegment: restrictedEditOnlySubadminGroup + inheritWithNoParent: + CanEditType: Inherit + CanViewType: Inherit + URLSegment: inheritWithNoParent parent_restrictedViewOnlySubadminGroup: CanViewType: OnlyTheseUsers ViewerGroups: =>Group.subadmingroup