ENHANCEMENT Added SiteTree->canViewStage() and using it in ContentController->init()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@94253 467b73ca-7a2a-4603-9d3b-597d59a354a9

core/control/ContentController.php

@@ -112,7 +112,7 @@ class ContentController extends Controller {
 
 		// Draft/Archive security check - only CMS users should be able to look at stage/archived content
 		if($this->URLSegment != 'Security' && !Session::get('unsecuredDraftSite') && (Versioned::current_archived_date() || (Versioned::current_stage() && Versioned::current_stage() != 'Live'))) {
-			if(!Permission::check('CMS_ACCESS_CMSMain')) {
+			if(!$this->dataRecord->canViewStage(Versioned::current_stage())) {
 				$link = $this->Link();
 				$message = _t("ContentController.DRAFT_SITE_ACCESS_RESTRICTION", 'You must log in with your CMS password in order to view the draft or archived content.  <a href="%s">Click here to go back to the published site.</a>');
 				return Security::permissionFailure($this, sprintf($message, "$link?stage=Live"));

core/model/SiteTree.php

@@ -741,6 +741,28 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
 		return false;
 	}
 	
+	/**
+	 * Determines permissions for a specific stage (see {@link Versioned}).
+	 * Usually the stage is read from {@link Versioned::current_stage()}.
+	 * Falls back to {@link canView}.
+	 * 
+	 * @todo Implement in CMS UI.
+	 * 
+	 * @param String $stage
+	 * @param Member $member
+	 * @return boolean
+	 */
+	function canViewStage($stage, $member = null) {
+		if(!$member) $member = Member::currentUser();
+
+		if(
+			strtolower($stage) == 'stage' && 
+			!Permission::checkMember($member, 'CMS_ACCESS_CMSMain')
+		) return false;
+		
+		return $this->canView($member);
+	}
+
 	/**
 	 * This function should return true if the current user can delete this
 	 * page. It can be overloaded to customise the security model for an

tests/SiteTreePermissionsTest.php

@@ -30,6 +30,18 @@ class SiteTreePermissionsTest extends FunctionalTest {
 		$this->autoFollowRedirection = false;
 	}
 	
+	function testCanViewStage() {
+		$page = $this->objFromFixture('Page', 'standardpage');
+		$editor = $this->objFromFixture('Member', 'editor');
+		$websiteuser = $this->objFromFixture('Member', 'websiteuser');
+		
+		$this->assertTrue($page->canViewStage('Live', $websiteuser));
+		$this->assertFalse($page->canViewStage('Stage', $websiteuser));
+		
+		$this->assertTrue($page->canViewStage('Live', $editor));
+		$this->assertTrue($page->canViewStage('Stage', $editor));
+	}
+	
 	function testAccessTabOnlyDisplaysWithGrantAccessPermissions() {
 		$page = $this->objFromFixture('Page', 'standardpage');
 		

tests/control/ContentControllerPermissionsTest.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * @package sapphire
+ * @subpackage tests
+ */
+class ContentControllerPermissionTest extends FunctionalTest {
+	
+	protected $usesDatabase = true;
+	
+	protected $autoFollowRedirection = false;
+	
+	public function testCanViewStage() {
+		$page = new Page();
+		$page->URLSegment = 'testpage';
+		$page->write();
+		$page->publish('Stage', 'Live');
+		
+		$response = $this->get('/testpage');
+		$this->assertEquals($response->getStatusCode(), 200);
+		
+		$response = $this->get('/testpage/?stage=Live');
+		$this->assertEquals($response->getStatusCode(), 200);
+		
+		$response = $this->get('/testpage/?stage=Stage');
+		// should redirect to login
+		$this->assertEquals($response->getStatusCode(), 302);
+		
+		$this->logInWithPermssion('CMS_ACCESS_CMSMain');
+		
+		$response = $this->get('/testpage/?stage=Stage');
+		$this->assertEquals($response->getStatusCode(), 200);
+	}
+	
+	
+}