tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

BUG Fix users with all cms section access not able to edit files

Browse Source 
Fixes #4078
This commit is contained in:
Damian Mooyman 2015-04-20 18:02:08 +12:00
parent 1a78044e21
commit 8e24511266
3 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
filesystem/File.php
View File

@ -305,7 +305,7 @@ class File extends DataObject {
$result = $this->extendedCan('canEdit', $member); $result = $this->extendedCan('canEdit', $member);
if($result !== null) return $result; if($result !== null) return $result;
return Permission::checkMember($member, 'CMS_ACCESS_AssetAdmin'); return Permission::checkMember($member, array('CMS_ACCESS_AssetAdmin', 'CMS_ACCESS_LeftAndMain'));
} }
/** /**

8
tests/filesystem/FileTest.php
View File

@ -393,9 +393,13 @@ class FileTest extends SapphireTest {
$this->objFromFixture('Member', 'frontend')->logIn(); $this->objFromFixture('Member', 'frontend')->logIn();
$this->assertFalse($file->canEdit(), "Permissionless users can't edit files"); $this->assertFalse($file->canEdit(), "Permissionless users can't edit files");
// Test cms non-asset user // Test global CMS section users
$this->objFromFixture('Member', 'cms')->logIn(); $this->objFromFixture('Member', 'cms')->logIn();
$this->assertFalse($file->canEdit(), "Basic CMS users can't edit files"); $this->assertTrue($file->canEdit(), "Users with all CMS section access can edit files");
// Test cms access users without file access
$this->objFromFixture('Member', 'security')->logIn();
$this->assertFalse($file->canEdit(), "Security CMS users can't edit files");
// Test asset-admin user // Test asset-admin user
$this->objFromFixture('Member', 'assetadmin')->logIn(); $this->objFromFixture('Member', 'assetadmin')->logIn();

10
tests/filesystem/FileTest.yml
View File

@ -35,6 +35,8 @@ Permission:
Code: CMS_ACCESS_LeftAndMain Code: CMS_ACCESS_LeftAndMain
assetadmin: assetadmin:
Code: CMS_ACCESS_AssetAdmin Code: CMS_ACCESS_AssetAdmin
securityadmin:
Code: CMS_ACCESS_SecurityAdmin
Group: Group:
admins: admins:
Title: Administrators Title: Administrators
@ -42,9 +44,12 @@ Group:
cmsusers: cmsusers:
Title: 'CMS Users' Title: 'CMS Users'
Permissions: =>Permission.cmsmain Permissions: =>Permission.cmsmain
securityusers:
Title: 'Security Users'
Permissions: =>Permission.securityadmin
assetusers: assetusers:
Title: 'Asset Users' Title: 'Asset Users'
Permissions: =>Permission.cmsmain, =>Permission.assetadmin Permissions: =>Permission.assetadmin
Member: Member:
frontend: frontend:
Email: frontend@example.com Email: frontend@example.com
@ -57,3 +62,6 @@ Member:
assetadmin: assetadmin:
Email: assetadmin@silverstripe.com Email: assetadmin@silverstripe.com
Groups: =>Group.assetusers Groups: =>Group.assetusers
security:
Email: security@silverstripe.com
Groups: =>Group.securityusers