mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
NEW Restrict upload abilities in UploadField
This commit is contained in:
parent
5f8115f4c7
commit
9310b8d86d
@ -16,8 +16,8 @@ Used in side panels and action tabs
|
|||||||
.ss-uploadfield .middleColumn { width: 526px; padding: 0; background: #fff; border: 1px solid #b3b3b3; -webkit-border-radius: 4px; -moz-border-radius: 4px; -ms-border-radius: 4px; -o-border-radius: 4px; border-radius: 4px; background-image: -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(0%, #efefef), color-stop(10%, #ffffff), color-stop(90%, #ffffff), color-stop(100%, #efefef)); background-image: -webkit-linear-gradient(#efefef, #ffffff 10%, #ffffff 90%, #efefef); background-image: -moz-linear-gradient(#efefef, #ffffff 10%, #ffffff 90%, #efefef); background-image: -o-linear-gradient(#efefef, #ffffff 10%, #ffffff 90%, #efefef); background-image: linear-gradient(#efefef, #ffffff 10%, #ffffff 90%, #efefef); }
|
.ss-uploadfield .middleColumn { width: 526px; padding: 0; background: #fff; border: 1px solid #b3b3b3; -webkit-border-radius: 4px; -moz-border-radius: 4px; -ms-border-radius: 4px; -o-border-radius: 4px; border-radius: 4px; background-image: -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(0%, #efefef), color-stop(10%, #ffffff), color-stop(90%, #ffffff), color-stop(100%, #efefef)); background-image: -webkit-linear-gradient(#efefef, #ffffff 10%, #ffffff 90%, #efefef); background-image: -moz-linear-gradient(#efefef, #ffffff 10%, #ffffff 90%, #efefef); background-image: -o-linear-gradient(#efefef, #ffffff 10%, #ffffff 90%, #efefef); background-image: linear-gradient(#efefef, #ffffff 10%, #ffffff 90%, #efefef); }
|
||||||
.ss-uploadfield .ss-uploadfield-item { margin: 0; padding: 15px; overflow: auto; }
|
.ss-uploadfield .ss-uploadfield-item { margin: 0; padding: 15px; overflow: auto; }
|
||||||
.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-preview { height: 60px; line-height: 60px; width: 80px; text-align: center; font-weight: bold; float: left; overflow: hidden; }
|
.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-preview { height: 60px; line-height: 60px; width: 80px; text-align: center; font-weight: bold; float: left; overflow: hidden; }
|
||||||
.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-preview.ss-uploadfield-dropzone { -webkit-box-shadow: gray 0 0 4px 0 inset; -moz-box-shadow: gray 0 0 4px 0 inset; box-shadow: gray 0 0 4px 0 inset; border: 2px dashed gray; background: #d0d3d5; display: none; }
|
.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-preview.ss-uploadfield-dropzone { -webkit-box-shadow: gray 0 0 4px 0 inset; -moz-box-shadow: gray 0 0 4px 0 inset; box-shadow: gray 0 0 4px 0 inset; border: 2px dashed gray; background: #d0d3d5; display: none; margin-right: 15px; }
|
||||||
.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-info { margin: 0 0 0 100px; }
|
.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-info { float: left; }
|
||||||
.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-info .ss-uploadfield-item-name { display: block; line-height: 13px; height: 26px; margin: 0; text-align: left; }
|
.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-info .ss-uploadfield-item-name { display: block; line-height: 13px; height: 26px; margin: 0; text-align: left; }
|
||||||
.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-info .ss-uploadfield-item-name b { font-weight: bold; padding: 0 5px 0 0; }
|
.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-info .ss-uploadfield-item-name b { font-weight: bold; padding: 0 5px 0 0; }
|
||||||
.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-info .ss-uploadfield-item-name .name { font-size: 11px; color: #848484; width: 290px; overflow: hidden; white-space: nowrap; text-overflow: ellipsis; -o-text-overflow: ellipsis; display: inline; float: left; }
|
.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-info .ss-uploadfield-item-name .name { font-size: 11px; color: #848484; width: 290px; overflow: hidden; white-space: nowrap; text-overflow: ellipsis; -o-text-overflow: ellipsis; display: inline; float: left; }
|
||||||
|
@ -81,6 +81,10 @@ class UploadField extends FileField {
|
|||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
'allowedMaxFileNumber' => null,
|
'allowedMaxFileNumber' => null,
|
||||||
|
/**
|
||||||
|
* @var boolean Can the user upload new files, or just select from existing files.
|
||||||
|
*/
|
||||||
|
'canUpload' => true,
|
||||||
/**
|
/**
|
||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
@ -441,7 +445,9 @@ class UploadField extends FileField {
|
|||||||
* @return string json
|
* @return string json
|
||||||
*/
|
*/
|
||||||
public function upload(SS_HTTPRequest $request) {
|
public function upload(SS_HTTPRequest $request) {
|
||||||
if($this->isDisabled() || $this->isReadonly()) return $this->httpError(403);
|
if($this->isDisabled() || $this->isReadonly() || !$this->canUpload()) {
|
||||||
|
return $this->httpError(403);
|
||||||
|
}
|
||||||
|
|
||||||
// Protect against CSRF on destructive action
|
// Protect against CSRF on destructive action
|
||||||
$token = $this->getForm()->getSecurityToken();
|
$token = $this->getForm()->getSecurityToken();
|
||||||
@ -629,6 +635,12 @@ class UploadField extends FileField {
|
|||||||
// Don't allow upload or edit of a relation when the underlying record hasn't been persisted yet
|
// Don't allow upload or edit of a relation when the underlying record hasn't been persisted yet
|
||||||
return (!$record || !$this->managesRelation() || $record->exists());
|
return (!$record || !$this->managesRelation() || $record->exists());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function canUpload() {
|
||||||
|
$can = $this->getConfig('canUpload');
|
||||||
|
return (is_bool($can)) ? $can : Permission::check($can);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -47,11 +47,12 @@
|
|||||||
border: 2px dashed $color-medium-separator;
|
border: 2px dashed $color-medium-separator;
|
||||||
background: $color-light-separator;
|
background: $color-light-separator;
|
||||||
display: none;
|
display: none;
|
||||||
|
margin-right: 15px;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
.ss-uploadfield-item-info {
|
.ss-uploadfield-item-info {
|
||||||
margin: 0 0 0 100px;
|
float: left;
|
||||||
|
|
||||||
.ss-uploadfield-item-name {
|
.ss-uploadfield-item-name {
|
||||||
display: block;
|
display: block;
|
||||||
line-height: 13px;
|
line-height: 13px;
|
||||||
|
@ -34,6 +34,7 @@
|
|||||||
<% end_if %>
|
<% end_if %>
|
||||||
<% else %>
|
<% else %>
|
||||||
<div class="ss-uploadfield-item ss-uploadfield-addfile<% if $Items && $displayInput %> borderTop<% end_if %>" <% if not $displayInput %>style="display: none;"<% end_if %>>
|
<div class="ss-uploadfield-item ss-uploadfield-addfile<% if $Items && $displayInput %> borderTop<% end_if %>" <% if not $displayInput %>style="display: none;"<% end_if %>>
|
||||||
|
<% if canUpload %>
|
||||||
<div class="ss-uploadfield-item-preview ss-uploadfield-dropzone ui-corner-all">
|
<div class="ss-uploadfield-item-preview ss-uploadfield-dropzone ui-corner-all">
|
||||||
<% if $multiple %>
|
<% if $multiple %>
|
||||||
<% _t('UploadField.DROPFILES', 'drop files') %>
|
<% _t('UploadField.DROPFILES', 'drop files') %>
|
||||||
@ -41,6 +42,7 @@
|
|||||||
<% _t('UploadField.DROPFILE', 'drop a file') %>
|
<% _t('UploadField.DROPFILE', 'drop a file') %>
|
||||||
<% end_if %>
|
<% end_if %>
|
||||||
</div>
|
</div>
|
||||||
|
<% end_if %>
|
||||||
<div class="ss-uploadfield-item-info">
|
<div class="ss-uploadfield-item-info">
|
||||||
<label class="ss-uploadfield-item-name"><b>
|
<label class="ss-uploadfield-item-name"><b>
|
||||||
<% if $multiple %>
|
<% if $multiple %>
|
||||||
@ -49,10 +51,12 @@
|
|||||||
<% _t('UploadField.ATTACHFILE', 'Attach a file') %>
|
<% _t('UploadField.ATTACHFILE', 'Attach a file') %>
|
||||||
<% end_if %>
|
<% end_if %>
|
||||||
</b></label>
|
</b></label>
|
||||||
<label class="ss-uploadfield-fromcomputer ss-ui-button ui-corner-all" data-icon="drive-upload">
|
<% if canUpload %>
|
||||||
<% _t('UploadField.FROMCOMPUTER', 'From your computer') %>
|
<label class="ss-uploadfield-fromcomputer ss-ui-button ui-corner-all" data-icon="drive-upload">
|
||||||
<input id="$id" name="$getName" class="$extraClass ss-uploadfield-fromcomputer-fileinput" data-config="$configString" type="file"<% if $multiple %> multiple="multiple"<% end_if %> />
|
<% _t('UploadField.FROMCOMPUTER', 'From your computer') %>
|
||||||
</label>
|
<input id="$id" name="$getName" class="$extraClass ss-uploadfield-fromcomputer-fileinput" data-config="$configString" type="file"<% if $multiple %> multiple="multiple"<% end_if %> />
|
||||||
|
</label>
|
||||||
|
<% end_if %>
|
||||||
<button class="ss-uploadfield-fromfiles ss-ui-button ui-corner-all" data-icon="network-cloud"><% _t('UploadField.FROMFILES', 'From files') %></button>
|
<button class="ss-uploadfield-fromfiles ss-ui-button ui-corner-all" data-icon="network-cloud"><% _t('UploadField.FROMFILES', 'From files') %></button>
|
||||||
<% if not $autoUpload %>
|
<% if not $autoUpload %>
|
||||||
<button class="ss-uploadfield-startall ss-ui-button ui-corner-all" data-icon="navigation"><% _t('UploadField.STARTALL', 'Start all') %></button>
|
<button class="ss-uploadfield-startall ss-ui-button ui-corner-all" data-icon="navigation"><% _t('UploadField.STARTALL', 'Start all') %></button>
|
||||||
|
@ -476,6 +476,42 @@ class UploadFieldTest extends FunctionalTest {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testCanUpload() {
|
||||||
|
$this->loginWithPermission('ADMIN');
|
||||||
|
$response = $this->get('UploadFieldTest_Controller');
|
||||||
|
$this->assertFalse($response->isError());
|
||||||
|
|
||||||
|
$parser = new CSSContentParser($response->getBody());
|
||||||
|
$this->assertFalse(
|
||||||
|
(bool)$parser->getBySelector('#CanUploadFalseField .ss-uploadfield-fromcomputer-fileinput'),
|
||||||
|
'Removes input file control'
|
||||||
|
);
|
||||||
|
$this->assertFalse((bool)$parser->getBySelector('#CanUploadFalseField .ss-uploadfield-dropzone'),
|
||||||
|
'Removes dropzone');
|
||||||
|
$this->assertTrue(
|
||||||
|
(bool)$parser->getBySelector('#CanUploadFalseField .ss-uploadfield-fromfiles'),
|
||||||
|
'Keeps "From files" button'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testCanUploadWithPermissionCode() {
|
||||||
|
$field = new UploadField('MyField');
|
||||||
|
|
||||||
|
$field->setConfig('canUpload', true);
|
||||||
|
$this->assertTrue($field->canUpload());
|
||||||
|
|
||||||
|
$field->setConfig('canUpload', false);
|
||||||
|
$this->assertFalse($field->canUpload());
|
||||||
|
|
||||||
|
$this->loginWithPermission('ADMIN');
|
||||||
|
|
||||||
|
$field->setConfig('canUpload', false);
|
||||||
|
$this->assertFalse($field->canUpload());
|
||||||
|
|
||||||
|
$field->setConfig('canUpload', 'ADMIN');
|
||||||
|
$this->assertTrue($field->canUpload());
|
||||||
|
}
|
||||||
|
|
||||||
public function testIsSaveable() {
|
public function testIsSaveable() {
|
||||||
$form = $this->getMockForm();
|
$form = $this->getMockForm();
|
||||||
|
|
||||||
@ -775,6 +811,10 @@ class UploadFieldTest_Controller extends Controller implements TestOnly {
|
|||||||
$fieldSubfolder->setFolderName('UploadFieldTest/subfolder1');
|
$fieldSubfolder->setFolderName('UploadFieldTest/subfolder1');
|
||||||
$fieldSubfolder->setRecord($record);
|
$fieldSubfolder->setRecord($record);
|
||||||
|
|
||||||
|
$fieldCanUploadFalse = new UploadField('CanUploadFalseField');
|
||||||
|
$fieldCanUploadFalse->setConfig('canUpload', false);
|
||||||
|
$fieldCanUploadFalse->setRecord($record);
|
||||||
|
|
||||||
$form = new Form(
|
$form = new Form(
|
||||||
$this,
|
$this,
|
||||||
'Form',
|
'Form',
|
||||||
@ -789,7 +829,8 @@ class UploadFieldTest_Controller extends Controller implements TestOnly {
|
|||||||
$fieldManyMany,
|
$fieldManyMany,
|
||||||
$fieldReadonly,
|
$fieldReadonly,
|
||||||
$fieldDisabled,
|
$fieldDisabled,
|
||||||
$fieldSubfolder
|
$fieldSubfolder,
|
||||||
|
$fieldCanUploadFalse
|
||||||
),
|
),
|
||||||
new FieldList(
|
new FieldList(
|
||||||
new FormAction('submit')
|
new FormAction('submit')
|
||||||
@ -805,7 +846,8 @@ class UploadFieldTest_Controller extends Controller implements TestOnly {
|
|||||||
'ManyManyFiles',
|
'ManyManyFiles',
|
||||||
'ReadonlyField',
|
'ReadonlyField',
|
||||||
'DisabledField',
|
'DisabledField',
|
||||||
'SubfolderField'
|
'SubfolderField',
|
||||||
|
'CanUploadFalseField'
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
return $form;
|
return $form;
|
||||||
|
Loading…
Reference in New Issue
Block a user