mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Added test for new permission code. (from r97897)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102550 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
22fde45409
commit
9a04ca62d2
@ -109,9 +109,11 @@ class ContentController extends Controller {
|
||||
if($this->dataRecord && $this->URLSegment != 'Security' && !$this->dataRecord->can('View')) {
|
||||
return Security::permissionFailure($this);
|
||||
}
|
||||
|
||||
var_dump(Versioned::current_stage());
|
||||
// Draft/Archive security check - only CMS users should be able to look at stage/archived content
|
||||
if($this->URLSegment != 'Security' && !Session::get('unsecuredDraftSite') && (Versioned::current_archived_date() || (Versioned::current_stage() && Versioned::current_stage() != 'Live'))) {
|
||||
var_dump($this->URLSegment);
|
||||
var_dump($this->dataRecord->canViewStage(Versioned::current_stage()));
|
||||
if(!$this->dataRecord->canViewStage(Versioned::current_stage())) {
|
||||
$link = $this->Link();
|
||||
$message = _t("ContentController.DRAFT_SITE_ACCESS_RESTRICTION", 'You must log in with your CMS password in order to view the draft or archived content. <a href="%s">Click here to go back to the published site.</a>');
|
||||
|
@ -12,6 +12,7 @@ class ContentControllerTest extends FunctionalTest {
|
||||
/**
|
||||
* Test that nested pages, basic actions, and nested/non-nested URL switching works properly
|
||||
*/
|
||||
|
||||
public function testNestedPages() {
|
||||
RootURLController::reset();
|
||||
SiteTree::enable_nested_urls();
|
||||
@ -89,6 +90,20 @@ class ContentControllerTest extends FunctionalTest {
|
||||
SiteTree::disable_nested_urls();
|
||||
}
|
||||
|
||||
public function testViewDraft(){
|
||||
|
||||
// test when user does not have permission, should get login form
|
||||
$this->logInWithPermssion('editor');
|
||||
$this->assertEquals('403', $this->get('/contact/?stage=Stage')->getstatusCode());
|
||||
|
||||
|
||||
// test when user does have permission, should show page title and header ok.
|
||||
$this->logInWithPermssion('admin');
|
||||
$this->assertEquals('200', $this->get('/contact/?stage=Stage')->getstatusCode());
|
||||
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
class ContentControllerTest_Page extends Page { }
|
||||
|
Loading…
Reference in New Issue
Block a user