BUGFIX: Fixed notice-level errors when checking permissions of pages that don't exist anywhere (from r93166)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96755 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2010-01-12 23:35:33 +00:00
parent 3d92026def
commit b10f8a908d
3 changed files with 78 additions and 3 deletions

View File

@ -788,7 +788,10 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
// Regular canEdit logic is handled by can_edit_multiple
$results = self::can_delete_multiple(array($this->ID), $memberID);
return $results[$this->ID];
// If this page no longer exists in stage/live results won't contain the page.
// Fail-over to false
return isset($results[$this->ID]) ? $results[$this->ID] : false;
}
/**
@ -863,7 +866,9 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
// Regular canEdit logic is handled by can_edit_multiple
$results = self::can_edit_multiple(array($this->ID), $memberID);
return $results[$this->ID];
// If this page no longer exists in stage/live results won't contain the page.
// Fail-over to false
return isset($results[$this->ID]) ? $results[$this->ID] : false;
// Default for unsaved pages
} else {
@ -980,6 +985,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
foreach(array('Stage', 'Live') as $stage) {
// Start by filling the array with the pages that actually exist
$table = ($stage=='Stage') ? "SiteTree" : "SiteTree_$stage";
$result = array_fill_keys(DB::query("SELECT \"ID\" FROM \"$table\"
WHERE \"ID\" IN (".implode(", ", $ids).")")->column(), false);

View File

@ -341,6 +341,8 @@ class HtmlEditorField_Toolbar extends RequestHandler {
new FormAction("insertflash", _t('HtmlEditorField.BUTTONINSERTFLASH', 'Insert Flash'))
)
);
$form->disableSecurityToken();
$form->loadDataFrom($this);
$form->disableSecurityToken();
return $form;

View File

@ -30,6 +30,73 @@ class SiteTreePermissionsTest extends FunctionalTest {
$this->autoFollowRedirection = false;
}
function testPermissionCheckingWorksOnDeletedPages() {
// Set up fixture - a published page deleted from draft
$this->logInWithPermssion("ADMIN");
$page = $this->objFromFixture('Page','restrictedEditOnlySubadminGroup');
$pageID = $page->ID;
$this->assertTrue($page->doPublish());
$page->delete();
// Re-fetch the page from the live site
$page = Versioned::get_one_by_stage('SiteTree', 'Live', "\"SiteTree\".\"ID\" = $pageID");
// subadmin has edit rights on that page
$member = $this->objFromFixture('Member','subadmin');
$member->logIn();
// Test can_edit_multiple
$this->assertEquals(
array($pageID => true),
SiteTree::can_edit_multiple(array($pageID), $member->ID)
);
// Test canEdit
$member->logIn();
$this->assertTrue($page->canEdit());
}
function testPermissionCheckingWorksOnUnpublishedPages() {
// Set up fixture - an unpublished page
$this->logInWithPermssion("ADMIN");
$page = $this->objFromFixture('Page','restrictedEditOnlySubadminGroup');
$pageID = $page->ID;
$page->doUnpublish();
// subadmin has edit rights on that page
$member = $this->objFromFixture('Member','subadmin');
$member->logIn();
// Test can_edit_multiple
$this->assertEquals(
array($pageID => true),
SiteTree::can_edit_multiple(array($pageID), $member->ID)
);
// Test canEdit
$member->logIn();
$this->assertTrue($page->canEdit());
}
function testCanEditOnPageDeletedFromStageAndLiveReturnsFalse() {
// Find a page that exists and delete it from both stage and published
$this->logInWithPermssion("ADMIN");
$page = $this->objFromFixture('Page','restrictedEditOnlySubadminGroup');
$pageID = $page->ID;
$page->doUnpublish();
$page->delete();
// We'll need to resurrect the page from the version cache to test this case
$page = Versioned::get_latest_version('SiteTree', $pageID);
// subadmin had edit rights on that page, but now it's gone
$member = $this->objFromFixture('Member','subadmin');
$member->logIn();
$this->assertFalse($page->canEdit());
}
/*
function testAccessTabOnlyDisplaysWithGrantAccessPermissions() {
$page = $this->objFromFixture('Page', 'standardpage');
@ -324,7 +391,7 @@ class SiteTreePermissionsTest extends FunctionalTest {
$this->session()->inst_set('loggedInAs', $user->ID);
$this->assertFalse($page->canEdit($user), 'Website user can\'t edit a page when set to inherit from the SiteConfig, and SiteConfig has canEdit set to OnlyTheseUsers');
}
*/
function testInheritCanViewFromSiteConfig() {
$page = $this->objFromFixture('Page', 'inheritWithNoParent');
$siteconfig = $this->objFromFixture('SiteConfig', 'default');