BUGFIX Respecting SiteTree->canDelete() in SiteTree->getCMSActions()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89338 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 12:05:37 +00:00 · 2009-10-17 05:11:23 +00:00 · 2009-10-17 05:11:23 +00:00 · baf98e81d6
commit baf98e81d6
parent 6478062ceb
3 changed files with 91 additions and 9 deletions
--- a/core/model/SiteTree.php
+++ b/core/model/SiteTree.php
@ -1826,16 +1826,20 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
 				if($this->ExistsOnLive) {
 					// "restore"
 					$actions->push(new FormAction('revert',_t('CMSMain.RESTORE','Restore')));
-					// "delete from live"
-					$actions->push(new FormAction('deletefromlive',_t('CMSMain.DELETEFP','Delete from the published site')));
+					if($this->canDelete()) {
+						// "delete from live"
+						$actions->push(new FormAction('deletefromlive',_t('CMSMain.DELETEFP','Delete from the published site')));
+					}
 				} else {
 					// "restore"
 					$actions->push(new FormAction('restore',_t('CMSMain.RESTORE','Restore')));
 				}
 			} else {
-				// "delete"
-				$actions->push($deleteAction = new FormAction('delete',_t('CMSMain.DELETE','Delete from the draft site')));
-				$deleteAction->addExtraClass('delete');
+				if($this->canDelete()) {
+					// "delete"
+					$actions->push($deleteAction = new FormAction('delete',_t('CMSMain.DELETE','Delete from the draft site')));
+					$deleteAction->addExtraClass('delete');
+				}
 			
 				// "save"
 				$actions->push(new FormAction('save',_t('CMSMain.SAVE','Save')));
--- a/tests/SiteTreeActionsTest.php
+++ b/tests/SiteTreeActionsTest.php
@ -27,6 +27,52 @@ class SiteTreeActionsTest extends FunctionalTest {
 		
 		parent::tear_down_once();
 	}
+	
+	function testActionsReadonly() {
+		if(class_exists('SiteTreeCMSWorkflow')) return true;
+		
+		$page = new SiteTreeActionsTest_Page();
+		$page->CanEditType = 'LoggedInUsers';
+		$page->write();
+		$page->doPublish();
+	
+		$readonlyEditor = $this->objFromFixture('Member', 'cmsreadonlyeditor');
+		$this->session()->inst_set('loggedInAs', $readonlyEditor->ID);
+	
+		$actionsArr = $page->getCMSActions()->column('Name');
+	
+		$this->assertNotContains('action_save',$actionsArr);
+		$this->assertNotContains('action_publish',$actionsArr);
+		$this->assertNotContains('action_unpublish',$actionsArr);
+		$this->assertNotContains('action_delete',$actionsArr);
+		$this->assertNotContains('action_deletefromlive',$actionsArr);
+		$this->assertNotContains('action_rollback',$actionsArr);
+		$this->assertNotContains('action_revert',$actionsArr);
+	}
+	
+	function testActionsNoDeletePublishedRecord() {
+		if(class_exists('SiteTreeCMSWorkflow')) return true;
+		
+		$page = new SiteTreeActionsTest_Page();
+		$page->CanEditType = 'LoggedInUsers';
+		$pageID = $page->ID;
+		$page->write();
+		$page->doPublish();
+		$page->deleteFromStage('Stage');
+		
+		// Get the live version of the page
+		$page = Versioned::get_one_by_stage("SiteTree", "Live", "\"SiteTree\".\"ID\" = $pageID");
+	
+		$editor = $this->objFromFixture('Member', 'cmsnodeleteeditor');
+		$this->session()->inst_set('loggedInAs', $editor->ID);
+	
+		$actionsArr = $page->getCMSActions()->column('Name');
+	
+		$this->assertContains('action_save',$actionsArr);
+		$this->assertContains('action_publish',$actionsArr);
+		$this->assertNotContains('action_delete',$actionsArr);
+		$this->assertNotContains('action_deletefromlive',$actionsArr);
+	}

 	function testActionsPublishedRecord() {
 		if(class_exists('SiteTreeCMSWorkflow')) return true;
@ -76,7 +122,7 @@ class SiteTreeActionsTest extends FunctionalTest {
 		$this->assertNotContains('action_rollback',$actionsArr);
 		$this->assertContains('action_revert',$actionsArr);
 	}
-
+	
 	function testActionsChangedOnStageRecord() {
 		if(class_exists('SiteTreeCMSWorkflow')) return true;
 		
@ -102,4 +148,14 @@ class SiteTreeActionsTest extends FunctionalTest {
 		$this->assertNotContains('action_revert',$actionsArr);
 	}
 }
+
+class SiteTreeActionsTest_Page extends Page implements TestOnly {
+	function canEdit($member = null) {
+		return Permission::checkMember($member, 'SiteTreeActionsTest_Page_CANEDIT');
+	}
+	
+	function canDelete($member = null) {
+		return Permission::checkMember($member, 'SiteTreeActionsTest_Page_CANDELETE');
+	}
+}
 ?>
--- a/tests/SiteTreeActionsTest.yml
+++ b/tests/SiteTreeActionsTest.yml
@ -1,11 +1,33 @@
 Permission:
-   cmsmain:
+   cmsmain1:
      Code: CMS_ACCESS_CMSMain
+   cmsmain2:
+      Code: CMS_ACCESS_CMSMain
+   cmsmain3:
+      Code: CMS_ACCESS_CMSMain
+   candelete:
+      Code: SiteTreeActionsTest_Page_CANDELETE
+   canedit1:
+      Code: SiteTreeActionsTest_Page_CANEDIT
+   canedit2:
+      Code: SiteTreeActionsTest_Page_CANEDIT
 Group:
   cmseditors:
      Title: CMS Editors
-      Permissions: =>Permission.cmsmain
+      Permissions: =>Permission.cmsmain1,=>Permission.canedit1,=>Permission.candelete
+   cmsreadonly:
+      Title: CMS Readonly
+      Permissions: =>Permission.cmsmain2
+   cmsnodelete:
+      Title: CMS No Delete
+      Permissions: =>Permission.cmsmain3,=>Permission.canedit2
 Member:
   cmseditor:
      Email: cmseditor@test.com
-      Groups: =>Group.cmseditors
+      Groups: =>Group.cmseditors
+   cmsreadonlyeditor:
+      Email: cmsreadonlyeditor@test.com
+      Groups: =>Group.cmsreadonly
+   cmsnodeleteeditor:
+        Email: cmsnodeleteeditor@test.com
+        Groups: =>Group.cmsnodelete