tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4517 from dhensby/pulls/access-all-areas

Browse Source 
Fix issue where Access All CMS Sections doesnt work
This commit is contained in:
Damian Mooyman 2015-08-21 11:48:45 +12:00
commit d64852b2e8
2 changed files with 33 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
security/Permission.php
View File

@ -162,16 +162,23 @@ class Permission extends DataObject implements TemplateGlobalProvider {
} else { } else {
$memberID = (is_object($member)) ? $member->ID : $member; $memberID = (is_object($member)) ? $member->ID : $member;
} }
// If $admin_implies_all was false then this would be inefficient, but that's an edge
// case and this keeps the code simpler
if(!is_array($code)) $code = array($code);
if($arg == 'any') { if($arg == 'any') {
// Cache the permissions in memory // Cache the permissions in memory
if(!isset(self::$cache_permissions[$memberID])) { if(!isset(self::$cache_permissions[$memberID])) {
self::$cache_permissions[$memberID] = self::permissions_for_member($memberID); self::$cache_permissions[$memberID] = self::permissions_for_member($memberID);
} }
foreach ($code as $permCode) {
// If $admin_implies_all was false then this would be inefficient, but that's an edge if (substr($permCode, 0, 11) == 'CMS_ACCESS_') {
// case and this keeps the code simpler //cms_access_leftandmain means access to all CMS areas
if(!is_array($code)) $code = array($code); $code[] = 'CMS_ACCESS_LeftAndMain';
break;
}
}
if(Config::inst()->get('Permission', 'admin_implies_all')) $code[] = "ADMIN"; if(Config::inst()->get('Permission', 'admin_implies_all')) $code[] = "ADMIN";
// Multiple $code values - return true if at least one matches, ie, intersection exists // Multiple $code values - return true if at least one matches, ie, intersection exists

22
tests/security/PermissionTest.php
View File

@ -22,6 +22,26 @@ class PermissionTest extends SapphireTest {
$member = $this->objFromFixture('Member', 'author'); $member = $this->objFromFixture('Member', 'author');
$this->assertTrue(Permission::checkMember($member, "SITETREE_VIEW_ALL")); $this->assertTrue(Permission::checkMember($member, "SITETREE_VIEW_ALL"));
} }
public function testLeftAndMainAccessAll() {
//add user and group
$member = Member::create()->update(array(
'FirstName' => 'Left',
'Surname' => 'Main',
'Email' => 'leftandmain@example.com',
));
$member->write();
$group = Group::create()->update(array(
'Title' => 'LeftAndMain',
));
$group->write();
Permission::grant($group->ID, 'CMS_ACCESS_LeftAndMain');
$group->DirectMembers()->add($member);
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_MyAdmin"));
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));
}
public function testPermissionAreInheritedFromOneRole() { public function testPermissionAreInheritedFromOneRole() {
$member = $this->objFromFixture('Member', 'author'); $member = $this->objFromFixture('Member', 'author');
@ -39,7 +59,7 @@ class PermissionTest extends SapphireTest {
$this->assertFalse(Permission::checkMember($member, "SITETREE_VIEW_ALL")); $this->assertFalse(Permission::checkMember($member, "SITETREE_VIEW_ALL"));
} }
function testPermissionsForMember() { public function testPermissionsForMember() {
$member = $this->objFromFixture('Member', 'access'); $member = $this->objFromFixture('Member', 'access');
$permissions = Permission::permissions_for_member($member->ID); $permissions = Permission::permissions_for_member($member->ID);
$this->assertEquals(4, count($permissions)); $this->assertEquals(4, count($permissions));