tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-02 22:28:37 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX: Use draft site permissions over published, if available. (from r90220) (from r96735)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102357 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-04-12 02:04:15 +00:00
parent e921b376bc
commit db859b793a
2 changed files with 45 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
core/model/SiteTree.php
View File

@ -983,10 +983,12 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
// Get the groups that the given member belongs to
$groupIDs = DataObject::get_by_id('Member', $memberID)->Groups()->column("ID");
$SQL_groupList = implode(", ", $groupIDs);
$combinedStageResult = array();
$combinedStageResult = array();
foreach(array('Stage', 'Live') as $stage) {
$result = array_fill_keys($ids, false);
// Get the uninherited permissions
$uninheritedPermissions = Versioned::get_by_stage("SiteTree", $stage, "(\"CanEditType\" = 'LoggedInUsers' OR
(\"CanEditType\" = 'OnlyTheseUsers' AND \"SiteTree_EditorGroups\".\"SiteTreeID\" IS NOT NULL))
@ -995,7 +997,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
"LEFT JOIN \"SiteTree_EditorGroups\"
ON \"SiteTree_EditorGroups\".\"SiteTreeID\" = \"SiteTree\".\"ID\"
AND \"SiteTree_EditorGroups\".\"GroupID\" IN ($SQL_groupList)");
if($uninheritedPermissions) {
// Set all the relevant items in $result to true
$result = array_fill_keys($uninheritedPermissions->column('ID'), true) + $result;
@ -1024,13 +1026,12 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
}
}
}
$combinedStageResult = $combinedStageResult + $result;
}
$combinedStageResult = $combinedStageResult + $result;
}
return isset($combinedStageResult) ? $combinedStageResult : array();
return isset($combinedStageResult) ? $combinedStageResult : array();
/*
// check for empty spec

37
tests/SiteTreeTest.php
View File

@ -365,6 +365,43 @@ class SiteTreeTest extends SapphireTest {
// Can't edit a child of that page that has its permissions overridden
$this->assertFalse($product4->canEdit($editor));
}
function testEditPermissionsOnDraftVsLive() {
// Create an inherit-permission page
$page = new Page();
$page->write();
$page->CanEditType = "Inherit";
$page->doPublish();
$pageID = $page->ID;
// Lock down the site config
$sc = $page->SiteConfig;
$sc->CanEditType = 'OnlyTheseUsers';
$sc->EditorGroups()->add($this->idFromFixture('Group', 'admins'));
$sc->write();
// Confirm that Member.editor can't edit the page
$this->objFromFixture('Member','editor')->logIn();
$this->assertFalse($page->canEdit());
// Change the page to be editable by Group.editors, but do not publish
$this->objFromFixture('Member','admin')->logIn();
$page->CanEditType = 'OnlyTheseUsers';
$page->EditorGroups()->add($this->idFromFixture('Group', 'editors'));
$page->write();
// Confirm that Member.editor can now edit the page
$this->objFromFixture('Member','editor')->logIn();
$this->assertTrue($page->canEdit());
// Publish the changes to the page
$this->objFromFixture('Member','admin')->logIn();
$page->doPublish();
// Confirm that Member.editor can still edit the page
$this->objFromFixture('Member','editor')->logIn();
$this->assertTrue($page->canEdit());
}
function testAuthorIDAndPublisherIDFilledOutOnPublish() {
// Ensure that we have a member ID who is doing all this work