mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
BUGFIX: Use draft site permissions over published, if available. (from r90220)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96735 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
63096cfefb
commit
efd9b2f666
@ -968,10 +968,12 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
||||
// Get the groups that the given member belongs to
|
||||
$groupIDs = DataObject::get_by_id('Member', $memberID)->Groups()->column("ID");
|
||||
$SQL_groupList = implode(", ", $groupIDs);
|
||||
|
||||
$combinedStageResult = array();
|
||||
|
||||
$combinedStageResult = array();
|
||||
|
||||
foreach(array('Stage', 'Live') as $stage) {
|
||||
$result = array_fill_keys($ids, false);
|
||||
|
||||
// Get the uninherited permissions
|
||||
$uninheritedPermissions = Versioned::get_by_stage("SiteTree", $stage, "(\"CanEditType\" = 'LoggedInUsers' OR
|
||||
(\"CanEditType\" = 'OnlyTheseUsers' AND \"SiteTree_EditorGroups\".\"SiteTreeID\" IS NOT NULL))
|
||||
@ -980,7 +982,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
||||
"LEFT JOIN \"SiteTree_EditorGroups\"
|
||||
ON \"SiteTree_EditorGroups\".\"SiteTreeID\" = \"SiteTree\".\"ID\"
|
||||
AND \"SiteTree_EditorGroups\".\"GroupID\" IN ($SQL_groupList)");
|
||||
|
||||
|
||||
if($uninheritedPermissions) {
|
||||
// Set all the relevant items in $result to true
|
||||
$result = array_fill_keys($uninheritedPermissions->column('ID'), true) + $result;
|
||||
@ -1009,13 +1011,12 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$combinedStageResult = $combinedStageResult + $result;
|
||||
}
|
||||
|
||||
$combinedStageResult = $combinedStageResult + $result;
|
||||
}
|
||||
|
||||
return isset($combinedStageResult) ? $combinedStageResult : array();
|
||||
|
||||
return isset($combinedStageResult) ? $combinedStageResult : array();
|
||||
|
||||
/*
|
||||
// check for empty spec
|
||||
|
@ -365,6 +365,43 @@ class SiteTreeTest extends SapphireTest {
|
||||
// Can't edit a child of that page that has its permissions overridden
|
||||
$this->assertFalse($product4->canEdit($editor));
|
||||
}
|
||||
|
||||
function testEditPermissionsOnDraftVsLive() {
|
||||
// Create an inherit-permission page
|
||||
$page = new Page();
|
||||
$page->write();
|
||||
$page->CanEditType = "Inherit";
|
||||
$page->doPublish();
|
||||
$pageID = $page->ID;
|
||||
|
||||
// Lock down the site config
|
||||
$sc = $page->SiteConfig;
|
||||
$sc->CanEditType = 'OnlyTheseUsers';
|
||||
$sc->EditorGroups()->add($this->idFromFixture('Group', 'admins'));
|
||||
$sc->write();
|
||||
|
||||
// Confirm that Member.editor can't edit the page
|
||||
$this->objFromFixture('Member','editor')->logIn();
|
||||
$this->assertFalse($page->canEdit());
|
||||
|
||||
// Change the page to be editable by Group.editors, but do not publish
|
||||
$this->objFromFixture('Member','admin')->logIn();
|
||||
$page->CanEditType = 'OnlyTheseUsers';
|
||||
$page->EditorGroups()->add($this->idFromFixture('Group', 'editors'));
|
||||
$page->write();
|
||||
|
||||
// Confirm that Member.editor can now edit the page
|
||||
$this->objFromFixture('Member','editor')->logIn();
|
||||
$this->assertTrue($page->canEdit());
|
||||
|
||||
// Publish the changes to the page
|
||||
$this->objFromFixture('Member','admin')->logIn();
|
||||
$page->doPublish();
|
||||
|
||||
// Confirm that Member.editor can still edit the page
|
||||
$this->objFromFixture('Member','editor')->logIn();
|
||||
$this->assertTrue($page->canEdit());
|
||||
}
|
||||
|
||||
function testAuthorIDAndPublisherIDFilledOutOnPublish() {
|
||||
// Ensure that we have a member ID who is doing all this work
|
||||
|
Loading…
Reference in New Issue
Block a user