tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

BUG fix CMS_ACCESS permission being ignored if in incorrect order in array

Browse Source
This commit is contained in:
Damian Mooyman 2016-05-27 15:49:05 +12:00
parent 7a462cecef
commit f1a0aef0d7
No known key found for this signature in database
GPG Key ID: 78B823A10DE27D1A
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
security/Permission.php
View File

@ -185,13 +185,12 @@ class Permission extends DataObject implements TemplateGlobalProvider {
} }
} }
} }
elseif (substr($permCode, 0, 11) === 'CMS_ACCESS_') { elseif (substr($permCode, 0, 11) === 'CMS_ACCESS_' && !in_array('CMS_ACCESS_LeftAndMain', $code)) {
//cms_access_leftandmain means access to all CMS areas //cms_access_leftandmain means access to all CMS areas
$code[] = 'CMS_ACCESS_LeftAndMain'; $code[] = 'CMS_ACCESS_LeftAndMain';
break;
} }
} }
// if ADMIN has all privileges, then we need to push that code in // if ADMIN has all privileges, then we need to push that code in
if($adminImpliesAll) { if($adminImpliesAll) {
$code[] = "ADMIN"; $code[] = "ADMIN";

6
tests/security/PermissionTest.php
View File

@ -27,6 +27,8 @@ class PermissionTest extends SapphireTest {
$members = Member::get()->byIDs($this->allFixtureIDs('Member')); $members = Member::get()->byIDs($this->allFixtureIDs('Member'));
foreach ($members as $member) { foreach ($members as $member) {
$this->assertTrue(Permission::checkMember($member, 'CMS_ACCESS')); $this->assertTrue(Permission::checkMember($member, 'CMS_ACCESS'));
$this->assertTrue(Permission::checkMember($member, array('CMS_ACCESS', 'CMS_ACCESS_Security')));
$this->assertTrue(Permission::checkMember($member, array('CMS_ACCESS_Security', 'CMS_ACCESS')));
} }
$member = new Member(); $member = new Member();
@ -37,6 +39,8 @@ class PermissionTest extends SapphireTest {
)); ));
$member->write(); $member->write();
$this->assertFalse(Permission::checkMember($member, 'CMS_ACCESS')); $this->assertFalse(Permission::checkMember($member, 'CMS_ACCESS'));
$this->assertFalse(Permission::checkMember($member, array('CMS_ACCESS', 'CMS_ACCESS_Security')));
$this->assertFalse(Permission::checkMember($member, array('CMS_ACCESS_Security', 'CMS_ACCESS')));
} }
public function testLeftAndMainAccessAll() { public function testLeftAndMainAccessAll() {
@ -47,7 +51,7 @@ class PermissionTest extends SapphireTest {
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin")); $this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin")); $this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));
} }
public function testPermissionAreInheritedFromOneRole() { public function testPermissionAreInheritedFromOneRole() {
$member = $this->objFromFixture('Member', 'author'); $member = $this->objFromFixture('Member', 'author');
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_MyAdmin")); $this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_MyAdmin"));