From 24bc80ed35a7a0b2ea77329405b92ff420fdd5ba Mon Sep 17 00:00:00 2001 From: mattclegg Date: Tue, 31 Mar 2020 12:09:16 +0545 Subject: [PATCH 1/5] [DOCS] Better debug text for errors generated by GridFieldDetailForm_ItemRequest --- lang/en.yml | 2 ++ .../GridFieldDetailForm_ItemRequest.php | 23 +++++++++++++++---- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/lang/en.yml b/lang/en.yml index dfe2f3812..2c386ebdb 100644 --- a/lang/en.yml +++ b/lang/en.yml @@ -111,6 +111,8 @@ en: NEW: 'Add new record' NEXT: 'Go to next record' PREVIOUS: 'Go to previous record' + EditPermissionsFailure: 'It seems you don''t have the necessary permissions to edit {ObjectTitle}' + ViewPermissionsFailure: 'It seems you don''t have the necessary permissions to view {ObjectTitle}' SilverStripe\Forms\GridField\GridFieldEditButton: EDIT: Edit SilverStripe\Forms\GridField\GridFieldFilterHeader: diff --git a/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php b/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php index c808ec129..3f16fd4cd 100644 --- a/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php +++ b/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php @@ -111,7 +111,12 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler public function view($request) { if (!$this->record->canView()) { - $this->httpError(403); + $this->httpError(403, _t( + __CLASS__.'.ViewPermissionsFailure', + 'It seems you don\'t have the necessary permissions to view {ObjectTitle}', + '', + ['ObjectTitle' => $this->record->singular_name()] + )); } $controller = $this->getToplevelController(); @@ -189,8 +194,12 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler if (!$this->record->canView()) { $controller = $this->getToplevelController(); - // TODO More friendly error - return $controller->httpError(403); + return $controller->httpError(403, _t( + __CLASS__.'.ViewPermissionsFailure', + 'It seems you don\'t have the necessary permissions to view {ObjectTitle}', + '', + ['ObjectTitle' => $this->record->singular_name()] + )); } $fields = $this->component->getFields(); @@ -490,7 +499,13 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler // Check permission if (!$this->record->canEdit()) { - return $this->httpError(403); + $this->httpError(403, _t( + __CLASS__.'.EditPermissionsFailure', + 'It seems you don\'t have the necessary permissions to edit {ObjectTitle}', + '', + ['ObjectTitle' => $this->record->singular_name()] + )); + return null; } // Save from form data From bb03d314ffdff38ba2458df00f1d65616cb3a8b4 Mon Sep 17 00:00:00 2001 From: Dan Hensby Date: Thu, 2 Apr 2020 12:06:32 +0100 Subject: [PATCH 2/5] Include phpcs as a dev dependency --- composer.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/composer.json b/composer.json index 24a5a8e4f..c7513cc79 100644 --- a/composer.json +++ b/composer.json @@ -55,7 +55,8 @@ "require-dev": { "phpunit/phpunit": "^5.7", "sminnee/phpunit-mock-objects": "^3.4.5", - "silverstripe/versioned": "^1" + "silverstripe/versioned": "^1", + "squizlabs/php_codesniffer": "^3.5" }, "provide": { "psr/container-implementation": "1.0.0" @@ -104,4 +105,4 @@ }, "minimum-stability": "dev", "prefer-stable": true -} \ No newline at end of file +} From 9e0ed0a50a383bd83f405d3cb8fb091708bd251d Mon Sep 17 00:00:00 2001 From: Dan Hensby Date: Thu, 2 Apr 2020 12:09:22 +0100 Subject: [PATCH 3/5] Fix spaces around concatenation operator --- phpcs.xml.dist | 2 +- src/Forms/GridField/GridFieldDetailForm_ItemRequest.php | 6 +++--- src/Security/PasswordExpirationMiddleware.php | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/phpcs.xml.dist b/phpcs.xml.dist index cb2fc02dc..29cedd6c9 100644 --- a/phpcs.xml.dist +++ b/phpcs.xml.dist @@ -18,7 +18,7 @@ - + diff --git a/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php b/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php index 3f16fd4cd..25b82225d 100644 --- a/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php +++ b/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php @@ -112,7 +112,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler { if (!$this->record->canView()) { $this->httpError(403, _t( - __CLASS__.'.ViewPermissionsFailure', + __CLASS__ . '.ViewPermissionsFailure', 'It seems you don\'t have the necessary permissions to view {ObjectTitle}', '', ['ObjectTitle' => $this->record->singular_name()] @@ -195,7 +195,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler if (!$this->record->canView()) { $controller = $this->getToplevelController(); return $controller->httpError(403, _t( - __CLASS__.'.ViewPermissionsFailure', + __CLASS__ . '.ViewPermissionsFailure', 'It seems you don\'t have the necessary permissions to view {ObjectTitle}', '', ['ObjectTitle' => $this->record->singular_name()] @@ -500,7 +500,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler // Check permission if (!$this->record->canEdit()) { $this->httpError(403, _t( - __CLASS__.'.EditPermissionsFailure', + __CLASS__ . '.EditPermissionsFailure', 'It seems you don\'t have the necessary permissions to edit {ObjectTitle}', '', ['ObjectTitle' => $this->record->singular_name()] diff --git a/src/Security/PasswordExpirationMiddleware.php b/src/Security/PasswordExpirationMiddleware.php index 050673000..22752a56b 100644 --- a/src/Security/PasswordExpirationMiddleware.php +++ b/src/Security/PasswordExpirationMiddleware.php @@ -25,13 +25,13 @@ class PasswordExpirationMiddleware implements HTTPMiddleware /** * Session key for persisting URL of the password change form */ - const SESSION_KEY_REDIRECT = __CLASS__.'.change password redirect'; + const SESSION_KEY_REDIRECT = __CLASS__ . '.change password redirect'; /** * Session key for persisting a flag allowing to process the current request * without performing password expiration check */ - const SESSION_KEY_ALLOW_CURRENT_REQUEST = __CLASS__.'.allow current request'; + const SESSION_KEY_ALLOW_CURRENT_REQUEST = __CLASS__ . '.allow current request'; /** * List of URL patterns allowed for users to visit where From d1075f29b849236b86def7a7280b752cbfcd6874 Mon Sep 17 00:00:00 2001 From: Dan Hensby Date: Thu, 2 Apr 2020 12:11:35 +0100 Subject: [PATCH 4/5] Remove empty parameter as per feedback --- src/Forms/GridField/GridFieldDetailForm_ItemRequest.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php b/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php index 25b82225d..7950aaa27 100644 --- a/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php +++ b/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php @@ -114,7 +114,6 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler $this->httpError(403, _t( __CLASS__ . '.ViewPermissionsFailure', 'It seems you don\'t have the necessary permissions to view {ObjectTitle}', - '', ['ObjectTitle' => $this->record->singular_name()] )); } @@ -197,7 +196,6 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler return $controller->httpError(403, _t( __CLASS__ . '.ViewPermissionsFailure', 'It seems you don\'t have the necessary permissions to view {ObjectTitle}', - '', ['ObjectTitle' => $this->record->singular_name()] )); } @@ -502,7 +500,6 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler $this->httpError(403, _t( __CLASS__ . '.EditPermissionsFailure', 'It seems you don\'t have the necessary permissions to edit {ObjectTitle}', - '', ['ObjectTitle' => $this->record->singular_name()] )); return null; From d3b19069b33b1b252a9a4066afaaf0e45f61d00c Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Thu, 2 Apr 2020 12:51:13 -0700 Subject: [PATCH 5/5] Apply suggestions from code review Add double quotes around object title --- lang/en.yml | 4 ++-- src/Forms/GridField/GridFieldDetailForm_ItemRequest.php | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lang/en.yml b/lang/en.yml index 2c386ebdb..773d7c7d1 100644 --- a/lang/en.yml +++ b/lang/en.yml @@ -111,8 +111,8 @@ en: NEW: 'Add new record' NEXT: 'Go to next record' PREVIOUS: 'Go to previous record' - EditPermissionsFailure: 'It seems you don''t have the necessary permissions to edit {ObjectTitle}' - ViewPermissionsFailure: 'It seems you don''t have the necessary permissions to view {ObjectTitle}' + EditPermissionsFailure: 'It seems you don''t have the necessary permissions to edit "{ObjectTitle}"' + ViewPermissionsFailure: 'It seems you don''t have the necessary permissions to view "{ObjectTitle}"' SilverStripe\Forms\GridField\GridFieldEditButton: EDIT: Edit SilverStripe\Forms\GridField\GridFieldFilterHeader: diff --git a/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php b/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php index 7950aaa27..322cde4b7 100644 --- a/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php +++ b/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php @@ -113,7 +113,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler if (!$this->record->canView()) { $this->httpError(403, _t( __CLASS__ . '.ViewPermissionsFailure', - 'It seems you don\'t have the necessary permissions to view {ObjectTitle}', + 'It seems you don\'t have the necessary permissions to view "{ObjectTitle}"', ['ObjectTitle' => $this->record->singular_name()] )); } @@ -195,7 +195,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler $controller = $this->getToplevelController(); return $controller->httpError(403, _t( __CLASS__ . '.ViewPermissionsFailure', - 'It seems you don\'t have the necessary permissions to view {ObjectTitle}', + 'It seems you don\'t have the necessary permissions to view "{ObjectTitle}"', ['ObjectTitle' => $this->record->singular_name()] )); } @@ -499,7 +499,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler if (!$this->record->canEdit()) { $this->httpError(403, _t( __CLASS__ . '.EditPermissionsFailure', - 'It seems you don\'t have the necessary permissions to edit {ObjectTitle}', + 'It seems you don\'t have the necessary permissions to edit "{ObjectTitle}"', ['ObjectTitle' => $this->record->singular_name()] )); return null;