Commit Graph

337 Commits

Author SHA1 Message Date
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Hamish Friedlander
328467f1b5 FIX: ConfirmedPasswordField used to expose existing hash 2013-06-20 14:09:30 +12:00
Damian Mooyman
163917b83e Fixed scrutiniser issues 2013-05-27 15:42:10 +12:00
Damian Mooyman
7f057ce343 API UploadField functions on new records
Fixed regression from 1e5d40474d (UploadField::canPreviewFolder).
Merged in pull request #2009 - (6018bdd631).
Merged pull request #1259 (34bfc862ee).
2013-05-27 15:22:59 +12:00
Simon Erkelens
513270ca48 API: Allow array of fields passed to FieldList::removeByName()
Supports passing an array to removeByName(), which is iterate and then removed. Useful for removing fields from a fieldlist that are not on a tab. Similar to removeFieldsFromTab();
This is cleaner than a new function.
2013-05-25 15:31:30 +12:00
Will Rossiter
a99dbae012 FIX: NumericField should work with numbers like 54,6
Fixes http://open.silverstripe.org/ticket/5577.

Uses Zend_Locale_Format::isNumber(). Includes unit test for NumericField. Does not include testing work on DBField underlying NumericField to ensure that works consistently.
2013-05-11 22:51:39 +12:00
Will Rossiter
42cf2a95bd FIX: Add support for multi dimensional source arrays in LookupField (open/6132) 2013-05-11 00:01:39 +12:00
Ingo Schommer
14c59be85e API Form::setStrictFormMethodCheck() and strict argument to setFormMethod()
Thanks to @sminnee for getting this started
2013-05-08 10:25:13 +02:00
Ingo Schommer
cef955c8b9 Removed stray ampersand in Requirements (fixes #1809)
Only happens with suffix_requirements=true
2013-04-30 00:35:25 +02:00
Ingo Schommer
59dc0085d8 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	docs/en/reference/urlvariabletools.md
	tests/forms/CheckboxFieldTest.php
2013-04-12 01:13:32 +02:00
Ingo Schommer
933fbf8ea4 l10n key to make "yes" and "no" translatable (see #1749) 2013-04-12 01:11:24 +02:00
Ingo Schommer
9856fcef21 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	javascript/DateField.js
	model/DataQuery.php
	model/Versioned.php
	tests/forms/RequirementsTest.php
	tests/model/DataObjectLazyLoadingTest.php
	view/Requirements.php
2013-04-09 14:45:35 +02:00
Ingo Schommer
0242686a7a Requirements acces to files with query strings (fixes #7735)
Originally authored by florian.thoma, tests added
by Ingo Schommer. Also removed query params from
file paths before calling mtime() on it.

See https://github.com/silverstripe/sapphire/pull/1023
2013-04-03 16:39:59 +02:00
Ingo Schommer
2bc273e2a8 Consistently quote DataObject::$default_sort
Strictly speaking, no longer required since we auto-quote simple
field names in DataQuery now, but since the majority of sorts in core is
already quoted we should stay consistent.
2013-04-03 12:11:53 +02:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
g4b0
2f16951634 BUG: ampersand escaping 2013-03-11 09:58:14 +01:00
Hamish Friedlander
4b54383d68 API change request handling to be more orthogonal
RequestHandler#handleAction now exists. It takes the request, and
the action to call on itself. All calls from handleRequest to call an action
will go through this method

Controller#handleAction has had it's signature changed to
match new RequestHandler#handleAction

RequestHandler#findAction has been added, which extracts the
"match URL to rules to find action" portion of RequestHandler#handleRequest
into a separate, overrideable function

GridField#handleAction has beeen renamed to handleAlterAction and
CMSBatchActionHandler#handleAction has been renamed to handleBatchAction to
avoid name clash with new RequestHandler#handleAction

Reason for change: The exact behaviour of request handling depended heavily
on whether you inherited from RequestHandler or Controller, and whether the
rule extracted it's action directly (like "foo/$ID" => 'foo') or dynamically
(like "$Action/$ID" => "handleAction"). This cleans up behaviour so
all calls follow the same path through handleRequest and handleAction, and
the additional behaviour that Controller adds is clear.
2013-02-18 14:56:04 +13:00
Ingo Schommer
f4068371fc Merge pull request #1159 from chillu/pulls/datetimefield-field-setters
DatetimeField->setDateField()/setTimeField()
2013-02-14 11:31:31 -08:00
Mateusz Uzdowski
53feb3a5ae API Add possibility to combine media-targeting stylesheets. 2013-02-13 11:04:05 +13:00
Ingo Schommer
6c22545639 DatetimeField->setDateField()/setTimeField()
Useful e.g. to override the time field with the
"silverstripe/timefield" dropdown
2013-02-05 11:03:19 +01:00
micschk
7f605cfb54 NEW Disable items in DropdownField and GroupedDropdownField 2013-01-11 16:32:20 +01:00
Ingo Schommer
f3c0669fec Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	_config/uploadfield.yml
	css/UploadField.css
	forms/UploadField.php
	scss/UploadField.scss
	templates/UploadField.ss
	tests/forms/uploadfield/UploadFieldTest.php
2013-01-11 10:02:39 +01:00
Ingo Schommer
212c4f1e51 Fixed UploadField regression from 4da1af9c3 2013-01-11 09:30:21 +01:00
Sam Minnee
cc7318fde4 NEW: Added canAttachExisting config option for UploadField.
This is the companion setting to canUpload, letting you control whether existing files from the asset store can be referenced.  It's particularly useful when using UploadField on the front-end.
2013-01-11 09:29:02 +01:00
Ingo Schommer
2dfd42795e NEW Restrict upload abilities in UploadField
Conflicts:
	css/UploadField.css
	templates/UploadField.ss
2013-01-11 09:07:42 +01:00
Ingo Schommer
9310b8d86d NEW Restrict upload abilities in UploadField 2013-01-10 00:15:34 +01:00
Ingo Schommer
618a3d0314 Requirements acces to files with query strings (fixes #7735)
Originally authored by florian.thoma, tests added
by Ingo Schommer. Also removed query params from
file paths before calling mtime() on it.

See https://github.com/silverstripe/sapphire/pull/1023
2012-12-18 01:01:19 +01:00
Ingo Schommer
8f239d6373 SimpleXML string casting in tests for older PHPUnit 2012-12-17 15:52:01 +01:00
Ingo Schommer
7950584b3a SimpleXML string casting in tests for older PHPUnit 2012-12-17 15:46:09 +01:00
Ingo Schommer
bbc8e06d49 API Show GridFieldEditButton even without edit permissions (for readonly forms) 2012-12-17 00:47:23 +01:00
Ingo Schommer
1848d7e90a API Check model permissions in GridField 2012-12-17 00:46:51 +01:00
Ingo Schommer
559abecd56 API Copying instance props on FormField readonly/disabled transformations
Introduced new FormField->castedCopy() method
which tries to replicate the existing form field instance
as closely as possible.

Primarily, the fix was targeted at consistently passing
through FormField->description to all of its variations.
2012-12-14 01:58:04 +01:00
Simon Welsh
b0121b541c Add codesniffer that ensures indentation is with tabs. 2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Ingo Schommer
98034594e0 Fixed SelectionGroupTest 2012-12-11 11:38:31 +01:00
Ingo Schommer
548ad503ed API Removed keyed arrays for title/value setting in SelectionGroup
Use SelectionGroup_Item class instead. Necessary because
of removal of array key support from ArrayList (see d12b49702).
2012-12-11 11:06:06 +01:00
Ingo Schommer
8108f7f936 NEW Relation search for GridFieldAddExistingAutocompleter
Now also searches 1:n relations if they where defined in searchableFields() with dot notation.
2012-11-27 10:51:10 +01:00
Ingo Schommer
c8136f5d4c NEW Many-many relation data editing in GridFieldDetailForm
Also adds GridFieldDetailForm->setFields() for customizing
the displayed form fields (required for adding relational fields).
2012-11-27 10:45:43 +01:00
Ingo Schommer
15a687f1e7 Merge remote-tracking branch 'origin/3.0' 2012-11-23 15:31:08 +01:00
Ingo Schommer
aa72425e84 Fixed PHPUnit assertions for incomplete tests in core
Avoid PHPUnit throwing "test didn't run any assertions"
notices in PHP. If nothing else, it keeps test output
looking less broken by default, making it more likely
that actual errors do get noticed.
2012-11-23 15:16:39 +01:00
Ingo Schommer
c55c7c33f8 Merge branch '3.0'
Conflicts:
	admin/code/CMSProfileController.php
	composer.json
	tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Hamish Friedlander
0dd97a38f6 API: Form#loadDataFrom 2nd arg now sets how existing field data is merged with new data 2012-11-16 12:36:00 +13:00
Sean Harvey
77337ae58c Removing deprecated TableListField and subclasses
These have been moved to a module called "legacytablefields"
located at https://github.com/silverstripe-labs/legacytablefields
2012-11-16 11:04:28 +13:00
Andrew O'Neil
fdea5321c7 APICHANGE: add_extension() is now called directly on the class, instead of on Object 2012-11-07 11:07:55 +13:00
Sean Harvey
fbc6e3366b Merge branch '3.0' 2012-11-05 15:11:48 +13:00
Ingo Schommer
bcbf4636fc BUG Remove .ss-tabset class from CMS tabs to prevent rogue ajax load (#7980)
The existence of .ss-tabset triggers JS which applies $.tabs(),
and in turn interprets the first available link as the tab navigation.
jQuery UI subsequently tries to ajax-load this link, which is not
desired. Instead, $.tabs() should *only* be applied to a container
DOM element with .cms-tabset applied.
2012-11-01 00:25:13 +01:00
Ingo Schommer
2d04de0377 BUG FormField->removeExtraClass() works on indexed arrays
Was assuming an associative map, which isn't the case
in the current implementations.
2012-10-31 15:44:57 +01:00
Ingo Schommer
da4534bda8 Removed duplicate assertion comments in DropdownFieldTest 2012-10-30 22:46:33 +01:00
Ingo Schommer
666a20fde9 Fixed DropdownFieldTest assertions when tidy is not available
It was setting a NULL empty string when constructing the field,
which shouldn't call setEmptyField() in the first place.
This logical error somehow just surfaced when the HTML output
wasn't run through tidy.

See https://github.com/silverstripe/sapphire/pull/886
2012-10-30 22:46:33 +01:00
Ingo Schommer
56f7ce1dcf Merge remote-tracking branch 'origin/3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	control/HTTPResponse.php
	model/Database.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	view/Requirements.php
	view/SSViewer.php
2012-10-03 16:16:19 +02:00