mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-07-10 21:43:53 +02:00
CMSProfileController currently checks canView() which ensures that a logged in CMS Member can access the profile controller, but when saving the record on Member_ProfileForm there is no check for canEdit(), so extended permissions don't get respected. This adds a check for canEdit() in Member_ProfileForm, and adds some functional tests to check permissions. |
||
---|---|---|
.. | ||
files | ||
CMSProfileControllerTest.php | ||
CMSProfileControllerTest.yml | ||
ControllerTest.php | ||
ControllerTest.yml | ||
DirectorTest.php | ||
HTTPRequestTest.php | ||
HTTPResponseTest.php | ||
HTTPTest.php | ||
NullHTTPRequestTest.php | ||
PjaxResponseNegotiatorTest.php | ||
RequestHandlingTest.php | ||
SessionTest.php |