silverstripe-framework/tests/control/CMSProfileControllerTest.yml
Sean Harvey 5cbd2dbeb4 BUG CMSProfileController::Member_ProfileForm() respecting canEdit() permissions on Member
CMSProfileController currently checks canView() which ensures that a logged in CMS
Member can access the profile controller, but when saving the record on Member_ProfileForm
there is no check for canEdit(), so extended permissions don't get respected.

This adds a check for canEdit() in Member_ProfileForm, and adds some functional tests
to check permissions.
2012-09-07 11:24:47 +12:00

28 lines
600 B
YAML

Permission:
admin:
Code: ADMIN
cmsmain:
Code: CMS_ACCESS_LeftAndMain
leftandmain:
Code: CMS_ACCESS_CMSMain
Group:
admins:
Title: Administrators
Permissions: =>Permission.admin
cmsusers:
Title: CMS Users
Permissions: =>Permission.cmsmain, =>Permission.leftandmain
Member:
admin:
FirstName: Admin
Email: admin@user.com
Groups: =>Group.admins
user1:
FirstName: Joe
Email: user1@user.com
Groups: =>Group.cmsusers
user2:
FirstName: Steve
Email: user2@user.com
Groups: =>Group.cmsusers