From 1cd82e2db1ab2bf3d60184b0b4e9aa626acb0b2e Mon Sep 17 00:00:00 2001 From: Ingo Schommer Date: Sun, 2 Sep 2012 18:06:25 +0200 Subject: [PATCH] BUG Enforce $allowed_children in controllers on page creation (fixes #7694) Original bug fix contributed by @kmayo-ss --- code/model/SiteTree.php | 2 +- tests/controller/CMSMainTest.php | 47 ++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/code/model/SiteTree.php b/code/model/SiteTree.php index 178522d9..9c632dfa 100644 --- a/code/model/SiteTree.php +++ b/code/model/SiteTree.php @@ -1511,7 +1511,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid // deconstructs any inheritance trees already. $allowed = $parent->allowedChildren(); $subject = ($this instanceof VirtualPage) ? $this->CopyContentFrom() : $this; - if($subject->ID && !in_array($subject->ClassName, $allowed)) { + if(!in_array($subject->ClassName, $allowed)) { $result->error( _t( diff --git a/tests/controller/CMSMainTest.php b/tests/controller/CMSMainTest.php index 9b0e2fbc..14e5f74c 100644 --- a/tests/controller/CMSMainTest.php +++ b/tests/controller/CMSMainTest.php @@ -4,6 +4,7 @@ * @subpackage tests */ class CMSMainTest extends FunctionalTest { + static $fixture_file = 'CMSMainTest.yml'; protected $autoFollowRedirection = false; @@ -221,6 +222,44 @@ class CMSMainTest extends FunctionalTest { $this->session()->inst_set('loggedInAs', NULL); } + function testCreationOfRestrictedPage(){ + $adminUser = $this->objFromFixture('Member', 'admin'); + $adminUser->logIn(); + + // Create toplevel page + $this->get('admin/pages/add'); + $response = $this->post( + 'admin/pages/add/AddForm', + array('ParentID' => '0', 'PageType' => 'CMSMainTest_ClassA', 'Locale' => 'en_US', 'action_doAdd' => 1) + ); + $this->assertFalse($response->isError()); + preg_match('/edit\/show\/(\d*)/', $response->getHeader('Location'), $matches); + $newPageId = $matches[1]; + + // Create allowed child + $this->get('admin/pages/add'); + $response = $this->post( + 'admin/pages/add/AddForm', + array('ParentID' => $newPageId, 'PageType' => 'CMSMainTest_ClassB', 'Locale' => 'en_US', 'action_doAdd' => 1) + ); + $this->assertFalse($response->isError()); + $this->assertNull($response->getBody()); + + // Create disallowed child + $this->get('admin/pages/add'); + $response = $this->post( + 'admin/pages/add/AddForm', + array('ParentID' => $newPageId, 'PageType' => 'Page', 'Locale' => 'en_US', 'action_doAdd' => 1) + ); + $this->assertFalse($response->isError()); + $this->assertContains( + _t('SiteTree.PageTypeNotAllowed', array('type' => 'Page')), + $response->getBody() + ); + + $this->session()->inst_set('loggedInAs', NULL); + } + function testBreadcrumbs() { $page3 = $this->objFromFixture('Page', 'page3'); $page31 = $this->objFromFixture('Page', 'page31'); @@ -239,3 +278,11 @@ class CMSMainTest extends FunctionalTest { $this->session()->inst_set('loggedInAs', null); } } + +class CMSMainTest_ClassA extends Page implements TestOnly { + static $allowed_children = array('CMSMainTest_ClassB'); +} + +class CMSMainTest_ClassB extends Page implements TestOnly { + +} \ No newline at end of file