BUG Enforce $allowed_children in controllers on page creation (fixes #7694)

Original bug fix contributed by @kmayo-ss
This commit is contained in:
Ingo Schommer 2012-09-02 18:06:25 +02:00
parent e5401668fa
commit 1cd82e2db1
2 changed files with 48 additions and 1 deletions

View File

@ -1511,7 +1511,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
// deconstructs any inheritance trees already. // deconstructs any inheritance trees already.
$allowed = $parent->allowedChildren(); $allowed = $parent->allowedChildren();
$subject = ($this instanceof VirtualPage) ? $this->CopyContentFrom() : $this; $subject = ($this instanceof VirtualPage) ? $this->CopyContentFrom() : $this;
if($subject->ID && !in_array($subject->ClassName, $allowed)) { if(!in_array($subject->ClassName, $allowed)) {
$result->error( $result->error(
_t( _t(

View File

@ -4,6 +4,7 @@
* @subpackage tests * @subpackage tests
*/ */
class CMSMainTest extends FunctionalTest { class CMSMainTest extends FunctionalTest {
static $fixture_file = 'CMSMainTest.yml'; static $fixture_file = 'CMSMainTest.yml';
protected $autoFollowRedirection = false; protected $autoFollowRedirection = false;
@ -221,6 +222,44 @@ class CMSMainTest extends FunctionalTest {
$this->session()->inst_set('loggedInAs', NULL); $this->session()->inst_set('loggedInAs', NULL);
} }
function testCreationOfRestrictedPage(){
$adminUser = $this->objFromFixture('Member', 'admin');
$adminUser->logIn();
// Create toplevel page
$this->get('admin/pages/add');
$response = $this->post(
'admin/pages/add/AddForm',
array('ParentID' => '0', 'PageType' => 'CMSMainTest_ClassA', 'Locale' => 'en_US', 'action_doAdd' => 1)
);
$this->assertFalse($response->isError());
preg_match('/edit\/show\/(\d*)/', $response->getHeader('Location'), $matches);
$newPageId = $matches[1];
// Create allowed child
$this->get('admin/pages/add');
$response = $this->post(
'admin/pages/add/AddForm',
array('ParentID' => $newPageId, 'PageType' => 'CMSMainTest_ClassB', 'Locale' => 'en_US', 'action_doAdd' => 1)
);
$this->assertFalse($response->isError());
$this->assertNull($response->getBody());
// Create disallowed child
$this->get('admin/pages/add');
$response = $this->post(
'admin/pages/add/AddForm',
array('ParentID' => $newPageId, 'PageType' => 'Page', 'Locale' => 'en_US', 'action_doAdd' => 1)
);
$this->assertFalse($response->isError());
$this->assertContains(
_t('SiteTree.PageTypeNotAllowed', array('type' => 'Page')),
$response->getBody()
);
$this->session()->inst_set('loggedInAs', NULL);
}
function testBreadcrumbs() { function testBreadcrumbs() {
$page3 = $this->objFromFixture('Page', 'page3'); $page3 = $this->objFromFixture('Page', 'page3');
$page31 = $this->objFromFixture('Page', 'page31'); $page31 = $this->objFromFixture('Page', 'page31');
@ -239,3 +278,11 @@ class CMSMainTest extends FunctionalTest {
$this->session()->inst_set('loggedInAs', null); $this->session()->inst_set('loggedInAs', null);
} }
} }
class CMSMainTest_ClassA extends Page implements TestOnly {
static $allowed_children = array('CMSMainTest_ClassB');
}
class CMSMainTest_ClassB extends Page implements TestOnly {
}