Merge pull request #911 from chillu/pulls/908-all-sections-canedit

Page edit access with CMS_ACCESS_LeftAndMain (fixes #908)
This commit is contained in:
Simon Welsh 2014-03-16 20:12:15 +13:00
commit 2503d1dca2
3 changed files with 31 additions and 5 deletions

View File

@ -880,7 +880,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
if(!$fromLive if(!$fromLive
&& !Session::get('unsecuredDraftSite') && !Session::get('unsecuredDraftSite')
&& !Permission::checkMember($member, array('CMS_ACCESS_CMSMain', 'VIEW_DRAFT_CONTENT'))) { && !Permission::checkMember($member, array('CMS_ACCESS_LeftAndMain', 'CMS_ACCESS_CMSMain', 'VIEW_DRAFT_CONTENT'))) {
// If we weren't definitely loaded from live, and we can't view non-live content, we need to // If we weren't definitely loaded from live, and we can't view non-live content, we need to
// check to make sure this version is the live version and so can be viewed // check to make sure this version is the live version and so can be viewed
if (Versioned::get_versionnumber_by_stage($this->class, 'Live', $this->ID) != $this->Version) return false; if (Versioned::get_versionnumber_by_stage($this->class, 'Live', $this->ID) != $this->Version) return false;
@ -1135,7 +1135,9 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
* @param Boolean $useCached * @param Boolean $useCached
* @return Array An map of {@link SiteTree} ID keys, to boolean values * @return Array An map of {@link SiteTree} ID keys, to boolean values
*/ */
static public function batch_permission_check($ids, $memberID, $typeField, $groupJoinTable, $siteConfigMethod, $globalPermission = 'CMS_ACCESS_CMSMain', $useCached = true) { static public function batch_permission_check($ids, $memberID, $typeField, $groupJoinTable, $siteConfigMethod, $globalPermission = null, $useCached = true) {
if($globalPermission === NULL) $globalPermission = array('CMS_ACCESS_LeftAndMain', 'CMS_ACCESS_CMSMain');
// Sanitise the IDs // Sanitise the IDs
$ids = array_filter($ids, 'is_numeric'); $ids = array_filter($ids, 'is_numeric');
@ -1255,7 +1257,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
* page can be edited. * page can be edited.
*/ */
static public function can_edit_multiple($ids, $memberID, $useCached = true) { static public function can_edit_multiple($ids, $memberID, $useCached = true) {
return self::batch_permission_check($ids, $memberID, 'CanEditType', 'SiteTree_EditorGroups', 'canEdit', 'CMS_ACCESS_CMSMain', $useCached); return self::batch_permission_check($ids, $memberID, 'CanEditType', 'SiteTree_EditorGroups', 'canEdit', null, $useCached);
} }
/** /**

View File

@ -455,6 +455,16 @@ class SiteTreeTest extends SapphireTest {
$this->assertFalse($product4->canEdit($editor)); $this->assertFalse($product4->canEdit($editor));
} }
public function testCanEditWithAccessToAllSections() {
$page = new Page();
$page->write();
$allSectionMember = $this->objFromFixture('Member', 'allsections');
$securityAdminMember = $this->objFromFixture('Member', 'securityadmin');
$this->assertTrue($page->canEdit($allSectionMember));
$this->assertFalse($page->canEdit($securityAdminMember));
}
public function testEditPermissionsOnDraftVsLive() { public function testEditPermissionsOnDraftVsLive() {
// Create an inherit-permission page // Create an inherit-permission page
$page = new Page(); $page = new Page();

View File

@ -3,6 +3,10 @@ Group:
Title: Editors Title: Editors
admins: admins:
Title: Administrators Title: Administrators
allsections:
Title: All Section Editors
securityadmins:
Title: Security Admins
Permission: Permission:
admins: admins:
@ -11,6 +15,12 @@ Permission:
editors: editors:
Code: CMS_ACCESS_CMSMain Code: CMS_ACCESS_CMSMain
Group: =>Group.editors Group: =>Group.editors
allsections:
Code: CMS_ACCESS_LeftAndMain
Group: =>Group.allsections
securityadmins:
Code: CMS_ACCESS_SecurityAdmin
Group: =>Group.securityadmins
Member: Member:
editor: editor:
@ -21,6 +31,10 @@ Member:
FirstName: Test FirstName: Test
Surname: Administrator Surname: Administrator
Groups: =>Group.admins Groups: =>Group.admins
allsections:
Groups: =>Group.allsections
securityadmin:
Groups: =>Group.securityadmins
Page: Page:
home: home: