BUG Fix regressions is SS_Report::canView

This commit is contained in:
Damian Mooyman 2015-12-18 11:41:34 +13:00
parent fc81b1f582
commit 36241d52a0
2 changed files with 44 additions and 1 deletions

View File

@ -310,7 +310,9 @@ class SS_Report extends ViewableData {
}
$extended = $this->extendedCan('canView', $member);
if($extended !== null) return $extended;
if($extended !== null) {
return $extended;
}
if($member && Permission::checkMember($member, array('CMS_ACCESS_LeftAndMain', 'CMS_ACCESS_ReportAdmin'))) {
return true;
@ -318,6 +320,27 @@ class SS_Report extends ViewableData {
return false;
}
/**
* Helper to assist with permission extension
*
* {@see DataObject::extendedCan()}
*
* @param string $methodName Method on the same object, e.g. {@link canEdit()}
* @param Member|int $member
* @return boolean|null
*/
public function extendedCan($methodName, $member) {
$results = $this->extend($methodName, $member);
if($results && is_array($results)) {
// Remove NULLs
$results = array_filter($results, function($v) {return !is_null($v);});
// If there are any non-NULL responses, then return the lowest one of them.
// If any explicitly deny the permission, then we don't get access
if($results) return min($results);
}
return null;
}
/**

View File

@ -56,6 +56,26 @@ class ReportTest extends SapphireTest {
$reportNames,
'ReportTest_FakeTest_Abstract is NOT in reports list as it is abstract');
}
public function testPermissions() {
$report = new ReportTest_FakeTest2();
// Visitor cannot view
Session::clear("loggedInAs");
$this->assertFalse($report->canView());
// Logged in user that cannot view reports
$this->logInWithPermission('SITETREE_REORGANISE');
$this->assertFalse($report->canView());
// Logged in with report permissions
$this->logInWithPermission('CMS_ACCESS_ReportAdmin');
$this->assertTrue($report->canView());
// Admin can view
$this->logInWithPermission('ADMIN');
$this->assertTrue($report->canView());
}
}
/**