tonyair/silverstripe-reports
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-reports synced 2024-10-22 11:05:53 +02:00
Code Issues Projects Releases Wiki Activity

BUG Fix regressions is SS_Report::canView

Browse Source
This commit is contained in:
Damian Mooyman 2015-12-18 11:41:34 +13:00
parent fc81b1f582
commit 36241d52a0
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
code/Report.php
View File

@ -310,7 +310,9 @@ class SS_Report extends ViewableData {
} }
$extended = $this->extendedCan('canView', $member); $extended = $this->extendedCan('canView', $member);
if($extended !== null) return $extended; if($extended !== null) {
return $extended;
}
if($member && Permission::checkMember($member, array('CMS_ACCESS_LeftAndMain', 'CMS_ACCESS_ReportAdmin'))) { if($member && Permission::checkMember($member, array('CMS_ACCESS_LeftAndMain', 'CMS_ACCESS_ReportAdmin'))) {
return true; return true;
@ -318,6 +320,27 @@ class SS_Report extends ViewableData {
return false; return false;
} }
/**
* Helper to assist with permission extension
*
* {@see DataObject::extendedCan()}
*
* @param string $methodName Method on the same object, e.g. {@link canEdit()}
* @param Member|int $member
* @return boolean|null
*/
public function extendedCan($methodName, $member) {
$results = $this->extend($methodName, $member);
if($results && is_array($results)) {
// Remove NULLs
$results = array_filter($results, function($v) {return !is_null($v);});
// If there are any non-NULL responses, then return the lowest one of them.
// If any explicitly deny the permission, then we don't get access
if($results) return min($results);
}
return null;
}
/** /**

20
tests/ReportTest.php
View File

@ -56,6 +56,26 @@ class ReportTest extends SapphireTest {
$reportNames, $reportNames,
'ReportTest_FakeTest_Abstract is NOT in reports list as it is abstract'); 'ReportTest_FakeTest_Abstract is NOT in reports list as it is abstract');
} }
public function testPermissions() {
$report = new ReportTest_FakeTest2();
// Visitor cannot view
Session::clear("loggedInAs");
$this->assertFalse($report->canView());
// Logged in user that cannot view reports
$this->logInWithPermission('SITETREE_REORGANISE');
$this->assertFalse($report->canView());
// Logged in with report permissions
$this->logInWithPermission('CMS_ACCESS_ReportAdmin');
$this->assertTrue($report->canView());
// Admin can view
$this->logInWithPermission('ADMIN');
$this->assertTrue($report->canView());
}
} }
/** /**