mirror of
https://github.com/silverstripe/silverstripe-reports
synced 2024-10-22 11:05:53 +02:00
BUG Fix regressions is SS_Report::canView
This commit is contained in:
parent
fc81b1f582
commit
36241d52a0
@ -310,7 +310,9 @@ class SS_Report extends ViewableData {
|
||||
}
|
||||
|
||||
$extended = $this->extendedCan('canView', $member);
|
||||
if($extended !== null) return $extended;
|
||||
if($extended !== null) {
|
||||
return $extended;
|
||||
}
|
||||
|
||||
if($member && Permission::checkMember($member, array('CMS_ACCESS_LeftAndMain', 'CMS_ACCESS_ReportAdmin'))) {
|
||||
return true;
|
||||
@ -319,6 +321,27 @@ class SS_Report extends ViewableData {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper to assist with permission extension
|
||||
*
|
||||
* {@see DataObject::extendedCan()}
|
||||
*
|
||||
* @param string $methodName Method on the same object, e.g. {@link canEdit()}
|
||||
* @param Member|int $member
|
||||
* @return boolean|null
|
||||
*/
|
||||
public function extendedCan($methodName, $member) {
|
||||
$results = $this->extend($methodName, $member);
|
||||
if($results && is_array($results)) {
|
||||
// Remove NULLs
|
||||
$results = array_filter($results, function($v) {return !is_null($v);});
|
||||
// If there are any non-NULL responses, then return the lowest one of them.
|
||||
// If any explicitly deny the permission, then we don't get access
|
||||
if($results) return min($results);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Return the name of this report, which
|
||||
|
@ -56,6 +56,26 @@ class ReportTest extends SapphireTest {
|
||||
$reportNames,
|
||||
'ReportTest_FakeTest_Abstract is NOT in reports list as it is abstract');
|
||||
}
|
||||
|
||||
public function testPermissions() {
|
||||
$report = new ReportTest_FakeTest2();
|
||||
|
||||
// Visitor cannot view
|
||||
Session::clear("loggedInAs");
|
||||
$this->assertFalse($report->canView());
|
||||
|
||||
// Logged in user that cannot view reports
|
||||
$this->logInWithPermission('SITETREE_REORGANISE');
|
||||
$this->assertFalse($report->canView());
|
||||
|
||||
// Logged in with report permissions
|
||||
$this->logInWithPermission('CMS_ACCESS_ReportAdmin');
|
||||
$this->assertTrue($report->canView());
|
||||
|
||||
// Admin can view
|
||||
$this->logInWithPermission('ADMIN');
|
||||
$this->assertTrue($report->canView());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user