mirror of
https://github.com/silverstripe/silverstripe-reports
synced 2024-10-22 11:05:53 +02:00
BUGFIX: Ticket #4805
added a canCreateTopLevel() if there is no parent object in CMSMain.php added testCreationOfTopLevelPage toCMSMainTest.php added the nessessary 'database entries' in the CMSMainTest.yml git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@98001 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
3a61db6221
commit
48a7c1ee87
@ -494,8 +494,13 @@ JS;
|
||||
if(is_numeric($parent)) $parentObj = DataObject::get_by_id("SiteTree", $parent);
|
||||
if(!$parentObj || !$parentObj->ID) $parent = 0;
|
||||
|
||||
if($parentObj && !$parentObj->canAddChildren()) return Security::permissionFailure($this);
|
||||
if(!singleton($className)->canCreate()) return Security::permissionFailure($this);
|
||||
if($parentObj){
|
||||
if(!$parentObj->canAddChildren()) return Security::permissionFailure($this);
|
||||
if(!singleton($className)->canCreate()) return Security::permissionFailure($this);
|
||||
}else{
|
||||
if(!SiteConfig::current_site_config()->canCreateTopLevel())
|
||||
return Security::permissionFailure($this);
|
||||
}
|
||||
|
||||
$p = $this->getNewItem("new-$className-$parent".$suffix, false);
|
||||
$p->Locale = $_REQUEST['Locale'];
|
||||
|
@ -163,4 +163,24 @@ class CMSMainTest extends FunctionalTest {
|
||||
$result = $this->get('admin/getfilteredsubtree?filter=CMSSiteTreeFilter_DeletedPages&ajax=1&ID=' . $id);
|
||||
$this->assertEquals(200, $result->getStatusCode());
|
||||
}
|
||||
|
||||
function testCreationOfTopLevelPage(){
|
||||
$cmsUser = $this->objFromFixture('Member', 'allcmssectionsuser');
|
||||
$rootEditUser = $this->objFromFixture('Member', 'rootedituser');
|
||||
|
||||
// with insufficient permissions
|
||||
$cmsUser->logIn();
|
||||
$response = $this->post('admin/addpage', array('ParentID' => '0', 'PageType' => 'Page', 'Locale' => 'en_US'));
|
||||
// should redirect, which is a permission error
|
||||
$this->assertEquals(403, $response->getStatusCode(), 'Add TopLevel page must fail for normal user');
|
||||
|
||||
// with correct permissions
|
||||
$rootEditUser->logIn();
|
||||
$response = $this->post('admin/addpage', array('ParentID' => '0', 'PageType' => 'Page', 'Locale' => 'en_US'));
|
||||
$this->assertEquals(302, $response->getStatusCode(), 'Must be a redirect on success');
|
||||
$location=$response->getHeader('Location');
|
||||
$this->assertContains('/show/',$location, 'Must redirect to /show/ the new page');
|
||||
// TODO Logout
|
||||
$this->session()->inst_set('loggedInAs', NULL);
|
||||
}
|
||||
}
|
||||
|
@ -25,6 +25,8 @@ Group:
|
||||
Title: assetsonly
|
||||
allcmssections:
|
||||
Title: allcmssections
|
||||
rooteditusers:
|
||||
Title: rooteditusers
|
||||
Member:
|
||||
admin:
|
||||
Email: admin@example.com
|
||||
@ -36,6 +38,9 @@ Member:
|
||||
allcmssectionsuser:
|
||||
Email: allcmssectionsuser@test.com
|
||||
Groups: =>Group.allcmssections
|
||||
rootedituser:
|
||||
Email: rootedituser@test.com
|
||||
Groups: =>Group.rooteditusers
|
||||
Permission:
|
||||
admin:
|
||||
Code: ADMIN
|
||||
@ -45,4 +50,15 @@ Permission:
|
||||
GroupID: =>Group.assetsonly
|
||||
allcmssections:
|
||||
Code: CMS_ACCESS_LeftAndMain
|
||||
GroupID: =>Group.allcmssections
|
||||
GroupID: =>Group.allcmssections
|
||||
allcmssections2:
|
||||
Code: CMS_ACCESS_LeftAndMain
|
||||
GroupID: =>Group.rooteditusers
|
||||
SiteConfig:
|
||||
siteconfig1:
|
||||
EditorGroups: =>Group.rooteditusers
|
||||
CanCreateTopLevelType: 'OnlyTheseUsers'
|
||||
SiteConfig_CreateTopLevelGroups:
|
||||
createtoplevelgroups1:
|
||||
siteconfigid: 1
|
||||
GroupID: =>Group.rooteditusers
|
||||
|
Loading…
Reference in New Issue
Block a user