BUGFIX Checking for SiteTree:: in SiteTree->getClassDropdown() (AIR-20)

This commit is contained in:
Ingo Schommer 2011-10-07 09:29:03 +02:00
parent 922dd126c6
commit 4903fad537
2 changed files with 36 additions and 18 deletions

View File

@ -682,25 +682,21 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
} }
/** /**
* This function should return true if the current user can add children * This function should return true if the current user can execute this action.
* to this page. It can be overloaded to customise the security model for an * It can be overloaded to customise the security model for an application.
* application.
* *
* Returns true if the member is allowed to do the given action. * Slightly altered from parent behaviour in {@link DataObject->can()}:
* - Checks for existence of a method named "can<$perm>()" on the object
* - Calls decorators and only returns for FALSE "vetoes"
* - Falls back to {@link Permission::check()}
* - Does NOT check for many-many relations named "Can<$perm>"
* *
* @uses DataExtension->can() * @uses DataObjectDecorator->can()
*
* If a page is set to inherit, but has no parent, it inherits from
* {@link SiteConfig}
* *
* @param string $perm The permission to be checked, such as 'View'. * @param string $perm The permission to be checked, such as 'View'.
* @param Member $member The member whose permissions need checking. * @param Member $member The member whose permissions need checking.
* Defaults to the currently logged in user. * Defaults to the currently logged in user.
* * @return boolean True if the the member is allowed to do the given action.
* @return boolean True if the the member is allowed to do the given
* action.
*
* @todo Check we get a endless recursion if we use parent::can()
*/ */
function can($perm, $member = null) { function can($perm, $member = null) {
if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) { if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) {
@ -709,7 +705,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
if($member && Permission::checkMember($member, "ADMIN")) return true; if($member && Permission::checkMember($member, "ADMIN")) return true;
if(method_exists($this, 'can' . ucfirst($perm))) { if(is_string($perm) && method_exists($this, 'can' . ucfirst($perm))) {
$method = 'can' . ucfirst($perm); $method = 'can' . ucfirst($perm);
return $this->$method($member); return $this->$method($member);
} }
@ -717,7 +713,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
$results = $this->extend('can', $member); $results = $this->extend('can', $member);
if($results && is_array($results)) if(!min($results)) return false; if($results && is_array($results)) if(!min($results)) return false;
return true; return ($member && Permission::checkMember($member, $perm));
} }
@ -2293,7 +2289,8 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
/** /**
* Get the class dropdown used in the CMS to change the class of a page. * Get the class dropdown used in the CMS to change the class of a page.
* This returns the list of options in the drop as a Map from class name * This returns the list of options in the drop as a Map from class name
* to text in dropdown. * to text in dropdown. Filters by {@link SiteTree->canCreate()},
* as well as {@link SiteTree::$needs_permission}.
* *
* @return array * @return array
*/ */
@ -2307,6 +2304,10 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
$instance = singleton($class); $instance = singleton($class);
if((($instance instanceof HiddenClass) || !$instance->canCreate()) && ($class != $this->class)) continue; if((($instance instanceof HiddenClass) || !$instance->canCreate()) && ($class != $this->class)) continue;
if($perms = $instance->stat('need_permission')) {
if(!$this->can($perms)) continue;
}
$pageTypeName = $instance->i18n_singular_name(); $pageTypeName = $instance->i18n_singular_name();
if($class == $this->class) { if($class == $this->class) {

View File

@ -825,6 +825,23 @@ class SiteTreeTest extends SapphireTest {
$valid = $classCext->validate(); $valid = $classCext->validate();
$this->assertFalse($valid->valid(), "Doesnt allow child where only parent class is allowed on parent node, and asterisk prefixing is used"); $this->assertFalse($valid->valid(), "Doesnt allow child where only parent class is allowed on parent node, and asterisk prefixing is used");
} }
function testClassDropdown() {
$sitetree = new SiteTree();
$method = new ReflectionMethod($sitetree, 'getClassDropdown');
$method->setAccessible(true);
Session::set("loggedInAs", null);
$this->assertArrayNotHasKey('SiteTreeTest_ClassA', $method->invoke($sitetree));
$this->loginWithPermission('ADMIN');
$this->assertArrayHasKey('SiteTreeTest_ClassA', $method->invoke($sitetree));
$this->loginWithPermission('CMS_ACCESS_CMSMain');
$this->assertArrayHasKey('SiteTreeTest_ClassA', $method->invoke($sitetree));
Session::set("loggedInAs", null);
}
} }
/**#@+ /**#@+