mirror of
https://github.com/silverstripe/silverstripe-reports
synced 2024-10-22 11:05:53 +02:00
BUGFIX Checking for SiteTree:: in SiteTree->getClassDropdown() (AIR-20)
This commit is contained in:
parent
922dd126c6
commit
4903fad537
@ -682,25 +682,21 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This function should return true if the current user can add children
|
* This function should return true if the current user can execute this action.
|
||||||
* to this page. It can be overloaded to customise the security model for an
|
* It can be overloaded to customise the security model for an application.
|
||||||
* application.
|
*
|
||||||
|
* Slightly altered from parent behaviour in {@link DataObject->can()}:
|
||||||
|
* - Checks for existence of a method named "can<$perm>()" on the object
|
||||||
|
* - Calls decorators and only returns for FALSE "vetoes"
|
||||||
|
* - Falls back to {@link Permission::check()}
|
||||||
|
* - Does NOT check for many-many relations named "Can<$perm>"
|
||||||
*
|
*
|
||||||
* Returns true if the member is allowed to do the given action.
|
* @uses DataObjectDecorator->can()
|
||||||
*
|
|
||||||
* @uses DataExtension->can()
|
|
||||||
*
|
|
||||||
* If a page is set to inherit, but has no parent, it inherits from
|
|
||||||
* {@link SiteConfig}
|
|
||||||
*
|
*
|
||||||
* @param string $perm The permission to be checked, such as 'View'.
|
* @param string $perm The permission to be checked, such as 'View'.
|
||||||
* @param Member $member The member whose permissions need checking.
|
* @param Member $member The member whose permissions need checking.
|
||||||
* Defaults to the currently logged in user.
|
* Defaults to the currently logged in user.
|
||||||
*
|
* @return boolean True if the the member is allowed to do the given action.
|
||||||
* @return boolean True if the the member is allowed to do the given
|
|
||||||
* action.
|
|
||||||
*
|
|
||||||
* @todo Check we get a endless recursion if we use parent::can()
|
|
||||||
*/
|
*/
|
||||||
function can($perm, $member = null) {
|
function can($perm, $member = null) {
|
||||||
if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) {
|
if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) {
|
||||||
@ -709,7 +705,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||||||
|
|
||||||
if($member && Permission::checkMember($member, "ADMIN")) return true;
|
if($member && Permission::checkMember($member, "ADMIN")) return true;
|
||||||
|
|
||||||
if(method_exists($this, 'can' . ucfirst($perm))) {
|
if(is_string($perm) && method_exists($this, 'can' . ucfirst($perm))) {
|
||||||
$method = 'can' . ucfirst($perm);
|
$method = 'can' . ucfirst($perm);
|
||||||
return $this->$method($member);
|
return $this->$method($member);
|
||||||
}
|
}
|
||||||
@ -717,7 +713,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||||||
$results = $this->extend('can', $member);
|
$results = $this->extend('can', $member);
|
||||||
if($results && is_array($results)) if(!min($results)) return false;
|
if($results && is_array($results)) if(!min($results)) return false;
|
||||||
|
|
||||||
return true;
|
return ($member && Permission::checkMember($member, $perm));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -2293,7 +2289,8 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||||||
/**
|
/**
|
||||||
* Get the class dropdown used in the CMS to change the class of a page.
|
* Get the class dropdown used in the CMS to change the class of a page.
|
||||||
* This returns the list of options in the drop as a Map from class name
|
* This returns the list of options in the drop as a Map from class name
|
||||||
* to text in dropdown.
|
* to text in dropdown. Filters by {@link SiteTree->canCreate()},
|
||||||
|
* as well as {@link SiteTree::$needs_permission}.
|
||||||
*
|
*
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
@ -2306,6 +2303,10 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
|||||||
foreach($classes as $class) {
|
foreach($classes as $class) {
|
||||||
$instance = singleton($class);
|
$instance = singleton($class);
|
||||||
if((($instance instanceof HiddenClass) || !$instance->canCreate()) && ($class != $this->class)) continue;
|
if((($instance instanceof HiddenClass) || !$instance->canCreate()) && ($class != $this->class)) continue;
|
||||||
|
|
||||||
|
if($perms = $instance->stat('need_permission')) {
|
||||||
|
if(!$this->can($perms)) continue;
|
||||||
|
}
|
||||||
|
|
||||||
$pageTypeName = $instance->i18n_singular_name();
|
$pageTypeName = $instance->i18n_singular_name();
|
||||||
|
|
||||||
|
@ -825,6 +825,23 @@ class SiteTreeTest extends SapphireTest {
|
|||||||
$valid = $classCext->validate();
|
$valid = $classCext->validate();
|
||||||
$this->assertFalse($valid->valid(), "Doesnt allow child where only parent class is allowed on parent node, and asterisk prefixing is used");
|
$this->assertFalse($valid->valid(), "Doesnt allow child where only parent class is allowed on parent node, and asterisk prefixing is used");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testClassDropdown() {
|
||||||
|
$sitetree = new SiteTree();
|
||||||
|
$method = new ReflectionMethod($sitetree, 'getClassDropdown');
|
||||||
|
$method->setAccessible(true);
|
||||||
|
|
||||||
|
Session::set("loggedInAs", null);
|
||||||
|
$this->assertArrayNotHasKey('SiteTreeTest_ClassA', $method->invoke($sitetree));
|
||||||
|
|
||||||
|
$this->loginWithPermission('ADMIN');
|
||||||
|
$this->assertArrayHasKey('SiteTreeTest_ClassA', $method->invoke($sitetree));
|
||||||
|
|
||||||
|
$this->loginWithPermission('CMS_ACCESS_CMSMain');
|
||||||
|
$this->assertArrayHasKey('SiteTreeTest_ClassA', $method->invoke($sitetree));
|
||||||
|
|
||||||
|
Session::set("loggedInAs", null);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**#@+
|
/**#@+
|
||||||
|
Loading…
Reference in New Issue
Block a user