tonyair/silverstripe-reports
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-reports synced 2024-10-22 11:05:53 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX: fixing CMS_ACCESS_LeftAndMain permission (=access all cms sections). Also added the test. (from r95788)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@102465 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-04-12 08:44:29 +00:00
parent 129ab60ae7
commit 49cff72b8f
3 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
code/LeftAndMain.php
View File

@ -88,7 +88,8 @@ class LeftAndMain extends Controller {
} }
// Default security check for LeftAndMain sub-class permissions // Default security check for LeftAndMain sub-class permissions
if(!Permission::checkMember($member, "CMS_ACCESS_$this->class")) { if(!Permission::checkMember($member, "CMS_ACCESS_$this->class") &&
!Permission::checkMember($member, "CMS_ACCESS_LeftAndMain")) {
return false; return false;
} }

10
tests/CMSMainTest.yml
View File

@ -17,6 +17,8 @@ Group:
Title: Empty Group Title: Empty Group
assetsonly: assetsonly:
Title: assetsonly Title: assetsonly
allcmssections:
Title: allcmssections
Member: Member:
admin: admin:
Email: admin@example.com Email: admin@example.com
@ -25,10 +27,16 @@ Member:
assetsonlyuser: assetsonlyuser:
Email: assetsonlyuser@test.com Email: assetsonlyuser@test.com
Groups: =>Group.assetsonly Groups: =>Group.assetsonly
allcmssectionsuser:
Email: allcmssectionsuser@test.com
Groups: =>Group.allcmssections
Permission: Permission:
admin: admin:
Code: ADMIN Code: ADMIN
GroupID: =>Group.admin GroupID: =>Group.admin
assetsonly: assetsonly:
Code: CMS_ACCESS_AssetAdmin Code: CMS_ACCESS_AssetAdmin
GroupID: =>Group.assetsonly GroupID: =>Group.assetsonly
allcmssections:
Code: CMS_ACCESS_LeftAndMain
GroupID: =>Group.allcmssections

11
tests/LeftAndMainTest.php
View File

@ -45,6 +45,7 @@ class LeftAndMainTest extends FunctionalTest {
function testCanView() { function testCanView() {
$adminuser = $this->objFromFixture('Member', 'admin'); $adminuser = $this->objFromFixture('Member', 'admin');
$assetsonlyuser = $this->objFromFixture('Member', 'assetsonlyuser'); $assetsonlyuser = $this->objFromFixture('Member', 'assetsonlyuser');
$allcmssectionsuser = $this->objFromFixture('Member', 'allcmssectionsuser');
// anonymous user // anonymous user
$this->session()->inst_set('loggedInAs', null); $this->session()->inst_set('loggedInAs', null);
@ -64,6 +65,16 @@ class LeftAndMainTest extends FunctionalTest {
'Groups with limited access can only access the interfaces they have permissions for' 'Groups with limited access can only access the interfaces they have permissions for'
); );
// all cms sections user
$this->session()->inst_set('loggedInAs', $allcmssectionsuser->ID);
$menuItems = singleton('LeftAndMain')->MainMenu();
$requiredSections = array('CMSMain','AssetAdmin','CommentAdmin','SecurityAdmin','Help');
$this->assertEquals(
array_diff($requiredSections, $menuItems->column('Code')),
array(),
'Group with CMS_ACCESS_LeftAndMain permission can access all sections'
);
// admin // admin
$this->session()->inst_set('loggedInAs', $adminuser->ID); $this->session()->inst_set('loggedInAs', $adminuser->ID);
$menuItems = singleton('LeftAndMain')->MainMenu(); $menuItems = singleton('LeftAndMain')->MainMenu();