BUGFIX: fixing CMS_ACCESS_LeftAndMain permission (=access all cms sections). Also added the test. (from r95788)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@102465 467b73ca-7a2a-4603-9d3b-597d59a354a9

code/LeftAndMain.php

@@ -88,7 +88,8 @@ class LeftAndMain extends Controller {
 		}
 			
 		// Default security check for LeftAndMain sub-class permissions
-		if(!Permission::checkMember($member, "CMS_ACCESS_$this->class")) {
+		if(!Permission::checkMember($member, "CMS_ACCESS_$this->class") && 
+		   !Permission::checkMember($member, "CMS_ACCESS_LeftAndMain")) {
 			return false;
 		}
 		

tests/CMSMainTest.yml

@@ -17,6 +17,8 @@ Group:
       Title: Empty Group
    assetsonly:
       Title: assetsonly
+   allcmssections:
+      Title: allcmssections
 Member:
    admin:
       Email: admin@example.com
@@ -25,6 +27,9 @@ Member:
    assetsonlyuser:
       Email: assetsonlyuser@test.com
       Groups: =>Group.assetsonly
+   allcmssectionsuser:
+      Email: allcmssectionsuser@test.com
+      Groups: =>Group.allcmssections
 Permission:
    admin:
       Code: ADMIN
@@ -32,3 +37,6 @@ Permission:
    assetsonly:
       Code: CMS_ACCESS_AssetAdmin
       GroupID: =>Group.assetsonly
+   allcmssections:
+      Code: CMS_ACCESS_LeftAndMain
+      GroupID: =>Group.allcmssections

tests/LeftAndMainTest.php

@@ -45,6 +45,7 @@ class LeftAndMainTest extends FunctionalTest {
 	function testCanView() {
 		$adminuser = $this->objFromFixture('Member', 'admin');
 		$assetsonlyuser = $this->objFromFixture('Member', 'assetsonlyuser');
+		$allcmssectionsuser = $this->objFromFixture('Member', 'allcmssectionsuser');
 		
 		// anonymous user
 		$this->session()->inst_set('loggedInAs', null);
@@ -64,6 +65,16 @@ class LeftAndMainTest extends FunctionalTest {
 			'Groups with limited access can only access the interfaces they have permissions for'
 		);
 		
+		// all cms sections user
+		$this->session()->inst_set('loggedInAs', $allcmssectionsuser->ID);
+		$menuItems = singleton('LeftAndMain')->MainMenu();
+		$requiredSections = array('CMSMain','AssetAdmin','CommentAdmin','SecurityAdmin','Help');
+		$this->assertEquals(
+			array_diff($requiredSections, $menuItems->column('Code')),
+			array(),
+			'Group with CMS_ACCESS_LeftAndMain permission can access all sections'
+		);
+		
 		// admin
 		$this->session()->inst_set('loggedInAs', $adminuser->ID);
 		$menuItems = singleton('LeftAndMain')->MainMenu();