mirror of
https://github.com/silverstripe/silverstripe-reports
synced 2024-10-22 11:05:53 +02:00
a5f00ae2c3
SiteTree versions that arent the live version shouldnt be accessed by regular users, but the logic to check that was split off into canViewStage, which wasnt checked by code that isnt specifically SiteTree aware (like RestfulServer)
45 lines
1.3 KiB
PHP
45 lines
1.3 KiB
PHP
<?php
|
|
/**
|
|
* @package cms
|
|
* @subpackage tests
|
|
*/
|
|
class ContentControllerPermissionsTest extends FunctionalTest {
|
|
|
|
protected $usesDatabase = true;
|
|
|
|
protected $autoFollowRedirection = false;
|
|
|
|
public function testCanViewStage() {
|
|
// Create a new page
|
|
$page = new Page();
|
|
$page->URLSegment = 'testpage';
|
|
$page->write();
|
|
$page->publish('Stage', 'Live');
|
|
|
|
// Add a stage-only version
|
|
$page->Content = "Version2";
|
|
$page->write();
|
|
|
|
$response = $this->get('/testpage');
|
|
$this->assertEquals($response->getStatusCode(), 200, 'Doesnt require login for implicit live stage');
|
|
|
|
$response = $this->get('/testpage/?stage=Live');
|
|
$this->assertEquals($response->getStatusCode(), 200, 'Doesnt require login for explicit live stage');
|
|
|
|
$response = $this->get('/testpage/?stage=Stage');
|
|
// should redirect to login
|
|
$this->assertEquals($response->getStatusCode(), 302, 'Redirects to login page when not logged in for draft stage');
|
|
$this->assertContains(
|
|
Config::inst()->get('Security', 'login_url'),
|
|
$response->getHeader('Location')
|
|
);
|
|
|
|
$this->logInWithPermission('CMS_ACCESS_CMSMain');
|
|
|
|
$response = $this->get('/testpage/?stage=Stage');
|
|
$this->assertEquals($response->getStatusCode(), 200, 'Doesnt redirect to login, but shows page for authenticated user');
|
|
}
|
|
|
|
|
|
}
|