FIX LeftAndMainSubsites::canAccess() now accepts a Member argument and falls back to the session member

This commit is contained in:
Robbie Averill 2019-06-24 10:19:58 +12:00
parent 2a9f3ac0f6
commit 0275bb1eca
2 changed files with 22 additions and 4 deletions

View File

@ -215,11 +215,16 @@ class LeftAndMainSubsites extends LeftAndMainExtension
/**
* Check if the current controller is accessible for this user on this subsite.
*
* @param Member $member
*/
public function canAccess()
public function canAccess(Member $member = null)
{
if (!$member) {
$member = Security::getCurrentUser();
}
// Admin can access everything, no point in checking.
$member = Security::getCurrentUser();
if ($member
&& (Permission::checkMember($member, [
'ADMIN', // Full administrative rights
@ -238,10 +243,12 @@ class LeftAndMainSubsites extends LeftAndMainExtension
/**
* Prevent accessing disallowed resources. This happens after onBeforeInit has executed,
* so all redirections should've already taken place.
*
* @param Member $member
*/
public function alternateAccessCheck()
public function alternateAccessCheck(Member $member = null)
{
return $this->owner->canAccess();
return $this->owner->canAccess($member);
}
/**

View File

@ -9,6 +9,7 @@ use SilverStripe\CMS\Controllers\CMSPageEditController;
use SilverStripe\Core\Config\Config;
use SilverStripe\Dev\FunctionalTest;
use SilverStripe\Security\Member;
use SilverStripe\Subsites\Extensions\LeftAndMainSubsites;
use SilverStripe\Subsites\Model\Subsite;
use SilverStripe\Subsites\State\SubsiteState;
@ -100,4 +101,14 @@ class LeftAndMainSubsitesTest extends FunctionalTest
$this->assertTrue($l->shouldChangeSubsite(CMSPageEditController::class, 1, 5));
$this->assertFalse($l->shouldChangeSubsite(CMSPageEditController::class, 1, 1));
}
public function testCanAccessWithPassedMember()
{
$memberID = $this->logInWithPermission('ADMIN');
$member = Member::get()->byID($memberID);
/** @var LeftAndMain&LeftAndMainSubsites $leftAndMain */
$leftAndMain = new LeftAndMain();
$this->assertTrue($leftAndMain->canAccess($member));
}
}