Merge pull request #498 from creative-commoners/pulls/2.6/file-permissions

Subsite file permissions
This commit is contained in:
Steve Boyd 2022-12-19 11:34:52 +13:00 committed by GitHub
commit 4308ac4316
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 90 additions and 3 deletions

View File

@ -116,9 +116,9 @@ class FileSubsites extends DataExtension
} }
// Check the CMS_ACCESS_SecurityAdmin privileges on the subsite that owns this group // Check the CMS_ACCESS_SecurityAdmin privileges on the subsite that owns this group
$subsiteID = SubsiteState::singleton()->getSubsiteId(); $currentSubsiteID = SubsiteState::singleton()->getSubsiteId();
if ($subsiteID && $subsiteID == $this->owner->SubsiteID) { if ($currentSubsiteID && $currentSubsiteID !== $this->owner->SubsiteID) {
return true; return false;
} }
return SubsiteState::singleton()->withState(function (SubsiteState $newState) use ($member) { return SubsiteState::singleton()->withState(function (SubsiteState $newState) use ($member) {

View File

@ -8,6 +8,7 @@ use SilverStripe\Core\Config\Config;
use SilverStripe\Forms\FieldList; use SilverStripe\Forms\FieldList;
use SilverStripe\Subsites\Extensions\FileSubsites; use SilverStripe\Subsites\Extensions\FileSubsites;
use SilverStripe\Subsites\Model\Subsite; use SilverStripe\Subsites\Model\Subsite;
use SilverStripe\Security\Member;
class FileSubsitesTest extends BaseSubsiteTest class FileSubsitesTest extends BaseSubsiteTest
{ {
@ -65,4 +66,64 @@ class FileSubsitesTest extends BaseSubsiteTest
$file->onAfterUpload(); $file->onAfterUpload();
$this->assertEquals($folder->SubsiteID, $file->SubsiteID); $this->assertEquals($folder->SubsiteID, $file->SubsiteID);
} }
/**
* @dataProvider provideTestCanEdit
*/
public function testCanEdit(
string $fileKey,
string $memberKey,
string $currentSubsiteKey,
bool $expected
): void {
$file = $this->objFromFixture(File::class, $fileKey);
$subsiteID = ($currentSubsiteKey === 'mainsite')
? 0 : $this->objFromFixture(Subsite::class, $currentSubsiteKey)->ID;
$member = $this->objFromFixture(Member::class, $memberKey);
Subsite::changeSubsite($subsiteID);
$this->assertSame($expected, $file->canEdit($member));
}
public function provideTestCanEdit(): array
{
$ret = [];
$data = [
// file
'subsite1file' => [
// member - has permissions to edit the file
'filetestyes' => [
// current subite => expected canEdit()
'subsite1' => true,
'subsite2' => false,
'mainsite' => true
],
// member - does not have permissions to edit the file
'filetestno' => [
'subsite1' => false,
'subsite2' => false,
'mainsite' => false
],
],
'mainsitefile' => [
'filetestyes' => [
'subsite1' => true,
'subsite2' => true,
'mainsite' => true
],
'filetestno' => [
'subsite1' => false,
'subsite2' => false,
'mainsite' => false
],
]
];
foreach (array_keys($data) as $fileKey) {
foreach (array_keys($data[$fileKey]) as $memberKey) {
foreach ($data[$fileKey][$memberKey] as $currentSubsiteKey => $expected) {
$ret[] = [$fileKey, $memberKey, $currentSubsiteKey, $expected];
}
}
}
return $ret;
}
} }

View File

@ -159,6 +159,10 @@ SilverStripe\Security\Group:
Code: subsite1_group_via_role Code: subsite1_group_via_role
AccessAllSubsites: 1 AccessAllSubsites: 1
Roles: =>SilverStripe\Security\PermissionRole.role1 Roles: =>SilverStripe\Security\PermissionRole.role1
filetest:
Title: filetest
Code: filetest
AccessAllSubsites: 1
SilverStripe\Security\Permission: SilverStripe\Security\Permission:
admin: admin:
Code: ADMIN Code: ADMIN
@ -193,6 +197,9 @@ SilverStripe\Security\Permission:
adminsubsite1: adminsubsite1:
Code: ADMIN Code: ADMIN
GroupID: =>SilverStripe\Security\Group.subsite1admins GroupID: =>SilverStripe\Security\Group.subsite1admins
filetest:
Code: CMS_ACCESS_CMSMain
GroupID: =>SilverStripe\Security\Group.filetest
SilverStripe\Security\Member: SilverStripe\Security\Member:
admin: admin:
@ -222,7 +229,26 @@ SilverStripe\Security\Member:
subsite1member2: subsite1member2:
Email: subsite1member2@test.com Email: subsite1member2@test.com
Groups: =>SilverStripe\Security\Group.subsite1_group_via_role Groups: =>SilverStripe\Security\Group.subsite1_group_via_role
filetestyes:
Email: filetestyes@test.com
Groups: =>SilverStripe\Security\Group.filetest
filetestno:
Email: filetestno@test.com
SilverStripe\SiteConfig\SiteConfig: SilverStripe\SiteConfig\SiteConfig:
config: config:
CanCreateTopLevelType: LoggedInUsers CanCreateTopLevelType: LoggedInUsers
SilverStripe\Assets\File:
subsite1file:
Name: subsitefile.pdf
Title: subsitefile
SubsiteID: =>SilverStripe\Subsites\Model\Subsite.subsite1
CanEditType: OnlyTheseUsers
EditorGroups: =>SilverStripe\Security\Group.filetest
mainsitefile:
Name: mainsitefile.pdf
Title: mainsitefile
SubsiteID: 0
CanEditType: OnlyTheseUsers
EditorGroups: =>SilverStripe\Security\Group.filetest