mirror of
https://github.com/silverstripe/silverstripe-subsites
synced 2024-10-22 11:05:55 +02:00
Merge pull request #498 from creative-commoners/pulls/2.6/file-permissions
Subsite file permissions
This commit is contained in:
commit
4308ac4316
@ -116,9 +116,9 @@ class FileSubsites extends DataExtension
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Check the CMS_ACCESS_SecurityAdmin privileges on the subsite that owns this group
|
// Check the CMS_ACCESS_SecurityAdmin privileges on the subsite that owns this group
|
||||||
$subsiteID = SubsiteState::singleton()->getSubsiteId();
|
$currentSubsiteID = SubsiteState::singleton()->getSubsiteId();
|
||||||
if ($subsiteID && $subsiteID == $this->owner->SubsiteID) {
|
if ($currentSubsiteID && $currentSubsiteID !== $this->owner->SubsiteID) {
|
||||||
return true;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return SubsiteState::singleton()->withState(function (SubsiteState $newState) use ($member) {
|
return SubsiteState::singleton()->withState(function (SubsiteState $newState) use ($member) {
|
||||||
|
@ -8,6 +8,7 @@ use SilverStripe\Core\Config\Config;
|
|||||||
use SilverStripe\Forms\FieldList;
|
use SilverStripe\Forms\FieldList;
|
||||||
use SilverStripe\Subsites\Extensions\FileSubsites;
|
use SilverStripe\Subsites\Extensions\FileSubsites;
|
||||||
use SilverStripe\Subsites\Model\Subsite;
|
use SilverStripe\Subsites\Model\Subsite;
|
||||||
|
use SilverStripe\Security\Member;
|
||||||
|
|
||||||
class FileSubsitesTest extends BaseSubsiteTest
|
class FileSubsitesTest extends BaseSubsiteTest
|
||||||
{
|
{
|
||||||
@ -65,4 +66,64 @@ class FileSubsitesTest extends BaseSubsiteTest
|
|||||||
$file->onAfterUpload();
|
$file->onAfterUpload();
|
||||||
$this->assertEquals($folder->SubsiteID, $file->SubsiteID);
|
$this->assertEquals($folder->SubsiteID, $file->SubsiteID);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @dataProvider provideTestCanEdit
|
||||||
|
*/
|
||||||
|
public function testCanEdit(
|
||||||
|
string $fileKey,
|
||||||
|
string $memberKey,
|
||||||
|
string $currentSubsiteKey,
|
||||||
|
bool $expected
|
||||||
|
): void {
|
||||||
|
$file = $this->objFromFixture(File::class, $fileKey);
|
||||||
|
$subsiteID = ($currentSubsiteKey === 'mainsite')
|
||||||
|
? 0 : $this->objFromFixture(Subsite::class, $currentSubsiteKey)->ID;
|
||||||
|
$member = $this->objFromFixture(Member::class, $memberKey);
|
||||||
|
Subsite::changeSubsite($subsiteID);
|
||||||
|
$this->assertSame($expected, $file->canEdit($member));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function provideTestCanEdit(): array
|
||||||
|
{
|
||||||
|
$ret = [];
|
||||||
|
$data = [
|
||||||
|
// file
|
||||||
|
'subsite1file' => [
|
||||||
|
// member - has permissions to edit the file
|
||||||
|
'filetestyes' => [
|
||||||
|
// current subite => expected canEdit()
|
||||||
|
'subsite1' => true,
|
||||||
|
'subsite2' => false,
|
||||||
|
'mainsite' => true
|
||||||
|
],
|
||||||
|
// member - does not have permissions to edit the file
|
||||||
|
'filetestno' => [
|
||||||
|
'subsite1' => false,
|
||||||
|
'subsite2' => false,
|
||||||
|
'mainsite' => false
|
||||||
|
],
|
||||||
|
],
|
||||||
|
'mainsitefile' => [
|
||||||
|
'filetestyes' => [
|
||||||
|
'subsite1' => true,
|
||||||
|
'subsite2' => true,
|
||||||
|
'mainsite' => true
|
||||||
|
],
|
||||||
|
'filetestno' => [
|
||||||
|
'subsite1' => false,
|
||||||
|
'subsite2' => false,
|
||||||
|
'mainsite' => false
|
||||||
|
],
|
||||||
|
]
|
||||||
|
];
|
||||||
|
foreach (array_keys($data) as $fileKey) {
|
||||||
|
foreach (array_keys($data[$fileKey]) as $memberKey) {
|
||||||
|
foreach ($data[$fileKey][$memberKey] as $currentSubsiteKey => $expected) {
|
||||||
|
$ret[] = [$fileKey, $memberKey, $currentSubsiteKey, $expected];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $ret;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -159,6 +159,10 @@ SilverStripe\Security\Group:
|
|||||||
Code: subsite1_group_via_role
|
Code: subsite1_group_via_role
|
||||||
AccessAllSubsites: 1
|
AccessAllSubsites: 1
|
||||||
Roles: =>SilverStripe\Security\PermissionRole.role1
|
Roles: =>SilverStripe\Security\PermissionRole.role1
|
||||||
|
filetest:
|
||||||
|
Title: filetest
|
||||||
|
Code: filetest
|
||||||
|
AccessAllSubsites: 1
|
||||||
SilverStripe\Security\Permission:
|
SilverStripe\Security\Permission:
|
||||||
admin:
|
admin:
|
||||||
Code: ADMIN
|
Code: ADMIN
|
||||||
@ -193,6 +197,9 @@ SilverStripe\Security\Permission:
|
|||||||
adminsubsite1:
|
adminsubsite1:
|
||||||
Code: ADMIN
|
Code: ADMIN
|
||||||
GroupID: =>SilverStripe\Security\Group.subsite1admins
|
GroupID: =>SilverStripe\Security\Group.subsite1admins
|
||||||
|
filetest:
|
||||||
|
Code: CMS_ACCESS_CMSMain
|
||||||
|
GroupID: =>SilverStripe\Security\Group.filetest
|
||||||
|
|
||||||
SilverStripe\Security\Member:
|
SilverStripe\Security\Member:
|
||||||
admin:
|
admin:
|
||||||
@ -222,7 +229,26 @@ SilverStripe\Security\Member:
|
|||||||
subsite1member2:
|
subsite1member2:
|
||||||
Email: subsite1member2@test.com
|
Email: subsite1member2@test.com
|
||||||
Groups: =>SilverStripe\Security\Group.subsite1_group_via_role
|
Groups: =>SilverStripe\Security\Group.subsite1_group_via_role
|
||||||
|
filetestyes:
|
||||||
|
Email: filetestyes@test.com
|
||||||
|
Groups: =>SilverStripe\Security\Group.filetest
|
||||||
|
filetestno:
|
||||||
|
Email: filetestno@test.com
|
||||||
|
|
||||||
SilverStripe\SiteConfig\SiteConfig:
|
SilverStripe\SiteConfig\SiteConfig:
|
||||||
config:
|
config:
|
||||||
CanCreateTopLevelType: LoggedInUsers
|
CanCreateTopLevelType: LoggedInUsers
|
||||||
|
|
||||||
|
SilverStripe\Assets\File:
|
||||||
|
subsite1file:
|
||||||
|
Name: subsitefile.pdf
|
||||||
|
Title: subsitefile
|
||||||
|
SubsiteID: =>SilverStripe\Subsites\Model\Subsite.subsite1
|
||||||
|
CanEditType: OnlyTheseUsers
|
||||||
|
EditorGroups: =>SilverStripe\Security\Group.filetest
|
||||||
|
mainsitefile:
|
||||||
|
Name: mainsitefile.pdf
|
||||||
|
Title: mainsitefile
|
||||||
|
SubsiteID: 0
|
||||||
|
CanEditType: OnlyTheseUsers
|
||||||
|
EditorGroups: =>SilverStripe\Security\Group.filetest
|
||||||
|
Loading…
Reference in New Issue
Block a user