mirror of
https://github.com/silverstripe/silverstripe-subsites
synced 2024-09-27 11:55:58 +02:00
BUGFIX: make sure non-admins can access the main site via group role
This commit is contained in:
Mateusz Uzdowski
parent
fb998aec87
commit
5f337db553
@ -127,7 +127,8 @@ class LeftAndMainSubsites extends Extension {
|
||||
$member = Member::currentUser();
|
||||
if ($member && $member->isAdmin()) return true; //admin can access all subsites
|
||||
|
||||
$sites = Subsite::accessible_sites("CMS_ACCESS_{$this->owner->class}")->toDropdownMap();
|
||||
$sites = Subsite::accessible_sites("CMS_ACCESS_{$this->owner->class}", true)->toDropdownMap();
|
||||
|
||||
if($sites && !isset($sites[Subsite::currentSubsiteID()])) {
|
||||
$siteIDs = array_keys($sites);
|
||||
Subsite::changeSubsite($siteIDs[0]);
|
||||
@ -139,7 +140,7 @@ class LeftAndMainSubsites extends Extension {
|
||||
foreach($menu as $candidate) {
|
||||
if($candidate->controller != $this->owner->class) {
|
||||
|
||||
$sites = Subsite::accessible_sites("CMS_ACCESS_{$candidate->controller}")->toDropdownMap();
|
||||
$sites = Subsite::accessible_sites("CMS_ACCESS_{$candidate->controller}", true)->toDropdownMap();
|
||||
if($sites && !isset($sites[Subsite::currentSubsiteID()])) {
|
||||
$siteIDs = array_keys($sites);
|
||||
Subsite::changeSubsite($siteIDs[0]);
|
||||
|
||||
@ -347,6 +347,7 @@ JS;
|
||||
$SQL_perms = join("','", $SQLa_perm);
|
||||
$memberID = (int)$member->ID;
|
||||
|
||||
// Count this user's groups which can access the main site
|
||||
$groupCount = DB::query("
|
||||
SELECT COUNT(\"Permission\".\"ID\")
|
||||
FROM \"Permission\"
|
||||
@ -356,8 +357,21 @@ JS;
|
||||
AND \"MemberID\" = {$memberID}
|
||||
")->value();
|
||||
|
||||
return ($groupCount > 0);
|
||||
|
||||
// Count this user's groups which have a role that can access the main site
|
||||
$roleCount = DB::query("
|
||||
SELECT COUNT(\"PermissionRoleCode\".\"ID\")
|
||||
FROM \"Group\"
|
||||
INNER JOIN \"Group_Members\" ON \"Group_Members\".\"GroupID\" = \"Group\".\"ID\"
|
||||
INNER JOIN \"Group_Roles\" ON \"Group_Roles\".\"GroupID\"=\"Group\".\"ID\"
|
||||
INNER JOIN \"PermissionRole\" ON \"Group_Roles\".\"PermissionRoleID\"=\"PermissionRole\".\"ID\"
|
||||
INNER JOIN \"PermissionRoleCode\" ON \"PermissionRole\".\"ID\"=\"PermissionRoleCode\".\"RoleID\"
|
||||
WHERE \"PermissionRoleCode\".\"Code\" IN ('$SQL_perms')
|
||||
AND \"Group\".\"AccessAllSubsites\" = 1
|
||||
AND \"MemberID\" = {$memberID}
|
||||
")->value();
|
||||
|
||||
// There has to be at least one that allows access.
|
||||
return ($groupCount + $roleCount > 0);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -419,6 +433,7 @@ JS;
|
||||
|
||||
$templateClassList = "'" . implode("', '", ClassInfo::subclassesFor("Subsite_Template")) . "'";
|
||||
|
||||
// Get all subsites accessible via a group
|
||||
$subsites = DataObject::get(
|
||||
'Subsite',
|
||||
"\"Subsite\".\"Title\" != ''",
|
||||
@ -434,7 +449,9 @@ JS;
|
||||
ON \"Group\".\"ID\"=\"Permission\".\"GroupID\"
|
||||
AND \"Permission\".\"Code\" IN ($SQL_codes, 'ADMIN')"
|
||||
);
|
||||
if (!$subsites) $subsites = new DataObjectSet();
|
||||
|
||||
// Get all subsites accessible via a role
|
||||
$rolesSubsites = DataObject::get(
|
||||
'Subsite',
|
||||
"\"Subsite\".\"Title\" != ''",
|
||||
@ -454,17 +471,17 @@ JS;
|
||||
ON \"PermissionRole\".\"ID\"=\"PermissionRoleCode\".\"RoleID\"
|
||||
AND \"PermissionRoleCode\".\"Code\" IN ($SQL_codes, 'ADMIN')"
|
||||
);
|
||||
|
||||
if(!$subsites && $rolesSubsites) return $rolesSubsites;
|
||||
|
||||
if($rolesSubsites) foreach($rolesSubsites as $subsite) {
|
||||
if(!$subsites->containsIDs(array($subsite->ID))) {
|
||||
$subsites->push($subsite);
|
||||
|
||||
// Merge subsites
|
||||
if($rolesSubsites) {
|
||||
if($rolesSubsites) foreach($rolesSubsites as $subsite) {
|
||||
if(!$subsites->containsIDs(array($subsite->ID))) {
|
||||
$subsites->push($subsite);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Include the main site
|
||||
if(!$subsites) $subsites = new DataObjectSet();
|
||||
// Include the main site, if requested
|
||||
if($includeMainSite) {
|
||||
if(!is_array($permCode)) $permCode = array($permCode);
|
||||
if(self::hasMainSitePermission($member, $permCode)) {
|
||||
|
||||
@ -109,7 +109,7 @@ class SubsiteTest extends SapphireTest {
|
||||
$this->objFromFixture('Member', 'subsite1member'));
|
||||
$member1SiteTitles = $member1Sites->column("Title");
|
||||
sort($member1SiteTitles);
|
||||
$this->assertEquals(array('Subsite1 Template'), $member1SiteTitles);
|
||||
$this->assertEquals('Subsite1 Template', $member1SiteTitles[0], 'Member can get to a subsite via a group');
|
||||
|
||||
$adminSites = Subsite::accessible_sites("CMS_ACCESS_CMSMain", false, null,
|
||||
$this->objFromFixture('Member', 'admin'));
|
||||
@ -123,6 +123,20 @@ class SubsiteTest extends SapphireTest {
|
||||
'Test 2',
|
||||
'Test 3',
|
||||
), $adminSiteTitles);
|
||||
|
||||
$member2Sites = Subsite::accessible_sites("CMS_ACCESS_CMSMain", false, null,
|
||||
$this->objFromFixture('Member', 'subsite1member2'));
|
||||
$member2SiteTitles = $member2Sites->column("Title");
|
||||
sort($member2SiteTitles);
|
||||
$this->assertEquals('Subsite1 Template', $member2SiteTitles[0], 'Member can get to subsite via a group role');
|
||||
}
|
||||
|
||||
function testHasMainSitePermission() {
|
||||
$canAccess = Subsite::hasMainSitePermission($this->objFromFixture('Member', 'subsite1member'), array("CMS_ACCESS_CMSMain"));
|
||||
$this->assertTrue($canAccess, 'Member has access to Main site via a group');
|
||||
|
||||
$canAccess = Subsite::hasMainSitePermission($this->objFromFixture('Member', 'subsite1member2'), array("CMS_ACCESS_CMSMain"));
|
||||
$this->assertTrue($canAccess, 'Member has access to Main site via a group role');
|
||||
}
|
||||
|
||||
function testDuplicateSubsite() {
|
||||
@ -150,4 +164,4 @@ class SubsiteTest extends SapphireTest {
|
||||
$subsite2->activate();
|
||||
$this->assertEquals('MyNewAwesomePage', DataObject::get_by_id('Page', $page2->ID)->Title);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -75,6 +75,13 @@ SiteTree:
|
||||
Title: Contact Us (Subsite 2)
|
||||
SubsiteID: =>Subsite_Template.subsite2
|
||||
|
||||
PermissionRoleCode:
|
||||
roleCode1:
|
||||
Code: CMS_ACCESS_CMSMain
|
||||
PermissionRole:
|
||||
role1:
|
||||
Title: role1
|
||||
Codes: =>PermissionRoleCode.roleCode1
|
||||
Group:
|
||||
admin:
|
||||
Title: Admin
|
||||
@ -87,13 +94,18 @@ Group:
|
||||
subsite1_group:
|
||||
Title: subsite1_group
|
||||
Code: subsite1_group
|
||||
AccessAllSubsites: 0
|
||||
AccessAllSubsites: 1
|
||||
Subsites: =>Subsite_Template.subsite1
|
||||
subsite2_group:
|
||||
Title: subsite2_group
|
||||
Code: subsite2_group
|
||||
AccessAllSubsites: 0
|
||||
Subsites: =>Subsite_Template.subsite2
|
||||
subsite1_group_via_role:
|
||||
Title: subsite1_group_via_role
|
||||
Code: subsite1_group_via_role
|
||||
AccessAllSubsites: 1
|
||||
Roles: =>PermissionRole.role1
|
||||
Permission:
|
||||
admin:
|
||||
Code: ADMIN
|
||||
@ -139,3 +151,6 @@ Member:
|
||||
subsite2member:
|
||||
Email: subsite2member@test.com
|
||||
Groups: =>Group.subsite2_group
|
||||
subsite1member2:
|
||||
Email: subsite1member2@test.com
|
||||
Groups: =>Group.subsite1_group_via_role
|
||||
|
||||
Loading…
Reference in New Issue
Block a user