mirror of
https://github.com/silverstripe/silverstripe-subsites
synced 2024-10-22 11:05:55 +02:00
ENHANCMENENT Added SiteTreeSubsites->can*() methods for true permission control on model-layer rather than generic controller checks (incl. unit tests)
MINOR documentation
This commit is contained in:
Ingo Schommer
parent
d175e494a5
commit
6d25adedc0
@ -34,6 +34,12 @@ class GroupSubsites extends DataObjectDecorator {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* If this group belongs to a subsite,
|
||||
* append the subsites title to the group title
|
||||
* to make it easy to distinguish in the tree-view
|
||||
* of the security admin interface.
|
||||
*/
|
||||
function alternateTreeTitle() {
|
||||
if($this->owner->SubsiteID == 0) {
|
||||
return $this->owner->Title;
|
||||
|
||||
@ -95,6 +95,54 @@ class SiteTreeSubsites extends DataObjectDecorator {
|
||||
$fields->insertFirst(new HeaderField('This page\'s content is copied from a master page: ' . $this->owner->MasterPage()->Title, 2));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Only allow editing of a page if the member satisfies one of the following conditions:
|
||||
* - Is in a group which has access to the subsite this page belongs to
|
||||
* - Is in a group with edit permissions on the "main site"
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
function canEdit($member = null) {
|
||||
if(!$member) $member = Member::currentUser();
|
||||
|
||||
$allowedSubsites = Subsite::getSubsitesForMember($member);
|
||||
if(
|
||||
!$allowedSubsites
|
||||
|| !in_array($this->owner->SubsiteID, $allowedSubsites->column('ID'))
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return boolean
|
||||
*/
|
||||
function canDelete($member = null) {
|
||||
if(!$member) $member = Member::currentUser();
|
||||
|
||||
return $this->canEdit($member);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return boolean
|
||||
*/
|
||||
function canAddChildren($member = null) {
|
||||
if(!$member) $member = Member::currentUser();
|
||||
|
||||
return $this->canEdit($member);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return boolean
|
||||
*/
|
||||
function canPublish($member = null) {
|
||||
if(!$member) $member = Member::currentUser();
|
||||
|
||||
return $this->canEdit($member);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a duplicate of this page and save it to another subsite
|
||||
|
||||
@ -47,6 +47,8 @@ class SubsiteTest extends SapphireTest {
|
||||
$siteStaff = DataObject::get_one('SiteTree', "URLSegment = '" . Convert::raw2sql($tmplStaff->URLSegment) . "'");
|
||||
$this->assertEquals($siteStaff->MasterPageID, $tmplStaff->ID);
|
||||
|
||||
Subsite::changeSubsite(0);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -71,11 +73,41 @@ class SubsiteTest extends SapphireTest {
|
||||
* Edit a page without actually making any changes and verify that CustomContent isn't set.
|
||||
*/
|
||||
|
||||
function tearDown() {
|
||||
// Return to Subsite #0
|
||||
function testCanEditSiteTree() {
|
||||
$admin = $this->objFromFixture('Member', 'admin');
|
||||
$subsite1member = $this->objFromFixture('Member', 'subsite1member');
|
||||
$subsite2member = $this->objFromFixture('Member', 'subsite2member');
|
||||
$mainpage = $this->objFromFixture('Page', 'home');
|
||||
$subsite1page = $this->objFromFixture('Page', 'subsite1_home');
|
||||
$subsite2page = $this->objFromFixture('Page', 'subsite2_home');
|
||||
$subsite1 = $this->objFromFixture('Subsite_Template', 'subsite1');
|
||||
$subsite2 = $this->objFromFixture('Subsite_Template', 'subsite2');
|
||||
|
||||
$this->assertTrue(
|
||||
$subsite1page->canEdit($admin),
|
||||
'Administrators can edit all subsites'
|
||||
);
|
||||
|
||||
// @todo: Workaround because GroupSubsites->augmentSQL() is relying on session state
|
||||
Subsite::changeSubsite($subsite1);
|
||||
$this->assertTrue(
|
||||
$subsite1page->canEdit($subsite1member),
|
||||
'Members can edit pages on a subsite if they are in a group belonging to this subsite'
|
||||
);
|
||||
|
||||
$this->assertFalse(
|
||||
$subsite1page->canEdit($subsite2member),
|
||||
'Members cant edit pages on a subsite if they are not in a group belonging to this subsite'
|
||||
);
|
||||
|
||||
// @todo: Workaround because GroupSubsites->augmentSQL() is relying on session state
|
||||
Subsite::changeSubsite($subsite2);
|
||||
$this->assertFalse(
|
||||
$mainpage->canEdit($subsite2member),
|
||||
'Members cant edit pages on the main site if they are not in a group allowing this'
|
||||
);
|
||||
|
||||
Subsite::changeSubsite(0);
|
||||
parent::tearDown();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@ -2,10 +2,12 @@ Subsite_Template:
|
||||
main:
|
||||
Title: Template
|
||||
Domain: test.com
|
||||
other:
|
||||
Title: Other Template
|
||||
Domain: other.com
|
||||
|
||||
subsite1:
|
||||
Title: Subsite1 Template
|
||||
Subdomain: subsite1
|
||||
subsite2:
|
||||
Title: Subsite2 Template
|
||||
Subdomain: subsite2
|
||||
Page:
|
||||
home:
|
||||
Title: Home
|
||||
@ -20,26 +22,40 @@ Page:
|
||||
contact:
|
||||
Title: Contact Us
|
||||
SubsiteID: =>Subsite_Template.main
|
||||
|
||||
# Pages from the other template - added here as a control group :-)
|
||||
home2:
|
||||
Title: Home
|
||||
SubsiteID: =>Subsite_Template.other
|
||||
contact2:
|
||||
Title: Contact Us
|
||||
SubsiteID: =>Subsite_Template.other
|
||||
|
||||
#ErrorPage:
|
||||
# 404:
|
||||
# Title: Page not Found
|
||||
# ErrorCode: 404
|
||||
# SubsiteID: =>Subsite_Template.main
|
||||
|
||||
subsite1_home:
|
||||
Title: Home (Subsite 1)
|
||||
SubsiteID: =>Subsite_Template.subsite1
|
||||
subsite1_contactus:
|
||||
Title: Contact Us (Subsite 1)
|
||||
SubsiteID: =>Subsite_Template.subsite1
|
||||
subsite2_home:
|
||||
Title: Home (Subsite 2)
|
||||
SubsiteID: =>Subsite_Template.subsite2
|
||||
subsite2_contactus:
|
||||
Title: Contact Us (Subsite 2)
|
||||
SubsiteID: =>Subsite_Template.subsite2
|
||||
Permission:
|
||||
admin:
|
||||
Code: ADMIN
|
||||
accesscmsmain1:
|
||||
Code: CMS_ACCESS_CMSMain
|
||||
accesscmsmain2:
|
||||
Code: CMS_ACCESS_CMSMain
|
||||
Group:
|
||||
admin:
|
||||
Title: Admin
|
||||
|
||||
|
||||
Code: admin
|
||||
Permissions: =>Permission.admin
|
||||
subsite1_group:
|
||||
Title: subsite1_group
|
||||
Code: subsite1_group
|
||||
Subsite: =>Subsite_Template.subsite1
|
||||
Permissions: =>Permission.accesscmsmain1
|
||||
subsite2_group:
|
||||
Title: subsite2_group
|
||||
Code: subsite1_group
|
||||
Subsite: =>Subsite_Template.subsite2
|
||||
Permissions: =>Permission.accesscmsmain2
|
||||
Member:
|
||||
admin:
|
||||
FirstName: Admin
|
||||
@ -47,8 +63,9 @@ Member:
|
||||
Email: admin@test.com
|
||||
Password: rangi
|
||||
Groups: =>Group.admin
|
||||
|
||||
Permission:
|
||||
admin:
|
||||
Code: ADMIN
|
||||
GroupID: =>Group.admin
|
||||
subsite1member:
|
||||
Email: subsite1member@test.com
|
||||
Groups: =>Group.subsite1_group
|
||||
subsite2member:
|
||||
Email: subsite2member@test.com
|
||||
Groups: =>Group.subsite2_group
|
||||
Loading…
Reference in New Issue
Block a user