Merge branch '2.6' into 2.7-release

2022-12-19 13:52:24 +13:00 · 2022-12-19 13:52:24 +13:00 · 901dbc8848
parent a7e9e8dcdc 4308ac4316
commit 901dbc8848
3 changed files with 90 additions and 3 deletions
--- a/src/Extensions/FileSubsites.php
+++ b/src/Extensions/FileSubsites.php
@ -116,9 +116,9 @@ class FileSubsites extends DataExtension
        }

        // Check the CMS_ACCESS_SecurityAdmin privileges on the subsite that owns this group
-        $subsiteID = SubsiteState::singleton()->getSubsiteId();
-        if ($subsiteID && $subsiteID == $this->owner->SubsiteID) {
-            return true;
+        $currentSubsiteID = SubsiteState::singleton()->getSubsiteId();
+        if ($currentSubsiteID && $currentSubsiteID !== $this->owner->SubsiteID) {
+            return false;
        }

        return SubsiteState::singleton()->withState(function (SubsiteState $newState) use ($member) {
--- a/tests/php/FileSubsitesTest.php
+++ b/tests/php/FileSubsitesTest.php
@ -8,6 +8,7 @@ use SilverStripe\Core\Config\Config;
 use SilverStripe\Forms\FieldList;
 use SilverStripe\Subsites\Extensions\FileSubsites;
 use SilverStripe\Subsites\Model\Subsite;
+use SilverStripe\Security\Member;

 class FileSubsitesTest extends BaseSubsiteTest
 {
@ -65,4 +66,64 @@ class FileSubsitesTest extends BaseSubsiteTest
        $file->onAfterUpload();
        $this->assertEquals($folder->SubsiteID, $file->SubsiteID);
    }
+
+    /**
+     * @dataProvider provideTestCanEdit
+     */
+    public function testCanEdit(
+        string $fileKey,
+        string $memberKey,
+        string $currentSubsiteKey,
+        bool $expected
+    ): void {
+        $file = $this->objFromFixture(File::class, $fileKey);
+        $subsiteID = ($currentSubsiteKey === 'mainsite')
+            ? 0 : $this->objFromFixture(Subsite::class, $currentSubsiteKey)->ID;
+        $member = $this->objFromFixture(Member::class, $memberKey);
+        Subsite::changeSubsite($subsiteID);
+        $this->assertSame($expected, $file->canEdit($member));
+    }
+
+    public function provideTestCanEdit(): array
+    {
+        $ret = [];
+        $data = [
+            // file
+            'subsite1file' => [
+                // member - has permissions to edit the file
+                'filetestyes' => [
+                    // current subite => expected canEdit()
+                    'subsite1' => true,
+                    'subsite2' => false,
+                    'mainsite' => true
+                ],
+                // member - does not have permissions to edit the file
+                'filetestno' => [
+                    'subsite1' => false,
+                    'subsite2' => false,
+                    'mainsite' => false
+                ],
+            ],
+            'mainsitefile' => [
+                'filetestyes' => [
+                    'subsite1' => true,
+                    'subsite2' => true,
+                    'mainsite' => true
+                ],
+                'filetestno' => [
+                    'subsite1' => false,
+                    'subsite2' => false,
+                    'mainsite' => false
+                ],
+            ]
+        ];
+        foreach (array_keys($data) as $fileKey) {
+            foreach (array_keys($data[$fileKey]) as $memberKey) {
+                foreach ($data[$fileKey][$memberKey] as $currentSubsiteKey => $expected) {
+                    $ret[] = [$fileKey, $memberKey, $currentSubsiteKey, $expected];
+                }
+            }
+        }
+        return $ret;
+    }
 }
--- a/tests/php/SubsiteTest.yml
+++ b/tests/php/SubsiteTest.yml
@ -172,6 +172,10 @@ SilverStripe\Security\Group:
    Code: subsite1_group_via_role
    AccessAllSubsites: 1
    Roles: =>SilverStripe\Security\PermissionRole.role1
+  filetest:
+    Title: filetest
+    Code: filetest
+    AccessAllSubsites: 1
 SilverStripe\Security\Permission:
  admin:
    Code: ADMIN
@ -206,6 +210,9 @@ SilverStripe\Security\Permission:
  adminsubsite1:
    Code: ADMIN
    GroupID: =>SilverStripe\Security\Group.subsite1admins
+  filetest:
+    Code: CMS_ACCESS_CMSMain
+    GroupID: =>SilverStripe\Security\Group.filetest

 SilverStripe\Security\Member:
  admin:
@ -235,7 +242,26 @@ SilverStripe\Security\Member:
  subsite1member2:
    Email: subsite1member2@test.com
    Groups: =>SilverStripe\Security\Group.subsite1_group_via_role
+  filetestyes:
+    Email: filetestyes@test.com
+    Groups: =>SilverStripe\Security\Group.filetest
+  filetestno:
+    Email: filetestno@test.com

 SilverStripe\SiteConfig\SiteConfig:
  config:
    CanCreateTopLevelType: LoggedInUsers
+
+SilverStripe\Assets\File:
+  subsite1file:
+    Name: subsitefile.pdf
+    Title: subsitefile
+    SubsiteID: =>SilverStripe\Subsites\Model\Subsite.subsite1
+    CanEditType: OnlyTheseUsers
+    EditorGroups: =>SilverStripe\Security\Group.filetest
+  mainsitefile:
+    Name: mainsitefile.pdf
+    Title: mainsitefile
+    SubsiteID: 0
+    CanEditType: OnlyTheseUsers
+    EditorGroups: =>SilverStripe\Security\Group.filetest