Merge pull request #430 from creative-commoners/pulls/2.3/access-passed-member

FIX LeftAndMainSubsites::canAccess() now accepts a Member argument and falls back to the session member
This commit is contained in:
Dylan Wagstaff 2019-06-24 11:49:50 +12:00 committed by GitHub
commit b3bd51cb6c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 4 deletions

View File

@ -215,11 +215,16 @@ class LeftAndMainSubsites extends LeftAndMainExtension
/** /**
* Check if the current controller is accessible for this user on this subsite. * Check if the current controller is accessible for this user on this subsite.
*
* @param Member $member
*/ */
public function canAccess() public function canAccess(Member $member = null)
{ {
// Admin can access everything, no point in checking. if (!$member) {
$member = Security::getCurrentUser(); $member = Security::getCurrentUser();
}
// Admin can access everything, no point in checking.
if ($member if ($member
&& (Permission::checkMember($member, [ && (Permission::checkMember($member, [
'ADMIN', // Full administrative rights 'ADMIN', // Full administrative rights
@ -238,10 +243,12 @@ class LeftAndMainSubsites extends LeftAndMainExtension
/** /**
* Prevent accessing disallowed resources. This happens after onBeforeInit has executed, * Prevent accessing disallowed resources. This happens after onBeforeInit has executed,
* so all redirections should've already taken place. * so all redirections should've already taken place.
*
* @param Member $member
*/ */
public function alternateAccessCheck() public function alternateAccessCheck(Member $member = null)
{ {
return $this->owner->canAccess(); return $this->owner->canAccess($member);
} }
/** /**

View File

@ -9,6 +9,7 @@ use SilverStripe\CMS\Controllers\CMSPageEditController;
use SilverStripe\Core\Config\Config; use SilverStripe\Core\Config\Config;
use SilverStripe\Dev\FunctionalTest; use SilverStripe\Dev\FunctionalTest;
use SilverStripe\Security\Member; use SilverStripe\Security\Member;
use SilverStripe\Subsites\Extensions\LeftAndMainSubsites;
use SilverStripe\Subsites\Model\Subsite; use SilverStripe\Subsites\Model\Subsite;
use SilverStripe\Subsites\State\SubsiteState; use SilverStripe\Subsites\State\SubsiteState;
@ -100,4 +101,14 @@ class LeftAndMainSubsitesTest extends FunctionalTest
$this->assertTrue($l->shouldChangeSubsite(CMSPageEditController::class, 1, 5)); $this->assertTrue($l->shouldChangeSubsite(CMSPageEditController::class, 1, 5));
$this->assertFalse($l->shouldChangeSubsite(CMSPageEditController::class, 1, 1)); $this->assertFalse($l->shouldChangeSubsite(CMSPageEditController::class, 1, 1));
} }
public function testCanAccessWithPassedMember()
{
$memberID = $this->logInWithPermission('ADMIN');
$member = Member::get()->byID($memberID);
/** @var LeftAndMain&LeftAndMainSubsites $leftAndMain */
$leftAndMain = new LeftAndMain();
$this->assertTrue($leftAndMain->canAccess($member));
}
} }