Merge branch 'master' of git://github.com/halkyon/silverstripe-subsites into halkyon-master

This commit is contained in:
Sean Harvey 2012-10-12 15:09:38 +13:00
commit d4faeac98f
6 changed files with 113 additions and 16 deletions

View File

@ -127,11 +127,9 @@ class LeftAndMainSubsites extends Extension {
// Switch to a subsite that this user can actually access.
$member = Member::currentUser();
if ($member && Permission::check('ADMIN')) {
return true; //admin can access all subsites
}
if($member && Permission::checkMember($member, 'ADMIN')) return true; // admin can access all subsites
$sites = Subsite::accessible_sites("CMS_ACCESS_{$this->owner->class}")->map('ID', 'Title');
$sites = Subsite::accessible_sites("CMS_ACCESS_{$this->owner->class}", true)->map('ID', 'Title');
if(is_object($sites)) $sites = $sites->toArray();
if($sites && !isset($sites[Subsite::currentSubsiteID()])) {
@ -144,7 +142,7 @@ class LeftAndMainSubsites extends Extension {
$menu = CMSMenu::get_menu_items();
foreach($menu as $candidate) {
if($candidate->controller != $this->owner->class) {
$sites = Subsite::accessible_sites("CMS_ACCESS_{$candidate->controller}")->map('ID', 'Title');
$sites = Subsite::accessible_sites("CMS_ACCESS_{$candidate->controller}", true)->map('ID', 'Title');
if(is_object($sites)) $sites = $sites->toArray();
if($sites && !isset($sites[Subsite::currentSubsiteID()])) {

View File

@ -308,8 +308,7 @@ JS;
}
}
// Only bother flushing caches if we've actually changed
if($subsiteID != self::currentSubsiteID()) Permission::flush_permission_cache();
Permission::flush_permission_cache();
}
/**
@ -413,6 +412,7 @@ JS;
$SQL_perms = join("','", $SQLa_perm);
$memberID = (int)$member->ID;
// Count this user's groups which can access the main site
$groupCount = DB::query("
SELECT COUNT(\"Permission\".\"ID\")
FROM \"Permission\"
@ -422,8 +422,21 @@ JS;
AND \"MemberID\" = {$memberID}
")->value();
return ($groupCount > 0);
// Count this user's groups which have a role that can access the main site
$roleCount = DB::query("
SELECT COUNT(\"PermissionRoleCode\".\"ID\")
FROM \"Group\"
INNER JOIN \"Group_Members\" ON \"Group_Members\".\"GroupID\" = \"Group\".\"ID\"
INNER JOIN \"Group_Roles\" ON \"Group_Roles\".\"GroupID\"=\"Group\".\"ID\"
INNER JOIN \"PermissionRole\" ON \"Group_Roles\".\"PermissionRoleID\"=\"PermissionRole\".\"ID\"
INNER JOIN \"PermissionRoleCode\" ON \"PermissionRole\".\"ID\"=\"PermissionRoleCode\".\"RoleID\"
WHERE \"PermissionRoleCode\".\"Code\" IN ('$SQL_perms')
AND \"Group\".\"AccessAllSubsites\" = 1
AND \"MemberID\" = {$memberID}
")->value();
// There has to be at least one that allows access.
return ($groupCount + $roleCount > 0);
}
/**
@ -514,14 +527,14 @@ JS;
if(!$subsites && $rolesSubsites) return $rolesSubsites;
$subsites = new ArrayList($subsites->toArray());
if($rolesSubsites) foreach($rolesSubsites as $subsite) {
if(!$subsites->containsIDs(array($subsite->ID))) {
if(!$subsites->find('ID', $subsite->ID)) {
$subsites->push($subsite);
}
}
// Include the main site
if(!$subsites) $subsites = new ArrayList();
if($includeMainSite) {
if(!is_array($permCode)) $permCode = array($permCode);
if(self::hasMainSitePermission($member, $permCode)) {
@ -535,7 +548,6 @@ JS;
}
self::$_cache_accessible_sites[$cacheKey] = $subsites;
return $subsites;
}

View File

@ -0,0 +1,43 @@
<?php
class SubsiteAdminFunctionalTest extends FunctionalTest {
static $fixture_file = 'subsites/tests/SubsiteTest.yml';
static $use_draft_site = true;
protected $autoFollowRedirection = false;
/**
* Admin should be able to access all subsites and the main site
*/
function testAdminCanAccessAllSubsites() {
$member = $this->objFromFixture('Member', 'admin');
Session::set("loggedInAs", $member->ID);
$this->get('admin/pages?SubsiteID=0&ajax=1');
$this->get('admin');
$this->assertEquals(Subsite::currentSubsiteID(), '0', 'Can access main site');
$mainSubsite = $this->objFromFixture('Subsite_Template', 'main');
$this->get("admin/pages?SubsiteID={$mainSubsite->ID}&ajax=1");
$this->get('admin');
$this->assertEquals(Subsite::currentSubsiteID(), $mainSubsite->ID, 'Can access the subsite');
}
/**
* User which has AccessAllSubsites set to 1 should be able to access all subsites and main site,
* even though he does not have the ADMIN permission.
*/
function testEditorCanAccessAllSubsites() {
$member = $this->objFromFixture('Member', 'editor');
Session::set("loggedInAs", $member->ID);
$this->get('admin/pages?SubsiteID=0&ajax=1');
$this->get('admin');
$this->assertEquals(Subsite::currentSubsiteID(), '0', 'Can access main site');
$mainSubsite = $this->objFromFixture('Subsite_Template', 'main');
$this->get("admin/pages?SubsiteID={$mainSubsite->ID}&ajax=1");
$this->get('admin');
$this->assertEquals(Subsite::currentSubsiteID(), $mainSubsite->ID, 'Can access the subsite');
}
}

View File

@ -110,3 +110,4 @@ class SubsiteAdminTest extends SapphireTest {
}

View File

@ -261,7 +261,7 @@ class SubsiteTest extends SapphireTest {
$this->objFromFixture('Member', 'subsite1member'));
$member1SiteTitles = $member1Sites->column("Title");
sort($member1SiteTitles);
$this->assertEquals(array('Subsite1 Template'), $member1SiteTitles);
$this->assertEquals('Subsite1 Template', $member1SiteTitles[0], 'Member can get to a subsite via a group');
$adminSites = Subsite::accessible_sites("CMS_ACCESS_CMSMain", false, null,
$this->objFromFixture('Member', 'admin'));
@ -275,8 +275,14 @@ class SubsiteTest extends SapphireTest {
'Test 2',
'Test 3',
), $adminSiteTitles);
$member2Sites = Subsite::accessible_sites("CMS_ACCESS_CMSMain", false, null,
$this->objFromFixture('Member', 'subsite1member2'));
$member2SiteTitles = $member2Sites->column("Title");
sort($member2SiteTitles);
$this->assertEquals('Subsite1 Template', $member2SiteTitles[0], 'Member can get to subsite via a group role');
}
function testhasMainSitePermission() {
$admin = $this->objFromFixture('Member', 'admin');
$subsite1member = $this->objFromFixture('Member', 'subsite1member');

View File

@ -39,6 +39,9 @@ SubsiteDomain:
IsPrimary: 1
SiteTree:
mainSubsitePage:
Title: MainSubsitePage
SubsiteID: 0
home:
Title: Home
SubsiteID: =>Subsite_Template.main
@ -75,11 +78,22 @@ SiteTree:
Title: Contact Us
SubsiteID: =>Subsite_Template.subsite2
PermissionRoleCode:
roleCode1:
Code: CMS_ACCESS_CMSMain
PermissionRole:
role1:
Title: role1
Codes: =>PermissionRoleCode.roleCode1
Group:
admin:
Title: Admin
Code: admin
AccessAllSubsites: 1
editor:
Title: Editor
Code: editor
AccessAllSubsites: 1
subsite1_group:
Title: subsite1_group
Code: subsite1_group
@ -99,10 +113,24 @@ Group:
Title: allsubsitesauthors
Code: allsubsitesauthors
AccessAllSubsites: 1
subsite1_group_via_role:
Title: subsite1_group_via_role
Code: subsite1_group_via_role
AccessAllSubsites: 1
Roles: =>PermissionRole.role1
Permission:
admin:
Code: ADMIN
GroupID: =>Group.admin
editor1:
Code: CMS_ACCESS_CMSMain
GroupID: =>Group.editor
editor2:
Code: SITETREE_VIEW_ALL
GroupID: =>Group.editor
editor3:
Code: VIEW_DRAFT_CONTENT
GroupID: =>Group.editor
accesscmsmain1:
Code: CMS_ACCESS_CMSMain
GroupID: =>Group.subsite1_group
@ -132,6 +160,12 @@ Member:
Email: admin@test.com
Password: rangi
Groups: =>Group.admin
editor:
FirstName: Editor
Surname: User
Email: editor@test.com
Password: rangi
Groups: =>Group.editor
subsite1member:
Email: subsite1member@test.com
Groups: =>Group.subsite1_group
@ -143,4 +177,7 @@ Member:
Groups: =>Group.subsite1admins
allsubsitesauthor:
Email: allsubsitesauthor@test.com
Groups: =>Group.allsubsitesauthors
Groups: =>Group.allsubsitesauthors
subsite1member2:
Email: subsite1member2@test.com
Groups: =>Group.subsite1_group_via_role