mirror of
https://github.com/silverstripe/silverstripe-userforms.git
synced 2024-10-22 17:05:42 +02:00
Merge branch '6.0' into 6.1
This commit is contained in:
commit
b1274c9c53
@ -6,6 +6,8 @@ use SilverStripe\Assets\File;
|
|||||||
use SilverStripe\Control\Director;
|
use SilverStripe\Control\Director;
|
||||||
use SilverStripe\ORM\FieldType\DBField;
|
use SilverStripe\ORM\FieldType\DBField;
|
||||||
use SilverStripe\Versioned\Versioned;
|
use SilverStripe\Versioned\Versioned;
|
||||||
|
use SilverStripe\Security\Member;
|
||||||
|
use SilverStripe\Security\Security;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A file uploaded on a {@link UserDefinedForm} and attached to a single
|
* A file uploaded on a {@link UserDefinedForm} and attached to a single
|
||||||
@ -41,27 +43,40 @@ class SubmittedFileField extends SubmittedFormField
|
|||||||
{
|
{
|
||||||
$name = $this->getFileName();
|
$name = $this->getFileName();
|
||||||
$link = $this->getLink(false);
|
$link = $this->getLink(false);
|
||||||
$title = _t(__CLASS__ . '.DOWNLOADFILE', 'Download File');
|
|
||||||
$message = _t(__CLASS__ . '.INSUFFICIENTRIGHTS', 'You don\'t have the right permissions to download this file');
|
|
||||||
$file = $this->getUploadedFileFromDraft();
|
|
||||||
|
|
||||||
if ($link) {
|
if ($link) {
|
||||||
if ($file->canView()) {
|
$title = _t(__CLASS__ . '.DOWNLOADFILE', 'Download File');
|
||||||
|
$file = $this->getUploadedFileFromDraft();
|
||||||
|
if (!$file->canView()) {
|
||||||
|
if (Security::getCurrentUser()) {
|
||||||
|
// Logged in CMS user without permissions to view file in the CMS
|
||||||
|
$default = 'You don\'t have the right permissions to download this file';
|
||||||
|
$message = _t(__CLASS__ . '..INSUFFICIENTRIGHTS', $default);
|
||||||
|
return DBField::create_field('HTMLText', sprintf(
|
||||||
|
'<i class="icon font-icon-lock"></i> %s - <em>%s</em>',
|
||||||
|
htmlspecialchars($name, ENT_QUOTES),
|
||||||
|
htmlspecialchars($message, ENT_QUOTES)
|
||||||
|
));
|
||||||
|
} else {
|
||||||
|
// Userforms submission filled in by non-logged in user being emailed to recipient
|
||||||
|
$message = _t(__CLASS__ . '.YOUMUSTBELOGGEDIN', 'You must be logged in to view this file');
|
||||||
|
return DBField::create_field('HTMLText', sprintf(
|
||||||
|
'%s - <a href="%s" target="_blank">%s</a> - <em>%s</em>',
|
||||||
|
htmlspecialchars($name, ENT_QUOTES),
|
||||||
|
htmlspecialchars($link, ENT_QUOTES),
|
||||||
|
htmlspecialchars($title, ENT_QUOTES),
|
||||||
|
htmlspecialchars($message, ENT_QUOTES)
|
||||||
|
));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// Logged in CMS user with permissions to view file in the CMS
|
||||||
return DBField::create_field('HTMLText', sprintf(
|
return DBField::create_field('HTMLText', sprintf(
|
||||||
'%s - <a href="%s" target="_blank">%s</a>',
|
'%s - <a href="%s" target="_blank">%s</a>',
|
||||||
htmlspecialchars($name, ENT_QUOTES),
|
htmlspecialchars($name, ENT_QUOTES),
|
||||||
htmlspecialchars($link, ENT_QUOTES),
|
htmlspecialchars($link, ENT_QUOTES),
|
||||||
htmlspecialchars($title, ENT_QUOTES)
|
htmlspecialchars($title, ENT_QUOTES)
|
||||||
));
|
));
|
||||||
} else {
|
|
||||||
return DBField::create_field('HTMLText', sprintf(
|
|
||||||
'<i class="icon font-icon-lock"></i> %s - <em>%s</em>',
|
|
||||||
htmlspecialchars($name, ENT_QUOTES),
|
|
||||||
htmlspecialchars($message, ENT_QUOTES)
|
|
||||||
));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -328,6 +328,7 @@ en:
|
|||||||
one: 'A Submitted File Field'
|
one: 'A Submitted File Field'
|
||||||
other: '{count} Submitted File Fields'
|
other: '{count} Submitted File Fields'
|
||||||
SINGULARNAME: 'Submitted File Field'
|
SINGULARNAME: 'Submitted File Field'
|
||||||
|
YOUMUSTBELOGGEDIN: 'You must be logged in to view this file'
|
||||||
has_one_UploadedFile: 'Uploaded file'
|
has_one_UploadedFile: 'Uploaded file'
|
||||||
SilverStripe\UserForms\Model\Submission\SubmittedForm:
|
SilverStripe\UserForms\Model\Submission\SubmittedForm:
|
||||||
PLURALNAME: 'Submitted Forms'
|
PLURALNAME: 'Submitted Forms'
|
||||||
|
@ -74,35 +74,47 @@ class SubmittedFileFieldTest extends SapphireTest
|
|||||||
// Set an explicit base URL so we get a reliable value for the test
|
// Set an explicit base URL so we get a reliable value for the test
|
||||||
Director::config()->set('alternate_base_url', 'http://mysite.com');
|
Director::config()->set('alternate_base_url', 'http://mysite.com');
|
||||||
$fileName = $this->submittedFile->getFileName();
|
$fileName = $this->submittedFile->getFileName();
|
||||||
$message = "You don't have the right permissions to download this file";
|
$link = 'http://mysite.com/assets/3c01bdbb26/test-SubmittedFileFieldTest.txt';
|
||||||
|
|
||||||
$this->file->CanViewType = 'OnlyTheseUsers';
|
$this->file->CanViewType = 'OnlyTheseUsers';
|
||||||
$this->file->write();
|
$this->file->write();
|
||||||
|
|
||||||
$this->loginWithPermission('ADMIN');
|
// Userforms submission filled in by non-logged in user being emailed to recipient
|
||||||
|
$this->logOut();
|
||||||
$this->assertEquals(
|
$this->assertEquals(
|
||||||
sprintf(
|
sprintf(
|
||||||
'%s - <a href="http://mysite.com/assets/3c01bdbb26/test-SubmittedFileFieldTest.txt" target="_blank">Download File</a>',
|
'%s - <a href="%s" target="_blank">%s</a> - <em>%s</em>',
|
||||||
$fileName
|
$fileName,
|
||||||
|
$link,
|
||||||
|
'Download File',
|
||||||
|
'You must be logged in to view this file'
|
||||||
),
|
),
|
||||||
$this->submittedFile->getFormattedValue()->value
|
$this->submittedFile->getFormattedValue()->value
|
||||||
);
|
);
|
||||||
|
|
||||||
$this->logOut();
|
$this->logOut();
|
||||||
$this->loginWithPermission('CMS_ACCESS_CMSMain');
|
|
||||||
|
// Logged in CMS user without permissions to view file in the CMS
|
||||||
|
$this->logInWithPermission('CMS_ACCESS_CMSMain');
|
||||||
$this->assertEquals(
|
$this->assertEquals(
|
||||||
sprintf(
|
sprintf(
|
||||||
'<i class="icon font-icon-lock"></i> %s - <em>%s</em>',
|
'<i class="icon font-icon-lock"></i> %s - <em>%s</em>',
|
||||||
$fileName,
|
$fileName,
|
||||||
$message
|
'You don't have the right permissions to download this file'
|
||||||
),
|
),
|
||||||
$this->submittedFile->getFormattedValue()->value
|
$this->submittedFile->getFormattedValue()->value
|
||||||
);
|
);
|
||||||
|
$this->logOut();
|
||||||
|
|
||||||
$store = Injector::inst()->get(AssetStore::class);
|
// Logged in CMS user with permissions to view file in the CMS
|
||||||
$this->assertFalse(
|
$this->loginWithPermission('ADMIN');
|
||||||
$store->canView($fileName, $this->file->getHash()),
|
$this->assertEquals(
|
||||||
'Users without canView rights on the file should not have been session granted access to it'
|
sprintf(
|
||||||
|
'%s - <a href="%s" target="_blank">%s</a>',
|
||||||
|
$fileName,
|
||||||
|
$link,
|
||||||
|
'Download File'
|
||||||
|
),
|
||||||
|
$this->submittedFile->getFormattedValue()->value
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user