Merge branch '6.0' into 6.1

This commit is contained in:
github-actions 2023-09-17 22:59:41 +00:00
commit b1274c9c53
3 changed files with 51 additions and 23 deletions

View File

@ -6,6 +6,8 @@ use SilverStripe\Assets\File;
use SilverStripe\Control\Director; use SilverStripe\Control\Director;
use SilverStripe\ORM\FieldType\DBField; use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\Versioned\Versioned; use SilverStripe\Versioned\Versioned;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
/** /**
* A file uploaded on a {@link UserDefinedForm} and attached to a single * A file uploaded on a {@link UserDefinedForm} and attached to a single
@ -41,27 +43,40 @@ class SubmittedFileField extends SubmittedFormField
{ {
$name = $this->getFileName(); $name = $this->getFileName();
$link = $this->getLink(false); $link = $this->getLink(false);
$title = _t(__CLASS__ . '.DOWNLOADFILE', 'Download File');
$message = _t(__CLASS__ . '.INSUFFICIENTRIGHTS', 'You don\'t have the right permissions to download this file');
$file = $this->getUploadedFileFromDraft();
if ($link) { if ($link) {
if ($file->canView()) { $title = _t(__CLASS__ . '.DOWNLOADFILE', 'Download File');
$file = $this->getUploadedFileFromDraft();
if (!$file->canView()) {
if (Security::getCurrentUser()) {
// Logged in CMS user without permissions to view file in the CMS
$default = 'You don\'t have the right permissions to download this file';
$message = _t(__CLASS__ . '..INSUFFICIENTRIGHTS', $default);
return DBField::create_field('HTMLText', sprintf(
'<i class="icon font-icon-lock"></i> %s - <em>%s</em>',
htmlspecialchars($name, ENT_QUOTES),
htmlspecialchars($message, ENT_QUOTES)
));
} else {
// Userforms submission filled in by non-logged in user being emailed to recipient
$message = _t(__CLASS__ . '.YOUMUSTBELOGGEDIN', 'You must be logged in to view this file');
return DBField::create_field('HTMLText', sprintf(
'%s - <a href="%s" target="_blank">%s</a> - <em>%s</em>',
htmlspecialchars($name, ENT_QUOTES),
htmlspecialchars($link, ENT_QUOTES),
htmlspecialchars($title, ENT_QUOTES),
htmlspecialchars($message, ENT_QUOTES)
));
}
} else {
// Logged in CMS user with permissions to view file in the CMS
return DBField::create_field('HTMLText', sprintf( return DBField::create_field('HTMLText', sprintf(
'%s - <a href="%s" target="_blank">%s</a>', '%s - <a href="%s" target="_blank">%s</a>',
htmlspecialchars($name, ENT_QUOTES), htmlspecialchars($name, ENT_QUOTES),
htmlspecialchars($link, ENT_QUOTES), htmlspecialchars($link, ENT_QUOTES),
htmlspecialchars($title, ENT_QUOTES) htmlspecialchars($title, ENT_QUOTES)
)); ));
} else {
return DBField::create_field('HTMLText', sprintf(
'<i class="icon font-icon-lock"></i> %s - <em>%s</em>',
htmlspecialchars($name, ENT_QUOTES),
htmlspecialchars($message, ENT_QUOTES)
));
} }
} }
return false; return false;
} }

View File

@ -328,6 +328,7 @@ en:
one: 'A Submitted File Field' one: 'A Submitted File Field'
other: '{count} Submitted File Fields' other: '{count} Submitted File Fields'
SINGULARNAME: 'Submitted File Field' SINGULARNAME: 'Submitted File Field'
YOUMUSTBELOGGEDIN: 'You must be logged in to view this file'
has_one_UploadedFile: 'Uploaded file' has_one_UploadedFile: 'Uploaded file'
SilverStripe\UserForms\Model\Submission\SubmittedForm: SilverStripe\UserForms\Model\Submission\SubmittedForm:
PLURALNAME: 'Submitted Forms' PLURALNAME: 'Submitted Forms'

View File

@ -74,35 +74,47 @@ class SubmittedFileFieldTest extends SapphireTest
// Set an explicit base URL so we get a reliable value for the test // Set an explicit base URL so we get a reliable value for the test
Director::config()->set('alternate_base_url', 'http://mysite.com'); Director::config()->set('alternate_base_url', 'http://mysite.com');
$fileName = $this->submittedFile->getFileName(); $fileName = $this->submittedFile->getFileName();
$message = "You don&#039;t have the right permissions to download this file"; $link = 'http://mysite.com/assets/3c01bdbb26/test-SubmittedFileFieldTest.txt';
$this->file->CanViewType = 'OnlyTheseUsers'; $this->file->CanViewType = 'OnlyTheseUsers';
$this->file->write(); $this->file->write();
$this->loginWithPermission('ADMIN'); // Userforms submission filled in by non-logged in user being emailed to recipient
$this->logOut();
$this->assertEquals( $this->assertEquals(
sprintf( sprintf(
'%s - <a href="http://mysite.com/assets/3c01bdbb26/test-SubmittedFileFieldTest.txt" target="_blank">Download File</a>', '%s - <a href="%s" target="_blank">%s</a> - <em>%s</em>',
$fileName $fileName,
$link,
'Download File',
'You must be logged in to view this file'
), ),
$this->submittedFile->getFormattedValue()->value $this->submittedFile->getFormattedValue()->value
); );
$this->logOut(); $this->logOut();
$this->loginWithPermission('CMS_ACCESS_CMSMain');
// Logged in CMS user without permissions to view file in the CMS
$this->logInWithPermission('CMS_ACCESS_CMSMain');
$this->assertEquals( $this->assertEquals(
sprintf( sprintf(
'<i class="icon font-icon-lock"></i> %s - <em>%s</em>', '<i class="icon font-icon-lock"></i> %s - <em>%s</em>',
$fileName, $fileName,
$message 'You don&#039;t have the right permissions to download this file'
), ),
$this->submittedFile->getFormattedValue()->value $this->submittedFile->getFormattedValue()->value
); );
$this->logOut();
$store = Injector::inst()->get(AssetStore::class); // Logged in CMS user with permissions to view file in the CMS
$this->assertFalse( $this->loginWithPermission('ADMIN');
$store->canView($fileName, $this->file->getHash()), $this->assertEquals(
'Users without canView rights on the file should not have been session granted access to it' sprintf(
'%s - <a href="%s" target="_blank">%s</a>',
$fileName,
$link,
'Download File'
),
$this->submittedFile->getFormattedValue()->value
); );
} }
} }