From f1510dca9e8527c3df65d14ac5a707124aa1cb1b Mon Sep 17 00:00:00 2001 From: Steve Boyd Date: Wed, 6 Sep 2023 10:54:20 +1200 Subject: [PATCH] FIX Renable email link to submitted file --- code/Model/Submission/SubmittedFileField.php | 39 ++++++++++++++------ lang/en.yml | 1 + tests/php/Model/SubmittedFileFieldTest.php | 31 +++++++++++----- 3 files changed, 49 insertions(+), 22 deletions(-) diff --git a/code/Model/Submission/SubmittedFileField.php b/code/Model/Submission/SubmittedFileField.php index 1a57cce..c89afb8 100755 --- a/code/Model/Submission/SubmittedFileField.php +++ b/code/Model/Submission/SubmittedFileField.php @@ -6,6 +6,8 @@ use SilverStripe\Assets\File; use SilverStripe\Control\Director; use SilverStripe\ORM\FieldType\DBField; use SilverStripe\Versioned\Versioned; +use SilverStripe\Security\Member; +use SilverStripe\Security\Security; /** * A file uploaded on a {@link UserDefinedForm} and attached to a single @@ -41,27 +43,40 @@ class SubmittedFileField extends SubmittedFormField { $name = $this->getFileName(); $link = $this->getLink(false); - $title = _t(__CLASS__ . '.DOWNLOADFILE', 'Download File'); - $message = _t(__CLASS__ . '.INSUFFICIENTRIGHTS', 'You don\'t have the right permissions to download this file'); - $file = $this->getUploadedFileFromDraft(); - if ($link) { - if ($file->canView()) { + $title = _t(__CLASS__ . '.DOWNLOADFILE', 'Download File'); + $file = $this->getUploadedFileFromDraft(); + if (!$file->canView()) { + if (Security::getCurrentUser()) { + // Logged in CMS user without permissions to view file in the CMS + $default = 'You don\'t have the right permissions to download this file'; + $message = _t(__CLASS__ . '..INSUFFICIENTRIGHTS', $default); + return DBField::create_field('HTMLText', sprintf( + ' %s - %s', + htmlspecialchars($name, ENT_QUOTES), + htmlspecialchars($message, ENT_QUOTES) + )); + } else { + // Userforms submission filled in by non-logged in user being emailed to recipient + $message = _t(__CLASS__ . '.YOUMUSTBELOGGEDIN', 'You must be logged in to view this file'); + return DBField::create_field('HTMLText', sprintf( + '%s - %s - %s', + htmlspecialchars($name, ENT_QUOTES), + htmlspecialchars($link, ENT_QUOTES), + htmlspecialchars($title, ENT_QUOTES), + htmlspecialchars($message, ENT_QUOTES) + )); + } + } else { + // Logged in CMS user with permissions to view file in the CMS return DBField::create_field('HTMLText', sprintf( '%s - %s', htmlspecialchars($name, ENT_QUOTES), htmlspecialchars($link, ENT_QUOTES), htmlspecialchars($title, ENT_QUOTES) )); - } else { - return DBField::create_field('HTMLText', sprintf( - ' %s - %s', - htmlspecialchars($name, ENT_QUOTES), - htmlspecialchars($message, ENT_QUOTES) - )); } } - return false; } diff --git a/lang/en.yml b/lang/en.yml index 0227104..98515b2 100644 --- a/lang/en.yml +++ b/lang/en.yml @@ -328,6 +328,7 @@ en: one: 'A Submitted File Field' other: '{count} Submitted File Fields' SINGULARNAME: 'Submitted File Field' + YOUMUSTBELOGGEDIN: 'You must be logged in to view this file' has_one_UploadedFile: 'Uploaded file' SilverStripe\UserForms\Model\Submission\SubmittedForm: PLURALNAME: 'Submitted Forms' diff --git a/tests/php/Model/SubmittedFileFieldTest.php b/tests/php/Model/SubmittedFileFieldTest.php index ac67789..865ff66 100644 --- a/tests/php/Model/SubmittedFileFieldTest.php +++ b/tests/php/Model/SubmittedFileFieldTest.php @@ -73,34 +73,45 @@ class SubmittedFileFieldTest extends SapphireTest // Set an explicit base URL so we get a reliable value for the test Director::config()->set('alternate_base_url', 'http://mysite.com'); $fileName = $this->submittedFile->getFileName(); - $message = "You don't have the right permissions to download this file"; + $link = 'http://mysite.com/assets/3c01bdbb26/test-SubmittedFileFieldTest.txt'; $this->file->CanViewType = 'OnlyTheseUsers'; $this->file->write(); - $this->loginWithPermission('ADMIN'); + // Userforms submission filled in by non-logged in user being emailed to recipient + $this->logOut(); $this->assertEquals( sprintf( - '%s - Download File', - $fileName + '%s - %s - %s', + $fileName, + $link, + 'Download File', + 'You must be logged in to view this file' ), $this->submittedFile->getFormattedValue()->value ); - $this->loginWithPermission('CMS_ACCESS_CMSMain'); + // Logged in CMS user without permissions to view file in the CMS + $this->logInWithPermission('CMS_ACCESS_CMSMain'); $this->assertEquals( sprintf( ' %s - %s', $fileName, - $message + 'You don't have the right permissions to download this file' ), $this->submittedFile->getFormattedValue()->value ); - $store = Injector::inst()->get(AssetStore::class); - $this->assertFalse( - $store->canView($fileName, $this->file->getHash()), - 'Users without canView rights on the file should not have been session granted access to it' + // Logged in CMS user with permissions to view file in the CMS + $this->loginWithPermission('ADMIN'); + $this->assertEquals( + sprintf( + '%s - %s', + $fileName, + $link, + 'Download File' + ), + $this->submittedFile->getFormattedValue()->value ); } }