mirror of
https://github.com/UndefinedOffset/SortableGridField.git
synced 2024-10-22 17:05:38 +02:00
Added permission checking to ensure the user can edit a row
Added unit tests
This commit is contained in:
UndefinedOffset
parent
20dfa3c9ea
commit
f30a4c8abe
@ -25,6 +25,11 @@ class GridFieldSortableRows implements GridField_HTMLProvider, GridField_ActionP
|
|||||||
$state->sortableToggle = false;
|
$state->sortableToggle = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//Ensure user can edit
|
||||||
|
if(!singleton($gridField->getModelClass())->canEdit()){
|
||||||
|
return array();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
//Sort order toggle
|
//Sort order toggle
|
||||||
$sortOrderToggle = Object::create(
|
$sortOrderToggle = Object::create(
|
||||||
@ -122,6 +127,10 @@ class GridFieldSortableRows implements GridField_HTMLProvider, GridField_ActionP
|
|||||||
* @param Array $data Data submitted in the request
|
* @param Array $data Data submitted in the request
|
||||||
*/
|
*/
|
||||||
private function saveGridRowSort(GridField $gridField, $data) {
|
private function saveGridRowSort(GridField $gridField, $data) {
|
||||||
|
if(!singleton($gridField->getModelClass())->canEdit()){
|
||||||
|
throw new ValidationException(_t('GridFieldSortableRows.EditPermissionsFailure', "No edit permissions"),0);
|
||||||
|
}
|
||||||
|
|
||||||
if (empty($data['Items'])) {
|
if (empty($data['Items'])) {
|
||||||
user_error('No items to sort', E_USER_ERROR);
|
user_error('No items to sort', E_USER_ERROR);
|
||||||
}
|
}
|
||||||
@ -138,6 +147,11 @@ class GridFieldSortableRows implements GridField_HTMLProvider, GridField_ActionP
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
//Start transaction if supported
|
||||||
|
if(DB::getConn()->supportsTransactions()) {
|
||||||
|
DB::getConn()->transactionStart();
|
||||||
|
}
|
||||||
|
|
||||||
$data['Items'] = explode(',', $data['Items']);
|
$data['Items'] = explode(',', $data['Items']);
|
||||||
for($sort = 0;$sort<count($data['Items']);$sort++) {
|
for($sort = 0;$sort<count($data['Items']);$sort++) {
|
||||||
$id = intval($data['Items'][$sort]);
|
$id = intval($data['Items'][$sort]);
|
||||||
@ -151,6 +165,11 @@ class GridFieldSortableRows implements GridField_HTMLProvider, GridField_ActionP
|
|||||||
$obj->write();
|
$obj->write();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//End transaction if supported
|
||||||
|
if(DB::getConn()->supportsTransactions()) {
|
||||||
|
DB::getConn()->transactionEnd();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
@ -1,4 +1,5 @@
|
|||||||
en:
|
en:
|
||||||
GridFieldSortableRows:
|
GridFieldSortableRows:
|
||||||
ALLOW_DRAG_DROP: "Allow Drag and Drop"
|
ALLOW_DRAG_DROP: "Allow Drag and Drop"
|
||||||
DISABLE_PAGINATOR: "Disable Pagenator"
|
DISABLE_PAGINATOR: "Disable Pagenator"
|
||||||
|
EditPermissionsFailure: "No edit permissions"
|
||||||
65
tests/forms/GridFieldSortableRowsTest.php
Normal file
65
tests/forms/GridFieldSortableRowsTest.php
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
<?php
|
||||||
|
class GridFieldSortableRowsTest extends SapphireTest {
|
||||||
|
|
||||||
|
/** @var ArrayList */
|
||||||
|
protected $list;
|
||||||
|
|
||||||
|
/** @var GridField */
|
||||||
|
protected $gridField;
|
||||||
|
|
||||||
|
/** @var Form */
|
||||||
|
protected $form;
|
||||||
|
|
||||||
|
/** @var string */
|
||||||
|
public static $fixture_file = 'GridFieldSortableRowsTest.yml';
|
||||||
|
|
||||||
|
/** @var array */
|
||||||
|
protected $extraDataObjects = array('GridFieldAction_SortOrder_Team');
|
||||||
|
|
||||||
|
public function setUp() {
|
||||||
|
parent::setUp();
|
||||||
|
$this->list = DataList::create('GridFieldAction_SortOrder_Team');
|
||||||
|
$config = GridFieldConfig::create()->addComponent(new GridFieldSortableRows('SortOrder'));
|
||||||
|
$this->gridField = new GridField('testfield', 'testfield', $this->list, $config);
|
||||||
|
$this->form = new Form(new Controller(), 'mockform', new FieldList(array($this->gridField)), new FieldList());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testSortActionWithoutCorrectPermission() {
|
||||||
|
if(Member::currentUser()) { Member::currentUser()->logOut(); }
|
||||||
|
$this->setExpectedException('ValidationException');
|
||||||
|
|
||||||
|
$stateID = 'testGridStateActionField';
|
||||||
|
Session::set($stateID, array('grid'=>'', 'actionName'=>'saveGridRowSort', 'args'=>array('GridFieldSortableRows'=>array('sortableToggle'=>true))));
|
||||||
|
$request = new SS_HTTPRequest('POST', 'url', array('Items'=>'1,3,2'), array('action_gridFieldAlterAction?StateID='.$stateID=>true));
|
||||||
|
$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
|
||||||
|
$this->assertEquals(3, $this->list->count(), 'User should\'t be able to sort records without correct permissions.');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testSortActionWithAdminPermission() {
|
||||||
|
$this->logInWithPermission('ADMIN');
|
||||||
|
$stateID = 'testGridStateActionField';
|
||||||
|
Session::set($stateID, array('grid'=>'', 'actionName'=>'saveGridRowSort', 'args'=>array('GridFieldSortableRows'=>array('sortableToggle'=>true))));
|
||||||
|
$request = new SS_HTTPRequest('POST', 'url', array('Items'=>'1,3,2'), array('action_gridFieldAlterAction?StateID='.$stateID=>true));
|
||||||
|
$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
|
||||||
|
$this->assertEquals(3, $this->list->count(), 'User should be able to sort records with ADMIN permission.');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class GridFieldAction_SortOrder_Team extends DataObject implements TestOnly {
|
||||||
|
static $db = array(
|
||||||
|
'Name' => 'Varchar',
|
||||||
|
'City' => 'Varchar',
|
||||||
|
'SortOrder' => 'Int'
|
||||||
|
);
|
||||||
|
|
||||||
|
static $default_sort='SortOrder';
|
||||||
|
|
||||||
|
public function canView($member = null) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function canDelete($member = null) {
|
||||||
|
return parent::canDelete($member);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
13
tests/forms/GridFieldSortableRowsTest.yml
Normal file
13
tests/forms/GridFieldSortableRowsTest.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
GridFieldAction_SortOrder_Team:
|
||||||
|
team1:
|
||||||
|
Name: Team 1
|
||||||
|
City: Cologne
|
||||||
|
SortOrder: 1
|
||||||
|
team2:
|
||||||
|
Name: Team 2
|
||||||
|
City: Wellington
|
||||||
|
SortOrder: 2
|
||||||
|
team3:
|
||||||
|
Name: Team 3
|
||||||
|
City: Auckland
|
||||||
|
SortOrder: 3
|
||||||
Loading…
Reference in New Issue
Block a user