mirror of
https://github.com/UndefinedOffset/SortableGridField.git
synced 2024-10-22 15:05:38 +00:00
Added permission checking to ensure the user can edit a row
Added unit tests
This commit is contained in:
UndefinedOffset
parent
20dfa3c9ea
commit
f30a4c8abe
@ -25,6 +25,11 @@ class GridFieldSortableRows implements GridField_HTMLProvider, GridField_ActionP
|
||||
$state->sortableToggle = false;
|
||||
}
|
||||
|
||||
//Ensure user can edit
|
||||
if(!singleton($gridField->getModelClass())->canEdit()){
|
||||
return array();
|
||||
}
|
||||
|
||||
|
||||
//Sort order toggle
|
||||
$sortOrderToggle = Object::create(
|
||||
@ -122,6 +127,10 @@ class GridFieldSortableRows implements GridField_HTMLProvider, GridField_ActionP
|
||||
* @param Array $data Data submitted in the request
|
||||
*/
|
||||
private function saveGridRowSort(GridField $gridField, $data) {
|
||||
if(!singleton($gridField->getModelClass())->canEdit()){
|
||||
throw new ValidationException(_t('GridFieldSortableRows.EditPermissionsFailure', "No edit permissions"),0);
|
||||
}
|
||||
|
||||
if (empty($data['Items'])) {
|
||||
user_error('No items to sort', E_USER_ERROR);
|
||||
}
|
||||
@ -138,6 +147,11 @@ class GridFieldSortableRows implements GridField_HTMLProvider, GridField_ActionP
|
||||
}
|
||||
|
||||
|
||||
//Start transaction if supported
|
||||
if(DB::getConn()->supportsTransactions()) {
|
||||
DB::getConn()->transactionStart();
|
||||
}
|
||||
|
||||
$data['Items'] = explode(',', $data['Items']);
|
||||
for($sort = 0;$sort<count($data['Items']);$sort++) {
|
||||
$id = intval($data['Items'][$sort]);
|
||||
@ -151,6 +165,11 @@ class GridFieldSortableRows implements GridField_HTMLProvider, GridField_ActionP
|
||||
$obj->write();
|
||||
}
|
||||
}
|
||||
|
||||
//End transaction if supported
|
||||
if(DB::getConn()->supportsTransactions()) {
|
||||
DB::getConn()->transactionEnd();
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
@ -2,3 +2,4 @@ en:
|
||||
GridFieldSortableRows:
|
||||
ALLOW_DRAG_DROP: "Allow Drag and Drop"
|
||||
DISABLE_PAGINATOR: "Disable Pagenator"
|
||||
EditPermissionsFailure: "No edit permissions"
|
||||
65
tests/forms/GridFieldSortableRowsTest.php
Normal file
65
tests/forms/GridFieldSortableRowsTest.php
Normal file
@ -0,0 +1,65 @@
|
||||
<?php
|
||||
class GridFieldSortableRowsTest extends SapphireTest {
|
||||
|
||||
/** @var ArrayList */
|
||||
protected $list;
|
||||
|
||||
/** @var GridField */
|
||||
protected $gridField;
|
||||
|
||||
/** @var Form */
|
||||
protected $form;
|
||||
|
||||
/** @var string */
|
||||
public static $fixture_file = 'GridFieldSortableRowsTest.yml';
|
||||
|
||||
/** @var array */
|
||||
protected $extraDataObjects = array('GridFieldAction_SortOrder_Team');
|
||||
|
||||
public function setUp() {
|
||||
parent::setUp();
|
||||
$this->list = DataList::create('GridFieldAction_SortOrder_Team');
|
||||
$config = GridFieldConfig::create()->addComponent(new GridFieldSortableRows('SortOrder'));
|
||||
$this->gridField = new GridField('testfield', 'testfield', $this->list, $config);
|
||||
$this->form = new Form(new Controller(), 'mockform', new FieldList(array($this->gridField)), new FieldList());
|
||||
}
|
||||
|
||||
public function testSortActionWithoutCorrectPermission() {
|
||||
if(Member::currentUser()) { Member::currentUser()->logOut(); }
|
||||
$this->setExpectedException('ValidationException');
|
||||
|
||||
$stateID = 'testGridStateActionField';
|
||||
Session::set($stateID, array('grid'=>'', 'actionName'=>'saveGridRowSort', 'args'=>array('GridFieldSortableRows'=>array('sortableToggle'=>true))));
|
||||
$request = new SS_HTTPRequest('POST', 'url', array('Items'=>'1,3,2'), array('action_gridFieldAlterAction?StateID='.$stateID=>true));
|
||||
$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
|
||||
$this->assertEquals(3, $this->list->count(), 'User should\'t be able to sort records without correct permissions.');
|
||||
}
|
||||
|
||||
public function testSortActionWithAdminPermission() {
|
||||
$this->logInWithPermission('ADMIN');
|
||||
$stateID = 'testGridStateActionField';
|
||||
Session::set($stateID, array('grid'=>'', 'actionName'=>'saveGridRowSort', 'args'=>array('GridFieldSortableRows'=>array('sortableToggle'=>true))));
|
||||
$request = new SS_HTTPRequest('POST', 'url', array('Items'=>'1,3,2'), array('action_gridFieldAlterAction?StateID='.$stateID=>true));
|
||||
$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
|
||||
$this->assertEquals(3, $this->list->count(), 'User should be able to sort records with ADMIN permission.');
|
||||
}
|
||||
}
|
||||
|
||||
class GridFieldAction_SortOrder_Team extends DataObject implements TestOnly {
|
||||
static $db = array(
|
||||
'Name' => 'Varchar',
|
||||
'City' => 'Varchar',
|
||||
'SortOrder' => 'Int'
|
||||
);
|
||||
|
||||
static $default_sort='SortOrder';
|
||||
|
||||
public function canView($member = null) {
|
||||
return true;
|
||||
}
|
||||
|
||||
public function canDelete($member = null) {
|
||||
return parent::canDelete($member);
|
||||
}
|
||||
}
|
||||
?>
|
||||
13
tests/forms/GridFieldSortableRowsTest.yml
Normal file
13
tests/forms/GridFieldSortableRowsTest.yml
Normal file
@ -0,0 +1,13 @@
|
||||
GridFieldAction_SortOrder_Team:
|
||||
team1:
|
||||
Name: Team 1
|
||||
City: Cologne
|
||||
SortOrder: 1
|
||||
team2:
|
||||
Name: Team 2
|
||||
City: Wellington
|
||||
SortOrder: 2
|
||||
team3:
|
||||
Name: Team 3
|
||||
City: Auckland
|
||||
SortOrder: 3
|
||||
Loading…
x
Reference in New Issue
Block a user