BUG Retrieve file by filename

silverstripe · Nov 15, 2019 · 64654ec · 64654ec
1 parent 4372544
commit 64654ec
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 8 deletions.
diff --git a/src/Flysystem/FlysystemAssetStore.php b/src/Flysystem/FlysystemAssetStore.php
@@ -524,9 +524,12 @@ protected function isGranted($fileID)
             return true;
         }
         if ($member = Security::getCurrentUser()) {
-            $file = File::get()->byID($fileID);
-            if ($file) {
-                return (bool) $file->canView($member);
+            $tuple = $this->parseFileID($fileID);
+            if ($tuple && $tuple['Filename']) {
+                $file = File::get()->filter('FileFilename', $tuple['Filename'])->first();
+                if ($file) {
+                    return (bool) $file->canView($member);
+                }
             }
         }
         return false;

diff --git a/tests/php/FileTest.yml b/tests/php/FileTest.yml
@@ -89,12 +89,12 @@ SilverStripe\Assets\File:
     Name: File1.txt
     ParentID: =>SilverStripe\Assets\Folder.folder1
   restrictedFolder-file3:
-    FileFilename: restrictedFolder/File3.txt
+    FileFilename: FileTest-restricted-folder/File3.txt
     FileHash: 55b443b60176235ef09801153cca4e6da7494a0c
     Name: File1.txt
     ParentID: =>SilverStripe\Assets\Folder.restrictedFolder
   restrictedViewFolder-file4:
-    FileFilename: restrictedViewFolder/File4.txt
+    FileFilename: FileTest-restricted-view-folder/File4.txt
     FileHash: 55b443b60176235ef09801153cca4e6da7494a0c
     Name: File4.txt
     ParentID: =>SilverStripe\Assets\Folder.restrictedViewFolder

diff --git a/tests/php/ProtectedFileControllerTest.php b/tests/php/ProtectedFileControllerTest.php
@@ -35,12 +35,19 @@ public function setUp()
 
         // Create a test files for each of the fixture references
         foreach (File::get()->exclude('ClassName', Folder::class) as $file) {
+            $file->publishSingle();
+
             /** @var File $file */
             $path = TestAssetStore::getLocalPath($file);
             Filesystem::makeFolder(dirname($path));
-            $fh = fopen($path, "w+");
-            fwrite($fh, str_repeat('x', 1000000));
-            fclose($fh);
+
+            // Create main file
+            $this->getAssetStore()->setFromString(
+                str_repeat('x', 1000000),
+                $file->Filename,
+                $file->Hash,
+                null
+            );
 
             // Create variant for each file
             $this->getAssetStore()->setFromString(
@@ -50,6 +57,10 @@ public function setUp()
                 'variant'
             );
         }
+
+        /** @var File $protectedFile */
+        $protectedFile = $this->objFromFixture(File::class, 'restrictedViewFolder-file4');
+        $protectedFile->protectFile();
     }
 
     public function tearDown()
@@ -183,6 +194,28 @@ public function testAccessControl()
         $this->assertResponseEquals(404, null, $result);
     }
 
+    public function testAccessWithCanViewAccess()
+    {
+        $fileID = 'assets/FileTest-restricted-view-folder/55b443b601/File4.txt';
+        $fileVariantID = 'assets/FileTest-restricted-view-folder/55b443b601/File4__variant.txt';
+        $expectedContent = str_repeat('x', 1000000);
+        $variantContent = str_repeat('y', 100);
+
+        $this->logOut();
+
+        $result = $this->get($fileID);
+        $this->assertResponseEquals(403, null, $result);
+        $result = $this->get($fileVariantID);
+        $this->assertResponseEquals(403, null, $result);
+
+        $this->logInAs('assetadmin');
+
+        $result = $this->get($fileID);
+        $this->assertResponseEquals(200, $expectedContent, $result);
+        $result = $this->get($fileVariantID);
+        $this->assertResponseEquals(200, $variantContent, $result);
+    }
+
     /**
      * Test that access to folders is not permitted
      */