Skip to content
This repository
Browse code

BUG Enforce $allowed_children in controllers on page creation (fixes …

…#7694)

Original bug fix contributed by @kmayo-ss
  • Loading branch information...
commit 1cd82e2db1ab2bf3d60184b0b4e9aa626acb0b2e 1 parent e540166
Ingo Schommer authored
2  code/model/SiteTree.php
@@ -1511,7 +1511,7 @@ function validate() {
1511 1511
 			// deconstructs any inheritance trees already.
1512 1512
 			$allowed = $parent->allowedChildren();
1513 1513
 			$subject = ($this instanceof VirtualPage) ? $this->CopyContentFrom() : $this;
1514  
-			if($subject->ID && !in_array($subject->ClassName, $allowed)) {
  1514
+			if(!in_array($subject->ClassName, $allowed)) {
1515 1515
 				
1516 1516
 				$result->error(
1517 1517
 					_t(
47  tests/controller/CMSMainTest.php
@@ -4,6 +4,7 @@
4 4
  * @subpackage tests
5 5
  */
6 6
 class CMSMainTest extends FunctionalTest {
  7
+
7 8
 	static $fixture_file = 'CMSMainTest.yml';
8 9
 	
9 10
 	protected $autoFollowRedirection = false;
@@ -221,6 +222,44 @@ function testCreationOfTopLevelPage(){
221 222
 		$this->session()->inst_set('loggedInAs', NULL);
222 223
 	}
223 224
 
  225
+	function testCreationOfRestrictedPage(){
  226
+		$adminUser = $this->objFromFixture('Member', 'admin');
  227
+		$adminUser->logIn();
  228
+
  229
+		// Create toplevel page
  230
+		$this->get('admin/pages/add');
  231
+		$response = $this->post(
  232
+			'admin/pages/add/AddForm', 
  233
+			array('ParentID' => '0', 'PageType' => 'CMSMainTest_ClassA', 'Locale' => 'en_US', 'action_doAdd' => 1)
  234
+		);
  235
+		$this->assertFalse($response->isError());
  236
+		preg_match('/edit\/show\/(\d*)/', $response->getHeader('Location'), $matches);
  237
+		$newPageId = $matches[1];
  238
+
  239
+		// Create allowed child
  240
+		$this->get('admin/pages/add');
  241
+		$response = $this->post(
  242
+			'admin/pages/add/AddForm', 
  243
+			array('ParentID' => $newPageId, 'PageType' => 'CMSMainTest_ClassB', 'Locale' => 'en_US', 'action_doAdd' => 1)
  244
+		);
  245
+		$this->assertFalse($response->isError());
  246
+		$this->assertNull($response->getBody());
  247
+
  248
+		// Create disallowed child
  249
+		$this->get('admin/pages/add');
  250
+		$response = $this->post(
  251
+			'admin/pages/add/AddForm', 
  252
+			array('ParentID' => $newPageId, 'PageType' => 'Page', 'Locale' => 'en_US', 'action_doAdd' => 1)
  253
+		);
  254
+		$this->assertFalse($response->isError());
  255
+		$this->assertContains(
  256
+			_t('SiteTree.PageTypeNotAllowed', array('type' => 'Page')),
  257
+			$response->getBody()
  258
+		);
  259
+
  260
+		$this->session()->inst_set('loggedInAs', NULL);
  261
+	}
  262
+
224 263
 	function testBreadcrumbs() {
225 264
 		$page3 = $this->objFromFixture('Page', 'page3');		
226 265
 		$page31 = $this->objFromFixture('Page', 'page31');		
@@ -239,3 +278,11 @@ function testBreadcrumbs() {
239 278
 		$this->session()->inst_set('loggedInAs', null);
240 279
 	}
241 280
 }
  281
+
  282
+class CMSMainTest_ClassA extends Page implements TestOnly {
  283
+	static $allowed_children = array('CMSMainTest_ClassB');
  284
+}
  285
+
  286
+class CMSMainTest_ClassB extends Page implements TestOnly {
  287
+	
  288
+}

0 notes on commit 1cd82e2

Please sign in to comment.
Something went wrong with that request. Please try again.