Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

BUG Enforce $allowed_children in controllers on page creation (fixes …

…#7694)

Original bug fix contributed by @kmayo-ss
  • Loading branch information...
commit 1cd82e2db1ab2bf3d60184b0b4e9aa626acb0b2e 1 parent e540166
@chillu chillu authored
Showing with 48 additions and 1 deletion.
  1. +1 −1  code/model/SiteTree.php
  2. +47 −0 tests/controller/CMSMainTest.php
View
2  code/model/SiteTree.php
@@ -1511,7 +1511,7 @@ function validate() {
// deconstructs any inheritance trees already.
$allowed = $parent->allowedChildren();
$subject = ($this instanceof VirtualPage) ? $this->CopyContentFrom() : $this;
- if($subject->ID && !in_array($subject->ClassName, $allowed)) {
+ if(!in_array($subject->ClassName, $allowed)) {
$result->error(
_t(
View
47 tests/controller/CMSMainTest.php
@@ -4,6 +4,7 @@
* @subpackage tests
*/
class CMSMainTest extends FunctionalTest {
+
static $fixture_file = 'CMSMainTest.yml';
protected $autoFollowRedirection = false;
@@ -221,6 +222,44 @@ function testCreationOfTopLevelPage(){
$this->session()->inst_set('loggedInAs', NULL);
}
+ function testCreationOfRestrictedPage(){
+ $adminUser = $this->objFromFixture('Member', 'admin');
+ $adminUser->logIn();
+
+ // Create toplevel page
+ $this->get('admin/pages/add');
+ $response = $this->post(
+ 'admin/pages/add/AddForm',
+ array('ParentID' => '0', 'PageType' => 'CMSMainTest_ClassA', 'Locale' => 'en_US', 'action_doAdd' => 1)
+ );
+ $this->assertFalse($response->isError());
+ preg_match('/edit\/show\/(\d*)/', $response->getHeader('Location'), $matches);
+ $newPageId = $matches[1];
+
+ // Create allowed child
+ $this->get('admin/pages/add');
+ $response = $this->post(
+ 'admin/pages/add/AddForm',
+ array('ParentID' => $newPageId, 'PageType' => 'CMSMainTest_ClassB', 'Locale' => 'en_US', 'action_doAdd' => 1)
+ );
+ $this->assertFalse($response->isError());
+ $this->assertNull($response->getBody());
+
+ // Create disallowed child
+ $this->get('admin/pages/add');
+ $response = $this->post(
+ 'admin/pages/add/AddForm',
+ array('ParentID' => $newPageId, 'PageType' => 'Page', 'Locale' => 'en_US', 'action_doAdd' => 1)
+ );
+ $this->assertFalse($response->isError());
+ $this->assertContains(
+ _t('SiteTree.PageTypeNotAllowed', array('type' => 'Page')),
+ $response->getBody()
+ );
+
+ $this->session()->inst_set('loggedInAs', NULL);
+ }
+
function testBreadcrumbs() {
$page3 = $this->objFromFixture('Page', 'page3');
$page31 = $this->objFromFixture('Page', 'page31');
@@ -239,3 +278,11 @@ function testBreadcrumbs() {
$this->session()->inst_set('loggedInAs', null);
}
}
+
+class CMSMainTest_ClassA extends Page implements TestOnly {
+ static $allowed_children = array('CMSMainTest_ClassB');
+}
+
+class CMSMainTest_ClassB extends Page implements TestOnly {
+
+}
Please sign in to comment.
Something went wrong with that request. Please try again.