Merge remote-tracking branch 'origin/3.1.0' into 3.1

silverstripe · Aug 20, 2013 · d4e9471 · d4e9471
2 parents 5757f22 + ba57d42
commit d4e9471
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 38 deletions.
diff --git a/code/controllers/ContentController.php b/code/controllers/ContentController.php
@@ -101,15 +101,25 @@ public function init() {
 
 		if($this->redirectedTo()) return;
 
-		// Check page permissions
-		if($this->dataRecord && $this->URLSegment != 'Security' && !$this->dataRecord->canView()) {
-			$permissionMessage = null;
-
-			// Check if we could view the live version, offer redirect if so
-			if($this->canViewStage('Live')) {
+		// Draft/Archive security check - only CMS users should be able to look at stage/archived content
+		if(
+			$this->URLSegment != 'Security' 
+			&& !Session::get('unsecuredDraftSite') 
+			&& (
+				Versioned::current_archived_date() 
+				|| (Versioned::current_stage() && Versioned::current_stage() != 'Live')
+			)
+		) {
+			if(!$this->dataRecord->canViewStage(Versioned::current_archived_date() ? 'Stage' : Versioned::current_stage())) {
+				$link = $this->Link();
+				$message = _t(
+					"ContentController.DRAFT_SITE_ACCESS_RESTRICTION", 
+					'You must log in with your CMS password in order to view the draft or archived content. ' .
+					'<a href="%s">Click here to go back to the published site.</a>'
+				);
 				Session::clear('currentStage');
 				Session::clear('archiveDate');
-
+				
 				$permissionMessage = sprintf(
 					_t(
 						"ContentController.DRAFT_SITE_ACCESS_RESTRICTION",
@@ -215,7 +225,7 @@ public function httpError($code, $message = null) {
 		$response = $this->request->isMedia() ? null : ErrorPage::response_for($code);
 		// Failover to $message if the HTML response is unavailable / inappropriate
 		parent::httpError($code, $response ? $response : $message);
-	}
+		}
 
 	/**
 	 * Get the project name

diff --git a/code/model/SiteTree.php b/code/model/SiteTree.php
@@ -218,7 +218,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
 	 * Determines if the system should avoid orphaned pages
 	 * by deleting all children when the their parent is deleted (TRUE),
 	 * or rather preserve this data even if its not reachable through any navigation path (FALSE).
-	 *
+	 * 
 	 * @deprecated 3.2 Use the "SiteTree.enforce_strict_hierarchy" config setting instead
 	 * @param boolean
 	 */
@@ -409,7 +409,7 @@ static public function link_shortcode_handler($arguments, $content = null, $pars
 		) {
 			 return; // There were no suitable matches at all.
 		}
-
+		
 		$link = Convert::raw2att($page->Link());
 
 		if($content) {
@@ -445,7 +445,7 @@ public function AbsoluteLink($action = null) {
 			return Director::absoluteURL($this->Link($action));
 		}
 	}
-
+	
 	/**
 	 * Base link used for previewing. Defaults to absolute URL,
 	 * in order to account for domain changes, e.g. on multi site setups.
@@ -841,8 +841,8 @@ public function canView($member = null) {
 		}
 
 		if(!$fromLive
-		   && !Session::get('unsecuredDraftSite')
-		   && !Permission::checkMember($member, array('CMS_ACCESS_CMSMain', 'VIEW_DRAFT_CONTENT'))) {
+			&& !Session::get('unsecuredDraftSite')
+			&& !Permission::checkMember($member, array('CMS_ACCESS_CMSMain', 'VIEW_DRAFT_CONTENT'))) {
 			// If we weren't definitely loaded from live, and we can't view non-live content, we need to
 			// check to make sure this version is the live version and so can be viewed
 			if (Versioned::get_versionnumber_by_stage($this->class, 'Live', $this->ID) != $this->Version) return false;
@@ -876,11 +876,11 @@ public function canView($member = null) {
 
 		return false;
 	}
-
+	
 	/**
 	 * Determines canView permissions for the latest version of this Page on a specific stage (see {@link Versioned}).
 	 * Usually the stage is read from {@link Versioned::current_stage()}.
-	 *
+	 * 
 	 * @todo Implement in CMS UI.
 	 * 
 	 * @param String $stage
@@ -892,7 +892,7 @@ public function canViewStage($stage = 'Live', $member = null) {
 		Versioned::reading_stage($stage);
 
 		$versionFromStage = DataObject::get($this->class)->byID($this->ID);
-
+		
 		Versioned::set_reading_mode($oldMode);
 		return $versionFromStage ? $versionFromStage->canView($member) : false;
 	}
@@ -1335,7 +1335,7 @@ public function MetaTags($includeTitle = true) {
 		if($this->ExtraMeta) { 
 			$tags .= $this->ExtraMeta . "\n";
 		} 
-
+		
 		if(Permission::check('CMS_ACCESS_CMSMain') && in_array('CMSPreviewable', class_implements($this)) && !$this instanceof ErrorPage) {
 			$tags .= "<meta name=\"x-page-id\" content=\"{$this->ID}\" />\n";
 			$tags .= "<meta name=\"x-cms-edit-link\" content=\"" . $this->CMSEditLink() . "\" />\n";
@@ -1605,10 +1605,10 @@ function($v) {return !is_null($v);}
 			'SiteTree', 
 			"\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
 		);
-		
+
 		return !($existingPage);
-	}
-
+		}
+		
 	/**
 	 * Generate a URL segment based on the title provided.
 	 * 
@@ -1712,7 +1712,7 @@ public function DependentPages($includeVirtuals = true) {
             foreach($contentLinks as $item) {
             	$item->DependentLinkType = 'Content link';
             	$linkList->push($item);
-            }
+        }
 			$items->merge($linkList);
         }
 
@@ -1724,9 +1724,9 @@ public function DependentPages($includeVirtuals = true) {
 				foreach($virtuals as $item) {
 					$item->DependentLinkType = 'Virtual page';
 					$virtualList->push($item);
-				}
-				$items->merge($virtualList);
 			}
+				$items->merge($virtualList);
+		}
 		}
 
 		// Redirector pages
@@ -1736,7 +1736,7 @@ public function DependentPages($includeVirtuals = true) {
 			foreach($redirectors as $item) {
 				$item->DependentLinkType = 'Redirector page';
 				$redirectorList->push($item);
-			}
+		}
 			$items->merge($redirectorList);
 		}
 
@@ -1999,9 +1999,9 @@ public function getSettingsFields() {
 						->setAttribute(
 							'data-placeholder', 
 							_t('SiteTree.GroupPlaceholder', 'Click to select group')
-						)
 				)
 			)
+			)
 		);
 
 		$visibility->setTitle($this->fieldLabel('Visibility'));
@@ -2226,14 +2226,14 @@ public function getCMSActions() {
 			// Set up the initial state of the button to reflect the state of the underlying SiteTree object.
 			if($this->stagesDiffer('Stage', 'Live')) {
 				$publish->addExtraClass('ss-ui-alternate');
-			}
 		}
-
+		}
+
 		$actions = new FieldList(array($majorActions, $rootTabSet));
 
 		// Hook for extensions to add/remove actions.
 		$this->extend('updateCMSActions', $actions);
-
+		
 		return $actions;
 	}
 
@@ -2666,7 +2666,7 @@ public function CMSTreeClasses() {
 
 		if(!$this->canEdit() && !$this->canAddChildren()) {
 			if (!$this->canView()) {
-				$classes .= " disabled";
+			$classes .= " disabled";
 			} else {
 				$classes .= " edit-disabled";
 			}

diff --git a/tests/search/SearchFormTest.php b/tests/search/SearchFormTest.php
@@ -11,7 +11,7 @@
 class ZZZSearchFormTest extends FunctionalTest {
 
 	protected static $fixture_file = 'SearchFormTest.yml';
-
+	
 	protected $mockController;
 
 	public function waitUntilIndexingFinished() {
@@ -37,7 +37,7 @@ public function setUp() {
 
 		$this->waitUntilIndexingFinished();
 	}
-
+	
 	/**
 	 * @return Boolean
 	 */
@@ -101,15 +101,14 @@ public function testUnpublishedPagesNotIncluded() {
 			'Unpublished pages are not found by searchform'
 		);
 	}
-
+	
 	public function testPagesRestrictedToLoggedinUsersNotIncluded() {
 		if(!$this->checkFulltextSupport()) return;
 
 		$sf = new SearchForm($this->mockController, 'SearchForm');
 
 		$page = $this->objFromFixture('SiteTree', 'restrictedViewLoggedInUsers');
 		$page->publish('Stage', 'Live');
-
 		$results = $sf->getResults(null, array('Search'=>'restrictedViewLoggedInUsers'));
 		$this->assertNotContains(
 			$page->ID,
@@ -135,7 +134,6 @@ public function testPagesRestrictedToSpecificGroupNotIncluded() {
 
 		$page = $this->objFromFixture('SiteTree', 'restrictedViewOnlyWebsiteUsers');
 		$page->publish('Stage', 'Live');
-
 		$results = $sf->getResults(null, array('Search'=>'restrictedViewOnlyWebsiteUsers'));
 		$this->assertNotContains(
 			$page->ID,
@@ -165,16 +163,13 @@ public function testPagesRestrictedToSpecificGroupNotIncluded() {
 	}
 
 	public function testInheritedRestrictedPagesNotIncluded() {
-		if(!$this->checkFulltextSupport()) return;
-
 		$sf = new SearchForm($this->mockController, 'SearchForm');
 
 		$parent = $this->objFromFixture('SiteTree', 'restrictedViewLoggedInUsers');
 		$parent->publish('Stage', 'Live');
-
+		
 		$page = $this->objFromFixture('SiteTree', 'inheritRestrictedView');
 		$page->publish('Stage', 'Live');
-
 		$results = $sf->getResults(null, array('Search'=>'inheritRestrictedView'));
 		$this->assertNotContains(
 			$page->ID,