Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

ENHANCEMENT Added SiteTree->canViewStage() and using it in ContentCon…

…troller->init()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@94253 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information...
commit 8bf1dc5eeeca950e9b896b1000a7d04a54d63e43 1 parent 155e981
@chillu chillu authored
View
2  core/control/ContentController.php
@@ -112,7 +112,7 @@ public function init() {
// Draft/Archive security check - only CMS users should be able to look at stage/archived content
if($this->URLSegment != 'Security' && !Session::get('unsecuredDraftSite') && (Versioned::current_archived_date() || (Versioned::current_stage() && Versioned::current_stage() != 'Live'))) {
- if(!Permission::check('CMS_ACCESS_CMSMain')) {
+ if(!$this->dataRecord->canViewStage(Versioned::current_stage())) {
$link = $this->Link();
$message = _t("ContentController.DRAFT_SITE_ACCESS_RESTRICTION", 'You must log in with your CMS password in order to view the draft or archived content. <a href="%s">Click here to go back to the published site.</a>');
return Security::permissionFailure($this, sprintf($message, "$link?stage=Live"));
View
22 core/model/SiteTree.php
@@ -740,6 +740,28 @@ public function canView($member = null) {
return false;
}
+
+ /**
+ * Determines permissions for a specific stage (see {@link Versioned}).
+ * Usually the stage is read from {@link Versioned::current_stage()}.
+ * Falls back to {@link canView}.
+ *
+ * @todo Implement in CMS UI.
+ *
+ * @param String $stage
+ * @param Member $member
+ * @return boolean
+ */
+ function canViewStage($stage, $member = null) {
+ if(!$member) $member = Member::currentUser();
+
+ if(
+ strtolower($stage) == 'stage' &&
+ !Permission::checkMember($member, 'CMS_ACCESS_CMSMain')
+ ) return false;
+
+ return $this->canView($member);
+ }
/**
* This function should return true if the current user can delete this
View
12 tests/SiteTreePermissionsTest.php
@@ -30,6 +30,18 @@ function setUp() {
$this->autoFollowRedirection = false;
}
+ function testCanViewStage() {
+ $page = $this->objFromFixture('Page', 'standardpage');
+ $editor = $this->objFromFixture('Member', 'editor');
+ $websiteuser = $this->objFromFixture('Member', 'websiteuser');
+
+ $this->assertTrue($page->canViewStage('Live', $websiteuser));
+ $this->assertFalse($page->canViewStage('Stage', $websiteuser));
+
+ $this->assertTrue($page->canViewStage('Live', $editor));
+ $this->assertTrue($page->canViewStage('Stage', $editor));
+ }
+
function testAccessTabOnlyDisplaysWithGrantAccessPermissions() {
$page = $this->objFromFixture('Page', 'standardpage');
View
35 tests/control/ContentControllerPermissionsTest.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * @package sapphire
+ * @subpackage tests
+ */
+class ContentControllerPermissionTest extends FunctionalTest {
+
+ protected $usesDatabase = true;
+
+ protected $autoFollowRedirection = false;
+
+ public function testCanViewStage() {
+ $page = new Page();
+ $page->URLSegment = 'testpage';
+ $page->write();
+ $page->publish('Stage', 'Live');
+
+ $response = $this->get('/testpage');
+ $this->assertEquals($response->getStatusCode(), 200);
+
+ $response = $this->get('/testpage/?stage=Live');
+ $this->assertEquals($response->getStatusCode(), 200);
+
+ $response = $this->get('/testpage/?stage=Stage');
+ // should redirect to login
+ $this->assertEquals($response->getStatusCode(), 302);
+
+ $this->logInWithPermssion('CMS_ACCESS_CMSMain');
+
+ $response = $this->get('/testpage/?stage=Stage');
+ $this->assertEquals($response->getStatusCode(), 200);
+ }
+
+
+}
Please sign in to comment.
Something went wrong with that request. Please try again.