Permalink
Browse files

NEW Restrict upload abilities in UploadField

  • Loading branch information...
1 parent 5f8115f commit 9310b8d86d0e82ce7f66017f7940fbf050e4b8f7 @chillu chillu committed Jan 9, 2013
Showing with 70 additions and 11 deletions.
  1. +2 −2 css/UploadField.css
  2. +13 −1 forms/UploadField.php
  3. +3 −2 scss/UploadField.scss
  4. +8 −4 templates/UploadField.ss
  5. +44 −2 tests/forms/uploadfield/UploadFieldTest.php
View

Some generated files are not rendered by default. Learn more.

Oops, something went wrong.
View
@@ -81,6 +81,10 @@ class UploadField extends FileField {
* @var int
*/
'allowedMaxFileNumber' => null,
+ /**
+ * @var boolean Can the user upload new files, or just select from existing files.
+ */
+ 'canUpload' => true,
/**
* @var int
*/
@@ -441,7 +445,9 @@ public function handleSelect(SS_HTTPRequest $request) {
* @return string json
*/
public function upload(SS_HTTPRequest $request) {
- if($this->isDisabled() || $this->isReadonly()) return $this->httpError(403);
+ if($this->isDisabled() || $this->isReadonly() || !$this->canUpload()) {
+ return $this->httpError(403);
+ }
// Protect against CSRF on destructive action
$token = $this->getForm()->getSecurityToken();
@@ -629,6 +635,12 @@ public function isSaveable() {
// Don't allow upload or edit of a relation when the underlying record hasn't been persisted yet
return (!$record || !$this->managesRelation() || $record->exists());
}
+
+ public function canUpload() {
+ $can = $this->getConfig('canUpload');
+ return (is_bool($can)) ? $can : Permission::check($can);
+ }
+
}
/**
View
@@ -47,11 +47,12 @@
border: 2px dashed $color-medium-separator;
background: $color-light-separator;
display: none;
+ margin-right: 15px;
}
}
.ss-uploadfield-item-info {
- margin: 0 0 0 100px;
-
+ float: left;
+
.ss-uploadfield-item-name {
display: block;
line-height: 13px;
View
@@ -34,13 +34,15 @@
<% end_if %>
<% else %>
<div class="ss-uploadfield-item ss-uploadfield-addfile<% if $Items && $displayInput %> borderTop<% end_if %>" <% if not $displayInput %>style="display: none;"<% end_if %>>
+ <% if canUpload %>
<div class="ss-uploadfield-item-preview ss-uploadfield-dropzone ui-corner-all">
<% if $multiple %>
<% _t('UploadField.DROPFILES', 'drop files') %>
<% else %>
<% _t('UploadField.DROPFILE', 'drop a file') %>
<% end_if %>
</div>
+ <% end_if %>
<div class="ss-uploadfield-item-info">
<label class="ss-uploadfield-item-name"><b>
<% if $multiple %>
@@ -49,10 +51,12 @@
<% _t('UploadField.ATTACHFILE', 'Attach a file') %>
<% end_if %>
</b></label>
- <label class="ss-uploadfield-fromcomputer ss-ui-button ui-corner-all" data-icon="drive-upload">
- <% _t('UploadField.FROMCOMPUTER', 'From your computer') %>
- <input id="$id" name="$getName" class="$extraClass ss-uploadfield-fromcomputer-fileinput" data-config="$configString" type="file"<% if $multiple %> multiple="multiple"<% end_if %> />
- </label>
+ <% if canUpload %>
+ <label class="ss-uploadfield-fromcomputer ss-ui-button ui-corner-all" data-icon="drive-upload">
+ <% _t('UploadField.FROMCOMPUTER', 'From your computer') %>
+ <input id="$id" name="$getName" class="$extraClass ss-uploadfield-fromcomputer-fileinput" data-config="$configString" type="file"<% if $multiple %> multiple="multiple"<% end_if %> />
+ </label>
+ <% end_if %>
<button class="ss-uploadfield-fromfiles ss-ui-button ui-corner-all" data-icon="network-cloud"><% _t('UploadField.FROMFILES', 'From files') %></button>
<% if not $autoUpload %>
<button class="ss-uploadfield-startall ss-ui-button ui-corner-all" data-icon="navigation"><% _t('UploadField.STARTALL', 'Start all') %></button>
@@ -476,6 +476,42 @@ public function testDisabled() {
}
+ public function testCanUpload() {
+ $this->loginWithPermission('ADMIN');
+ $response = $this->get('UploadFieldTest_Controller');
+ $this->assertFalse($response->isError());
+
+ $parser = new CSSContentParser($response->getBody());
+ $this->assertFalse(
+ (bool)$parser->getBySelector('#CanUploadFalseField .ss-uploadfield-fromcomputer-fileinput'),
+ 'Removes input file control'
+ );
+ $this->assertFalse((bool)$parser->getBySelector('#CanUploadFalseField .ss-uploadfield-dropzone'),
+ 'Removes dropzone');
+ $this->assertTrue(
+ (bool)$parser->getBySelector('#CanUploadFalseField .ss-uploadfield-fromfiles'),
+ 'Keeps "From files" button'
+ );
+ }
+
+ public function testCanUploadWithPermissionCode() {
+ $field = new UploadField('MyField');
+
+ $field->setConfig('canUpload', true);
+ $this->assertTrue($field->canUpload());
+
+ $field->setConfig('canUpload', false);
+ $this->assertFalse($field->canUpload());
+
+ $this->loginWithPermission('ADMIN');
+
+ $field->setConfig('canUpload', false);
+ $this->assertFalse($field->canUpload());
+
+ $field->setConfig('canUpload', 'ADMIN');
+ $this->assertTrue($field->canUpload());
+ }
+
public function testIsSaveable() {
$form = $this->getMockForm();
@@ -775,6 +811,10 @@ public function Form() {
$fieldSubfolder->setFolderName('UploadFieldTest/subfolder1');
$fieldSubfolder->setRecord($record);
+ $fieldCanUploadFalse = new UploadField('CanUploadFalseField');
+ $fieldCanUploadFalse->setConfig('canUpload', false);
+ $fieldCanUploadFalse->setRecord($record);
+
$form = new Form(
$this,
'Form',
@@ -789,7 +829,8 @@ public function Form() {
$fieldManyMany,
$fieldReadonly,
$fieldDisabled,
- $fieldSubfolder
+ $fieldSubfolder,
+ $fieldCanUploadFalse
),
new FieldList(
new FormAction('submit')
@@ -805,7 +846,8 @@ public function Form() {
'ManyManyFiles',
'ReadonlyField',
'DisabledField',
- 'SubfolderField'
+ 'SubfolderField',
+ 'CanUploadFalseField'
)
);
return $form;

0 comments on commit 9310b8d

Please sign in to comment.