FIX Check canView() permissions before assigning controllers to BaseE…

…lements
silverstripe · Jul 18, 2018 · b906376 · b906376
1 parent d2bc854
commit b906376
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 2 deletions.
diff --git a/src/Models/ElementalArea.php b/src/Models/ElementalArea.php
@@ -109,7 +109,9 @@ public function Breadcrumbs()
     public function ElementControllers()
     {
         $controllers = new ArrayList();
-        $items = $this->Elements();
+        $items = $this->Elements()->filterByCallback(function (BaseElement $item) {
+            return $item->canView();
+        });
 
         if (!is_null($items)) {
             foreach ($items as $element) {

diff --git a/tests/ElementControllerTest.php b/tests/ElementControllerTest.php
@@ -36,6 +36,8 @@ protected function setUp()
     public function testForTemplate()
     {
         $element = $this->objFromFixture(TestElement::class, 'element1');
+        // Although we read from Versioned::DRAFT, Versioned will still block draft content view permissions
+        $this->logInWithPermission('ADMIN');
         $controller = new TestElementController($element);
 
         $this->assertContains('Hello Test', $controller->forTemplate());

diff --git a/tests/ElementalAreaTest.php b/tests/ElementalAreaTest.php
@@ -33,6 +33,18 @@ public function testElementControllers()
         $this->assertEquals(2, $controllers->count(), 'Should be a controller per element');
     }
 
+
+    public function testViewPermissionsAreChecked()
+    {
+        $area = $this->objFromFixture(ElementalArea::class, 'area2');
+        $controllers = $area->ElementControllers();
+        $elements = $area->Elements();
+
+        $this->assertEquals(1, $controllers->count(),
+            'Should be one controller only, since one of the elements is not viewable');
+        $this->assertEquals(2, $elements->count());
+    }
+
     public function testGetOwnerPage()
     {
         $area1 = $this->objFromFixture(ElementalArea::class, 'area1');

diff --git a/tests/ElementalAreaTest.yml b/tests/ElementalAreaTest.yml
@@ -20,7 +20,19 @@ DNADesign\Elemental\Tests\Src\TestElement:
     Title: Element 1
     TestValue: 'Hello Test'
     ParentID: =>DNADesign\Elemental\Models\ElementalArea.area1
+    Viewable: true
   element2:
     Title: Element 2
     TestValue: 'Hello Test 2'
     ParentID: =>DNADesign\Elemental\Models\ElementalArea.area1
+    Viewable: true
+  element3:
+    Title: Element 3
+    TestValue: 'Hello Test 3'
+    ParentID: =>DNADesign\Elemental\Models\ElementalArea.area2
+    Viewable: true
+  element4:
+    Title: Element 4
+    TestValue: 'Hello Test 4'
+    ParentID: =>DNADesign\Elemental\Models\ElementalArea.area2
+    Viewable: false
diff --git a/tests/Src/TestElement.php b/tests/Src/TestElement.php
@@ -10,7 +10,8 @@ class TestElement extends BaseElement implements TestOnly
     private static $table_name = 'TestElement';
 
     private static $db = [
-        'TestValue' => 'Text'
+        'TestValue' => 'Text',
+        'Viewable' => 'Boolean'
     ];
 
     private static $controller_class = TestElementController::class;
@@ -19,4 +20,9 @@ public function getType()
     {
         return 'A test element';
     }
+
+    public function canView($member = null)
+    {
+        return parent::canView($member) && $this->Viewable;
+    }
 }