From b906376c5edbc5e57a6fd8342f9cf96e08494eab Mon Sep 17 00:00:00 2001 From: Raissa North Date: Fri, 13 Jul 2018 12:28:37 +1200 Subject: [PATCH] FIX Check canView() permissions before assigning controllers to BaseElements --- src/Models/ElementalArea.php | 4 +++- tests/ElementControllerTest.php | 2 ++ tests/ElementalAreaTest.php | 12 ++++++++++++ tests/ElementalAreaTest.yml | 12 ++++++++++++ tests/Src/TestElement.php | 8 +++++++- 5 files changed, 36 insertions(+), 2 deletions(-) diff --git a/src/Models/ElementalArea.php b/src/Models/ElementalArea.php index 516f3d9b..829b4a01 100644 --- a/src/Models/ElementalArea.php +++ b/src/Models/ElementalArea.php @@ -109,7 +109,9 @@ public function Breadcrumbs() public function ElementControllers() { $controllers = new ArrayList(); - $items = $this->Elements(); + $items = $this->Elements()->filterByCallback(function (BaseElement $item) { + return $item->canView(); + }); if (!is_null($items)) { foreach ($items as $element) { diff --git a/tests/ElementControllerTest.php b/tests/ElementControllerTest.php index 3e17a61c..d26fc867 100644 --- a/tests/ElementControllerTest.php +++ b/tests/ElementControllerTest.php @@ -36,6 +36,8 @@ protected function setUp() public function testForTemplate() { $element = $this->objFromFixture(TestElement::class, 'element1'); + // Although we read from Versioned::DRAFT, Versioned will still block draft content view permissions + $this->logInWithPermission('ADMIN'); $controller = new TestElementController($element); $this->assertContains('Hello Test', $controller->forTemplate()); diff --git a/tests/ElementalAreaTest.php b/tests/ElementalAreaTest.php index a3609202..18ff04e3 100644 --- a/tests/ElementalAreaTest.php +++ b/tests/ElementalAreaTest.php @@ -33,6 +33,18 @@ public function testElementControllers() $this->assertEquals(2, $controllers->count(), 'Should be a controller per element'); } + + public function testViewPermissionsAreChecked() + { + $area = $this->objFromFixture(ElementalArea::class, 'area2'); + $controllers = $area->ElementControllers(); + $elements = $area->Elements(); + + $this->assertEquals(1, $controllers->count(), + 'Should be one controller only, since one of the elements is not viewable'); + $this->assertEquals(2, $elements->count()); + } + public function testGetOwnerPage() { $area1 = $this->objFromFixture(ElementalArea::class, 'area1'); diff --git a/tests/ElementalAreaTest.yml b/tests/ElementalAreaTest.yml index 1699f051..df5f492e 100644 --- a/tests/ElementalAreaTest.yml +++ b/tests/ElementalAreaTest.yml @@ -20,7 +20,19 @@ DNADesign\Elemental\Tests\Src\TestElement: Title: Element 1 TestValue: 'Hello Test' ParentID: =>DNADesign\Elemental\Models\ElementalArea.area1 + Viewable: true element2: Title: Element 2 TestValue: 'Hello Test 2' ParentID: =>DNADesign\Elemental\Models\ElementalArea.area1 + Viewable: true + element3: + Title: Element 3 + TestValue: 'Hello Test 3' + ParentID: =>DNADesign\Elemental\Models\ElementalArea.area2 + Viewable: true + element4: + Title: Element 4 + TestValue: 'Hello Test 4' + ParentID: =>DNADesign\Elemental\Models\ElementalArea.area2 + Viewable: false diff --git a/tests/Src/TestElement.php b/tests/Src/TestElement.php index 33a66e28..b220bb9f 100644 --- a/tests/Src/TestElement.php +++ b/tests/Src/TestElement.php @@ -10,7 +10,8 @@ class TestElement extends BaseElement implements TestOnly private static $table_name = 'TestElement'; private static $db = [ - 'TestValue' => 'Text' + 'TestValue' => 'Text', + 'Viewable' => 'Boolean' ]; private static $controller_class = TestElementController::class; @@ -19,4 +20,9 @@ public function getType() { return 'A test element'; } + + public function canView($member = null) + { + return parent::canView($member) && $this->Viewable; + } }