From 52c5db2fd70bc6ec58511ad694b81b2335480498 Mon Sep 17 00:00:00 2001 From: Nic Date: Tue, 17 Dec 2019 16:06:56 -0600 Subject: [PATCH] BUGFIX check permissions before returning product list (#28) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * BUGFIX check permissions before returning product list * UPDATE tests * UPDATE tests and skip * UPDATE remove unused “$count” var --- src/Page/ProductCategory.php | 5 +++++ tests/Page/ProductCategoryTest.php | 28 ++++++++++++++++++++++++++++ tests/fixtures.yml | 15 ++++++++++++++- 3 files changed, 47 insertions(+), 1 deletion(-) diff --git a/src/Page/ProductCategory.php b/src/Page/ProductCategory.php index c69a3da..23fe8ad 100644 --- a/src/Page/ProductCategory.php +++ b/src/Page/ProductCategory.php @@ -4,6 +4,7 @@ use SilverStripe\Forms\FieldList; use SilverStripe\Forms\NumericField; +use SilverStripe\Security\Security; class ProductCategory extends \Page { @@ -67,6 +68,10 @@ public function getProductList() $this->extend('updateProductList', $products, $categories); + $products = $products->filterByCallback(function ($page) { + return $page->canView(Security::getCurrentUser()); + }); + return $products; } } diff --git a/tests/Page/ProductCategoryTest.php b/tests/Page/ProductCategoryTest.php index 6035e52..9e7824e 100644 --- a/tests/Page/ProductCategoryTest.php +++ b/tests/Page/ProductCategoryTest.php @@ -5,6 +5,7 @@ use Dynamic\Products\Page\ProductCategory; use SilverStripe\Dev\SapphireTest; use SilverStripe\Forms\FieldList; +use SilverStripe\Security\Member; class ProductCategoryTest extends SapphireTest { @@ -22,4 +23,31 @@ public function testGetCMSFields() $fields = $object->getCMSFields(); $this->assertInstanceOf(FieldList::class, $fields); } + + /** + * + */ + public function testGetProductList() + { + $this->markTestSkipped('Currently doesn\'t seem to respect the groups/members in automated tests'); + + $this->logOut(); + $member = $this->objFromFixture(Member::class, 'author'); + $this->logInAs(Member::get()->byID($member->ID)); + $categoryID = $this->objFromFixture(ProductCategory::class, 'restricted')->ID; + /** @var ProductCategory $category */ + $category = ProductCategory::get()->byID($categoryID); + + $this->assertEquals(2, $category->getProductList()->count()); + + $this->logOut(); + $member = $this->objFromFixture(Member::class, 'default'); + $this->logInAs(Member::get()->byID($member->ID)); + /** @var ProductCategory $category */ + $category = ProductCategory::get()->byID($categoryID); + + $this->assertEquals(1, $category->getProductList()->count()); + + $this->logOut(); + } } diff --git a/tests/fixtures.yml b/tests/fixtures.yml index dda74bf..9faa630 100644 --- a/tests/fixtures.yml +++ b/tests/fixtures.yml @@ -33,13 +33,26 @@ Dynamic\Products\Model\Brochure: Dynamic\Products\Page\ProductCategory: default: Title: 'Default Category' + restricted: + Title: 'Restricted Children' + CanViewType: 'Inherit' Dynamic\Products\Page\Product: one: Title: 'Product One' Brochures: =>Dynamic\Products\Model\Brochure.one + restrictedproduct: + Title: 'Restricted Product' + CanViewType: 'OnlyTheseUsers' + ViewerGroups: =>SilverStripe\Security\Group.content_authors + Parent: =>Dynamic\Products\Page\ProductCategory.restricted + nonrestrictedproduct: + Title: 'Non Restricted Product' + Parent: =>Dynamic\Products\Page\ProductCategory.restricted + CanViewType: 'Inherit' + Dynamic\Products\Page\ProductFileCollection: default: Title: 'Brochures' - ManagedClass: 'Dynamic\Products\Model\Brochure' \ No newline at end of file + ManagedClass: 'Dynamic\Products\Model\Brochure'