public function testAdvancedMenuHandling() { // Populate from CMS Classes, check for existance of SecurityAdmin CMSMenu::clear_menu(); CMSMenu::populate_menu(); $menuItem = CMSMenu::get_menu_item('SecurityAdmin'); $this->assertType('CMSMenuItem', $menuItem, 'SecurityAdmin menu item exists'); $this->assertEquals($menuItem->url, singleton('SecurityAdmin')->Link(), 'Menu item has the correct link'); $this->assertEquals($menuItem->controller, 'SecurityAdmin', 'Menu item has the correct controller class'); $this->assertEquals( $menuItem->priority, singleton('SecurityAdmin')->stat('menu_priority'), 'Menu item has the correct priority' ); // Check that menu order is correct by priority // Note this will break if populate_menu includes normal links (ie, as not controller) $menuItems = CMSMenu::get_menu_items(); $priority = 9999; // ok, *could* be set larger, but shouldn't need to be! foreach($menuItems as $menuItem) { $this->assertEquals( $menuItem->priority, singleton($menuItem->controller)->stat('menu_priority'), "Menu item $menuItem->title has the correct priority" ); $this->assertLessThanOrEqual($priority, $menuItem->priority, 'Menu item is of lower or equal priority'); } }
/** * Alternative security checker for LeftAndMain. * If security isn't found, then it will switch to a subsite where we do have access. */ public function alternateAccessCheck() { $className = $this->owner->class; // Switch to the subsite of the current page if ($this->owner->class == 'CMSMain' && ($currentPage = $this->owner->currentPage())) { if (Subsite::currentSubsiteID() != $currentPage->SubsiteID) { Subsite::changeSubsite($currentPage->SubsiteID); } } // Switch to a subsite that this user can actually access. $member = Member::currentUser(); if ($member && $member->isAdmin()) { return true; } //admin can access all subsites $sites = Subsite::accessible_sites("CMS_ACCESS_{$this->owner->class}")->toDropdownMap(); if ($sites && !isset($sites[Subsite::currentSubsiteID()])) { $siteIDs = array_keys($sites); Subsite::changeSubsite($siteIDs[0]); return true; } // Switch to a different top-level menu item $menu = CMSMenu::get_menu_items(); foreach ($menu as $candidate) { if ($candidate->controller != $this->owner->class) { $sites = Subsite::accessible_sites("CMS_ACCESS_{$candidate->controller}")->toDropdownMap(); if ($sites && !isset($sites[Subsite::currentSubsiteID()])) { $siteIDs = array_keys($sites); Subsite::changeSubsite($siteIDs[0]); $cClass = $candidate->controller; $cObj = new $cClass(); Director::redirect($cObj->Link()); return null; } } } // If all of those fail, you really don't have access to the CMS return null; }
/** * Redirect the user to something accessible if the current section/subsite is forbidden. * * This is done via onBeforeInit as it needs to be done before the LeftAndMain::init has a * chance to forbids access via alternateAccessCheck. * * If we need to change the subsite we force the redirection to /admin/ so the frontend is * fully re-synchronised with the internal session. This is better than risking some panels * showing data from another subsite. */ public function onBeforeInit() { // We are accessing the CMS, so we need to let Subsites know we will be using the session. Subsite::$use_session_subsiteid = true; // FIRST, check if we need to change subsites due to the URL. // Catch forced subsite changes that need to cause CMS reloads. if (isset($_GET['SubsiteID'])) { // Clear current page when subsite changes (or is set for the first time) if (!Session::get('SubsiteID') || $_GET['SubsiteID'] != Session::get('SubsiteID')) { Session::clear("{$this->owner->class}.currentPage"); } // Update current subsite in session Subsite::changeSubsite($_GET['SubsiteID']); //Redirect to clear the current page if ($this->owner->canView(Member::currentUser())) { //Redirect to clear the current page return $this->owner->redirect($this->owner->Link()); } //Redirect to the default CMS section return $this->owner->redirect('admin/'); } // Automatically redirect the session to appropriate subsite when requesting a record. // This is needed to properly initialise the session in situations where someone opens the CMS via a link. $record = $this->owner->currentPage(); if ($record && isset($record->SubsiteID) && is_numeric($record->SubsiteID) && isset($this->owner->urlParams['ID'])) { if ($this->shouldChangeSubsite($this->owner->class, $record->SubsiteID, Subsite::currentSubsiteID())) { // Update current subsite in session Subsite::changeSubsite($record->SubsiteID); if ($this->owner->canView(Member::currentUser())) { //Redirect to clear the current page return $this->owner->redirect($this->owner->getRequest()->getURL()); } //Redirect to the default CMS section return $this->owner->redirect('admin/'); } } // SECOND, check if we need to change subsites due to lack of permissions. if (!$this->owner->canAccess()) { $member = Member::currentUser(); // Current section is not accessible, try at least to stick to the same subsite. $menu = CMSMenu::get_menu_items(); foreach ($menu as $candidate) { if ($candidate->controller && $candidate->controller != $this->owner->class) { $accessibleSites = singleton($candidate->controller)->sectionSites($member); if ($accessibleSites->count() && $accessibleSites->find('ID', Subsite::currentSubsiteID())) { // Section is accessible, redirect there. return $this->owner->redirect(singleton($candidate->controller)->Link()); } } } // If no section is available, look for other accessible subsites. foreach ($menu as $candidate) { if ($candidate->controller) { $accessibleSites = singleton($candidate->controller)->sectionSites($member); if ($accessibleSites->count()) { Subsite::changeSubsite($accessibleSites->First()->ID); return $this->owner->redirect(singleton($candidate->controller)->Link()); } } } // We have not found any accessible section or subsite. User should be denied access. return Security::permissionFailure($this->owner); } // Current site is accessible. Allow through. return; }