public function testCanView() { $adminuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin'); $securityonlyuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'securityonlyuser'); $allcmssectionsuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'allcmssectionsuser'); // anonymous user $this->session()->inst_set('loggedInAs', null); $this->resetMenu(); $menuItems = LeftAndMain::singleton()->MainMenu(false); $this->assertEquals($menuItems->column('Code'), array(), 'Without valid login, members cant access any menu entries'); // restricted cms user $this->logInAs($securityonlyuser); $this->resetMenu(); $menuItems = LeftAndMain::singleton()->MainMenu(false); $menuItems = $menuItems->column('Code'); sort($menuItems); $this->assertEquals(array('Help', 'SilverStripe-Admin-CMSProfileController', 'SilverStripe-Admin-SecurityAdmin'), $menuItems, 'Groups with limited access can only access the interfaces they have permissions for'); // all cms sections user $this->logInAs($allcmssectionsuser); $this->resetMenu(); $menuItems = LeftAndMain::singleton()->MainMenu(false); $this->assertContains('SilverStripe-Admin-CMSProfileController', $menuItems->column('Code'), 'Group with CMS_ACCESS_SilverStripe\\Admin\\LeftAndMain permission can edit own profile'); $this->assertContains('SilverStripe-Admin-SecurityAdmin', $menuItems->column('Code'), 'Group with CMS_ACCESS_SilverStripe\\Admin\\LeftAndMain permission can access all sections'); $this->assertContains('Help', $menuItems->column('Code'), 'Group with CMS_ACCESS_SilverStripe\\Admin\\LeftAndMain permission can access all sections'); // admin $this->logInAs($adminuser); $this->resetMenu(); $menuItems = LeftAndMain::singleton()->MainMenu(false); $this->assertContains('SilverStripe-Admin-SecurityAdmin', $menuItems->column('Code'), 'Administrators can access Security Admin'); $this->session()->inst_set('loggedInAs', null); }
/** * Get a map of all members in the groups given that have CMS permissions * * If no groups are passed, all groups with CMS permissions will be used. * * @param array $groups Groups to consider or NULL to use all groups with * CMS permissions. * @return Map Returns a map of all members in the groups given that * have CMS permissions. */ public static function mapInCMSGroups($groups = null) { if (!$groups || $groups->Count() == 0) { $perms = array('ADMIN', 'CMS_ACCESS_AssetAdmin'); if (class_exists('SilverStripe\\CMS\\Controllers\\CMSMain')) { $cmsPerms = CMSMain::singleton()->providePermissions(); } else { $cmsPerms = LeftAndMain::singleton()->providePermissions(); } if (!empty($cmsPerms)) { $perms = array_unique(array_merge($perms, array_keys($cmsPerms))); } $permsClause = DB::placeholders($perms); /** @skipUpgrade */ $groups = Group::get()->innerJoin("Permission", '"Permission"."GroupID" = "Group"."ID"')->where(array("\"Permission\".\"Code\" IN ({$permsClause})" => $perms)); } $groupIDList = array(); if ($groups instanceof SS_List) { foreach ($groups as $group) { $groupIDList[] = $group->ID; } } elseif (is_array($groups)) { $groupIDList = $groups; } /** @skipUpgrade */ $members = Member::get()->innerJoin("Group_Members", '"Group_Members"."MemberID" = "Member"."ID"')->innerJoin("Group", '"Group"."ID" = "Group_Members"."GroupID"'); if ($groupIDList) { $groupClause = DB::placeholders($groupIDList); $members = $members->where(array("\"Group\".\"ID\" IN ({$groupClause})" => $groupIDList)); } return $members->sort('"Member"."Surname", "Member"."FirstName"')->map(); }