public function testCanView()
{
$adminuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$securityonlyuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'securityonlyuser');
$allcmssectionsuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'allcmssectionsuser');
// anonymous user
$this->session()->inst_set('loggedInAs', null);
$this->resetMenu();
$menuItems = LeftAndMain::singleton()->MainMenu(false);
$this->assertEquals($menuItems->column('Code'), array(), 'Without valid login, members cant access any menu entries');
// restricted cms user
$this->logInAs($securityonlyuser);
$this->resetMenu();
$menuItems = LeftAndMain::singleton()->MainMenu(false);
$menuItems = $menuItems->column('Code');
sort($menuItems);
$this->assertEquals(array('Help', 'SilverStripe-Admin-CMSProfileController', 'SilverStripe-Admin-SecurityAdmin'), $menuItems, 'Groups with limited access can only access the interfaces they have permissions for');
// all cms sections user
$this->logInAs($allcmssectionsuser);
$this->resetMenu();
$menuItems = LeftAndMain::singleton()->MainMenu(false);
$this->assertContains('SilverStripe-Admin-CMSProfileController', $menuItems->column('Code'), 'Group with CMS_ACCESS_SilverStripe\\Admin\\LeftAndMain permission can edit own profile');
$this->assertContains('SilverStripe-Admin-SecurityAdmin', $menuItems->column('Code'), 'Group with CMS_ACCESS_SilverStripe\\Admin\\LeftAndMain permission can access all sections');
$this->assertContains('Help', $menuItems->column('Code'), 'Group with CMS_ACCESS_SilverStripe\\Admin\\LeftAndMain permission can access all sections');
// admin
$this->logInAs($adminuser);
$this->resetMenu();
$menuItems = LeftAndMain::singleton()->MainMenu(false);
$this->assertContains('SilverStripe-Admin-SecurityAdmin', $menuItems->column('Code'), 'Administrators can access Security Admin');
$this->session()->inst_set('loggedInAs', null);
}
/**
* Get a map of all members in the groups given that have CMS permissions
*
* If no groups are passed, all groups with CMS permissions will be used.
*
* @param array $groups Groups to consider or NULL to use all groups with
* CMS permissions.
* @return Map Returns a map of all members in the groups given that
* have CMS permissions.
*/
public static function mapInCMSGroups($groups = null)
{
if (!$groups || $groups->Count() == 0) {
$perms = array('ADMIN', 'CMS_ACCESS_AssetAdmin');
if (class_exists('SilverStripe\\CMS\\Controllers\\CMSMain')) {
$cmsPerms = CMSMain::singleton()->providePermissions();
} else {
$cmsPerms = LeftAndMain::singleton()->providePermissions();
}
if (!empty($cmsPerms)) {
$perms = array_unique(array_merge($perms, array_keys($cmsPerms)));
}
$permsClause = DB::placeholders($perms);
/** @skipUpgrade */
$groups = Group::get()->innerJoin("Permission", '"Permission"."GroupID" = "Group"."ID"')->where(array("\"Permission\".\"Code\" IN ({$permsClause})" => $perms));
}
$groupIDList = array();
if ($groups instanceof SS_List) {
foreach ($groups as $group) {
$groupIDList[] = $group->ID;
}
} elseif (is_array($groups)) {
$groupIDList = $groups;
}
/** @skipUpgrade */
$members = Member::get()->innerJoin("Group_Members", '"Group_Members"."MemberID" = "Member"."ID"')->innerJoin("Group", '"Group"."ID" = "Group_Members"."GroupID"');
if ($groupIDList) {
$groupClause = DB::placeholders($groupIDList);
$members = $members->where(array("\"Group\".\"ID\" IN ({$groupClause})" => $groupIDList));
}
return $members->sort('"Member"."Surname", "Member"."FirstName"')->map();
}
