From 53f7e97c9bc6536a89c4ff744f483b0b8af4b46f Mon Sep 17 00:00:00 2001
From: Patrick Barroca <pbarroca@sandbox.pergame.net>
Date: Thu, 21 Jan 2016 17:44:51 +0100
Subject: [PATCH] rel #31595 : fix not revoking user cms access after revoking
group cms access
---
VERSIONS_HOTLINE/31595 | 1 +
library/Class/Permission.php | 6 ++
library/Class/UserGroup.php | 6 ++
library/Class/UserGroup/Permission.php | 13 ++++
.../controllers/UserGroupControllerTest.php | 64 +++++++++++++++++--
5 files changed, 84 insertions(+), 6 deletions(-)
create mode 100644 VERSIONS_HOTLINE/31595
diff --git a/VERSIONS_HOTLINE/31595 b/VERSIONS_HOTLINE/31595
new file mode 100644
index 00000000000..e1e306fc3f0
--- /dev/null
+++ b/VERSIONS_HOTLINE/31595
@@ -0,0 +1 @@
+ - ticket #31595 : Permissions sur les articles : correction maintien du droit de l'utilisateur après suppression de l'accès articles sur le groupe
\ No newline at end of file
diff --git a/library/Class/Permission.php b/library/Class/Permission.php
index e23bd7d61a0..2eb4ec7e310 100644
--- a/library/Class/Permission.php
+++ b/library/Class/Permission.php
@@ -105,6 +105,12 @@ class PermissionLoader extends Storm_Model_Loader {
0, strlen(static::DYNAMIC_PREFIX)))
$permission->delete();
}
+
+
+ public function denyAllCmsTo($group) {
+ Class_UserGroup_Permission::denyAllToGroup(Class_Permission::getCmsPermissions(),
+ $group);
+ }
}
diff --git a/library/Class/UserGroup.php b/library/Class/UserGroup.php
index ee0c21dc52b..0b2d10b4849 100644
--- a/library/Class/UserGroup.php
+++ b/library/Class/UserGroup.php
@@ -492,6 +492,12 @@ class Class_UserGroup extends Storm_Model_Abstract {
return true;
return false;
}
+
+
+ public function afterSave() {
+ if (!$this->hasRight(static::RIGHT_USER_ACCES_ARTICLES))
+ Class_Permission::denyAllCmsTo($this);
+ }
}
?>
\ No newline at end of file
diff --git a/library/Class/UserGroup/Permission.php b/library/Class/UserGroup/Permission.php
index 5a9060ac531..a9628c4c49f 100644
--- a/library/Class/UserGroup/Permission.php
+++ b/library/Class/UserGroup/Permission.php
@@ -91,6 +91,19 @@ class UserGroup_PermissionLoader extends Storm_Model_Loader {
Class_UserGroup_Permission::deleteBy($params);
}
+
+
+ public function denyAllToGroup($permissions, $group) {
+ if (!$permissions || !$group)
+ return;
+
+ $ids = [];
+ foreach ($permissions as $permission)
+ $ids[] = $permission->getId();
+
+ Class_UserGroup_Permission::deleteBy(['id_permission' => $ids,
+ 'id_group' => $group->getId()]);
+ }
}
diff --git a/tests/application/modules/admin/controllers/UserGroupControllerTest.php b/tests/application/modules/admin/controllers/UserGroupControllerTest.php
index d7087d8a9ea..9dbfbc3b73d 100644
--- a/tests/application/modules/admin/controllers/UserGroupControllerTest.php
+++ b/tests/application/modules/admin/controllers/UserGroupControllerTest.php
@@ -30,15 +30,10 @@ abstract class Admin_UserGroupControllerTestCase extends Admin_AbstractControlle
$_group_moderateurs,
$_group_subscribers;
- public function tearDown() {
- Storm_Model_Loader::defaultToDb();
- parent::tearDown();
- }
-
+ protected $_storm_default_to_volatile = true;
public function setUp() {
parent::setUp();
- Storm_Model_Loader::defaultToVolatile();
$this->fixture('Class_AdminVar',
['id' => 'FORMATIONS', 'valeur' => '1']);
@@ -148,6 +143,63 @@ abstract class Admin_UserGroupControllerTestCase extends Admin_AbstractControlle
+class Admin_UserGroupControllerCmsPermissionsRevokeTest extends Admin_UserGroupControllerTestCase {
+ public function setUp() {
+ parent::setUp();
+
+ $this->_group_search
+ ->addRight(Class_UserGroup::RIGHT_USER_ACCES_ARTICLES)
+ ->save();
+
+ $this->enableCmsPermissions();
+ Class_Permission::createArticleCategory()
+ ->permitTo($this->_group_search, $this->fixture('Class_ArticleCategorie',
+ ['id' => 234,
+ 'libelle' => 'Testing Category']));
+
+ $this->postDispatch('admin/usergroup/edit/id/' . $this->_group_search->getId(),
+ ['libelle' => 'Chercheurs',
+ 'rights' => []]);
+ }
+
+
+ /** @test */
+ public function rightShouldHaveBeenRevoked() {
+ $this->assertFalse($this->_user_group->hasRight(Class_UserGroup::RIGHT_USER_ACCES_ARTICLES));
+ }
+
+
+ /** @test */
+ public function cmsPermissionShouldHaveBeenRevoked() {
+ $this->assertFalse($this->_group_search
+ ->hasPermissionOn(Class_Permission::createArticleCategory(),
+ Class_ArticleCategorie::find(234)));
+ }
+
+
+
+ protected function enableCmsPermissions() {
+ $cnt = 1;
+ foreach ([['CATEGORY', 'ARTICLE', 'Sur la catégorie', 1, 'Créer des sous-catégories'],
+ ['ARTICLE', 'ARTICLE', 'Sur la catégorie', 2, 'Créer des articles'],
+ ['PENDING', 'ARTICLE', 'Nouveaux statuts autorisés', 1, 'À valider'],
+ ['VALIDATED', 'ARTICLE', 'Nouveaux statuts autorisés', 101, 'Validé'],
+ ['REFUSED', 'ARTICLE', 'Nouveaux statuts autorisés', 102, 'Refusé'],
+ ['ARCHIVED', 'ARTICLE', 'Nouveaux statuts autorisés', 103, 'Archivé']] as $permission) {
+ $this->fixture('Class_Permission',
+ ['id' => $cnt++,
+ 'code' => $permission[0],
+ 'module' => $permission[1],
+ 'type' => $permission[2],
+ 'sorting' => $permission[3],
+ 'description' => $permission[4]]);
+ }
+
+ return $this;
+ }
+}
+
+
class Admin_UserGroupControllerListTest extends Admin_UserGroupControllerTestCase {
protected $_json;
--
GitLab