Merge pull request #264 from tractorcow/pulls/fix-author-id

Fix string member IDs breaking permission checking
silverstripe · Jun 4, 2015 · 1430018 · 1430018
2 parents 8b082e0 + 6345f9b
commit 1430018
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 7 deletions.
diff --git a/code/model/Blog.php b/code/model/Blog.php
@@ -165,7 +165,7 @@ protected function getMember($member = null) {
 			$member = Member::currentUser();
 		}
 
-		if(is_int($member)) {
+		if(is_numeric($member)) {
 			$member = Member::get()->byID($member);
 		}
 

diff --git a/code/model/BlogPost.php b/code/model/BlogPost.php
@@ -113,9 +113,7 @@ class BlogPost extends Page {
 	 * @return null|string
 	 */
 	public function RoleOf($member = null) {
-		if(is_int($member)) {
-			$member = DataObject::get_by_id('Member', $member);
-		}
+		$member = $this->getMember($member);
 
 		if(!$member) {
 			return null;
@@ -298,7 +296,7 @@ protected function getMember($member = null) {
 			$member = Member::currentUser();
 		}
 
-		if(is_int($member)) {
+		if(is_numeric($member)) {
 			$member = Member::get()->byID($member);
 		}
 
@@ -313,7 +311,7 @@ protected function getMember($member = null) {
 	 * @return bool
 	 */
 	public function canCreateCategories($member = null) {
-		$member = $member = $this->getMember($member);
+		$member = $this->getMember($member);
 
 		$parent = $this->Parent();
 
@@ -336,7 +334,7 @@ public function canCreateCategories($member = null) {
 	 * @return bool
 	 */
 	public function canCreateTags($member = null) {
-		$member = $member = $this->getMember($member);
+		$member = $this->getMember($member);
 
 		$parent = $this->Parent();
 

diff --git a/tests/BlogTest.php b/tests/BlogTest.php
@@ -189,6 +189,26 @@ public function testRoles() {
 		$this->assertEquals('Editor', $postA->RoleOf($editor));
 		$this->assertEmpty($postA->RoleOf($visitor));
 
+		// Test RoleOf with string values given
+		$this->assertEquals('Editor', $fourthBlog->RoleOf((string)(int)$editor->ID));
+		$this->assertEquals('Contributor', $fourthBlog->RoleOf((string)(int)$contributor->ID));
+		$this->assertEquals('Writer', $fourthBlog->RoleOf((string)(int)$writer->ID));
+		$this->assertEmpty($fourthBlog->RoleOf((string)(int)$visitor->ID));
+		$this->assertEquals('Author', $postA->RoleOf((string)(int)$writer->ID));
+		$this->assertEquals('Author', $postA->RoleOf((string)(int)$contributor->ID));
+		$this->assertEquals('Editor', $postA->RoleOf((string)(int)$editor->ID));
+		$this->assertEmpty($postA->RoleOf((string)(int)$visitor->ID));
+
+		// Test RoleOf with int values given
+		$this->assertEquals('Editor', $fourthBlog->RoleOf((int)$editor->ID));
+		$this->assertEquals('Contributor', $fourthBlog->RoleOf((int)$contributor->ID));
+		$this->assertEquals('Writer', $fourthBlog->RoleOf((int)$writer->ID));
+		$this->assertEmpty($fourthBlog->RoleOf((int)$visitor->ID));
+		$this->assertEquals('Author', $postA->RoleOf((int)$writer->ID));
+		$this->assertEquals('Author', $postA->RoleOf((int)$contributor->ID));
+		$this->assertEquals('Editor', $postA->RoleOf((int)$editor->ID));
+		$this->assertEmpty($postA->RoleOf((int)$visitor->ID));
+
 		$this->assertTrue($fourthBlog->canEdit($editor));
 		$this->assertFalse($firstBlog->canEdit($editor));
 		$this->assertTrue($fourthBlog->canAddChildren($editor));