diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt index d4e2f67a0..fd59802da 100644 --- a/docs/changelog/7.x.x.txt +++ b/docs/changelog/7.x.x.txt @@ -8,6 +8,7 @@ - fixed a similar problem with metadata in the Shortcut Asset. - fixed #10396: Syndicated Content wobject not displaying edit controls - fixed #10386: Template override missing in nav shortcut + - fixed #10436: Story Manager - Story Edit/Delete links are Admin Only 7.7.7 - Added EMS Schedule table diff --git a/docs/upgrades/packages-7.7.8/root_import_storymanager.wgpkg b/docs/upgrades/packages-7.7.8/root_import_storymanager.wgpkg new file mode 100644 index 000000000..1908a50a8 Binary files /dev/null and b/docs/upgrades/packages-7.7.8/root_import_storymanager.wgpkg differ diff --git a/lib/WebGUI/Asset/Story.pm b/lib/WebGUI/Asset/Story.pm index c930b161c..0cb86e42b 100644 --- a/lib/WebGUI/Asset/Story.pm +++ b/lib/WebGUI/Asset/Story.pm @@ -85,6 +85,25 @@ sub addRevision { #------------------------------------------------------------------- +=head2 canEdit ( ) + +You can't add children to a Story. + +=cut + +sub canEdit { + my $self = shift; + my $userId = shift || $self->session->user->userId; + if ($userId eq $self->get("ownerUserId")) { + return 1; + } + my $user = WebGUI::User->new($self->session, $userId); + return $self->SUPER::canEdit($userId) + || $self->getArchive->canPostStories($userId); +} + +#------------------------------------------------------------------- + =head2 definition ( session, definition ) defines asset properties for New Asset instances. You absolutely need @@ -839,6 +858,7 @@ sub viewTemplateVariables { } $var->{hasPhotos} = $photoCounter; $var->{singlePhoto} = $photoCounter == 1; + $var->{canEdit} = $self->canEdit; return $var; } diff --git a/lib/WebGUI/Help/Asset_Story.pm b/lib/WebGUI/Help/Asset_Story.pm index 1597b6b4d..902a74b27 100644 --- a/lib/WebGUI/Help/Asset_Story.pm +++ b/lib/WebGUI/Help/Asset_Story.pm @@ -55,6 +55,7 @@ our $HELP = { ], fields => [], variables => [ + { name => 'canEdit', }, { name => 'highlights_loop', 'variables' => [ { name => 'highlight', }, diff --git a/lib/WebGUI/i18n/English/Asset_Story.pm b/lib/WebGUI/i18n/English/Asset_Story.pm index e8c9b2da2..c0441f8b2 100644 --- a/lib/WebGUI/i18n/English/Asset_Story.pm +++ b/lib/WebGUI/i18n/English/Asset_Story.pm @@ -446,6 +446,11 @@ our $I18N = { lastUpdated => 0, }, + 'canEdit' => { + message => q|A boolean which will be true if the current user can edit this story.|, + lastUpdated => 0, + }, + }; 1; diff --git a/t/Asset/Story.t b/t/Asset/Story.t index e72240bfb..b2e350cd7 100644 --- a/t/Asset/Story.t +++ b/t/Asset/Story.t @@ -13,33 +13,52 @@ use strict; use lib "$FindBin::Bin/../lib"; use WebGUI::Test; +use WebGUI::Test::Maker::Permission; use WebGUI::Session; use WebGUI::Storage; +use WebGUI::User; +use WebGUI::Group; use Test::More; # increment this value for each test you create use Test::Deep; use Data::Dumper; -my $tests = 42; -plan tests => 1 - + $tests - ; - #TODO: This script tests certain aspects of WebGUI::Storage and it should not my $session = WebGUI::Test->session; -my $class = 'WebGUI::Asset::Story'; -my $loaded = use_ok($class); -my $story; +my $story = 'placeholder for Test::Maker::Permission'; my $wgBday = WebGUI::Test->webguiBirthday; +my $canPostGroup = WebGUI::Group->new($session, 'new'); +my $postUser = WebGUI::User->create($session); +$canPostGroup->addUsers([$postUser->userId]); +my $archiveOwner = WebGUI::User->create($session); +my $reader = WebGUI::User->create($session); +$postUser->username('Can Post User'); +$reader->username('Average Reader'); +$archiveOwner->username('Archive Owner'); +WebGUI::Test->groupsToDelete($canPostGroup); +WebGUI::Test->usersToDelete($postUser, $archiveOwner, $reader); + +my $canEditMaker = WebGUI::Test::Maker::Permission->new(); +$canEditMaker->prepare({ + object => $story, + session => $session, + method => 'canEdit', + pass => [3, $postUser, $archiveOwner ], + fail => [1, $reader ], +}); + + my $defaultNode = WebGUI::Asset->getDefault($session); my $archive = $defaultNode->addChild({ - className => 'WebGUI::Asset::Wobject::StoryArchive', - title => 'Test Archive', - #1234567890123456789012 - assetId => 'TestStoryArchiveAsset1', + className => 'WebGUI::Asset::Wobject::StoryArchive', + title => 'Test Archive', + #1234567890123456789012 + assetId => 'TestStoryArchiveAsset1', + groupToPost => $canPostGroup->getId, + ownerUserId => $archiveOwner->userId, }); my $topic = $defaultNode->addChild({ className => 'WebGUI::Asset::Wobject::StoryTopic', @@ -50,11 +69,26 @@ my $topic = $defaultNode->addChild({ }); my $archiveTag = WebGUI::VersionTag->getWorking($session); $archiveTag->commit; +WebGUI::Test->tagsToRollback($archiveTag); my $storage1 = WebGUI::Storage->create($session); my $storage2 = WebGUI::Storage->create($session); WebGUI::Test->storagesToDelete($storage1, $storage2); +############################################################ +# +# PLAN +# +############################################################ + +my $tests = 42; +plan tests => 1 + + $tests + + $canEditMaker->plan + ; + +my $class = 'WebGUI::Asset::Story'; +my $loaded = use_ok($class); SKIP: { @@ -108,6 +142,16 @@ is($story->get('state'), 'published', 'Story is published'); is($story->getArchive->getId, $archive->getId, 'getArchive gets the parent archive for the Story'); +############################################################ +# +# canEdit +# +############################################################ + +$canEditMaker->{_tests}->[0]->{object} = $story; + +$canEditMaker->run(); + ############################################################ # # Photo JSON @@ -383,9 +427,4 @@ cmp_bag( } END { - $story->purge if $story; - $archive->purge if $archive; - $topic->purge if $topic; - $archiveTag->rollback; - WebGUI::VersionTag->getWorking($session)->rollback; }