oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make thingy respect thing permissions when generating form field for other things. Fixes bug #11032

Browse source
This commit is contained in:
Colin Kuskie 2009-09-25 16:57:46 -07:00
parent c5e9abe10e
commit ec6887b0ac
3 changed files with 71 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog/7.x.x.txt
View file

@ -11,6 +11,7 @@
- fixed #11038: My Carousel Broke - fixed #11038: My Carousel Broke
- fixed ExpireIncompleteSurveyResponses workflow sending one email per asset revision - fixed ExpireIncompleteSurveyResponses workflow sending one email per asset revision
- fixed #10994: Gallery: Problems with uploading ZIP-archives - fixed #10994: Gallery: Problems with uploading ZIP-archives
- fixed #11032: The Thingy form field "otherThingy" not checking for privilege
7.8.0 7.8.0
- upgraded YUI to 2.8.0r4 - upgraded YUI to 2.8.0r4

18
lib/WebGUI/Asset/Wobject/Thingy.pm
View file

@ -965,9 +965,9 @@ sub getFormPlugin {
my %param; my %param;
my $session = $self->session; my $session = $self->session;
my $db = $session->db; my $db = $session->db;
my $dbh = $db->dbh; my $dbh = $db->dbh;
my $i18n = WebGUI::International->new($session,"Asset_Thingy"); my $i18n = WebGUI::International->new($session,"Asset_Thingy");
$param{name} = "field_".$data->{fieldId}; $param{name} = "field_".$data->{fieldId};
my $name = $param{name}; my $name = $param{name};
@ -989,7 +989,7 @@ sub getFormPlugin {
if ( WebGUI::Utility::isIn( $data->{fieldType}, qw(SelectList CheckList SelectBox Attachments) ) ) { if ( WebGUI::Utility::isIn( $data->{fieldType}, qw(SelectList CheckList SelectBox Attachments) ) ) {
my @values; my @values;
if ( $useFormPostData && $self->session->form->param($name) ) { if ( $useFormPostData && $session->form->param($name) ) {
$param{ value } = [ $session->form->process( $name, $data->{fieldType} ) ]; $param{ value } = [ $session->form->process( $name, $data->{fieldType} ) ];
} }
elsif ( $data->{ value } ) { elsif ( $data->{ value } ) {
@ -1000,7 +1000,7 @@ sub getFormPlugin {
$param{value} = \@values; $param{value} = \@values;
} }
} }
elsif ( $useFormPostData && $self->session->form->param($name) ) { elsif ( $useFormPostData && $session->form->param($name) ) {
$param{value} = $session->form->process( $name, $data->{fieldType} ); $param{value} = $session->form->process( $name, $data->{fieldType} );
} }
@ -1045,10 +1045,16 @@ sub getFormPlugin {
my $errorMessage = $self->badOtherThing($tableName, $fieldName); my $errorMessage = $self->badOtherThing($tableName, $fieldName);
return $errorMessage if $errorMessage; return $errorMessage if $errorMessage;
$options = $db->buildHashRef('select thingDataId, ' my $sth = $session->db->read('select thingDataId, '
.$dbh->quote_identifier($fieldName) .$dbh->quote_identifier($fieldName)
.' from '.$dbh->quote_identifier($tableName)); .' from '.$dbh->quote_identifier($tableName));
while (my $result = $sth->hashRef){
if ($self->canViewThingData($otherThingId,$result->{thingDataId})){
$options->{$result->{thingDataId}} = $result->{$fieldName}
}
}
my $value = $data->{value} || $data->{defaultValue}; my $value = $data->{value} || $data->{defaultValue};
($param{value}) = $db->quickArray('select ' ($param{value}) = $db->quickArray('select '
.$dbh->quote_identifier($fieldName) .$dbh->quote_identifier($fieldName)

61
t/Asset/Wobject/Thingy.t
View file

@ -16,7 +16,7 @@ use lib "$FindBin::Bin/../../lib";
use WebGUI::Test; use WebGUI::Test;
use WebGUI::Session; use WebGUI::Session;
use Test::More tests => 22; # increment this value for each test you create use Test::More tests => 26; # increment this value for each test you create
use Test::Deep; use Test::Deep;
use JSON; use JSON;
use WebGUI::Asset::Wobject::Thingy; use WebGUI::Asset::Wobject::Thingy;
@ -300,11 +300,19 @@ cmp_deeply(
($newThingDataId,$errors) = $thingy->editThingDataSave($thingId,'new',{"field_".$fieldId => 'second test value'}); ($newThingDataId,$errors) = $thingy->editThingDataSave($thingId,'new',{"field_".$fieldId => 'second test value'});
#################################################################
#
# maxEntriesPerUser
#
#################################################################
my %otherThingProperties = %thingProperties; my %otherThingProperties = %thingProperties;
$otherThingProperties{maxEntriesPerUser} = 1; $otherThingProperties{maxEntriesPerUser} = 1;
$otherThingProperties{editTemplateId } = $templateId; $otherThingProperties{editTemplateId } = $templateId;
my $otherThingId = $thingy->addThing(\%otherThingProperties, 0); my $otherThingId = $thingy->addThing(\%otherThingProperties, 0);
my $otherFieldId = $thingy->addField(\%fieldProperties, 0); my %otherFieldProperties = %fieldProperties;
$otherFieldProperties{thingId} = $otherThingId;
my $otherFieldId = $thingy->addField(\%otherFieldProperties, 0);
ok( ! $thingy->hasEnteredMaxPerUser($otherThingId), 'hasEnteredMaxPerUser: returns false with no data entered'); ok( ! $thingy->hasEnteredMaxPerUser($otherThingId), 'hasEnteredMaxPerUser: returns false with no data entered');
my @edit_thing_form_fields = qw/form_start form_end form_submit field_loop/; my @edit_thing_form_fields = qw/form_start form_end form_submit field_loop/;
@ -327,7 +335,7 @@ my @edit_thing_form_fields = qw/form_start form_end form_submit field_loop/;
} }
$thingy->editThingDataSave($otherThingId, 'new', {"field_".$otherFieldId => 'other test value'} ); $thingy->editThingDataSave($otherThingId, 'new', {"field_".$otherFieldId => 'other test value'} );
ok( $thingy->hasEnteredMaxPerUser($otherThingId), '... returns true with one row entered, and maxEntriesPerUser=1'); ok( $thingy->hasEnteredMaxPerUser($otherThingId), 'hasEnteredMaxPerUser returns true with one row entered, and maxEntriesPerUser=1');
{ {
WebGUI::Test->mockAssetId($templateId, $templateMock); WebGUI::Test->mockAssetId($templateId, $templateMock);
@ -343,3 +351,50 @@ ok( $thingy->hasEnteredMaxPerUser($otherThingId), '... returns true with one row
'thing edit form variables do not exist, because max entries was reached' 'thing edit form variables do not exist, because max entries was reached'
); );
} }
#################################################################
#
# deleteThing
#
#################################################################
$thingy->deleteThing($otherThingId);
my $count;
$count = $session->db->quickScalar('select count(*) from Thingy_things where thingId=?',[$otherThingId]);
is($count, 0, 'deleteThing: clears thing from Thingy_things');
$count = $session->db->quickScalar('select count(*) from Thingy_fields where thingId=?',[$otherThingId]);
is($count, 0, '... clears thing from Thingy_fields');
my $table = $session->db->dbh->table_info(undef, undef, 'Thingy_'.$otherThingId)->fetchrow_hashref();
is($table, undef, '... drops thing specific table');
#################################################################
#
# thing data permissions, getFormPlugin
#
#################################################################
%otherThingProperties = %thingProperties;
$otherThingProperties{'groupIdView'} = 3;
$otherThingId = $thingy->addThing(\%otherThingProperties, 0);
%otherFieldProperties = %fieldProperties;
$otherFieldProperties{thingId} = $otherThingId;
$otherFieldId = $thingy->addField(\%otherFieldProperties, 0);
$thingy->editThingDataSave($otherThingId, 'new', {"field_".$otherFieldId => 'value 1'} );
$thingy->editThingDataSave($otherThingId, 'new', {"field_".$otherFieldId => 'value 2'} );
$thingy->editThingDataSave($otherThingId, 'new', {"field_".$otherFieldId => 'value 3'} );
my $andy = WebGUI::User->create($session);
WebGUI::Test->usersToDelete($andy);
$session->user({userId => $andy->userId});
my $form = $thingy->getFormPlugin({
name => 'fakeFormForTesting',
fieldType => 'otherThing_'.$otherThingId,
fieldInOtherThingId => $otherFieldId,
});
cmp_deeply(
$form->get('options'),
{},
'getFormPlugin: form has no data since the user does not have viewing privileges'
);