Merge pull request silverstripe#17 from open-sausages/director-middle…

…ware-but-damian API Update for HTTPMiddleware
open-sausages · Jun 27, 2017 · 723a6a9 · 723a6a9
2 parents bfae6b2 + c49d401
commit 723a6a9
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 60 deletions.
diff --git a/_config/versionedrequestprocessors.yml b/_config/versionedrequestprocessors.yml
@@ -2,11 +2,10 @@
 Name: versionedrequestprocessors
 After:
   - 'requestprocessors'
+  - 'coresecurity'
 ---
 SilverStripe\Core\Injector\Injector:
-  VersionedRequestFilter:
-    class: SilverStripe\Versioned\VersionedRequestFilter
-  SilverStripe\Control\RequestProcessor:
+  SilverStripe\Control\Director:
     properties:
-      filters:
-        - '%$VersionedRequestFilter'
+      Middlewares:
+        VersionedMiddleware: %$SilverStripe\Versioned\VersionedHTTPMiddleware
diff --git a/src/VersionedHTTPMiddleware.php b/src/VersionedHTTPMiddleware.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace SilverStripe\Versioned;
+
+use SilverStripe\Control\Controller;
+use SilverStripe\Control\Director;
+use SilverStripe\Control\HTTPRequest;
+use SilverStripe\Control\HTTPResponse;
+use SilverStripe\Control\Middleware\HTTPMiddleware;
+use SilverStripe\Core\Convert;
+use SilverStripe\Security\Security;
+
+/**
+ * Initialises the versioned stage when a request is made.
+ */
+class VersionedHTTPMiddleware implements HTTPMiddleware
+{
+    public function process(HTTPRequest $request, callable $next)
+    {
+        // Ensure Controller::curr() is available
+        $dummyController = new Controller();
+        $dummyController->setRequest($request);
+        $dummyController->pushCurrent();
+
+        // Permission check
+        try {
+            $result = $this->checkPermissions($request);
+            if ($result instanceof HTTPResponse) {
+                return $result;
+            } else {
+                // Set stage
+                Versioned::choose_site_stage($request);
+            }
+        } finally {
+            // Reset dummy controller
+            $dummyController->popCurrent();
+        }
+
+        // Process
+        return $next($request);
+    }
+
+    /**
+     * @param HTTPRequest $request
+     * @return HTTPResponse|true True if ok, httpresponse if error
+     */
+    protected function checkPermissions(HTTPRequest $request)
+    {
+        // Block non-authenticated users from setting the stage mode
+        if (Versioned::can_choose_site_stage($request)) {
+            return true;
+        }
+
+        // Build error message
+        $link = Convert::raw2xml(Controller::join_links(Director::baseURL(), $request->getURL(), "?stage=Live"));
+        $permissionMessage = _t(
+            __CLASS__.'.DRAFT_SITE_ACCESS_RESTRICTION',
+            'You must log in with your CMS password in order to view the draft or archived content. '
+            . '<a href="{link}">Click here to go back to the published site.</a>',
+            [ 'link' => $link ]
+        );
+
+        // Force output since RequestFilter::preRequest doesn't support response overriding
+        return Security::permissionFailure(null, $permissionMessage);
+    }
+}
diff --git a/src/VersionedRequestFilter.php b/src/VersionedRequestFilter.php
diff --git a/tests/php/VersionedTest.php b/tests/php/VersionedTest.php
@@ -1026,14 +1026,14 @@ public function testReadingPersistent()
 
     /**
      * Test that stage parameter is blocked by non-administrative users
-     *
-     * @expectedException SilverStripe\Control\HTTPResponse_Exception
      */
     public function testReadingModeSecurity()
     {
         $this->logOut();
         $session = Injector::inst()->create(Session::class, []);
-        Director::test('/?stage=Stage', null, $session);
+        $result = Director::test('/?stage=Stage', null, $session);
+        // Redirects to login page
+        $this->assertEquals(302, $result->getStatusCode());
     }
 
     /**