Fix the duplicating of events with related links that have restrictive permissions. Fixes bug #12010.

perlDreamer · perlDreamer · commit fcd933489b0c · 2012-03-20T11:59:13.000-07:00
diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
@@ -1,4 +1,5 @@
 7.10.25
+ - fixed #12010 related link duplication where links have group view restrictions
  - fixed #12297: keywords.form missing from Post template help
  - fixed #12321: Error while deleting a group.
  - fixed #12322: Cache/CHI stomps on the config file
diff --git a/lib/WebGUI/Asset/Event.pm b/lib/WebGUI/Asset/Event.pm
@@ -420,7 +420,7 @@ sub duplicate {
 	my $newAsset = $self->SUPER::duplicate(@_);
 	my $newStorage = $self->getStorageLocation->copy;
 	$newAsset->update({storageId=>$newStorage->getId});
-    my $links = $self->getRelatedLinks();
+    my $links = $self->getRelatedLinks('nolimit');
     my $id    = $self->session->id;
     foreach my $link (@{ $links }) {
         $link->{new_event}   = 1;
@@ -1076,12 +1076,16 @@ Gets an arrayref of hashrefs of related links.
 
 sub getRelatedLinks {
     my $self    = shift;
+    my $limitflag = shift || 'yes';
 
     my $sth
         = $self->session->db->prepare(
             "SELECT * FROM Event_relatedlink WHERE assetId=? ORDER BY sequenceNumber",
         );
     $sth->execute([ $self->getId ]);
+    if( $limitflag eq 'nolimit' ) {
+        return [ map { $sth->hashRef } ( 1..$sth->rows ) ];
+    }
 
     my @links;
     while ( my $link = $sth->hashRef ) {
diff --git a/t/Asset/Event.t b/t/Asset/Event.t
@@ -16,7 +16,8 @@ use WebGUI::Test;
 
 use Test::More; # increment this value for each test you create
 use Test::Deep;
-plan tests => 30;
+
+plan tests => 31;
 
 use WebGUI::Session;
 use WebGUI::Storage;
@@ -172,10 +173,11 @@ $event6->setRelatedLinks([
     sequenceNumber => 2,
     linkurl => 'http://www.somewhere.com',
     linktext => 'Another great link',
-    groupIdView => '7',
+    groupIdView => '2',
     eventlinkId => '28',
 },
 ]);
+$session->user({userId => 3});   # admin can see all the links
 cmp_deeply(
     $event6->getRelatedLinks(),
     [{
@@ -190,12 +192,25 @@ cmp_deeply(
         sequenceNumber => 2,
         linkURL        => 'http://www.somewhere.com',
         linktext       => 'Another great link',
-        groupIdView    => '7',
+        groupIdView    => '2',
         eventlinkId    => '28',
         assetId        => $event6->getId,
     }],
     'related links stored in the database correctly'
 );
+$session->user({userId => 1});   # visitor can only see one link
+cmp_deeply(
+    $event6->getRelatedLinks(),
+    [{
+        sequenceNumber => 1,
+        linkURL        => 'http://www.nowhere.com',
+        linktext       => 'Great link',
+        groupIdView    => '7',
+        eventlinkId    => '27',
+        assetId        => $event6->getId,
+    }],
+    'related links:user access restriction works'
+);
 
 #######################################
 #
@@ -206,6 +221,7 @@ cmp_deeply(
 my $event6b = $event6->duplicate();
 ok($session->id->valid($event6b->get('storageId')), 'duplicated event got a valid storageId');
 isnt($event6b->get('storageId'), $event6->get('storageId'), 'duplicating an asset creates a new storage location');
+$session->user({userId => 3});   # admin can see all the links
 cmp_deeply(
     $event6b->getRelatedLinks(),
     [{
@@ -220,12 +236,13 @@ cmp_deeply(
         sequenceNumber => 2,
         linkURL        => 'http://www.somewhere.com',
         linktext       => 'Another great link',
-        groupIdView    => '7',
+        groupIdView    => '2',
         eventlinkId    => ignore(),
         assetId        => $event6b->getId,
     }],
     'duplicated event has relatedLinks'
 );
+$session->user({userId => 1});   # run remaining tests as visitor
 
 #######################################
 #

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`7.10.25`
	`2`	`+ - fixed #12010 related link duplication where links have group view restrictions`
`2`	`3`	`- fixed #12297: keywords.form missing from Post template help`
`3`	`4`	`- fixed #12321: Error while deleting a group.`
`4`	`5`	`- fixed #12322: Cache/CHI stomps on the config file`