FIX Renable email link to submitted file

silverstripe · Sep 4, 2023 · a39aa3b · a39aa3b
1 parent c0eb6d6
commit a39aa3b
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 43 deletions.
diff --git a/code/Model/Submission/SubmittedFileField.php b/code/Model/Submission/SubmittedFileField.php
@@ -41,25 +41,16 @@ public function getFormattedValue()
     {
         $name = $this->getFileName();
         $link = $this->getLink(false);
-        $title = _t(__CLASS__ . '.DOWNLOADFILE', 'Download File');
-        $message = _t(__CLASS__ . '.INSUFFICIENTRIGHTS', 'You don\'t have the right permissions to download this file');
-        $file = $this->getUploadedFileFromDraft();
-
         if ($link) {
-            if ($file->canView()) {
-                return DBField::create_field('HTMLText', sprintf(
-                    '%s - <a href="%s" target="_blank">%s</a>',
-                    htmlspecialchars($name, ENT_QUOTES),
-                    htmlspecialchars($link, ENT_QUOTES),
-                    htmlspecialchars($title, ENT_QUOTES)
-                ));
-            } else {
-                return DBField::create_field('HTMLText', sprintf(
-                    '<i class="icon font-icon-lock"></i> %s - <em>%s</em>',
-                    htmlspecialchars($name, ENT_QUOTES),
-                    htmlspecialchars($message, ENT_QUOTES)
-                ));
-            }
+            $title = _t(__CLASS__ . '.DOWNLOADFILE', 'Download File');
+            $message = _t(__CLASS__ . '.YOUMUSTBELOGGEDIN', 'You must be logged in to view this file');
+            return DBField::create_field('HTMLText', sprintf(
+                '<i class="icon font-icon-lock"></i> %s - <a href="%s" target="_blank">%s</a> - <em>%s</em>',
+                htmlspecialchars($name, ENT_QUOTES),
+                htmlspecialchars($link, ENT_QUOTES),
+                htmlspecialchars($title, ENT_QUOTES),
+                htmlspecialchars($message, ENT_QUOTES)
+            ));
         }
 
         return false;

diff --git a/lang/en.yml b/lang/en.yml
@@ -328,6 +328,7 @@ en:
       one: 'A Submitted File Field'
       other: '{count} Submitted File Fields'
     SINGULARNAME: 'Submitted File Field'
+    YOUMUSTBELOGGEDIN: 'You must be logged in to view this file'
     has_one_UploadedFile: 'Uploaded file'
   SilverStripe\UserForms\Model\Submission\SubmittedForm:
     PLURALNAME: 'Submitted Forms'

diff --git a/tests/php/Model/SubmittedFileFieldTest.php b/tests/php/Model/SubmittedFileFieldTest.php
@@ -73,34 +73,28 @@ public function testGetFormattedValue()
         // Set an explicit base URL so we get a reliable value for the test
         Director::config()->set('alternate_base_url', 'http://mysite.com');
         $fileName = $this->submittedFile->getFileName();
-        $message = "You don&#039;t have the right permissions to download this file";
+        $message = 'You must be logged in to view this file';
+        $link = '<a href="http://mysite.com/assets/3c01bdbb26/test-SubmittedFileFieldTest.txt" target="_blank">Download File</a>';
 
         $this->file->CanViewType = 'OnlyTheseUsers';
         $this->file->write();
 
-        $this->loginWithPermission('ADMIN');
-        $this->assertEquals(
-            sprintf(
-                '%s - <a href="http://mysite.com/assets/3c01bdbb26/test-SubmittedFileFieldTest.txt" target="_blank">Download File</a>',
-                $fileName
-            ),
-            $this->submittedFile->getFormattedValue()->value
-        );
-
-        $this->loginWithPermission('CMS_ACCESS_CMSMain');
-        $this->assertEquals(
-            sprintf(
-                '<i class="icon font-icon-lock"></i> %s - <em>%s</em>',
-                $fileName,
-                $message
-            ),
-            $this->submittedFile->getFormattedValue()->value
-        );
-
-        $store = Injector::inst()->get(AssetStore::class);
-        $this->assertFalse(
-            $store->canView($fileName, $this->file->getHash()),
-            'Users without canView rights on the file should not have been session granted access to it'
-        );
+        foreach (['ADMIN', 'CMS_ACCESS_CMSMain'] as $permission) {
+            $this->loginWithPermission('ADMIN');
+            $this->assertEquals(
+                sprintf(
+                    '<i class="icon font-icon-lock"></i> %s - %s - <em>%s</em>',
+                    $fileName,
+                    $link,
+                    $message
+                ),
+                $this->submittedFile->getFormattedValue()->value
+            );
+            $store = Injector::inst()->get(AssetStore::class);
+            $this->assertFalse(
+                $store->canView($fileName, $this->file->getHash()),
+                'Users without canView rights on the file should not have been session granted access to it'
+            );
+        }
     }
 }