BUGFIX: Improve r81254 to fix blog/rss and subclasses of BlogHolder_Controller

2009-07-07 23:04:02 +00:00 · 2009-07-07 23:04:02 +00:00 · d0ee014aa5
parent 1e809afc65
commit d0ee014aa5
2 changed files with 10 additions and 0 deletions
--- a/code/BlogHolder.php
+++ b/code/BlogHolder.php
@ -155,6 +155,8 @@ class BlogHolder_Controller extends BlogTree_Controller {
 	 * Post a new blog entry
 	 */
 	function post(){
+		if(!Permission::check('BLOGMANAGEMENT')) return Security::permissionFailure();
+		
 		$page = $this->customise(array(
 			'Content' => false,
 			'Form' => $this->BlogEntryForm()
@ -167,6 +169,8 @@ class BlogHolder_Controller extends BlogTree_Controller {
 	 * A simple form for creating blog entries
 	 */
 	function BlogEntryForm() {
+		if(!Permission::check('BLOGMANAGEMENT')) return Security::permissionFailure();
+
 		Requirements::javascript('jsparty/behaviour.js');
 		Requirements::javascript('jsparty/prototype.js');
 		Requirements::javascript('jsparty/scriptaculous/effects.js');
@ -231,6 +235,8 @@ class BlogHolder_Controller extends BlogTree_Controller {
 	}

 	function postblog($data, $form) {
+		if(!Permission::check('BLOGMANAGEMENT')) return Security::permissionFailure();
+
 		Cookie::set("BlogHolder_Name", $data['Author']);
 		$blogentry = false;

--- a/code/BlogTree.php
+++ b/code/BlogTree.php
@ -231,6 +231,10 @@ class BlogURL {
 }

 class BlogTree_Controller extends Page_Controller {
+	static $allowed_actions = array(
+		'rss' => true,
+	);
+	
 	function init() {
 		parent::init();