From d0ee014aa575457787b907c019cc2528b817a366 Mon Sep 17 00:00:00 2001
From: Sam Minnee <sam@silverstripe.com>
Date: Tue, 7 Jul 2009 23:04:02 +0000
Subject: [PATCH] BUGFIX: Improve r81254 to fix blog/rss and subclasses of
 BlogHolder_Controller

---
 code/BlogHolder.php | 6 ++++++
 code/BlogTree.php   | 4 ++++
 2 files changed, 10 insertions(+)

diff --git a/code/BlogHolder.php b/code/BlogHolder.php
index c7311cc..ea38740 100644
--- a/code/BlogHolder.php
+++ b/code/BlogHolder.php
@@ -155,6 +155,8 @@ class BlogHolder_Controller extends BlogTree_Controller {
 	 * Post a new blog entry
 	 */
 	function post(){
+		if(!Permission::check('BLOGMANAGEMENT')) return Security::permissionFailure();
+		
 		$page = $this->customise(array(
 			'Content' => false,
 			'Form' => $this->BlogEntryForm()
@@ -167,6 +169,8 @@ class BlogHolder_Controller extends BlogTree_Controller {
 	 * A simple form for creating blog entries
 	 */
 	function BlogEntryForm() {
+		if(!Permission::check('BLOGMANAGEMENT')) return Security::permissionFailure();
+
 		Requirements::javascript('jsparty/behaviour.js');
 		Requirements::javascript('jsparty/prototype.js');
 		Requirements::javascript('jsparty/scriptaculous/effects.js');
@@ -231,6 +235,8 @@ class BlogHolder_Controller extends BlogTree_Controller {
 	}
 
 	function postblog($data, $form) {
+		if(!Permission::check('BLOGMANAGEMENT')) return Security::permissionFailure();
+
 		Cookie::set("BlogHolder_Name", $data['Author']);
 		$blogentry = false;
 
diff --git a/code/BlogTree.php b/code/BlogTree.php
index fc327c1..cefe9a1 100644
--- a/code/BlogTree.php
+++ b/code/BlogTree.php
@@ -231,6 +231,10 @@ class BlogURL {
 }
 
 class BlogTree_Controller extends Page_Controller {
+	static $allowed_actions = array(
+		'rss' => true,
+	);
+	
 	function init() {
 		parent::init();