tonyair/silverstripe-cms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-cms synced 2024-10-22 08:05:56 +02:00
Code Issues Projects Releases Wiki Activity

ENHANCEMENT Disallowing CMSMain->revert() if SiteTree->canPublish() is not granted (used to be SiteTree->canEdit()). If a user isn't allowed to publish, he shouldn't be allowed to revert the live state of a page either.

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.3@67072 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2008-12-01 04:51:48 +00:00 committed by Sam Minnee
parent 832cd7c1e9
commit 12dc778cf5
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
code/CMSMain.php
View File

@ -559,7 +559,9 @@ JS;
public function revert($urlParams, $form) {
$id = $_REQUEST['ID'];
$record = DataObject::get_by_id("SiteTree", $id);
if($record && !$record->canEdit()) return Security::permissionFailure($this);
// if the user can't publish, he shouldn't be able to revert a page (and hence copy the last stored revision to the live site)
if($record && !$record->canPublish()) return Security::permissionFailure($this);
$record->doRevertToLive();