diff --git a/code/controllers/ContentController.php b/code/controllers/ContentController.php index 11e22cd7..4c787cdd 100755 --- a/code/controllers/ContentController.php +++ b/code/controllers/ContentController.php @@ -110,33 +110,6 @@ class ContentController extends Controller { return Security::permissionFailure($this); } - // Draft/Archive security check - only CMS users should be able to look at stage/archived content - if( - $this->URLSegment != 'Security' - && !Session::get('unsecuredDraftSite') - && ( - Versioned::current_archived_date() - || (Versioned::current_stage() && Versioned::current_stage() != 'Live') - ) - ) { - if(!$this->dataRecord->canView()) { - Session::clear('currentStage'); - Session::clear('archiveDate'); - - $permissionMessage = sprintf( - _t( - "ContentController.DRAFT_SITE_ACCESS_RESTRICTION", - 'You must log in with your CMS password in order to view the draft or archived content. '. - 'Click here to go back to the published site.' - ), - Controller::join_links($this->Link(), "?stage=Live") - ); - - return Security::permissionFailure($this, $permissionMessage); - } - - } - // Use theme from the site config if(($config = SiteConfig::current_site_config()) && $config->Theme) { Config::inst()->update('SSViewer', 'theme', $config->Theme); diff --git a/code/model/SiteTree.php b/code/model/SiteTree.php index c793c63c..429e9542 100755 --- a/code/model/SiteTree.php +++ b/code/model/SiteTree.php @@ -903,23 +903,6 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid // admin override if($member && Permission::checkMember($member, array("ADMIN", "SITETREE_VIEW_ALL"))) return true; - - // make sure we were loaded off an allowed stage - - // Were we definitely loaded directly off Live during our query? - $fromLive = true; - - foreach (array('mode' => 'stage', 'stage' => 'live') as $param => $match) { - $fromLive = $fromLive && strtolower((string)$this->getSourceQueryParam("Versioned.$param")) == $match; - } - - if(!$fromLive - && !Session::get('unsecuredDraftSite') - && !Permission::checkMember($member, array('CMS_ACCESS_LeftAndMain', 'CMS_ACCESS_CMSMain', 'VIEW_DRAFT_CONTENT'))) { - // If we weren't definitely loaded from live, and we can't view non-live content, we need to - // check to make sure this version is the live version and so can be viewed - if (Versioned::get_versionnumber_by_stage($this->class, 'Live', $this->ID) != $this->Version) return false; - } // Orphaned pages (in the current stage) are unavailable, except for admins via the CMS if($this->isOrphaned()) return false; @@ -952,26 +935,6 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid return false; } - - /** - * Determines canView permissions for the latest version of this Page on a specific stage (see {@link Versioned}). - * Usually the stage is read from {@link Versioned::current_stage()}. - * - * @todo Implement in CMS UI. - * - * @param string $stage - * @param Member $member - * @return bool - */ - public function canViewStage($stage = 'Live', $member = null) { - $oldMode = Versioned::get_reading_mode(); - Versioned::reading_stage($stage); - - $versionFromStage = DataObject::get($this->class)->byID($this->ID); - - Versioned::set_reading_mode($oldMode); - return $versionFromStage ? $versionFromStage->canView($member) : false; - } /** * This function should return true if the current user can delete this page. It can be overloaded to customise the