NEW Cleaned up access checks, allow extension
Logic hasn't changed, but removed duplicate ADMIN check in DevCheckController.
This commit is contained in:
parent
1862de0ee2
commit
edc433793b
|
@ -2,9 +2,8 @@
|
||||||
|
|
||||||
class DevCheckController extends Controller {
|
class DevCheckController extends Controller {
|
||||||
function index() {
|
function index() {
|
||||||
if(!Permission::check("ADMIN")) return Security::permissionFailure();
|
|
||||||
|
|
||||||
$e = new EnvironmentChecker('check', 'Environment status');
|
$e = new EnvironmentChecker('check', 'Environment status');
|
||||||
|
$e->init();
|
||||||
return $e;
|
return $e;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
class DevHealthController extends Controller {
|
class DevHealthController extends Controller {
|
||||||
function index() {
|
function index() {
|
||||||
$e = new EnvironmentChecker('health', 'Site health');
|
$e = new EnvironmentChecker('health', 'Site health');
|
||||||
|
$e->init();
|
||||||
$e->setErrorCode(404);
|
$e->setErrorCode(404);
|
||||||
return $e;
|
return $e;
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,14 +31,32 @@ class EnvironmentChecker extends RequestHandler {
|
||||||
function init() {
|
function init() {
|
||||||
parent::init();
|
parent::init();
|
||||||
|
|
||||||
|
if(!$this->canAccess()) return Security::permissionFailure($this);
|
||||||
|
}
|
||||||
|
|
||||||
|
function canAccess($member = null) {
|
||||||
|
if(!$member) $member = Member::currentUser();
|
||||||
|
|
||||||
// We allow access to this controller regardless of live-status or ADMIN permission only
|
// We allow access to this controller regardless of live-status or ADMIN permission only
|
||||||
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
|
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
|
||||||
$canAccess = (Director::isDev()
|
if(
|
||||||
|
Director::isDev()
|
||||||
|| Director::is_cli()
|
|| Director::is_cli()
|
||||||
// Its important that we don't run this check if dev/build was requested
|
|| Permission::checkMember($member, "ADMIN")
|
||||||
|| Permission::check("ADMIN")
|
) {
|
||||||
);
|
return true;
|
||||||
if(!$canAccess) return Security::permissionFailure($this);
|
}
|
||||||
|
|
||||||
|
// Extended access checks.
|
||||||
|
// "Veto" style, return NULL to abstain vote.
|
||||||
|
$canExtended = null;
|
||||||
|
$results = $this->extend('canAccess', $member);
|
||||||
|
if($results && is_array($results)) {
|
||||||
|
if(!min($results)) return false;
|
||||||
|
else return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
function index() {
|
function index() {
|
||||||
|
|
Loading…
Reference in New Issue