From 02e728fa085c4e106909042ae1f493c407bee291 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Fri, 2 Mar 2012 18:27:10 +0100
Subject: [PATCH] BUGFIX Fixed visibility of admin/myprofile for non-admins by
 moving it to a new CMSProfileController class and overloaded canView()

---
 admin/_config.php                            |  1 +
 admin/code/CMSProfileController.php          | 34 ++++++++++++++++++++
 admin/code/LeftAndMain.php                   | 14 --------
 admin/templates/Includes/LeftAndMain_Menu.ss |  2 +-
 4 files changed, 36 insertions(+), 15 deletions(-)
 create mode 100644 admin/code/CMSProfileController.php

diff --git a/admin/_config.php b/admin/_config.php
index 1a5daa238..bc696cc86 100644
--- a/admin/_config.php
+++ b/admin/_config.php
@@ -34,3 +34,4 @@ HtmlEditorConfig::get('cms')->addButtonsToLine(2, 'ssimage', 'ssflash', 'sslink'
 HtmlEditorConfig::get('cms')->removeButtons('tablecontrols');
 HtmlEditorConfig::get('cms')->addButtonsToLine(3, 'tablecontrols');
 
+CMSMenu::remove_menu_item('CMSProfileController');
\ No newline at end of file
diff --git a/admin/code/CMSProfileController.php b/admin/code/CMSProfileController.php
new file mode 100644
index 000000000..7d902b03c
--- /dev/null
+++ b/admin/code/CMSProfileController.php
@@ -0,0 +1,34 @@
+<?php
+class CMSProfileController extends LeftAndMain {
+
+	static $url_segment = 'myprofile';
+
+	public function index($request) {
+		$form = $this->Member_ProfileForm();
+		return $this->customise(array(
+			'Content' => ' ',
+			'Form' => $form
+		))->renderWith('CMSDialog');
+	}
+	
+	public function Member_ProfileForm() {
+		return new Member_ProfileForm($this, 'Member_ProfileForm', Member::currentUser());
+	}
+
+	function canView($member = null) {
+		if(!$member && $member !== FALSE) $member = Member::currentUser();
+		
+		// cms menus only for logged-in members
+		if(!$member) return false;
+		
+		// Only check for generic CMS permissions
+		if(
+			!Permission::checkMember($member, "CMS_ACCESS_LeftAndMain")
+			&& !Permission::checkMember($member, "CMS_ACCESS_CMSMain")
+		) {
+			return false;
+		}
+		
+		return true;
+	}
+}
\ No newline at end of file
diff --git a/admin/code/LeftAndMain.php b/admin/code/LeftAndMain.php
index 2727c0e2c..40ab6ef25 100644
--- a/admin/code/LeftAndMain.php
+++ b/admin/code/LeftAndMain.php
@@ -73,10 +73,8 @@ class LeftAndMain extends Controller {
 		'savetreenode',
 		'getitem',
 		'getsubtree',
-		'myprofile',
 		'printable',
 		'show',
-		'Member_ProfileForm',
 		'EditorToolbar',
 		'EditForm',
 		'RootForm',
@@ -1106,18 +1104,6 @@ class LeftAndMain extends Controller {
 		return $form;
 	}
 	
-	public function myprofile() {
-		$form = $this->Member_ProfileForm();
-		return $this->customise(array(
-			'Content' => ' ',
-			'Form' => $form
-		))->renderWith('CMSDialog');
-	}
-	
-	public function Member_ProfileForm() {
-		return new Member_ProfileForm($this, 'Member_ProfileForm', Member::currentUser());
-	}
-
 	public function printable() {
 		$form = $this->getEditForm($this->currentPageID());
 		if(!$form) return false;
diff --git a/admin/templates/Includes/LeftAndMain_Menu.ss b/admin/templates/Includes/LeftAndMain_Menu.ss
index 0cbffd492..91350638b 100644
--- a/admin/templates/Includes/LeftAndMain_Menu.ss
+++ b/admin/templates/Includes/LeftAndMain_Menu.ss
@@ -12,7 +12,7 @@
 			<% control CurrentMember %>
 				<span>
 					<% _t('Hello','Hi') %>
-					<a href="{$AbsoluteBaseURL}admin/settings/myprofile" class="profile-link ss-ui-dialog-link">
+					<a href="{$AbsoluteBaseURL}admin/myprofile" class="profile-link ss-ui-dialog-link">
 						<% if FirstName && Surname %>$FirstName $Surname<% else_if FirstName %>$FirstName<% else %>$Email<% end_if %>
 					</a>
 				</span>