tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #872 from chillu/pulls/file-permission

Browse Source 
API File->canEdit() returns TRUE by default (not checking CMS perms)
This commit is contained in:
Sean Harvey 2012-11-04 19:33:18 -08:00
commit 0f55a11a5a
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/en/changelogs/3.1.0.md
View File

@ -9,4 +9,5 @@
* Removed defunct or unnecessary debug GET parameters:
`debug_profile`, `debug_memory`, `profile_trace`, `debug_javascript`, `debug_behaviour`
* Removed `Member_ProfileForm`, use `CMSProfileController` instead
* `SiteTree::$nested_urls` enabled by default. To disable, call `SiteTree::disable_nested_urls()`.
* `SiteTree::$nested_urls` enabled by default. To disable, call `SiteTree::disable_nested_urls()`.
* Removed CMS permission checks from `File->canEdit()` and `File->canDelete()`. If you have unsecured controllers relying on these permissions, please override them through a `DataExtension`.

2
filesystem/File.php
View File

@ -293,7 +293,7 @@ class File extends DataObject {
$result = $this->extendedCan('canEdit', $member);
if($result !== null) return $result;
return Permission::checkMember($member, 'CMS_ACCESS_AssetAdmin');
return true;
}
/**