Merge pull request #872 from chillu/pulls/file-permission

API File->canEdit() returns TRUE by default (not checking CMS perms)
2024-10-22 12:05:37 +00:00 · 2012-11-04 19:33:18 -08:00 · 2012-11-04 19:33:18 -08:00 · 0f55a11a5a
commit 0f55a11a5a
parent fbc6e3366b a3295e2a37
2 changed files with 3 additions and 2 deletions
--- a/docs/en/changelogs/3.1.0.md
+++ b/docs/en/changelogs/3.1.0.md
@ -10,3 +10,4 @@
   `debug_profile`, `debug_memory`, `profile_trace`, `debug_javascript`, `debug_behaviour`
 * Removed `Member_ProfileForm`, use `CMSProfileController` instead
 * `SiteTree::$nested_urls` enabled by default. To disable, call `SiteTree::disable_nested_urls()`.
+ * Removed CMS permission checks from `File->canEdit()` and `File->canDelete()`. If you have unsecured controllers relying on these permissions, please override them through a `DataExtension`.
--- a/filesystem/File.php
+++ b/filesystem/File.php
@ -293,7 +293,7 @@ class File extends DataObject {
 		$result = $this->extendedCan('canEdit', $member);
 		if($result !== null) return $result;
 		
-		return Permission::checkMember($member, 'CMS_ACCESS_AssetAdmin');
+		return true;
 	}
 	
 	/**